I am not a lawyer, much less a cyber lawyer, but I was recently wondering “are there any laws—especially federal ones—that cover just plain old Hacking per se?” Say someone breaks into your blog, maybe they look at your drafts, maybe they deface the front page… is that, in and of itself, a crime no matter where in the United States your attacker is?

The answer is—Yes! 18 USC §1030 makes it a federal Class C felony to access computers you're not authorized to in the United States.

Specifically (with definitions from 18 USC §1030 (e), classifications from §3559 (a)(3), fines from §3571 (b)(3), and emphasis added):

18 USC §1030 (a)(2)(C)Whoever … intentionally accesses a computer without authorization … and thereby obtains … information from any [computer … which is used in or affecting interstate … communication] … The punishment … is— a fine [not more than $250,000] or imprisonment for not more than ten years, or both … [even for] an attempt …

18 USC §1030 (a)(5)(A)Whoever … intentionally causes … [any impairment to the integrity or availability of data, a program, a system, or information] without authorization, to a [computer … which is used in or affecting interstate … communication] … The punishment … is— … a fine [not more than $250,000], imprisonment for not more than 10 years, or both … [even for] an attempt …

And the courts are very, very, unreasonably generous with their interpretation of the word "affecting", so I doubt one would even need to show that the system ever sent packets across state lines in order to fit that requirement.

As for state laws, it looks like someone already compiled a big list of them: www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *

Warning: This site uses Akismet to filter spam. Until or unless I can find a suitable replacement anti-spam solution, this means that (per their indemnification document) all commenters' IP addresses will be sent to Automattic, Inc., who may choose to share such with 3rd parties.
If this is unacceptable to you, I highly recommend using an anonymous proxy or public Wi-Fi connection when commenting.