The term “cyber crime” is often used in reference to a wide array of criminal acts that use computers, such as child pornography, online stalking, and copyright infringement. However, cybersecurity is first and foremost concerned with computer hacking and computer fraud, which this memo refers to collectively as “computer crime.” These acts involve the use of computer software to disguise one’s identity, steal personal information or other data, control a computer without permission, install unauthorized software, falsify digital credentials, deface web pages, or disable electronic services.
States first tackled computer crime in the late 1970s and early 1980s. The federal government followed suit in the mid-1980s with the Computer Fraud and Abuse Act (CFAA), which Congress has since amended on several occasions. Today, virtually all computer crime statutes regulate one or a combination of three types of behavior: (1) using, accessing, or damaging a computer with criminal intent or for a criminal purpose; (2) using, accessing, or damaging a computer without permission; or (3) using, accessing, or damaging computerized data without permission.