Criminal Law in Cyberspace Neal Kumar Katyal Forthcoming: 149 U Penn. L. Rev.-(April, 2001) NTRODUCTION WHAT IS CYBERCRIME? A. Unauthorized Access to Computer Programs and Files Unauthorized Disruption 1 orms 3. Logic Bombs Trojan Horses Distributed denial of service C. Theft of Identity Carrying out a Traditional Offense 1. Child Pornography 2. Copyright......... ..27 Illegal Firearms Sales 33 II TREATING CYBERCRIME DIFFERENTLY A. First-Party Strate 1. Five Constraints on Crime 2. The Efficiency of Cybercrime a) Conspiracy's Demise b) Pseudonymity and Encryption racing and Escape Second-Party Strategies of Victim Precaution 1. Optimal victim Behavior 2. The Limits of victim Precaution 4448938乃3987 3. The Emergence of a Special Form of Crime, Targeting Networks 5. Supersleuth Victims Electronic Vigilantism Third Party Strategies of Scanning, Coding, and Norm Enforcement 92 Internet service providers Credit Card Companies Software and Hardware Manufacturers Public Enforcement of Social Norms 105 CONCLUSION..,,,.,.,,.,.,..,.,.,..,,.,.,,.,..,,..,,,..,,,. Associate Professor of Law, Georgetown University Law Center. Thanks to Akhil Amar, Julie Cohen, Fred Cohen Michael Froomkin, Jennifer Granick, Jerry Kang, Sonia Katyal, Josh Liston, Wayne Mink, Wendy Perdue, Mark Rasch, Jeffrey rosen, Joanna Rosen, Jonathan Rusch, Mike Seidman, Warren Schwartz, Anna Selden, Andrew Shapiro, Neal Stephenson, Cliff Stoll, Lynn Stout, Mark Tushnet, Eugene Volokh, Robin West, and participants in a georgetown University Faculty Workshop*Associate Professor of Law, Georgetown University Law Center. Thanks to Akhil Amar, Julie Cohen, Fred Cohen, Michael Froomkin, Jennifer Granick, Jerry Kang, Sonia Katyal, Josh Liston, Wayne Mink, Wendy Perdue, Mark Rasch, Jeffrey Rosen, Joanna Rosen, Jonathan Rusch, Mike Seidman, Warren Schwartz, Anna Selden, Andrew Shapiro, Neal Stephenson, Cliff Stoll, Lynn Stout, Mark Tushnet, Eugene Volokh, Robin West, and participants in a Georgetown University Faculty Workshop. Criminal Law in Cyberspace Neal Kumar Katyal* Forthcoming: 149 U. Penn. L. Rev. – (April, 2001) INTRODUCTION ................................................................ 2 I. WHAT IS CYBERCRIME? ................................................... 10 A. Unauthorized Access to Computer Programs and Files ....................... 17 B. Unauthorized Disruption ............................................. 19 1. Viruses ................................................... 19 2. Worms .................................................... 20 3. Logic Bombs & Trojan Horses .................................. 21 4. Distributed Denial of Service ................................... 22 C. Theft of Identity ................................................... 23 D. Carrying out a Traditional Offense ...................................... 24 1. Child Pornography ........................................... 24 2. Copyright .................................................. 27 3. Cyberstalking ............................................... 30 4. Illegal Firearms Sales ......................................... 33 II TREATING CYBERCRIME DIFFERENTLY ........................................ 34 A. First-Party Strategies ............................................... 34 1. Five Constraints on Crime ...................................... 34 2. The Efficiency of Cybercrime ................................... 38 a) Conspiracy’s Demise ................................... 39 b) Pseudonymity and Encryption ............................. 43 c) Tracing and Escape .................................... 68 B. Second-Party Strategies of Victim Precaution .............................. 73 1. Optimal Victim Behavior ....................................... 73 2. The Limits of Victim Precaution ................................. 79 3. The Emergence of a Special Form of Crime, Targeting Networks ......... 85 4. New De Minimis Crime ....................................... 87 5. Supersleuth Victims & Electronic Vigilantism ........................ 89 C. Third Party Strategies of Scanning, Coding, and Norm Enforcement ............. 92 1. Internet Service Providers ...................................... 93 2. Credit Card Companies ........................................ 99 3. Software and Hardware Manufacturers ........................... 100 4. Public Enforcement of Social Norms ............................. 105 CONCLUSION ................................................................ 110