The broad category of computer crime encompasses an array of allegations and potential criminal charges. However, one type of computer crime — hacking — seems to garner the most attention and headlines.

Generally, hacking refers to accessing someone else’s computer system without proper authority or permission. Access can be gained in a number of ways, including launching a virus or other malicious code, gaining entry to computer databases, sending “spear phishing” emails with malicious attachments, or logging into a computer in person.

The goals of hacking are as varied as the methods. Data theft — including emails, personal information, and credit card numbers — and financial fraud rank among the top reasons hackers access computer systems.

If you’ve been charged under federal hacking laws, it is vital that you work with an experienced federal criminal defense attorney. So, what do you need to know to protect your rights?

Federal Laws on Hacking

Legally, what is computer hacking? A number of state and federal laws apply. At the federal level, most individuals accused of hacking are charged under the Computer Fraud and Abuse Act. The law covers a range of computer-related offenses, and the government uses it frequently.

The CFAA protects certain information related to interstate commerce and the U.S. government, such as that required for national defense or foreign relations, and it restricts access to data. The law forbids unauthorized access, use or distribution of any information:

  • Related to national security.
  • Within financial records belonging to financial institutions, including credit card issuers.
  • With an intent to defraud.
  • Belonging to any U.S. government department or agency.
  • Related to foreign or interstate communications and commerce.

Developing or possessing potentially harmful computer codes are not crimes. However, the CFAA prohibits disseminating codes, commands, programs or information that intentionally cause damage to protected computers. Anyone conspiring to engage in any of the prohibited activities also may be charged under the act.

In addition, the Electronic Communications Privacy Act served to amend the Federal Wiretap Act, covering data stored on and transferred from computer systems. The law prohibits illegal interceptions of wire communications, including data sent over the internet. In addition, the act protects stored messages, such as email in server archives. Under the ECPA, accessing computer messages — either in storage or in transit — without authorization constitutes a federal crime.

Other federal laws also apply to computer hacking. For instance, prosecutors can use the CAN-SPAM Act to go after individuals who gain unauthorized access to computers to distribute significant amounts of commercial information by email.

Federal Penalties for Hacking

If you are charged under the Computer Fraud and Abuse Act, you may be subject to either misdemeanor or felony counts. In most cases, unauthorized access of a computer that causes damage of more than $5,000, and using the information for profit, results in felony charges.

Under the CFAA, distributing computer code — or placing it into the flow of interstate commerce — is illegal if the perpetrator intends to cause either physical or economic damage. The CFAA provides for fines up to $250,000 and imprisonment for as long as 20 years for individuals convicted under the act.

Penalties for violating the CFAA can vary based on the specific allegations and the degree of harm alleged by the government. The act also authorizes penalties for intentionally or recklessly installing viruses on computers that are part of interstate commerce.

Violations of the CAN-SPAM Act can result in a range of criminal and civil penalties depending on the method of delivery and volume of the spam, along with the harm caused.

Problematic Language in Federal Hacking Law?

A key component of the Computer Fraud and Abuse Act is intentionally accessing a protected computer without authorization. However, the law fails to explain exactly what a lack of authorization means. In addition, the law refers to exceeding authorized access to a computer, but a lack of definition of the term has caused extensive legal debate. Extremely harsh penalties can be assessed against first-time offenders who access computers without authorization.

In addition, prosecutors have sometimes used the law’s vague language to bring criminal charges for behaviors unrelated to hacking — including violating certain corporate policies.

If you have been charged under the Computer Fraud and Abuse Act or other federal statutes related to hacking, you need an experienced attorney who fully understands the complexities of the laws. Attorney Gabriel Grasso works closely with digital evidence experts and understands both the technical and legal aspects of federal hacking cases. For a free, confidential case review, please contact the offices of Attorney Grasso.