At the outset, let me define what I mean by “computer crime law.” I define the field as having three basic parts. The first part is substantive criminal law involving computers, which encompasses computer misuse crimes such the Computer Fraud and Abuse Act as well as general crimes often committed using computers such as identify theft, criminal copyright and child pornography offenses. The second part is the law of digital evidence investigations, including how the Fourth Amendment applies to computer searches and the statutory surveillance laws such as the Electronic Communications Privacy Act and the Cybersecurity Act of 2015. The last part includes all the jurisdictional issues that can arise in the study of the first two parts. The jurisdictional issues include the scope of powers of the federal vs. state governments (both in terms of substantive crimes and investigatory powers) as well as how federal criminal law and investigatory powers apply outside the United States.
So that’s the field. How is it changing?
First, a lot is happening in the courts. Courts are still answering the big questions for the first time, and as the cases filter up to the courts of appeals, there are disagreements that are likely to be fodder for a lot of future Supreme Court decisions. I can already count a handful of deep circuit splits, and a bunch more seem all but inevitable in the next few years.
Second, a lot is happening in the legislatures, too. In the past three years, more than 30 states have enacted so-called “revenge porn” criminal laws. California enacted the most far-reaching privacy-protective legislation about computers ever enacted (or even seriously considered) when it passed the California Electronic Communications Privacy Act effective this year. At the federal level, Congress enacted the very important Cybersecurity Act of 2015.
Third, the technology is changing, too. Just as the courts are trying to settle the basic questions, the next set of technology comes up and leads to a new round of cases right behind the old one. To pick a prominent example: In the past year, a lot of developments have involved law enforcement responses to the widespread use of encryption. In particular, Tor is coming up in a lot of cases now. When I teach the class this coming year, I’ll plan to lecture on Tor specifically. This trend is requiring courts to confront new issues such as those raised by the Playpen warrant.
Fourth, judicial attitudes are shifting. On the whole, more judges tend to be taking more pro-privacy and pro-defendant positions than they did a decade ago. The cases are still mixed, and all patterns are evolving in fits and starts. But my sense is that the overall trend line in the past decade has been toward more skepticism of government positions. An interesting example is litigation over the border exception. A decade ago, the few decisions scoffed at the idea of increased protection for computer searches at the border. Five years later, several courts started to embrace a reasonable-suspicion requirement. Now defendants and civil liberties groups are pushing for more, arguing that a reasonable-suspicion requirement isn’t enough and that the border search exception shouldn’t apply at all to computer searches. We don’t yet know whether courts will accept those arguments, but the window of what parties feel it is reasonable to argue has shifted.
Fifth, this is an area in which judges are less predictable than many would expect. In some areas of criminal law and procedure, there are relatively predictable positions to take that have long histories. My sense is that many judges approach the issues in this particular field with more of a fresh perspective. They tend to see the legal issues as both important and hard, and they are trying to find thoughtful and workable answers. I’m biased, no doubt, but I think that makes the development of this area of law unusually interesting to watch and study.