Chapter 22

COMPUTER CRIME: PORNOGRAPHY, FRAUD, HACKING AND GAMBLING

CHAPTER SUMMARY

The Internet, a relatively recent phenomenon, has caused a change in how laws may or may not apply to formerly traditional situations. Furthermore, the Internet has allowed criminals to perpetrate crimes that could not exist but for cyberspace. Chapter 22 examines computer crime and the statutes enacted to combat this growing problem as well as the erosion of our personal privacy. Freedom of speech, online gambling and cybermedicine issues are also examined in light of contemporary applications and influences resulting from the Internet.

CHAPTER OUTLINE

I. COMPUTER CRIME AND CYBERCRIME

A. Definitions

1. Computer crime consists of crimes involving: • Computers • Computer systems • Computer applications. 2. Cybercrime consists of computer crime that takes place in cyberspace 3. The Internet facilitates a number of opportunities for crimes to occur. 4. Typical cybercrime abuses include: • Hacking • Spreading of viruses • Fraud • IP theft • Appropriation of trade secrets • Defamation

B. The USA Patriot Act, 2001

1. The USA Patriot Act provided significant new powers to federal law enforcement agencies. 2. In conjunction with the Patriot Act, an executive order issued by President Bush expanded the power of federal investigators. 3. The Patriot Act and executive order strengthened the federal powers relating to: • Computer and cyberspace communication • Storage of electronic records 4. The U.S. Department of Justice, reacting to the increase in computer and cybercrime, formed a special Computer Crime and Intellectual Property Section (CCIPS) unit. 5. See the Cyberlaw Developments box on page 710.

C. Particular Challenges to Cybercrime Fighting

1. The U.S. does not have jurisdictional authority to dictate to enforce its laws in other countries. 2. Illegal acts which are impossible to regulate can occur on the Internet. 3. Examples include: • The proliferation of pornography and its easy access to children • On-line gambling 4. Conflicting jurisdictional issues are difficult to resolve, particularly if the conflict is of an international nature. • Extradition of criminals is a complicated process that is not consistently adhered to • Sharing of criminal files and investigatory information often runs into severe barriers.

II. PORNOGRAPHY AND OBSCENITY

A. Pornography

1. Pornography consists of sexually oriented materials that are constitutionally protected as free speech regarding adults. • Making pornography available to children is a criminal act 2. Obscenity consists of sexually oriented materials that are not constitutionally protected regarding anyone. 3. Examples of obscenity include: • Sexual materials containing images of children • Extremely bizarre images of sexual conduct 3. The Internet pornography industry is a huge business. • Americans alone spent $970 million on adult sites in 1998 • Pornography accounted for approximately 8% of the approximately $18 billion e-commerce trade in 1999 • More was spent on online pornography in 1999 than on all online book purchases • More was spent on online pornography in 1999 than on airline tickets

B. Constitutional Protection for Freedom of Expression

1. The first amendment is simple and direct saying that “Congress shall make no law…abridging freedom of speech”. 2. Nevertheless, significant limitations on speech have been created, including restrictions pertaining to: • Fraud • Copyright infringement • Defamation • Fighting words • Obscenity 3. Abridgements of speech, to be constitutionally permissible must: • Promote a compelling state or government interest • Actually promote the state or government interest • Must not be overly broad 4. Refer back to the Freedom of Speech discussion in Chapter 5.

C. Children and Adult Materials

1. Statutes designed to limit access of adult materials to children have been deemed constitutional. 2. Sexual material involving children creates criminal liability regarding adult participants. 3. Raw language may not be regulated, but the sale or viewing of materials containing raw language can be restricted to adults. 4. The determination of pornography and determining permissible child access is a constantly changing issue due to changes in societal mores.

Teaching Tip: This changing societal view also pertains to geographic location. Books that this author was required to read in high school were banned to his children when they reached high school in a different state.

D. Legal Definition of Obscenity

1. The Supreme Court definition of obscenity is a three prong test asking: • Whether the average person, applying contemporary community standards, would find the work, taken as a whole, appeals to the prurient interest • Whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by applicable state law • Whether the work taken as a whole, lacks serious literary, artistic, political or scientific value

Teaching Tip: An important concept to stress is that the standards require that an average person apply contemporary community standards. This means that no one person or group may dictate the application of the law for the entire community. It also means that what is deemed obscene in one community may not be deemed obscene in another.

E. Reasonable Restrictions Based on Time, Place or Manner

1. Reasonable restrictions as to time, place and manner of freedom of expression has been permitted by the courts. 2. Such restrictions include: • Rating systems creating X, R, N17, PG and G labels and enforcing age requirements to view movies are legal • Over 18 restricted sales of explicit CDs are legal • Laws in general that restrict children’s access to adult materials 3. See the NUTZ and BOLTZ box on page 718.

F. Communications Decency Act (CDA) of 1996

1. The CDA attempted to make it illegal to: • To transmit, in interstate commerce, comments, requests, suggestions, proposals, images or any other communication which is obscene , knowing that the recipient is under 18 years old • Knowingly permit any telecommunications facility under one’s control to be used for any activity mentioned above 2. Large parts of the CDA, pursuant to the decision in Reno v. American Civil Liberties Union, were declared unconstitutional. • The CDA was deemed to be creating an undue burden on adult speech

G. Other Attempts to Censor the Internet

1. Parts of the CDA remained valid and the issue remains as to whether the government could control websites that initiate contact with minors for the transmission of improper material.

H. Child Online Protection Act (COPA) of 1998

1. COPA attempts to require that website owners use bona fide methods of identifying visitors to their websites if the website offers materials deemed to be harmful to minors. 2. COPA has been challenged by the American Civil Liberties Union and an injunction has been issued prohibiting the government from enforcing COPA. 3. The matter is currently under appeal

I. Child Pornography Prevention Act (CPPA) of 1996

1. CPPA makes illegal the use of computer technology to produce materials that contain portrayals of real children involved in sexual activity, as well as virtual or fictitious children. 2. Litigation regarding CPPA has resulted in the following: • It is constitutional to prohibit pornography that makes use of real children • It is not constitutional to prohibit pornography that makes use of virtual or digital images that do not use real children

Teaching Tip: Defining pornography and obscenity is not an exact science. This uncertainty is at the heart of a statement made by Supreme Court Justice William Powell when he said, “I can’t define obscenity, but I know it when I see it.” (Paraphrased)

III. CYBERSTALKING

A. Cyberstalking is the use of electronic or technical means to stalk another person

1. Cyberstalking may involve: • The internet • E-mail • Any other electronic device 2. Cyberstalking requires: • Harassing or threatening behavior • Some sort of credible threat 3. See the Cyberlaw Developments box on page 721.

IV. CYBERCRIME: FRAUD

A. Computer Antifraud and Antihacking Statutes

1. The Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 makes it illegal if a person: • Knowingly and with intent to defraud produces, uses or traffics in one or more counterfeit access devices • Knowingly and with intent to defraud traffics or uses one or more unauthorized access devices during any one year period and by such conduct obtains anything of value 2. An access device can be a/an: • Card • Plate • Code • Account number 3. Access devices are used to initiate transfers of funds. 4. Counterfeit devices are any device that is counterfeit, fictitious, altered or an identifiable component of an access device. 5. Examples of counterfeit devices include: • Credit cards obtained with an intent to defraud • Gaining access to cellular telephone services without paying 6. The Computer Fraud and Abuse Act of 1984 is directed at computer hackers. 7. Under the Computer Fraud and Abuse Act of 1984, it is a crime to knowingly access a computer without authorization or exceed authorization and obtain: • Information contained in a financial record of a financial institution or of a credit card issuer • Information contained in a file of a consumer reporting agency on a consumer • Information from any department or agency of the United States • Information from any protected computer if the conduct involves interstate or international communication 8. The Wire Fraud Act, as amended by the No Electronic Theft Act of 1997 requires that: • Defendants be involved in a scheme to defraud by false pretences • The defendant knowingly participated in the fraud • Interstate wire or mail communications were used to further the scheme 9. The No Electronic Theft Act (NET) amended the Wire Fraud Act by making it a felony to do the actions prohibited in the Wire Fraud Act whether or not the perpetrator realized or had an expectation of financial gain. • There must be a taking for a violation to be actionable 10. See the Cyberlaw Developments box on page 728.

B. USA Patriot Act

1. The USA Patriot Act amended a number of existing statutes to allow federal criminal investigators: • Wider availability for the use of wiretaps • Easier access to stored wire communications such as voice mail • Expanded scope of subpoena authority regarding electronic evidence • The use of tracking devices on computer networks • The ability to intercept communications of computer hackers 2. Sentences were increased for hackers from 10 to 20 years. 3. See the Ethical Challenges box on page 725.

C. Other Computer-Related Antifraud Statutes

1. The Identity Theft and Assumption Deterrence Act of 1988 makes it a crime to knowingly transfer or use another person’s identity with the intent to commit, aid or abet any unlawful activity that constitutes a violation of federal law or a felony under state or local law.

Teaching Tip: In order to protect consumers against identity theft more than half of the states have passed laws requiring companies to display only the last four digits of credit card numbers hiding and not disclosing the rest whenever purchases are made.

2. The Electronic Communications Privacy Act (ECPA) of 1986 makes the unauthorized interception or disclosure of wire, oral and/or electronic communications illegal. 3. Among the things the ECPA pertains to are: • E-mail • Computer generated transmissions • Cell phone conversations 4. It is a violation of the ECPA to: • Intentionally intercept or inducing another person to intercept any wire, oral or electronic communication • Intentionally using or disclosing or attempting to use or disclose any wire, oral or electronic communication, knowing or having reason to know that the information was improperly intercepted in violation of the EPCA 5. ISPs fall under this act and are prohibited from intercepting using or disclosing information. 6. Exceptions to the ECPA include: • The operator of a switchboard (including ISPs) can intercept electronic communications in the normal course of business which is necessary to render the service or protect the rights or property of the service • In the ordinary course of business, employers may intercept phone calls as well as e-mail • Interceptions are appropriate if the sender or recipient of the message has consented to the interception • Law enforcement agencies conducting investigations may compel ISPs or other service providers to intercept communications 7. Title II of the ECPA applies to stored communications and makes it a crime to: • Intentionally access without authorization, a facility through which electronic communications are provided • Intentionally exceed authorization to access that facility and obtain, alter or prevent authorized access to a wire, or electronic communication while in storage

V. PROTECTION OF INTELLECTUAL PROPERTY

A. The Economic Espionage Act (EEA) of 1996

1. The EEA makes the misappropriation of trade secrets, using computers or by other means, a crime. 2. Penalties for violation of the EEA include: • Imprisonment up to 15 years • Fines up to $10 million • Forfeiture of property, profit or proceeds gained through the illegal activity • Misappropriation of trade secrets on behalf of foreign governments is considered a much more serious crime than if appropriated for U.S. firms

B. Criminal Infringement of a Copyright

1. Most copyright violations involve civil actions and damages. 2. Criminal sanctions are available when a person willfully infringes on a copyright either: • For purposes of commercial advantage or private financial gain • By reproducing or distributing one or more copyrighted works that have a retail value of more than $1,000 within a one year period

C. Digital Millennium Copyright Act (DMCA) of 1998

1. The DMCA was enacted to deal with hacker created software created to circumvent protections, such as content scrambling system (CSS) programs for copyrighted works. 2. Penalties for the violation of the DMCA include: • Up to $500,00 for the first offense • Up to five years in prison for the first offense • Up to $1 million for subsequent offenses • Up to ten years in prison for subsequent offenses

VI. INTERNET GAMBLING

A. Licensed Gambling

1. 48 states have some type of legalized gambling. 2. Gambling may take a variety of forms including: • Full service casinos • Limited casinos (slot machines only) • Horse racing • State lotteries

B. Unlicensed Gambling

1. Internet gambling sites are generally illegal. • Most are unlicensed • Most are located in foreign jurisdictions 2. The U.S. has essentially no authority to regulate foreign websites.

C. State enforcement of Gambling Debts

1. The Issue: Can a state enforce a gambling debt in a state where gambling is illegal? • If the gambling contract is illegal, states will generally consider the debt unenforceable and hence unrecoverable. 2. There is current mo federal legislation outlawing Internet gambling.

VII. CYBERMEDICINE AND INTERNET PHARMACIES

A. Cybermedicine

1. Cybermedicine is the practice of medicine over the Internet where: • The doctor and patient are physically separated • Communication is electronic 2. Generally, questionnaires are completed and medicine is dispensed pursuant to the answers. 3, Drugs then become readily available without the required prescriptions. 4. Two significant issues must be addressed: • Does the practice of Cybermedicine violate the rules of state boards? • Can a website legally sell prescription drugs? 5. Since teleconferencing is a recognized and approved practice, face-to-face meetings are not necessarily required. 6. Filling prescriptions online is open to abuse. • There is no way to verify the veracity of the questionnaire answers • Offshore drug sellers make profits solely on sales so they have a vested interest in maximizing sales. Therefore the independent doctor is cut out so the customer is unprotected • Patient information is not protected and is subject to sale • Drugs are sold by offshore sites that are not FDA approved

Teaching Tip: A current concern is the proliferation of Canadian websites selling low cost drugs. The cheaper prices made available undercut U.S. pharmacies and have the potential to drive domestic prices higher.

ETHICAL SCENARIOS

1. Statutes designed to protect children from pornography have frequently been struck down, either all or in part, when those statutes were deemed to be so broad as to limit adult rights to freedom of expression. How should society balance the rights of adults with the need to protect children? Should the government be in the business of protecting children or is that solely a parental job? How would society be affected if the government took a totally laissez-faire approach to pornography and child protection?

2. On pages 734 and 735, the book describes a gambling contract issue regarding a Ms. Haines. Do you agree that the banks and credit card companies should bear the burden of her losses? The bank and credit card company losses, once accumulated will likely be passed on to other customers. If the credit card issuers, to protect themselves, instituted policies regarding review of card use prior to the approval of each extension of credit, would that constitute, in your opinion, a permissible invasion of cardholders privacy?

3. Computer viruses can cause havoc when the infection hinders or disables personal or business computers. Naturally, the cost of dealing with viruses impacts major companies whenever an infection occurs and is high in both monetary and manpower expenditures, but even the small businessperson or casual user can be caused major inconvenience, anguish and expense when infected. Does the law deal with those who spread viruses severely enough? Is there anything more that the government could do to protect citizens and businesses that use the Internet that would not be viewed as an invasion of citizen’s rights? Now imagine that the next time you went to your personal computer it was useless due to a virus and had to be replaced; or, that the next time you went to the computer lab on campus you found that a virus had disabled all computers on your campus for six months. Would your answer be different?

SUGGESTED ANSWERS TO CASE QUESTIONS FOR ANALYSIS

Case 22-1
United States of America, Plaintiff-Appellee v. Robert Alan Thomas and Carleen Thomas, Defendants-Appellants

1. Based on the opinion in this case, is it fair to contend that the legal definition of what is obscene varies from community to community? Why did the defendants argue that the government was suing them in the wrong venue? Why would it be to the advantage of the defendants to have a different venue for this case?
Answer: Yes, the legal definition of obscenity varies from community to community and this was affirmed by this court. The court makes numerous references to the varying standards such as (1) “…juries are properly instructed to apply the community standards of the geographic area where the material was sent”, and (2) “The court recognizes that distributors of allegedly obscene materials may be subject to the standards of the varying communities where they transmit their materials…” The defendants claimed that the proper venue would be their home state rather than Tennessee. This was not persuasive because it is well established that “there is no constitutional impediment to the governments power to prosecute pornography dealers in any district into which the material is sent.” Obscenity and pornography are viewed differently from state to state and the defendant’s home state is much more liberal than Tennessee.

2. Do the community standards that are present in rural Western Tennessee determine what is “obscene,” and thus illegal, in more liberal areas of the country such as California? Why was the court not troubled by this prospect? How could the defendants in this case have easily avoided jurisdiction of the courts in Western Tennessee?
Answer: No, Western Tennessee obscenity standards apply only to Western Tennessee. No local community may impose its own standards on a second viable community. The court was not bothered by jurisdictional questions because it is well established that “there is no constitutional impediment to the governments power to prosecute pornography dealers in any district into which the material is sent.” The defendants could have avoided Western Tennessee jurisdiction by not selling memberships to Western Tennessee residents.

Case 22-2

United Stated, Appellee v. Richard W. Czubinski, Defendant-Appellant

1. What additional facts would have to be proven in order for the government to convict Czubinski of a violation of the Computer Fraud and Abuse Act?
Answer: The government would have to prove that the defendant willfully participated in a criminal scheme to defraud the plaintiff. The government would also need to prove that the defendant intended, by his actions, to deprive the government of their protected right.

2. If the defendant, Czubinski, had sold embarrassing information about the tax forms of celebrities, would he have violated the Computer Fraud and Abuse Act?
Answer: If he had defrauded the government by accessing and using the information for personal gain, a violation of the Computer Fraud and Abuse Act would occur.

3. Is any use of the Internet or computers that are connected to the Internet a “use of interstate wire communications in furtherance of the scheme,” which is the required second element of a violation? The court did not answer that question because the government’s case failed on the first required element, but what do you think?
Answer: Student answers will vary. However, the court did indicate that the mere unauthorized browsing, even if done with intent to deceive the government, did not rise to the level of deprivation pursuant to the federal fraud statutes.

Case 22-3
State of Minnesota by its Attorney General Hubert H. Humphrey III, Respondent vs. Granite Gate Resorts, Inc., d/b/a On Ramp Internet Computer Services; et al., Appellants

1. Does this case support the proposition that, if you establish a website that is accessible in a state, that state can exert jurisdiction over you and your website?
Answer: Here, the advertising and establishing of channels for customer advice, evidences intent to serve the market in Minnesota. This case determined that if the website is accessible in a state, at least minimal contacts are considered established and the state may exercise jurisdiction. The facts that at least 248 Minnesota based computers accessed and received transmissions from the site in a two week period, computers located in Minnesota were among the 500 computers that most frequently accessed the site, persons from Minnesota called the numbers advertised on the site and the defendants mailing list contained at least one Minnesota resident, solidified the fact that required minimal contacts had been established.

2. What was unfair and deceptive about the WagerNet website? Do you think that when a website says that, if you have a claim against it, you have to go before courts in Belize, but if they have a claim against you, they can sue you in your home state court is unfair?
Answer: The deceptive statement contained on the website was the declaration that gambling on the Internet was legal. This statement was untrue and designed to mislead readers and subscribers to the site. Student answers will vary regarding the jurisdiction portion of the question. Students should be encouraged to review the Chapter 2 discussions on jurisdiction. Although the international nature of this forum selection creates complications, the fact that the defendant corporation is domiciled in Nevada would likely allow a forum non conveniens motion to be successful.

3. Do you think rulings like the one that occurred in this case will drive all Internet gambling to offshore websites?
Answer: Student answers will vary.

SUGGESTED ANSWERS TO QUESTIONS FOR REVIEW AND ANALYSIS

1. There is a lot of activity on the Internet that is criminal. Discuss how privacy rights, jurisdiction, and free speech are being used to shelter criminal activity. Should we give up some of these rights to apprehend and punish cybercriminals?
Answer: Very often, criminals use constitutional and statutorily guaranteed freedoms to shelter criminal activity. Privacy rights allow lawbreakers to communicate freely with government intervention severely limited by statute. Although the government can and will monitor telephone, e-mail and other forms of communications, their right to so monitor is limited to circumstances in which reasonable evidence exists that criminal activity is taking place. The Internet has made jurisdictional issues difficult to resolve. Courts can exercise jurisdiction over U.S. companies doing business over the Internet as long as minimal contacts can be shown in the state bringing the suit. When the website is a foreign company located in a foreign country, jurisdiction and enforcement is almost impossible. Freedom of speech is one of America’s most valued freedoms. Any attempt to extinguish or even limit a portion of speech is very closely scrutinized. For example, despite the beneficial nature of child pornography banning statutes, the statutes are frequently struck down as unconstitutional when the language is so broad as to also limit adult speech. Student answers will vary regarding the issue of forfeiting rights.

2. Much of the legislation designed to reduce access to pornography by minors has been declared unconstitutional. What are the main reasons courts have relied on in declaring antiporn laws unconstitutional?
Answer: The courts have agreed with the ACLU saying that the statutes addressing child pornography place an undue burden and improper limitation of adult speech due to the broad language used in the statutes.

3. At one time, in order to demonstrate their alleged intellectual superiority, a number of teenagers broke into computer systems that guarded records of schools, government generally, and the military. What are the current potential criminal risks associated with hacking illegally into computer systems?
Answer: Since the term hacker refers to anyone gaining unauthorized access to another’s computer, there are a variety of statutes that deal with and provide for punishment of convicted hackers. The Computer Fraud and Abuse Act was specifically enacted to deal directly with hackers regarding government and financial institution computers and was strengthened by the USA Patriot Act. The Identity Theft and Assumption Deterrence Act, the Electronic Communications Privacy Act, the Economic Espionage Act and the Digital Millennium Copyright Act may all involve unauthorized access to computers and thereby involve hacking. Each of these acts prescribes civil and or criminal penalties including monetary damages, disgorgement of profits gained, fines and imprisonment.

4 Criminal law statutes now protect your name and identity, your communications, and your ideas. Match each of these categories with the appropriate criminal law statute and explain how each statute can be violated.
Answer: The Identity Theft and Assumption Deterrence Act was enacted to protect your name and identity by making it illegal to knowingly transfer or use another person’s identity with the intent to commit, aid or abet any unlawful activity that constitutes a violation of federal law or a felony under state or local law. The Electronic Communications Privacy Act makes the unauthorized interception or disclosure of wire, oral and/or electronic communications illegal regarding E-mail, computer generated transmissions and cell phone conversations. Your ideas are protected by the Digital Millennium Copyright Act which was enacted to deal with hacker created software created to circumvent protections, such as content scrambling system (CSS) programs for copyrighted works and the Economic Espionage Act which makes the misappropriation of trade secrets, using computers or by other means, a crime.

5. Online gambling and the purchase of pharmaceutical drugs over the Internet are quasi-legal activities that can only take place because the Internet allows the parties offering gambling and drugs access to those who want to be customers. Should law enforcement in the Unite States tolerate such activity of should it go after small nations that private shelter for such websites? In addition to policing the physical word, should the United States police all of cyberspace?
Answer: Student answers will vary. It may be interesting to see if the students think that such regulation could even exist.