There are several types of computer crimes, but some of the most high-profile examples involve hacking. More and more these days, data breaches have become daily occurrences. As this has become more common, hackers have affected everything from the economical (including numerous retail businesses) to the political. As such, hackers are becoming more and more of a presence in every aspect of everyday life.
However, not every act of hacking rises to the level of a crime. Because of the varying degrees of hacking and its increasing prevalence in modern society, it can be important to understand where the lines between criminal hacking and non-criminal hacking are drawn.
This article contains information about hacking laws and punishments, along with what remedies may apply to victims of electronic intrusions.
Definition of Hacking
Hacking is broadly defined as the act of breaking into a computer system. Hacking is not always a crime, however. In "ethical hacking," for example, a hacker is legally permitted to exploit security networks. In other words, the hacker has the appropriate consent or authorization to do what they are doing. However, hacking crosses the criminal line when a hacker accesses someone else's computer system without such consent or authority.
For example, a hacker can be charged with a crime if they lack consent or any lawful authorization to enter another's computer system. They may have such authorization from a law enforcement agency and/or a court order.
With such authorization, a hacker may legally penetrate a business' firewall to access private servers and cloud storage systems.
However, when a hacker lacks such authorization or consent, they can be charged for having engaged in criminal hacking activities. An example of this is when a hacker uses phishing or social engineering to install malware on computers with the intent to monitor communications and activities.
Federal Hacking Laws
There are several federal laws that address hacking. They include the following:
Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act (CFAA) is the leading federal anti-hacking legislation that prohibits unauthorized access to another's computer system.
Although the law was originally meant to protect the computer systems of U.S. government entities and financial institutions, the scope of the Act expanded with amendments to include practically any computer in the country. Examples of such devices are servers, desktops, laptops, cellphones, and tablets.
Criminal Penalties Under the CFAA
The chart below provides select examples of violations of the CFAA and the penalties.
Offense
|
Penalties (Prison Sentence)
|
Obtaining National Security Information
|
First conviction: Up to 10 years
Second conviction: Up to 20 years
|
Accessing a Computer to Defraud and Obtain Value
|
First conviction: Up to five years
Second conviction: Up to 10 years
|
Accessing a Computer and Obtaining Information
|
First conviction: Up to one year
Second conviction: Up to 10 years
|
Intentionally Damaging by Knowing Transmission
|
First conviction: Up to 10 years
Second conviction: Up to 20 years
|
Extortion Involving Computers
|
First conviction: Up to five years
Second conviction: Up to 10 years
|
Trafficking in Passwords
|
First conviction: Up to one year
Second conviction: Up to 10 years
|
Civil Violations Under the CFAA
Although the CFAA's penalties are mostly punishments for criminal violations, the 1994 amendment expanded the Act to include causes of action for civil suits, in addition to criminal prosecution.
Civil violations include the following:
- Obtaining information from a computer through unauthorized access
- Trafficking in a computer password that can be used to access a computer
- Transmitting spam
- Damaging computer data
Federal anti-hacking legislation provides civil remedies for hacking victims. Examples of remedies include the following:
- Injunctive relief
- Seizure of property
- Impounding of the stolen information and the electronic devices used to carry out the invasion
Other Federal Hacking Laws
The Stored Communications Act protects stored electronic communications and data or "data at rest" by providing criminal penalties for anyone who:
- Intentionally accesses a facility that provides services for electronic communications, and does so without authorization, or
- Intentionally exceeds a level of authorization to access such a facility, while also obtaining or altering data in that system or preventing another's authorized access to such data or communications.
Examples of "data at rest" are emails, texts, instant messages, social media accounts, data in cloud computing and storage, and blogs or microblogs.
This statue criminalizes unauthorized access of company emails by employees who exceed their scope of privilege, the use of stolen passwords to access stored data, and similar breaches of stored data. There is a bit of an overlap between this act and the CFAA. As a result, hackers will often be in violation of both statutes.
The EPCA, a counterpart law to the SCA, forbids intentional interception of electronic communications in transit. This type of data is also known as "data in motion." It primarily acts as a restriction on wiretaps and the interception of signals.
Hacking Laws: State Laws
Although much of the focus is on federal laws, states have also enacted hacking laws.
While every state has computer crime laws, some states address hacking more specifically. States do so with laws that prohibit unauthorized access, computer trespass, and the use of viruses and malware.
For example, approximately half of the states in the country have laws that target the use of denial of service (DoS) attacks. In this form of hacking, an intruder floods the system or servers with traffic, denying access to legitimate users. Florida penalizes this more severely, categorizing this crime as a felony in the first degree.
Ransomware is a type of malware surreptitiously installed on a victim's computer. It denies the victim access to their computer unless a ransom is paid. Several states, including California, have laws that specifically criminalize ransomware.
Discuss Hacking Laws and Punishments with an Attorney
Laws at both the federal and state level provide both protections and limitations concerning hacking. If you have been charged with a hacking offense and are concerned about how hacking laws and punishments apply to your situation, you should turn to an attorney who understands the complexity of the law. Contact a skilled criminal defense attorney near you today for help with this serious matter.