8.8. Jurisdictional Issues

The above discussion of damage estimates and limits includes the term "jurisdictional threshold." Since we are talking about federal statutes in the United States, this means the agency that will prosecute the computer crime is the United States Attorney's Office, which means that the Federal Bureau of Investigation or Secret Service will be the investigative agency. The damages must be aggregated within, for example, an FBI field office.

Let us look at the FBI field office in the Central District of California. From their Web page [fbi], they describe their jurisdiction this way:

The Los Angeles Field Office of the Federal Bureau of Investigation (FBI) has investigative jurisdiction over the federal Central District of California. The Central District is comprised of seven counties: Los Angeles, Orange, Riverside, San Bernardino, San Luis Obispo, Santa Barbara, and Ventura.

The Los Angeles Field Office territory is the most populated [in all of the FBI's territories] with 18 million people residing within 40,000 square miles. The Los Angeles Field Office has the third greatest number of Special Agents in the FBI.

The Los Angeles Field Office headquarters is located at 11000 Wilshire Boulevard in Los Angeles. The field office also has ten satellite offices known as Resident Agencies, which are located in Lancaster, Long Beach, Palm Springs, Riverside, Santa Ana, Santa Maria, Ventura, Victorville, West Covina, and at the Los Angeles International Airport.

What this means is that the aggregate amount of damage being estimated for prosecution within the jurisdiction of the Los Angeles field office includes only those victims in the area described above. The easier it is for the FBI's various field offices to correlate incidents and calculate aggregate damages, the better chance they will be able to quickly identify a jurisdiction that meets the limit and to move forward with an investigation. All victims of computer intrusions who wish to support law enforcement (and to have a viable legal deterrent to computer crime) should take this into consideration and be prepared to produce accurate and timely damage estimates, e.g., using the methods discussed above.

Another jurisdictional issue has to do with which laws apply to a given computer crime. Is a sniffer a violation of state electronic communications privacy laws, or federal electronic communications privacy laws, or both? How about computer trespass statutes? These are typically state laws, if trespass into computers is recognized at all. There is a federal Computer Fraud and Abuse Act, which may also have a state version.

Many large cities have police resources for investigating computer crimes, but these resources are often very limited. More and more crimes are beginning to involve the use of computers as instrumentalities of crime and/or repositories of evidence. As these crimes increase, the resources of local law enforcement will become even more strained. Much computer forensic analysis is handed off from local police to county or state police services, who may have more resources and training (although still not enough to investigate all cases involving computers). Regional computer forensics centers and joint FBI/Secret Service Task Forces are being formed across the country and are augmenting and coordinating computer forensic analyses and computer crime investigations, but there is still much to be done to keep up with the increase in number of digital devices that can be used for crimes, including things like PDAs, wrist watches, cell phones, digital cameras, and key-chain memory sticks.