There are cybercrime considerations for cases as well as there is a judicial learning curve when it comes to cybercrime and judges are not alone. Cybercrime harm cannot be assessed with the mindset of assessing punishment as if it was a physical criminal act without assessing the extenuating consequences of a cyber-criminal act. In cases involving digital content transfer, judges have had to resort to the dictionary to seek the definition of the word ‘tangible’ in a digital trade secret case in a New York Supreme Court. When it comes to cybercrime, judges resort to the Computer Fraud and Abuse Act (CFAA). Many states have promulgated their own version of the CFAA. Yet, what stands to be questioned by defense attorneys is the definition for “loss” who some say it is too broad. Also considered broad by criminal justice scholars and defense attorneys are the sentencing guidelines when referring to cybercrime, particularly for first time offenders. Some scholars and interest groups believe that the maximum penalty for computer abuse crimes under the CFAA of 10 years for first time offenders and 20 years for repeat offenders is set too high. Yet, it does not appear that the numerous planned attempts involved to achieve any eventful cyber-criminal act are considered in the terminology assigned to what is a ‘first offender’ in the cybercrime realm.
Attorneys are struggling to represent their clients in cybercrime cases and the same struggles are as well shared by prosecutors and the judges because of a shared conceptual malady. Addressing a cybercrime case as an act apparent to what can be termed ‘tangible’ as if one stole an automobile, smuggled cocaine, or stabbed a victim in a robbery is limited in scope and misses the harmful extent. Determining the limits to the extenuating consequences of a cyber-criminal act could be a valuable factor that criminal justice scholars are not considering and neither are the judges nor are the attorneys. Let alone, the limits to the extenuating consequences of a cyber-criminal act are not considered by law makers when devising the sentencing guidelines. When you have judges needing to reassess the establishment of standing in a cybercrime case, despite the harm not yet determined to have been experienced nor measured by the plaintiff, it is because the ‘future’ import of the stolen data, credit card information, personal identifiable information, or trade-secrets in an espionage case, has been considered by judges to have actual present import on future harm coupled with the inherent intent of the act having unlimited future consequences. It is this calculus that judges have had to consider and are beginning to employ to find standing existing in hacking cases.
The notion posited is then for judges and attorneys to embrace conceptually the future impact of the present cybercrime event. What’s more telling would be to acquire the mindset applied to financial crime cases and the relevant standards. For instance, money is digitized having value in its digital existence and many do not see it until they withdraw their funds from an ATM machine or cash a check issued from their brokerage accounts, or from any cash out transaction. Without such cash out transactions, the measure of a financial harm is determined by a certain value attributed to a digital record. While Judges may feel that there is a dearth of cybercrime case precedent for them to use as a guide for their own decisions and as a guide to set limits for determining punishment, the ultimate test for all involved in cybercrime cases bearing also on possible civil damages for civil actions and issues would be to change their mindset and acknowledge the extenuating future consequences of a cyber-criminal act.