Cybercrime's Scope: Interpreting 'Access' and 'Authorization' in Computer
Misuse Statutes
ORIN S. KERR
The George Washington University Law School
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=399740
GWU Law School, Public Law Research Paper No. 65
NYU Law Review, Vol. 78, No. 5, pp. 1596-1668, November 2003
Abstract:
In the last twenty-five years, the federal government and all fifty states
have enacted new criminal laws that prohibit unauthorized access to
computers. These new laws attempt to draw a line between criminality and
free conduct in cyberspace. No one knows what it means to access a computer,
however, nor when access becomes unauthorized. The few courts that have
construed these terms have offered divergent interpretations, and no
scholars have yet addressed the problem. Recent decisions interpreting the
federal statute in civil cases suggest that any breach of contract with a
computer owner renders use of that computer an unauthorized access. If
applied to criminal cases, this approach would broadly criminalize contract
law on the Internet, potentially making millions of Americans criminals for
the way they write e-mail and surf the Web.
This Article presents a comprehensive inquiry into the meaning of
unauthorized access statutes. It begins by explaining why legislatures
enacted unauthorized access statutes, and why early beliefs that such
statutes solved the problem of computer misuse have proved remarkably na�ve.
Next, the Article explains how the courts have construed these statutes in
an overly broad way that threatens to criminalize a surprising range of
innocuous conduct involving computers. In the final section, the Article
offers a normative proposal for interpreting access and authorization. This
section argues that courts should reject a contract theory of authorization,
and should narrow the scope of unauthorized access statutes to circumvention
of code-based restrictions on computer privileges. The section justifies
this proposal on several grounds. First, the proposal will best mediate the
line between securing privacy and protecting the liberty of Internet users.
Second, the proposal mirrors criminal law's traditional treatment of crimes
that contain a consent element. Third, the proposed approach is consistent
with the basic theories of punishment. Fourth, the proposed interpretation
avoids possible constitutional difficulties that may arise under the broader
constructions that courts recently have favored.
Keywords: cybercrime, computer crime, unauthorized access, code
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.
