Prosecuting Cybercrime Under Pennsylvania Law: What Does Pennsylvania’s Anti-Cybercrime Statute Criminalize?
What is the law on cybercrime in the Commonwealth?
By: Ian L. Courts¹
Many would-be shocked to learn that the Commonwealth of Pennsylvania has a quite broad statute concerning cyber criminal activities. Cybercrime is broadly defined as the use of a computing device or its digital components to commit fraud or some other type of criminal or security act or crisis. [1] The preceding definition fits largely with most people’s assumptions concerning the murky area of computer crime and criminal activity within cyberspace. Accordingly, Pennsylvania has an extensive definition of cybercrime that encompasses crimes such as unauthorized access, unauthorized modification, and unauthorized impairment. I will briefly describe in this piece, how Pennsylvania’s Criminal Code defines each of the proceeding terms, and what conduct could be deemed criminal under the statute’s language.
PENNSYLVANIA DEFINITION OF COMPUTER-RELATED CRIMES
Pennsylvania’s Criminal Code defines computer-related crime under several definitions particularly, access, computer, computer data, network, database, and world wide web.[2]
Pennsylvania’s access definition covers interceptions, instructions, communicating with, storing, and retrieving data, or otherwise using any resources of a computer, system, network, or database.[3]
Similarly, the Commonwealth’s definition of a computer is the breadth, defining it as “an electronic, magnetic, optical, hydraulic or organic or other” data processing device or system that “performs logic, arithmetic or memory functions. This definition also includes inputting and outputting devices, and software and communications devices that “are connected to a system or network.”[4]
Accordingly, networks and databases or also defined broadly as the intersections of several computer devices through “satellite, microwave” or other digital communications mediums. Additionally, databases are defined as the representations of “knowledge and facts” through digital processing and computer networks. [5]
Furthermore, Pennsylvania’s definition of the “world wide web” is quite broad, defining it as “Includes, but is not limited to, a computer server-based file archive accessible over the Internet, using a hypertext transfer protocol, file transfer protocol or other similar protocols.”[6]
Pennsylvania’s rather broad definitions of computers, computer networks and databases, and the world wide web serve the purpose of encompassing a large swath of cyber activity that may arise. As a legislator or policy maker, it is particularly difficult to define abstract ideas or activities such as cybercrime that provides sufficient notice to the public of what is criminal and cover a large amount of activity. However, the breadth of Pennsylvania’s anti-cybercrime statutes gives prosecutors a lot of discretion and legal-wiggle room to bring charges under the statute and judges interpretive leeway in applying the statute to criminal actions brought before them.
TYPES OF CYBERCRIME CRIMES UNDER PENNSYLVANIA LAW
Pennsylvania’s Criminal Code has outlined several types of antisocial activity as criminal. These crimes cover an extensive amount of activity, and similar to the general definitions of computing devices, and digital components described above, the types of activities regulated is quite verbose. I will focus within this section of this piece on three types of cybercriminal activities defined under Pennsylvania law, unauthorized access, unauthorized modification, and unauthorized impairment.
Unauthorized Access
Unauthorized access is generally defined as “unauthorized access is when a person who does not have permission to connect to or use a system gains entry in a manner unintended by the system owner.”[7] Most people label unauthorized access of a computer, and/or its digital systems or networks as “hacking.” While, hacking in modern vernacular and popular use can sufficiently label unauthorized access, it does not adequately do so because “hacking” was originally done with lawful permission and authority, for the purpose of improving computer security and networks.[8]
Under Pennsylvania law, unauthorized access is defined as the “unauthorized access or exceeding of access” of a computer device for some criminal purpose.[9] Those criminal purposes include “fraud, deceptive control of property or to damage another person. Unauthorized access includes the sharing of personal passwords. [10] Unauthorized access also includes the other two crimes I will describe in this piece, unauthorized modification, and unauthorized impairment. Essentially, unauthorized access is the threshold crime that a person commits when accessing a computer for some unlawful purpose. Under Pennsylvania law, this is a felony and may open the perpetrator up to additional convictions under other sections of the anti-cybercrime statute.
Unauthorized Modification
Unauthorized modification in laymen’s terms is the illegal altering or changing including the damaging of a computer, or its digital systems, networks or processes.[11] Unauthorized modification is a type of unauthorized access but focuses not only on the accessing of the device or network, but the changing or altering of that computer or network for a criminal purpose.
Under Pennsylvania law, unauthorized modification covers the “altering, interfering with the operation of, damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof.”[12] The alterations must be done with a criminal or fraudulent intent or to interfere with the “normal functioning” of the device or network. [13] Essentially, any modification of the computer or electronic device, or its digital networks and processes with the intent to harm someone or an organization or impede their normal functions is potentially a felony offense under Pennsylvania law. Unauthorized modification activities could potentially include illegally accessing an ex-friends Facebook or cell phone a publishing compromising information or pictures about them to the public. The preceding conduct could be deemed felonious and subject the offender to jail time or serious fines and a criminal record.
Unauthorized Impairment
Unauthorized impairment is a type of unauthorized modification but is a more serious alteration to the computing or digital device and its digit networks and processes.
Pennsylvania law defines unauthorized impairments as “damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof.”[14] Additionally, unlawful impairment activity would include disrupting service which includes the intentional interference or modification that:
denies of service … upon any computer, computer system, computer network, computer software, computer program, computer server, computer database, World Wide Web site or telecommunication device or any part thereof that is designed to block, impede or deny the access of information or initiation or completion of any sale or transaction by users of that computer, computer system, computer network, computer software, computer program, computer server or database or any part thereof.
Pa. Code. Section 7612 (a). Conduct that could potentially be covered under Pennsylvania’s unlawful impairment statutes are hacking a computer network to shutdown Macy’s website sales, or destroys a local bank’s ability to distribute direct deposit funds to its customers.
CONCLUSION-WHY DOES THIS MATTER?
Cybercrime costs the world and its economy $6 trillion dollars.[15] Moreover, 70% of small businesses are unprepared for potential cyberattacks.[16] Within the Commonwealth of Pennsylvania, between 2014–2018 there have been 800 convictions for cybercriminal activity, totaling $121, 113 fees fined for cybercriminal activity.[17] Cybercrime affects us all, almost everyone uses a computer of electronic processing or date inputting device — gee we all are apart of “the cloud” of processing and satellite networks. Any of those networks could be targeted and our information compromised, or our public infrastructures severely damaged. It is incumbent on each of us to stay diligent in protecting our own cyber footprint, and be aware of the laws that govern and prohibit cyberactivity.
[1] See Merriam-Webster Online Dictionary defining the term “Cybercrime” (“criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data.”)
[2] See Pa. Code. Section 7601.
[3] Id. (“”Access.” To intercept, instruct, communicate with, store data in, retrieve data from or otherwise make use of any resources of a computer, computer system, computer network or database.”)
[4] Id. (“”Computer.” An electronic, magnetic, optical, hydraulic, organic or other high-speed data processing device or system which performs logic, arithmetic or memory functions and includes all input, output, processing, storage, software or communication facilities which are connected or related to the device in a system or network.”)
[5] Id. (“Computer network.” The interconnection of two or more computers through the usage of satellite, microwave, line or other communication medium.”); See also Id. (“Database.” A representation of information, knowledge, facts, concepts or instructions which are being prepared or processed or have been prepared or processed in a formalized manner and are intended for use in a computer, computer system, or computer network, including, but not limited to, computer printouts, magnetic storage media, punched cards or data stored internally in the memory of the computer.”)
[6] Id.
[7] See The University of Tennessee’s Information Security definition of “Unauthorized Access.”
[8] Catherine Hiley’s “Brief History of Cybersecurity and hacking”, CyberNews.com, Oct. 2020 (““Hacking” was first used in relation to using technical know-how back in 1955 at a meeting of the Technical Model Railroad Club. In the meeting minutes, it was used to describe how members modified the functions of their high-tech train sets.)
[9] See Pa. Code. Section 7611 (“Unlawful use of computer and other computer crimes.
(a) Offense defined. — A person commits the offense of unlawful use of a computer if he:
(1) accesses or exceeds authorization to access, alters, damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof with the intent to interrupt the normal functioning of a person or to devise or execute any scheme or artifice to defraud or deceive or control property or services by means of false or fraudulent pretenses, representations or promises;
(2) intentionally and without authorization accesses or exceeds authorization to access, alters, interferes with the operation of, damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof; or
(3) intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network, computer database, World Wide Web site or telecommunication device.”)
[10] Id.
[11] See Lexology “Unauthorized Modification of Data with Intent to Impairment.” Sydney Criminal Lawyers, accessed June 2022
[12] See Pa. Code. Section 7611 (a)(2).
[13] Id.
[14] Id.
[15] See Ivana Vojinovic’s “More than 70 Cybercrime Statistics-A $ 6 Trillion Problem”, DataProt-June 2022
[16] Id.
[17] See Administrative Office of Pennsylvania Courts, Cybercrime Statistics 2014–2018, published in 2019.
[1]: About the Author: Ian Courts is a young millennial attorney with expertise and a passion in American and international law and politics. Ian received his BA in Political Science from the University of North Carolina at Greensboro in 2017, in 2020 he received his J.D. from North Carolina Central University School of Law, and in 2022 Ian received his LLM in International Criminal Law and Justice from the University of New Hampshire School of Law. Ian lives in Philadelphia where he is an appellate lawyer and the proud fur-dad of two American Cocker Spaniels.
