While the Uniform Law Commission (ULC) is best known for drafting and enacting uniform state laws dealing with commercial transactions, real property, family, and trust and estates law, it has also focused on criminal law statutes in areas where uniformity is important and practicable. Recently, the ULC has drafted and enacted the Uniform Pretrial Release and Detention Act, the Uniform Collateral Consequences of Conviction Act, the Uniform Criminal Records Accuracy Act, and the Uniform Electronic Recordation of Custodial Interrogations Act. Additionally, the ULC has formed a Criminal Justice Reform Committee which examines issues in criminal law where it may be appropriate for the ULC to draft legislation for the states to consider for adoption.
Currently, the ULC has a Study Committee on Cybercrime, which was established in 2020. The purpose of the study committee is to determine the need for and feasibility of a uniform or model act on cybercrime. The committee was formed after the National Sheriffs’ Association (NSA) submitted a proposal to ULC. The NSA proposal noted that Federal cybercrime laws are well-organized, explicable and forward-looking, while state cybercrime laws vary significantly from state to state in their timeliness, intended coverage, and articulation. The NSA proposal suggested that a comprehensive, forward-looking state cybercrime law would benefit both the investigations and prosecutions of cybercrime.
Cybercrime has expanded over the last few decades. What began as something as simple as “computer crimes” has grown into an incredibly complex system which spans technological, organizational, international, jurisdictional, and economic systems. Cybercrime now includes phishing scams, ransomware, identity theft, and much more.
Traditional U.S. cybercrime statutes have focused primarily on “unauthorized access” or “exceeding authorized access” to a computing system, and associated system damage, fraud, and trafficking. In the early 1980s, when the Federal Stored Communications Act was first adopted, these did comprise the substantial majority of “computer crimes.” Since then, however, this landscape has become much more complicated. Computing systems are globally interconnected, consumer and critical infrastructure systems are interconnected, individual identity and financial assets increasingly are more often represented and managed by information systems than by tangible documents, and the lines increasingly have blurred between national security and criminal activities.
The meteoric increase in cybercrime over the last few decades has put pressure on state and local law enforcement resources. This issue is further exacerbated by the increasingly common multi-jurisdictional nature of cybercrime, which is particularly problematic given the lack of uniformity of cybercrime statutes across U.S. states.
The ULC Study Committee on Cybercrime began its work in early 2021. Along with its ULC members and American Bar Association Advisors, the committee benefitted from the participation of numerous additional organizations, including: National Association of Attorneys General, National Sheriffs’ Association, National District Attorneys Association, U.S. Department of Justice, U.S. State Department, National Cybercrime Investigators Program, Cybercrime Support Network, National Conference of State Legislatures, technology companies, private attorneys, and academic experts.
The committee reviewed the gaps and lack of uniformity in existing state criminal law schemes and the extent to which existing state and federal statutes may be outdated due to technological developments.
The study committee examined the issue of “cybercrime” broadly, particularly within the context of cross-jurisdictional cooperation. The study committee examined the distinction between categories of cybercrime activity based on their status as either “cyber native” or “cyber enabled.”
Cyber native crimes are those crimes which are inherent to an information or computing system (i.e., compromising the security of an electronic commerce system for the purpose of rendering that system inoperable). Cyber enabled crimes are those crimes which already exist as “traditional” crimes but are facilitated by the use of cyber means (i.e., “theft” through cyber hacking).
In the course of its work, the study committee learned that state cybercrimes vary widely, particularly within definitions, procedural provisions, and jurisdictional provisions. The committee also learned that there is a lack of uniform training for law enforcement and prosecutors. It was made clear to the committee that cybercrime is increasing and that many cases are “falling through the cracks.”
The study committee has now recommended that a drafting committee be appointed and has examined two main approaches.
Option One: A Comprehensive Approach
A comprehensive cybercrime state law would include substantive criminal law provisions, criminal procedural provisions, and adjunct matters such as training. This approach would provide the most comprehensive guidance and harmonization to the states. Because cybercrime is both a national and international problem, this would put states in the best position to work with all other levels of government on cybercrime.
Option Two: A Narrower, Procedural-Focused Approach
Procedures in narrower state law might include expedited preservation of stored computer data and/or traffic data; a uniform nationwide production order for data; search and seizure of stored computer data; real-time collection of traffic data; and interception of content data. Procedures could be made applicable to existing state criminal laws. Adjunct matters, such as training, would not be included.
The ULC will soon determine whether a drafting committee should be appointed to draft a state cybercrime statute. If appointed, the drafting committee will determine how these problems should best be addressed. The ULC is seeking input from cybercrime experts. Any comments or suggestions on whether or how the ULC should proceed with drafting are welcome.
Please contact Michele Timmons, Chair of the Study Committee on Cybercrime, at pmtimmons@msn.com, or Katie Robinson, ULC Senior Director for Strategy and Communications, at krobinson@uniformlaws.org.
About the Uniform Law Commission
For more than a century, the Uniform Law Commission (ULC) has served the states and their citizens by drafting state laws on subjects on which uniformity across the states is desirable and practicable. It is a nonprofit, unincorporated association comprised of state commissioners appointed from each state, the District of Columbia, the Commonwealth of Puerto Rico, and the U.S. Virgin Islands. Now in its 131st year, the ULC is the nation’s oldest state governmental association. A nonpartisan volunteer organization, the ULC is the source of more than 300 acts that secure uniformity of state law when differing laws would undermine the interests of citizens throughout the United States.