1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.”
Computers used in “interstate or foreign commerce or communication” are “protected.” 1030(e)(2).
1030(g): “Any person who suffers damage or loss by reason of a violation of the section, may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.”
As the court notes, “The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers.”
The court: “The issues raised are (1) whether the Government must prove not only that the defendant intended to access a federal interest computer, but also that the defendant intended to prevent authorized use of the computer's information and thereby cause loss; and (2) what satisfies the statutory requirement of ‘access without authorization.’”
Liability is not imposed if the access is authorized
“ by the person or entity providing a wire or electronic communications service; [or]
by a user of that service with respect to a communication of or intended for that user.”
Note, if a one party to the communication agrees to access, liability is avoided.
Federal Wiretap Act (18 U.S.C. § 2510, et seq . )
The Act provides for criminal punishment and a private right of action against "any person who--(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept wire, oral, or electronic communication [except as provided in the statute]." Section 2511.
"It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or any State. " § 2511(2)(d); § 2511(2)(d)
The states are to criminalize, when intentional, “serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.”
The states are to make criminal, when intentional, the possession or “the production, sale, procurement for use, import, distribution or otherwise making available of ” devices (including passwords, data, and computer programs) designed primarily for the purpose of committing the foregoing offenses, with the intent that it be use to commit one of those offenses.
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that -
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
Certification order : issued by a court based on a claim of relevance by the police; the court does not make an independent judgment of relevance. Used to intercepted transaction information about calls and e-mails.
Extrajudicial Certification : Issued by police based on police claim of relevance. Used to obtain federal public records and records related to terrorism.
No requirement : All other public records not protected by state laws.