The term "cybercrime" refers to the use of a computer to facilitate or carry out a criminal offense. This can occur in three different ways. First, a computer can be electronically attacked. We may further subdivide this category by distinguishing among acts that involve (1) unauthorized access to computer files and programs, (2) unauthorized disruption of those files and programs, and (3) theft of an electronic identity. An example of the first category is a break-in to Defense Department Computers. An example of the second category is the ILoveYou Worm. The third category, identity theft, occurs when a person's or entity's identity is wrongfully appropriated. A web page may be "page-jacked," for example, so that when you click onto a financial service to read investment news, you receive spurious information instead. (Wood, 2004)
The above crimes involve situations in which a computer is the subject of an attack. A rather different type of computer crime occurs when a computer is used to facilitate or carry out a traditional offense. For example, a computer might be used to distribute child pornography over the internet or it might be used to create a massive number of copies of a popular and copyrighted song. Intricate assurance fraud, great check-kiting operations, and other difficult forms of white collar crime depend on computers to run the illegal process. In these incidents, computers make it easier to achieve a crime in real space. In these circumstances, computers are tools that expedite traditional offenses. (Wood, 2004)
In cyberspace, there are ways to adjust strategies that rely on physical risk to minimize the moral problems. For example, the law might authorize victims of cybercrime to retaliate against a perpetrator's software and hardware, and such retaliation might be confined to imminent self-defense. Alternatively, the law might enable a broader right (such as permitting victims to install nonreplicating viruses in perpetrators' systems several days after an attack).
Because offenders vary in age, social standing, averseness to risk, and income, the other constraints outlined above may prove useful. Legal sanctions may be particularly effective at deterring wrongdoing when offenders are relatively risk averse. They may also be effective in deterring those individuals who invest in their reputations--who fear the social stigma of lawbreaking. There are, however, other circumstances in which expected sentences should not be raised, such as when diminishing returns exist or when higher sanctions seem cruel and disproportionate and therefore immoral or unconstitutional. (Sommer, 2008)
Although cyberspace has unique particularities, the lessons we have learned are not confined only to the electronic world. Law can and should develop strategies to make crimes more expensive. The government currently relies on the speculative risk of imprisonment to deter wrongdoing, but a strategy focused on raising certain costs associated with the wrongdoing itself may be more effective. If the majority of criminals are gamblers, or are at least less risk-averse than others, then the law should focus on raising the fixed, ex ante monetary costs that these criminals will pay to perpetrate a crime, not on merely enhancing probabilities of jail time that criminals will tend to ignore. Deterrence may be better served by increased monetary costs on all lawbreakers rather than by traditional strategies such as raised penalties for the few criminals unlucky enough to be caught. (Sommer, 2008)
Both real space and cyberspace are rapidly evolving, and the way criminal law approaches these spheres today may soon be anachronistic. Still, while the approaches may need to be updated over time, the fundamental building blocks of successful anticrime strategies will remain constant. Law must strive to prevent great harm at cheap cost, and it must define costs broadly enough to include all of the negative effects of crime prevention (substitution effects, the social costs of suboptimal self-help strategies, and so on). Our system of criminal law should attempt to raise the perpetration costs of engaging in crime and should also provide enough enforcement to create the conditions under which trust flourishes and networks develop. At the same time, the government must avoid creating disincentives to utility-producing activities and must strive to surgically target harmful acts. These building blocks of criminal law apply to the brick-and-mortar world, as they do to cyberspace. (Katyal, 2010)