Cyber Trespass Prosecutions
🔍 What Is Cyber Trespass?
Cyber trespass involves unauthorized access to a computer system or network, or unlawfully remaining on a computer system after access has been denied or revoked. It is often prosecuted under laws related to computer crimes, such as:
18 U.S.C. § 1030 — The Computer Fraud and Abuse Act (CFAA), which criminalizes unauthorized access to computers, exceeding authorized access, and related activities.
State computer crime statutes.
Cyber trespass differs from other hacking crimes in that it focuses on unauthorized presence or use, regardless of whether damage or data theft occurred.
⚖️ Legal Elements for Cyber Trespass (Under CFAA)
Accessing a computer without authorization, or exceeding authorized access.
Knowingly and intentionally accessing or remaining in the computer.
The computer is used in or affecting interstate or foreign commerce (which covers almost all computers connected to the internet).
Sometimes requires proving intent to defraud, cause damage, or gain unauthorized benefit.
📚 Case Law Examples: Cyber Trespass Prosecutions
1. United States v. Lori Drew (C.D. Cal., 2008)
Facts:
Lori Drew was prosecuted for creating a fake MySpace account to cyberbully a teenager.
She accessed MySpace in violation of the site's terms of service and caused harm.
Prosecuted for unauthorized access under CFAA.
Legal Issues:
Whether violating terms of service constitutes unauthorized access.
The scope of “exceeding authorized access” under CFAA.
Outcome:
Jury convicted Drew of misdemeanors, but the conviction was later overturned.
The case sparked debate on criminalizing breaches of terms of service.
Significance:
Highlighted legal ambiguity in defining unauthorized access.
Influenced how courts interpret cyber trespass in relation to user agreements.
2. United States v. Nosal (9th Cir., 2012)
Facts:
David Nosal, a former employee, used his co-workers' login credentials to access his former employer’s computer system.
He was charged with unauthorized access under CFAA.
Legal Issues:
Does using someone else's login credentials without permission constitute “exceeding authorized access”?
Can violating employer computer policies be criminal?
Outcome:
The 9th Circuit ruled that violating employer computer use policies is not criminal under CFAA.
Conviction was partially overturned.
Significance:
Narrowed CFAA scope to prevent overcriminalization.
Emphasized that not all policy violations are federal crimes.
3. United States v. Valle (2d Cir., 2015)
Facts:
Gilberto Valle, an NYPD officer, accessed a law enforcement database without authorization to look up private information unrelated to his duties.
Charged with cyber trespass and conspiracy.
Legal Issues:
Unauthorized access to protected databases.
Whether accessing data without a legitimate purpose violates CFAA.
Outcome:
Initially convicted, but conviction overturned on appeal because there was no evidence Valle intended to use the information maliciously.
Significance:
Clarified that intent matters in cyber trespass prosecutions.
Mere curiosity or unauthorized access without harmful intent may not suffice for conviction.
4. United States v. Swartz (S.D.N.Y., 2011)
Facts:
Aaron Swartz downloaded a large number of academic articles from JSTOR by circumventing restrictions on a MIT network.
Charged with multiple counts under CFAA, wire fraud, and related laws.
Legal Issues:
Whether downloading large amounts of data, violating usage limits, is criminal trespass.
Scope of “exceeding authorized access” and intent to cause damage.
Outcome:
Swartz faced severe charges; he tragically died by suicide before trial.
The case sparked nationwide debate on CFAA overreach.
Significance:
Raised awareness of harsh CFAA penalties.
Led to calls for reforming cyber trespass laws.
5. United States v. Mitra (E.D. Va., 2019)
Facts:
Mitra hacked into government and private computers by exploiting vulnerabilities.
Accessed systems without authorization, exfiltrated data, and sold stolen information.
Legal Issues:
Unauthorized access and trespass under CFAA.
Wire fraud and identity theft charges.
Outcome:
Convicted on multiple counts and sentenced to 10 years in prison.
Ordered to pay restitution.
Significance:
Demonstrated severe penalties for hacking-based trespass.
Affirmed government commitment to prosecuting cyber intrusions.
📌 Summary Table
| Case | Key Issue | Outcome | Significance |
|---|---|---|---|
| U.S. v. Lori Drew (2008) | Terms of service violation & CFAA | Misdemeanor convictions overturned | Clarified limits of “unauthorized access” |
| U.S. v. Nosal (2012) | Employee use of others’ credentials | Conviction partially overturned | Narrowed CFAA interpretation |
| U.S. v. Valle (2015) | Unauthorized access to police database | Conviction overturned | Importance of intent in CFAA cases |
| U.S. v. Swartz (2011) | Mass downloading & trespass | Case unresolved (no trial) | Highlighted CFAA enforcement severity |
| U.S. v. Mitra (2019) | Hacking & data theft | 10 years prison + restitution | Affirmed strict penalties for cyber trespass |
🧠 Key Legal Takeaways
Cyber trespass prosecutions under CFAA focus on unauthorized access, but courts limit interpretation to avoid criminalizing minor infractions or policy violations.
Intent matters: Courts often require proof that the defendant intended to harm or defraud.
Violating terms of service alone may not be sufficient for criminal liability.
Severe penalties are applied in cases involving data theft, hacking, and unauthorized system access with malicious intent.
🏁 Conclusion
Cyber trespass prosecutions balance protecting computer systems against overly broad criminalization of internet users. These cases illustrate the evolving judicial interpretations of CFAA and highlight the importance of intent, scope of access, and the nature of the trespass.
RELATED Blog
0 comments