Department Of Justice Releases Charging Policy For Computer Crime Matters

King & Spalding

On October 24, 2016, the Department of Justice (“DOJ”) publicly released an internal policy memorandum dated September  11, 2014 (“the policy”), that details the factors federal prosecutors should use in determining whether to investigate or bring charges in matters relating to computer crime.  Specifically, the policy, which was issued internally within DOJ by former Attorney General Eric Holder, provides guidelines for prosecutors determining when to open an investigation or charge an offense under the Computer Fraud and Abuse Act (18 U.S.C. § 1030).  According to the policy, these guidelines seek to ensure that charges are brought only “in cases that serve a federal interest.” 

The factors that should be considered include:

  • The sensitivity of the affected computer system or the information;
  • The potential for significant impact of the activity on national or economic interests, including unauthorized access to classified information, and whether the information accessed or the conduct otherwise impacts national security, critical infrastructure, public health and safety, economic market integrity, or international relations;
  • The connection of the conduct to other criminal activity or the impact on potential victims, including the risk of bodily harm;
  • Whether the conduct relates to an abuse of a position of trust, such as potential actors exceeding their authorized access to sensitive systems or information; and
  • The deterrent value of an investigation or prosecution, including whether the activity involves a new or expanding area of criminal activity, a recidivist defendant, use of a novel or sophisticated technique, or particularly egregious or malicious conduct.

Similar to other previous public DOJ guidance on issues such as anti-corruption, this policy provides information that may be helpful for companies and executives to assess whether federal law enforcement would take interest in an incident involving unauthorized cyber activities by employees or data breaches relating to company systems or information. 

The policy also notes that additional considerations for prosecutors include the nature of the impact that the criminal conduct has on a particular district or community, and whether any other jurisdiction (such as another federal district or state authorities) is likely to prosecute the criminal conduct effectively, if the matter is declined for federal prosecution by one federal district.  Further, in an effort to make application of these practices consistent, the policy requires that prosecutors across the country coordinate charging decisions and related investigations with DOJ’s Computer Crime and Intellectual Property Section, located in Washington, D.C.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.