Law Week 4 Assignment
Week 4: Topic Two Exercise (Exercise #2)
General Instructions
There are Two Parts to this exercise. You need only answer the questions in Part One. You might proceed as follows:
First, read Part One and answer the questions. The ONLY questions you need to answer are those in Part One.
Next, read Part Two and think about the subjects raised. This is purely in the nature of a review. You do NOT need to answer any of the questions/issues raised in Part Two. But these are (non-exhaustive) examples of the sort of questions I might ask in a final examination and are the sort of things you should know for your own satisfaction that you have profited from taking this course. BTW, many of these track the various discussion board prompts from Week 3 and so you will have already had occasion to think about them.
Part One
This exercise is open book and does not require any outside research beyond our assigned texts, but you must make explicit reference to the text as appropriate.
In your answers, you should make references to support your answers by informal pinpoint citation to book and page number within parentheses. For example: Computer Crime Law at p. __. You do not need to use the “blue book” citation format, but I am seeking informal pinpoint citations.
Your answers should indicate both an understanding of the facts or issues involved (a brief description) and contain your further observation or reflection upon those facts or issues as appropriate.
There are two questions, each with sub-parts.
Question 1.
(a) What are the seven computer crimes in 15 USC § 1030? Identify the elements of each and explain the significant defined terms.
(b) Which of those seven computer crimes most directly address the cybersecurity triad? (Match the applicable provisions of the CFAA to each of the three interests)
(c) What is the presumptive penalty for a violation of §1030(a)(2)(C)? What circumstances would increase the presumptive penalty?
|
Answer 1
(a)
(b)
(c)
|
Question 2.
What computer-related crimes did Fred Felony commit when he decided to use a computer (this is the “ computer crime” hypothetical, at p. 4 of our Computer Crime Law casebook). Briefly outline the elements of each offense and be sure to distinguish which of these offenses is created pursuant to
(a) all of the applicable new laws contained in the Computer Fraud and Abuse Act that cover his offense,
(b) at least one of the more traditional existing laws that are discussed in our casebook.
|
Answer 2
(a)
(b)
|
Click on the specified link to submit your response. Click on "Browse My Computer" and attach your assignment from your hard drive. Scroll down and click "Submit" to send your answer to the instructor.
End of exercise
* * *
Self-study notes (these are NOT part of the graded exercise—do NOT submit any answers to any of these)
You should be sure that you could answer questions such as these, and others like them that are included or suggested by the materials in the casebook. You should refer to the book’s table of contents and index to be sure to find the referenced materials and then to self-test your own knowledge.
The Final Examination may include questions such as these (or others like them)
Part Two
(these are matters to think about for your personal review: do NOT answer any of these and do not submit these pages with your answers to Part One)
1. US v. Swartz, at pp. 10-11, and notes and questions 1-6 (pp. 11-14):
Should Aaron Swartz’s conduct and Charles Even’s conduct be a crime? (and if not a crime, should either or both nonetheless be subject to money damages as a matter of private/civil law in a lawsuit brought by the victims?) (or both a crime and civil damages?) What about the “hacker ethic” at pp. 12-14, notes 3-5?
2. The choices in existing law (pp.14-29) for new offenses.
If the offending act is misuse of a computer to gain unauthorized access to data, or to change or delete data, or deny access…
· Why is the existing law of each of (a) trespass, (b) burglary, and (c) theft (at least at first glance) an appealing source of criminal law as applied to these new offenses in cyberspace (distinguish each).
· But what are the limitations of each of those three laws when it comes to cyberspace?
3. Theft as applied to new offenses in cyberspace (pp. 14-29)
Of those three existing tools (trespass, burglary, and theft), why is “theft” (and theft by “fraud”) the more likely choice to regulate these new offenses in cyberspace (unauthorized access, changing or deleting data, or denying access) (pp. 14-16)? What are the limitations of using “theft” to prevent “computer misuse” in cyberspace? (pp. 16-29).
4. New Law for New Offenses in Cyberspace: Unauthorized Access Statutes (pp. 29-31):
(a) notice that there are state laws on unauthorized access (in all 50 states) but then concentrate on the federal law: what are the seven (federal) offenses in 18 U.S.C. §1030? (p. 30, and see our statutory supplement) – all seven are in §1030(a)(1) through (7).
(b) what do each of §§ 1030(b), (c), (e), and (g) add to §1030(a)? (pp. 31-32, and see our statutory supplement)
and note that this legislation is referred to as the [Federal] Computer Fraud and Abuse Act (CFAA)
Select any one topic suggested by the unauthorized access statutes—does any one of the 7 federal offenses, or their enhancements, surprise you or strike you as interesting? — identify the topic and explain why it interests you, or provide another comment or observation.
5. “ What is Access.” Consider what the author means by
(a) a “virtual” perspective on access (a “ narrow” understanding pursuant to which many events would not constitute access), as opposed to
(b) a “physical” perspective on access (a “ broader” understanding: many of those same events would constitute access) (pp. 31-33).
Do you think it odd that the statute does not more particularly define “access” by choosing one or the other of the two views? Which of the two would you recommend?
NOTE: perhaps the use of “virtual” v. “physical” (rather than simply narrow v. broad) is not the best choice of words but it is not uncommon, and you should be able to understand that there are at least two perspectives on access. The notion of a narrow v. broad perspectives recurs in the notes at pp. 35-38 and perhaps especially at note 6, p. 38.
6. What is “ Unauthorized” Access .
Consider that the CFAA will penalize conduct (assuming that it constitutes “ access”) that is “ unauthorized.” And access might be considered unauthorized if it is either without authorization or exceeds authorization. Notice that authorization may be given by (a) code, e.g., a password (b) contract, e.g., terms of use, or an employment manual or employment agreement, or (c) norms, e.g., widely shared expectations. (see p. 39-42)
Be prepared to discuss Van Buren v. United States and its implications beyond contract-based “authorized access” — What about the curious law firm associate (note 2, p. 62)? What about the scenarios A through H, at pp. 62-63? What about the MySpace Suicide case (US v. Drew)?
How might you rewrite the CFAA to cover the conduct of Mr. Van Buren (or any of the other actors in the scenarios discussed whom you might think to be “deserving” of punishment) while NOT covering the other actors, if any, whom you might believe do not deserve to be punished.
Would you be prepared to make ALL the actors in A through H potentially liable (as well as the curious law firm associate, and Lori Drew)—by introducing legislation that would reverse Van Buren— and then trust to the good sense and good faith of prosecutors to exercise their discretion in deciding whether to charge anyone (and then to charge only the “bad” actors).
7. Code-based and contract-based restrictions on authorization (sources of unauthorized access).
Suppose you overheard someone say that
· the conduct (the worm unleashed, with passwords and accounts circumvented) of Mr. Robert Morris should be illegal, and that his case (at p. 40, with notes and questions at pp. 43-49) was properly decided,
· the conduct of David Nosal should be illegal and that his case (Nosal II at p. 46 note 5) is also properly decided
—how might you agree with that point of view (giving the best argument you can to the effect that both cases are correct)? How would you respond in disagreement? (giving the best argument you can that one or both cases should have been decided differently?)
Suppose you agree that each case is properly decided; what do you think about the problem of password sharing (the problem faced by companies that stream online video, described at the bottom of p. 47)?
Note: it might help to approach this thought problem by thinking in terms of the “over criminalization” debate.
8. Norm-based restrictions on authorization (another source of unauthorized access)
Reconsider hiQ’s scraper after Van Buren (hiQ is in the supplement), do you believe it survives?
(Consider the same sort of “over-criminalization concerns set forth in question 7 above, and see generally the notes at pp. 72-79).
9. Wire Fraud/Computer Fraud ( U.S. v. Czubinski
(a) Briefly explain why the IRS employee who carried out numerous unauthorized searches of taxpayer records was held to be not guilty of wire fraud under 18 U.S.C. § 1343 or of computer fraud under 1030(a)(4).
(b) Briefly explain whether (and why) that same conduct might have/ would have sustained a conviction under the unauthorized access statute , 1030(a)(2). (or is this just a “no liability” case after Van Buren?)
10. Computer Damage. Do you believe U.S. v. Thomas was rightly decided (what was the issue and how was it resolved)? Do you believe Middleton was rightly decided (what was the issue and how was it decided)?
11. An Issue: “Hacking Back”
Consider the arguments for and against “hacking back” as a means of self-help/self-protection (pp. 138-41). This is a live issue. Think about it in light of the problem of attribution (or any other problem). What do you recommend?
12. Big Picture, Prosecutorial Discretion.
Consider note 6 at p. 138. Would you say that the legislature has acted wisely in enacting the CFAA? Has it gone too far? Not far enough?
1