29 Nov 23

What Federal Laws Apply to Cyber Crimes?

| by

Last Updated on: 15th December 2023, 11:19 am

Federal Laws that Apply to Cyber Crimes

There are a number of federal laws that apply to cyber crimes in the United States. Some of the most important ones include the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), the Identity Theft and Assumption Deterrence Act, and the Digital Millennium Copyright Act (DMCA).

The CFAA is probably the most comprehensive federal law dealing with cybersecurity and cybercrime. It covers things like hacking, malware attacks, denial of service attacks, and other ways computers can be abused. The law makes it a crime to gain unauthorized access to computers or to exceed authorized access on computers connected to the internet or used by financial institutions or the federal government. Penalties under the CFAA can include fines and up to 20 years in prison depending on the nature of the offense.

Some key things the CFAA prohibits include:

  • Intentionally accessing a computer without authorization or exceeding authorized access
  • Intentionally accessing a government computer without authorization
  • Intentionally accessing financial institution or consumer reporting agency computers without authorization
  • Knowingly transmitting malicious code or programs (like viruses or worms) that cause damage
  • Intentionally accessing a computer to defraud and obtain value
  • Trafficking in passwords for government computers or computers affecting interstate commerce
  • Threatening to damage or access protected computers

The CFAA has been amended over the years to address new threats and cyber crimes as they emerge. For example, in 2008 amendments expanded protection for computers used in national security and closed loopholes in previous versions of the law.

Another important federal law dealing with cybersecurity is the Electronic Communications Privacy Act (ECPA). This law covers things like wiretapping, access to stored communications, and pen register and trap and trace surveillance. It helps protect the privacy of electronic communications like emails, texts, instant messages, and other digital information.

Some key components of the ECPA include:

  • The Wiretap Act – prohibits unauthorized interception of electronic communications like phone calls, emails, texts, etc.
  • Stored Communications Act – regulates government access to stored electronic communications and transactional records
  • Pen Register and Trap and Trace Statute – governs real-time collection of non-content dialing and routing information for phone and internet communications

Violating the ECPA can result in fines, imprisonment up to 10 years, or both. The law helps balance privacy interests with legitimate law enforcement needs.

LEARN MORE  220.77 Operating as a major trafficker

Identity theft is another major cyber crime issue. The Identity Theft and Assumption Deterrence Act specifically makes identity theft a federal crime. Under the law, someone can be prosecuted for:

  • Knowingly transferring, possessing, or using another person’s means of identification without lawful authority
  • Knowingly possessing 5 or more means of identification with intent to defraud

Penalties can include fines and up to 15 years imprisonment. The law also directs the FTC to help identity theft victims restore their credit and financial accounts.

When it comes to copyright issues, the Digital Millennium Copyright Act (DMCA) is an important law. It implements two 1996 World Intellectual Property Organization treaties and criminalizes production and dissemination of technology that can circumvent digital rights management protections.

The DMCA also provides a safe harbor for online service providers as long as they meet certain conditions, like promptly blocking access to allegedly infringing material when properly notified by copyright holders. However, critics argue the DMCA makes it too easy for copyright holders to have material removed without proper fair use consideration.

In addition to these laws, there are also a number of other federal laws that can apply to cyber crimes:

There are also a number of other laws that relate to cybersecurity practices, like FISMA, HIPAA, and GLBA. While not directly criminal statutes, they impose security requirements in areas like government computer systems, health data, and financial account information.

At the state level, most states also have computer crime laws that cover offenses like phishing, identity theft, cyberstalking, and computer trespassing. Some state laws only apply to online versions of existing crimes, while others create new cyber-specific offenses.

When it comes to defending against federal cyber crime charges, some common strategies criminal defense lawyers use include:

  • Challenging whether unauthorized access or exceeding authorized access actually occurred
  • Arguing the defendant had no intent to defraud or cause damage
  • Claiming the defendant was authorized to access the computer or information
  • Asserting the defendant’s actions caused no real damage or loss
  • Questioning whether interstate commerce was actually affected
  • Contesting the technical procedures used to collect electronic evidence
  • Seeking sentences below federal guidelines based on individual circumstances
LEARN MORE  Aggravated DWI – VTL 1192.2-a - .18 BAC

The specific defenses available depend on the exact charges and facts of each case. But cyber crime laws remain broad in scope, so innovative legal defenses are often required.

Overall, federal cybercrime laws continue evolving in response to new threats and technologies. Lawmakers balance interests like privacy, commerce, national security, and law enforcement access. Expect new legislation and amendments as issues like encryption, IoT security, and foreign cyber attacks shape policy conversations going forward.


[1] U.S. Department of Justice. (2020). Prosecuting Computer Crimes.

[2] Congressional Research Service. (2016). Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws.

[3] U.S. Department of Justice. (2017). Prosecuting Computer Crimes Manual.

[4] Electronic Frontier Foundation. (n.d.). Computer Crime Laws.

[5] U.S. Department of Justice. (2015). Prosecuting Intellectual Property Crimes.

U.S. Government Accountability Office. (2007). Cybercrime – Public and Private Entities Face Challenges in Addressing Cyber Threats.