RD77 - Computer Crimes Act

Executive Summary:
To ensure recently developed methods of computer crime are adequately defined and punished in the Code of Virginia, the Crime Commission recommended several modifications to the existing Computer Crimes Act. The current definitions found in Virginia Code § 18.2-152.2 should be modified to eliminate redundancies, promote clarity, and focus the scope of the Act. Many of the existing computer crimes should be rewritten, for the same reasons, and several new crimes should be inserted into the Act. These new crimes will make it easier for prosecutors to convict people who use the Internet to perpetrate fraud, engage in identity theft, or disseminate viruses or other types of malicious computer programs.

Thus, the Crime Commission made the following recommendations:

RECOMMENDATION 1 – Create a new crime making it a Class 6 felony to fraudulently obtain from any person their personal identifying information through the use of a computer; if the information is subsequently sold, distributed or used in the commission of another crime the penalty would be a Class 5 felony.

RECOMMENDATION 2 – Add, as one of the crimes listed in the Computer Trespass statute, that it shall be illegal to disable or disrupt the ability of a computer to transmit computer information to other computers or to related computer equipment, such as printers, scanners, or fax machines.

RECOMMENDATION 3 – Add, as one of the crimes listed in the Computer Trespass statute, that it shall be illegal to maliciously install a computer program on the computer of another without the authorization of the owner.

RECOMMENDATION 4 – Create a new crime, making it a Class 1 misdemeanor to circumvent a security measure (such as a password, firewall, or access code) that controls access to a computer; a second or subsequent violation, or a violation carried out in the commission of another felony, would be a Class 6 felony.

RECOMMENDATION 5 – The term “computer” should be defined as a device that accepts information in digital or similar form and manipulates it for a result based on a sequence of instructions. Such term (for purposes of the Computer Crimes Act) does not include a device whose predominate purpose is not the storage and manipulation of user-inputted computer information, such as automated typewriters, simple handheld calculators, digital cameras, faxes or pagers.

RECOMMENDATION 6 – The phrase “without authority,” which is given a definition in § 18.2-152.2, should be amended to include a mens rea requirement of “know or reasonably should know.”

RECOMMENDATION 7 – The definitions provided in § 18.2-152.2 should be extensively rewritten to promote brevity, eliminate awkward phrasings, and simplify the relevant concepts. When a term has already been defined elsewhere in the Code of Virginia, it should have, as far as possible, an identical meaning in the Computer Crimes Act.

RECOMMENDATION 8 – Amend § 18.2-152.7 and 18.2-152.3 to remove the phrase “without authority.”

RECOMMENDATION 9 – Amend § 18.2-152.4 to require malice and lower the amount of resulting damage for a felony offense to $1,000.

RECOMMENDATION 10 – Amend § 18.2-152.5 to change the term “personal information” to “personal identifying information”: those items of information that are “defined in subdivisions (iii) through (xiii) of subsection C of § 18.2-186.3.”

RECOMMENDATION 11 – Amend § 18.2-152.8 to clarify that computer information is property that can be the subject of a larceny or a fraud; the existing statute only states that it can be the subject of an embezzlement.

RECOMMENDATION 12 – Rewrite §§ 18.2-152.3, 18.2-152.4, and 18.2-152.6, so that the emphasis is on the unlawful action, rather than the use of a computer.

RECOMMENDATION 13 – Relocate § 18.2-152.9 (dealing with the statute of limitations for misdemeanor computer crimes) and § 18.2-152.10 (dealing with venue) to Title 19.2.