An empirical analysis of sentencing of “Access to Information” computer crimes

Abstract

AbstractThere is a widespread perception that computer crime sentencing is too harsh. But this criticism has occurred in the absence of comprehensive, multi‐year data on how computer crimes are actually sentenced and how those sentences compare to other, purportedly similar crimes, such as trespass, burglary, or fraud. This article uses an analysis of real‐world sentencing data to examine how the computer crimes are actually sentenced. We combined court filings and U.S. Sentencing Commission data files to build a custom data set of 1095 Computer Fraud and Abuse Act (CFAA) sentences from 2005 through 1998. Our results show that CFAA sentences are sentenced differently from trespass, burglary, or non‐CFAA fraud crimes; that sentences in which the defendant exceeded authorized access have declined over the years; and that the “sophisticated means” and “special skills” enhancements have been less routinely applied than has been assumed. These results have policy implications for how CFAA crimes are sentenced.