Cybercrime and the U.S. criminal justice system

Professor Susan Brenner summarizes key issues

In this series of columns, I am reviewing particularly interesting chapters in The Handbook of Technology Management (John Wiley & Sons, Inc.) edited by Professor Hossein Bidgoli.

The first article in Volume 3, Part 3: "Cybercrime and the U.S. Criminal Justice System," is by Professor Susan W. Brenner, JD NCR Distinguished Professor of Law and Technology at the University of Dayton School of Law; topics include

• Differences from civil justice system

• Basic institutional structure

• Relationship between state and federal criminal justice systems

• Criminal justice system and cybercrime

• Glossary

• Extensive references and suggested readings.

Some of the key concepts discussed by Professor Brenner are:

• Under the Computer Fraud and Abuse Act (18 USC §1030), prosecution at the federal level requires a demonstration of interference with interstate or foreign commerce.

• Violations of copyright, but not of trademarks, are brought only by federal prosecutors.

• Fifth Amendment prohibition of double jeopardy does not preclude re-prosecution at the same level if a mistrial is declared; furthermore, a different level of government (for example a state) can prosecute the defendant for the same actions if they are violations of its laws.

One of the most interesting sections in the chapter concerns striking back at hackers – sometimes called hack back. In her sections on affirmative defenses and on hack back, Professor Brenner points out that under current U.S. law, there is no provision for allowing victims of computer trespass to use unauthorized access to the computers and networks of those they believe to be their attackers. As she writes, "… The law does absolve citizens who take the law into their own hands under very limited situations; this is very different from a blanket authorization for online retaliatory behavior. Aside from anything else, such behavior is objectionable because of the [risk] that innocent parties will be targeted for retaliation; the consequences of this risk are particularly intolerable in cyberspace, where it can be impossible to know precisely from which system an attack was launched…." 

I must add that even if we do know which system is used to launch an attack, we still don't know whether the system is the property of the attacker or merely the property of an innocent victim subverted by the attacker.

Other interesting discussions in the chapter touch on defenses proffered by some people accused of crimes such as launching denial-of-service (DoS) attacks or involved in child pornography: if not the devil, at least a Trojan horse made my computer do it. Lay juries have actually acquitted at least one accused who claimed that malware whose presence was never detected on his computer was responsible for the DoS attack with which he was charged. Legal scholars, writes Professor Brenner, have argued that such a defense should be dismissed if there is no evidence of malware on the computer involved or if there is no demonstrable proof that malware found on the system is capable of the particular legal trespass involved in the case.

As a long-time teacher of cyberlaw and cybercrime courses, I was delighted by this chapter and will reference it in my courses.

Readers interested in cyberlaw will also appreciate Professor Brenner's blog, "Cyb3rcrim3", which has many fascinating discussions of cyberlaw.

Learn more about this topic

Handbook of technology management

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.