CIVILPENALTIESFORCYBERCRIMELAGBEHINDHACKERS’HABITS.docVIP

Civil Penalties for Cyber Crime Lag Behind Hackers’ Habits By: Líadan Donnelly Much of the discussion in Congress surrounding cyber crime deals with national security concerns, including how to protect state secrets from increasingly skilled cyber hackers. Often overlooked in the debate is the question of civil penalties for computer crimes. The primary federal law dealing with computer crimes is the Computer Fraud and Abuse Act (CFAA), passed in 1986 and updated many times since. The law provides a comprehensive set of criminal sanctions for computer crimes, covering both outside hacking attacks and misappropriation of information by employees. The civil cause of action provided for by the CFAA is surprisingly narrow by contrast, and represents a view of computer crime that has not kept pace with the abilities of computer hackers. Rather than focus on the value of information stolen or reputational damage, the law requires that there be actual damage to a computer system or information or a disruption of service that results in a monetary loss. Although companies can seek civil remedies under the Uniform Trade Secrets Act (UTSA), ratified by 46 states, the definition of a trade secret may not include all valuable information misappropriated by hackers. The gaps in both the CFAA and the UTSA can leave companies with no civil recourse after computer attacks. Although the most obvious hurdle for victims of computer crimes is catching the perpetrators, victims who surpass this hurdle may be surprised to learn that there is little potential to recover in civil court. Under the Computer Fraud and Abuse Act, any person who suffers “loss” or “damage” due to a violation of the act can bring a civil action for compensatory damages or equitable relief. The act provides restrictive definitions of both “loss” and “damage,” however. Damage is defined as “any impairment to the integrity or availability of data, a program, a system, or information.” While a company can seek r