Computer Crimes

The primary statute for computer crimes is 18 U.S.C. § 1030, which prohibits computer fraud and abuse.


Section 1030(a) prohibits:


  1. Computer espionage.—Knowing access to a computer without authorization (or exceeding authorized access), obtaining protected information, and willful communication or retention of such information with reason to believe it could be used to the injury of the United States or the advantage of a foreign nation;
  2. Unauthorized access to information.—Intentional and unauthorized access (or exceeding authorized access) to a computer and obtaining information
  • (A) contained in a financial record or in a file of a consumer reporting agency,
  • (B) from a United States department or agency, or
  • (C) from any protected computer;
Hands typing on laptop displaying colorful code.
  1. Trespassing on a government computer.—Intentional and unauthorized access to a nonpublic government computer, or to a computer used by or for the United States government that affects such use;
  2. Computer fraud.—Unauthorized access (or exceeding authorized access) to a protected computer, with the intent to defraud, in furtherance of that fraud, and where something of value is obtained;
  3. Intentional damage or loss by transmission of program or unauthorized access.—Knowing transmission of a program, information, code, or command resulting in intentional damage to a protected computer, or intentional unauthorized access to a protected computer resulting in damage or loss;
  4. Trafficking in passwords and computer access information.—Knowingly and with intent to defraud trafficking in passwords or similar computer access information if the computer is used by or for the United States government or such trafficking affects interstate commerce; and
  5. Extortion involving protected computers.—Transmitting a threatening communication or demand relating to protected computers with the intent to extort from any person any money or thing of value.9 Through section 1030(b), the statute further prohibits attempt and conspiracy to commit the above offenses.


Section 1030(e)(1)  defines a “computer” as an “electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions.” As such, cell phones and devices with data processors are “computers” within the meaning of the statute, as are cloud-based servers.


A “protected computer” is a computer:


  • (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government;
  • (B) which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; or
  • (C) that—
  1. is part of a voting system; and (ii)
  2. is used for the management, support, or administration of a Federal election; or
  3. has moved in or otherwise affects interstate or foreign commerce.


Section 1030  defines “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” It defines “damage” as “any impairment to the integrity or availability of data, a program, a system, or information.” In addition to other terms, the statute defines “exceeds authorized access” as “access[ing] a computer with authorization and us[ing] such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter.”


Section 1030 defines “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” It defines “damage” as “any impairment to the integrity or availability of data, a program, a system, or information.” In addition to other terms, the statute defines “exceeds authorized access” as “access[ing] a computer with authorization and us[ing] such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.”


Section 1030(c) establishes the penalties for an offense under this statute. Criminal punishment for a violation of section 1030 ranges from misdemeanor punishment up to life in prison, depending on the offense of conviction. The statute provides for increased punishment for certain offenses if the offense was committed under aggravating

circumstances and for subsequent violations of section 1030.

Computer Espionage

Section 1030(a)(1) prohibits “computer espionage,” that is, the willful

communication to any unauthorized person, or willful retention, of protected information or restricted data, obtained by knowingly accessing a computer without authorization (or exceeding authorized access), with reason to believe that such information or data could be used to the injury of the United States or to the advantage of a foreign nation. A defendant faces up to ten years of imprisonment for a violation of section 1030(a)(1) unless the defendant has a prior conviction for a section 1030 offense, in which case the statutory

maximum punishment is 20 years.

Computer Fraud

Section 1030(a)(2) relates to offenses that involve obtaining information by hacking a computer or exceeding authorized access to a computer. Violations of subsection (a)(2) are punishable by not more than one year in prison unless


  • (1) the offense was committed for purposes of commercial advantage or private financial gain or in furtherance of a criminal or tortious act, or the value of the information exceeds $5,000, in which case the defendant faces up to five years’ imprisonment, or
  • (2) the defendant has a prior conviction for an offense under section 1030, in which case the maximum prison term is ten years.


Subsection (a)(4) prohibits unauthorized access, or exceeding authorized access, to a protected computer with the intent to defraud, in furtherance of that fraud, and where something of value is obtained. Violations of subsection (a)(4) are punishable by not more than five years in prison unless the defendant has a prior conviction for an offense under section 1030, in which case the statutory maximum is ten years of imprisonment.


Section 1030(a)(5) prohibits knowingly causing the transmission of a program or code and intentionally or recklessly causing damage to a protected computer. Penalties for a violation of subsection (a)(5) range from one year to life imprisonment. For example, a defendant faces up to five years of imprisonment if the offense caused damage affecting ten or more protected computers during any one-year period. If a defendant attempts to cause or knowingly or recklessly causes death from conduct in violation of subsection (a)(5)(A) (knowing transmission of a code or similar information that intentionally causes damage to protected computer), the defendant faces up to life in prison.


Section 1030(a)(6) prohibits knowingly, and with intent to defraud, trafficking in passwords or similar access information. Violations of subsection (a)(6) are punishable by not more than one year in prison unless the defendant has a prior conviction for an offense under section 1030, in which case the statutory maximum is ten years of imprisonment.


These cases are extremely technical and will most often require the government to have a forensic computer expert explain how the crime occurred, and how the computer facilitated the crime. This provides fertile ground to attack the case because their testimony may often be subjective and skewed in favor of the government. A defense foresnci expert can dispute the government’s case and provide other reasonable totally legal explanations for the activities. Contact me to discuss computer crimes defense and other ways to attack the government’s case.