Ultimate Guide to U.S. Hacking Laws
The U.S. hacking laws impose steep penalties for a broad range of illegal activities. If you are under federal investigation for hacking, or if you are concerned that you could be at risk for federal prosecution, this Ultimate Guide explains what you need to know.
Federal hacking prosecutions have become much more prevalent in recent years. The U.S. Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), and other federal authorities have become well-attuned to the consequences of hacking for consumers, corporate entities, and the government itself, and they have placed particular emphasis on cases involving economic espionage, intellectual property (IP) theft, identity theft, cryptocurrency, and threats to national security.
If you are under investigation, or if you are concerned that you may be at risk for becoming the target of a federal investigation, pertaining to hacking allegations, you need to protect yourself, and you need to start making informed decisions immediately. Prepared by the federal criminal defense attorneys at Oberheiden P.C., this Ultimate Guide to U.S. Hacking Laws provides an overview to help you get started.
10 Key Federal Laws that Prohibit Hacking and Related Activities
When facing a federal hacking investigation, the first thing you need to know is that there are numerous laws that pertain to hacking at the federal level. In order to determine both (i) what is at risk in your case, and (ii) what defenses you can assert, you first need to know which statute(s) are at issue in your case. These are 10 of the primary laws that DOJ prosecutors use to pursue convictions for hacking in federal district court:
1. The Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030)
The CFAA establishes both civil and criminal hacking-related offenses. In criminal cases, unauthorized use of a computer for the purpose of attaining information, acquiring something of value, or causing damage to the computer can lead to long-term imprisonment.
2. The Electronic Communications Privacy Act (ECPA) (18 USC §2510, et seq.)
The ECPA makes it illegal to purposefully intercepts communications or intrude upon electronically stored communications. This includes, but is not limited to, hacking email accounts and intercepting emails in transit.
3. Wiretap Act of 1968 (18 U.S. Code § 2511)
The Wiretap Act of 1968 also applies to cases involving the hacking of private communications. The statute does not apply exclusively to “wiretaps,” but instead prohibits all attempts to deliberately intercept electronic communications regardless of the purpose of the interception.
4. Aggravated Identity Theft Statute (18 U.S.C. § 1028A)
The aggravated identity theft statute imposes federal imprisonment for anyone who, “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person,” and it does not allow for concurrent sentencing. In other words, if you are charged with aggravated identity theft and another hacking-related offense (as is often the case), you will be required to serve both sentences sequentially.
5. Criminal Copyright Infringement Statute (18 U.S.C. § 2319)
Hacking into a private or corporate computer in order to misappropriate copyrighted materials can lead to federal criminal prosecution in addition to liability in civil litigation. Other forms of IP misappropriation and infringement perpetrated through cyber intrusions can trigger criminal charges as well.
6. Unauthorized Publication or Use of Communications Statute (47 U.S.C. § 605)
Under federal law, it is illegal to divulge the contents of any electronic communication received, except to “authorized persons.” Hacking communications or a computer system in order to access communications or other data and then using or sharing those communications or data for unauthorized purposes can lead to prosecution under 47 U.S.C. Section 605.
7. Antiterrorism and Effective Death Penalty Act of 1996 (18 U.S.C. § 2332b(g)(5)(B))
Provisions of the Antiterrorism and Effective Death Penalty Act can be used to prosecute individuals who hack private and government computers for purposes of funding, supporting, or perpetrating acts of terrorism. These cases are extremely serious and require highly-experienced federal defense counsel.
8. Conspiracy (18 U.S.C. § 371)
Individuals accused of hacking are often prosecuted under the federal conspiracy statute. Hacking a private or government computer in order to facilitate the commission of a crime by someone else can support a conspiracy charge under 18 U.S.C. Section 371 in addition to charges under one or more of the statutes discussed above.
9. Wire Fraud (18 U.S.C. § 1343)
The federal wire fraud statute will apply in virtually all hacking cases. It prohibits use of the Internet for unlawful purposes, including but not limited to intercepting communications, sending fraudulent communications, and accessing third-party computer systems without authorization.
10. Money Laundering and Tax Evasion (18 U.S.C. § 1956 and 16 U.S.C. § 7201)
When hacking is perpetrated for financial gain, DOJ prosecutors will frequently pursue charges for money laundering and tax evasion in addition to charges for the hacking itself. These are both serious crimes that carry substantial penalties, including long-term imprisonment.
10 Examples of Conduct that Can Be Prosecuted as Hacking Under Federal Law
Under these (and other) federal statutes, there are a multitude of specific acts that can be prosecuted as hacking. Due to the nature of many cybercrime investigations, alleged hackers will often face multiple counts of multiple alleged offenses. This includes counts involving allegations such as:
- Installing and executing malware, ransomware, or spyware
- Accessing confidential or proprietary data without authorization (including conducting economic espionage)
- Accessing personally identifying information (PII) or other private information
- Misappropriating copyrights, patents, trademarks, or trade secrets
- Breaching data security protections
- Compromising or disabling network security protocols
- Using unauthorized access to information to extort or harass
- Intercepting private communications in order to eavesdrop
- Executing flood attacks and other malicious attacks
- Accessing corporate or government computer systems in order to commit fraud or acts of terrorism, or in a manner that compromises national security
Similar to the list of statutes above, this list is not exhaustive. From conspiring to commit a criminal offense such as bribery, extortion, or fraud to failing to pay income taxes on revenue derived from hacking activities, there are numerous other specific acts that can support criminal charges in federal hacking investigations as well.
Federal Hacking Prosecutions: Defenses & Penalties
If you are under investigation for hacking, or if you have already been charged with one or more federal cybercrimes and related offenses, what defenses do you have available? What penalties are on the table?
Potential Defenses to Hacking Allegations in Federal Cases
Just as there are numerous acts that can be prosecuted as hacking, there are numerous potential defenses to hacking charges under federal law. While criminal defenses in federal cases are highly fact-specific, some examples of the types of defenses that can be used to avoid prosecution, conviction, and sentencing for hacking crimes include:
- Lack of Intent – Most hacking crimes involve an element of intent. If you can successfully argue that you did not intend to commit the alleged offense(s), you may be able to avoid a conviction. However, ignorance of the law generally is not a defense in federal criminal cases.
- No Unauthorized Access – If you had authorization to access the information at issue, this can provide a complete defense to many types of charges. The same is true if you did not actually gain unauthorized access to a private or government server. However, when asserting this type of defense, it is extremely important to be cognizant of the risk of facing conspiracy or attempt charges.
- Statute-Specific Defenses – In addition to intent and unauthorized access, the federal hacking statutes each have their own other specific requirements for proving the commission of a crime. In many cases, it will be possible to avoid conviction by demonstrating that the DOJ cannot prove every element of the alleged offense beyond a reasonable doubt.
- Constitutional Protections – Hacking cases present unique issues with regard to the execution of searches and seizures. If FBI or DOJ agents accessed your home, office, computer, or phone in violation of your constitutional rights, this may prevent key evidence from being presented in court.
Federal Penalties for Hacking and Related Offenses
The potential penalties in federal hacking cases depend on a number of different factors. These include (i) the specific offense(s) charged, (ii) the severity and impact of the alleged crime(s), and (iii) whether and to what extent the judge adheres to the Federal Sentencing Guidelines. In general terms, however, the penalties for hacking are severe. All of the statutes discussed above call for multiple years (if not decades) of imprisonment, and individuals convicted of hacking in federal district court can face enormous fines, restitution, and other financial penalties.
Discuss Your Situation with a Senior Federal Defense Attorney at Oberheiden P.C.
If you need defense counsel for a hacking investigation or a pending federal cybercrime case, we strongly recommend that you engage an experienced federal defense firm as soon as possible. At Oberheiden P.C., we provide free initial consultations, and all clients work directly with our senior federal defense attorneys. To discuss your case in confidence, call 888-680-1745 or tell us how we can reach you online. We are available 24/7.
Dr. Nick Oberheiden, founder of Oberheiden P.C., focuses his litigation practice on white-collar criminal defense, government investigations, SEC & FCPA enforcement, and commercial litigation.