Computer Criminal on a Laptop

This post is part of a series of posts entitled A Legal Guide to the Internet. For a comprehensive list of articles contained in this series, click here

As the Internet grows into a serious business tool, security has become a major issue.

There are many security systems and products which can be put in place to ensure that hacking and other security breaches do not occur. In addition, businesses can limit unauthorized access and hacking by employees by implementing security policies regulating the use by employees of the company’s network.

Computer Fraud and Abuse Act (CFAA)

The first federal computer crime statute was the Computer Fraud and Abuse Act of 1986 (“CFAA”) (amended in 1996). This act imposes penalties for the intentional “access” into “federal interest computers” for the purpose of committing certain types of criminal conduct. The statute criminalizes seven types of computer activities:

  1. the unauthorized access of a computer to obtain information of national secrecy with an intent to injure the United States or advantage a foreign nation
  2. the unauthorized access of a computer to obtain protected financial or credit information
  3. the unauthorized access into a computer used by the federal government
  4. the unauthorized interstate or foreign access of a computer system with an intent to defraud
  5. the unauthorized transmission of program information, code or command, intentionally causing damage, or the unauthorized access of a protected computer which causes or recklessly causes damage
  6. the fraudulent trafficking in computer passwords affecting interstate commerce
  7. the intentional transmittal of any threatening communication in interstate or foreign commerce for purposes of extortion

Any computer used in interstate or international commerce in the commission of the offense would be covered by this provision.

Amendments to the CFAA have been added to deal with the problem of “malicious code” -computer viruses, computer worms, and other computer programs that are specifically and intentionally designed to alter, damage or destroy files or computer programs. Federal law also protects the integrity or confidentiality of electronic communications. In 1986, Congress passed the Electronic Communications Privacy Act (ECPA) to expand federal jurisdiction and to criminalize the unauthorized interception of stored and transmitted electronic communications. There are some exceptions to the ECPA, which provide business owners and individuals access to stored communications. The entity providing the electronic communications service is allowed to access stored communications and the user of the service is allowed access if they were either the originator or intended recipient of the electronic communication at issue. In addition, the ECPA does not prohibit conduct which is authorized by the party providing the e-mail (business owner) and for certain governmental or law enforcement activities.

Minnesota Computer Crime Laws

Minnesota has its own computer crime statute, Minn. Stat. § 609.87 et. seq. The statute is based upon the federal computer crime statute and provides that:

  • Whoever intentionally and without authorization damages, destroys, alters, or distributes a destructive computer program with the intent to damage or destroy any computer, computer system, computer network, computer software, or any other property is guilty of computer damage
  • Whoever (a) intentionally and without authorization or claim of right accesses or causes to be accessed any computer, computer system, computer network or any part thereof for the purpose of obtaining services or property; or (b) intentionally and without claim of right, and with intent to deprive the owner of use or possession, takes, transfers, conceals or retains possession of any computer, computer system, or any computer software or data contained in a computer, computer system, or computer network is guilty of computer theft
  • A person is guilty of unauthorized computer access if the person intentionally and without authority attempts to or does penetrate a computer security system
This and the following posts have been copied or adopted from A Legal Guide To The INTERNET – Sixth Edition, published through a collaborative effort by the Minnesota Department of Employment & Economic Development and Merchant & Gould.