Cybercrimes: Does the Punishment Actually Fit the Crime?

The recent attack on the New York Times by a group of Chinese Hackers has once again brought the issue of cybercrimes to the forefront of the nation’s consciousness, serving as a forceful reminder to the United States Government that computer-based crime is something that they can no longer afford to ignore.

Just last year, the Internet Crime Complaint Center (IC3) received 262,813 complaints from consumers who collectively lost more than $781 million in losses. This number represents a 48.8 percent increase in losses from 2012, and while the data is not yet available for 2014, it seems apparent that cybercrime is a very real problem for thousands of Americans, and it is not going anywhere anytime soon.

In fact, the United States leads the world in the number of complaints related to internet crime, monopolizing a whopping 90.63 percent of all complaints worldwide. Despite this not-so-prestigious position, legislation has not been able to keep pace alongside the rapid advance of technology, and there is a great deal of ambiguity on just how the perpetrators of cybercrimes should be punished.

Some people argue that the sentences for cybercrimes are far too lenient, often allowing for criminals to profit from their crimes and failing to deter other criminals from committing similar offenses. For example, Albert Gonzalez, the perpetrator of the infamous hacking of TJX Companies, was only sentenced to serve two concurrent 20 year sentences in prison. This means that despite the fact that he had stolen credit and debit card numbers from approximately 45.6 million people, he could be out of prison by 2025 if he is on his best behavior.

Had Gonzalez committed the equivalent of this crime in the real world (for example, robbing a bank for the money he stole, or physically stealing 45.6 million credit/debit cards from their rightful owners) he would most likely be in prison for the rest of his life. Yet despite the fact that the damage done inestimably larger than if he had committed his crime in the real world, the punishment is somehow less severe even though his actions quite literally affected the lives of millions.

Perhaps these discrepancies are what led the push for harsher maximum sentences for cybercrimes, or maybe it was a direct response to a flawed report released from  MacAfee stating that cybercrime costs the United States economy about $1 trillion a year (though that number was later amended to somewhere around $140 billion). Whatever the reason, there is now the fear that the government has gone too far in light of recent reforms meant to intimidate cybercriminals.

The Electronic Frontier Foundation (EFF) is a San-Francisco based group that believes that legislation such as the Computer Fraud and Abuse Act (CFAA) is too broad and vague to be fair, imposing harsh maximums on relatively harmless crimes. They advocate for changes in the legislation, stating that more precise language is needed in order to protect relatively harmless offenders from harsh and lengthy prison sentences and fines.

For example, the recently deceased Aaron Swartz faced 13 felony counts of hacking and wire fraud at the age of 26 simply because he used MIT’S computer network to download millions of articles from JSTOR without permission. Despite the fact that the crime was non-violent and relatively harmless, Swartz faced both the possibility of decades of jail time and backbreaking fines for those illegal downloads, a sharp contrast to violent crimes that carry much lighter sentences.

It seems inherently illogical that in today’s society that illegal downloads should carry a higher maximum sentence than violent crimes such as rape. Yet it also seems impractical that someone who steals millions of dollars from credit and debit cards should be in jail for less time than if they had gone through the trouble to physically rob a bank.

To say the least, cybercrime sentencing is an issue that needs a lot more exploration than it has currently been given. Current laws may even require new sentencing guidelines made specifically to accommodate internet crime. Cybercrimes fail to be contained within traditional modes of sentencing and punishment, and often the sentences given seem to be too harsh or too lenient to fit the crime.

Donald R. Mason, a professor at the University Of Mississippi School Of Law, suggests that more attention needs to be focused on post-conviction matters such as sentencing and victim impact, as well as alternative resolutions that are tailored to meet the complex issues raised by the complex nature of these crimes.

For example, if the motivations for cybercriminals are radically different from the motivations of traditional criminals, the existing models may no longer serve as effective deterrents to crime. Along those same lines, if the scope of internet victimization is hard to measure or not detectable until long after the incident occurs, traditional models of measuring harm may no longer be applicable or effective either.

Though much attention has been given up to this point on the subject of detecting, apprehending, and prosecuting cybercriminals, more attention needs to be paid to what happens next. Doing so is the only way to ensure that the punishment truly does fit the cybercrime, and that the victims of these offenses receive the justice they deserve.

Nicole Roberts

Nicole Roberts a student at American University majoring in Justice, Law, and Society with a minor in Mandarin Chinese. She has a strong interest in law and policymaking, and is active in homeless rights advocacy as well as several other social justice movements. Contact Nicole at staff@LawStreetMedia.com.