Sentencing Guidelines too Harsh
by Shari Steele
March 15, 1993
United States Sentencing Commission
One Columbus Circle, NE
Suite 2-500, South Lobby
Washington, DC 20002-9002
Attention: Public Information
Re: Proposed Amendent #59 to the Sentencing Guidelines for
United States Courts, which creates a new guideline applicable
to violations of the Computer Fraud and Abuse Act of 1988 (18
The Electronic Frontier Foundation (EFF) writes to state our opposition
to the new proposed sentencing guideline applicable to violations of the
Computer Fraud and Abuse Act of 1988, 18 U.S.C. 1030 (CFAA). We
believe that, while the proposed guideline promotes the Justice
Department's interest in punishing those who engage in computer fraud
and abuse, the guideline is much too harsh for first time offenders and
those who perpetrate offenses under the statute without malice
aforethought. In addition, promulgation of a sentencing guideline at
the present time is premature, as there have been very few published
opinions where judges have issued sentences for violations of the CFAA.
Finally, in this developing area of the law, judges should be permitted
to craft sentences that are just in relation to the facts of the
specific cases before them.
The Proposed Guideline Is Too Harsh.
The proposed CFAA sentencing guideline, with a base offense level of six
and innumerable enhancements, would impose strict felony liability for
harms that computer users cause through sheer inadvertence. This
guideline would require imprisonment for first time offenders who caused
no real harm and meant none. EFF is opposed to computer trespass and
theft, and we do not condone any unauthorized tampering with computers -
- indeed, EFF's unequivocal belief is that the security of private
computer systems and networks is both desirable and necessary to the
maintenance of a free society. However, it is entirely contrary to our
notions of justice to brand a computer user who did not intend to do
harm as a felon. Under the proposed guideline, even a user who
painstakingly attempts to avoid causing harm, but who causes harm
nonetheless, will almost assuredly be required to serve some time in
The proposed guideline, where the sentencing judge is given no
discretion for crafting a just sentence based on the facts of the case,
is too harsh on less culpable defendants, particularly first time
offenders. As the Supreme Court has stated, the notion that a culpable
mind is a necessary component of criminal guilt is "as universal and
persistent in mature systems of law as belief in freedom of the human
will and a consequent ability and duty of the normal individual to
choose between good and evil." Morissette v. United States, 342 U.S.
246, 250 (1952). In the words of another court, "[u]sually the stigma
of criminal conviction is not visited upon citizens who are not morally
to blame because they did not know they were doing wrong." United
States v. Marvin, 687 F.2d 1221, 1226 (8th Cir. 1982), cert. denied, 460
U.S. 1081 (1983).
There Is Not Yet Enough Caselaw to Warrant a Guideline.
The Sentencing Commission itself has recognized the importance of
drafting guidelines based on a large number of reported decisions. In
the introduction to the Sentencing Commission's Guidelines Manual, the
The Commission emphasizes that it drafted the initial guidelines with
considerable caution. It examined the many hundreds of criminal
statutes in the United States Code. It began with those that were the
basis for a significant number of prosecutions and sought to place them
in a rational order. It developed additional distinctions relevant to
the application of these provisions, and it applied sentencing ranges to
each resulting category. In doing so, it relied upon pre-guidelines
sentencing practice as revealed by its own statistical analyses based on
summary reports of some 40,000 convictions, a sample of 10,000 augmented
pre-sentence reports, the parole guidelines, and policy judgments.
United States Sentencing Commission, Guidelines Manual, Chap. 1, Part A
At the present time, there are only five reported decisions that mention
the court's sentencing for violations of the Computer Fraud and Abuse
Act. See, United States v. Lewis, 872 F.2d 1030 (6th Cir. 1989); United
States v. Morris, 928 F.2d 504 (2d Cir. 1991), cert. denied, 112 S. Ct.
72 (1991); United States v. Carron, 1991 U.S. App. LEXIS 4838 (9th Cir.
1991); United States v. Rice, 1992 U.S. App. LEXIS 9562 (1992); and
United States v. DeMonte, 1992 U.S. App. LEXIS 11392 (6th Cir. 1992).
New communications technologies, in their earliest infancy, are becoming
the subject of precedent-setting litigation. Overly strict sentences
imposed for computer-related fraud and abuse may have the effect of
chilling these technologies even as they develop. Five decisions are
not enough on which to base a guideline to be used in such an important
and growing area of the law.
The Commission itself has recognized that certain areas of federal
criminal law and procedure are so new that policy statements, rather
than inflexible guidelines, are preferable. See, e.g., United States
Sentencing Commission, Guidelines Manual, Chap. 7, Part A (1990)
(stating the Commission's choice to promulgate policy statements, rather
than guidelines, for revocation of probation and supervised release
"until federal judges, probation officers, practitioners, and others
have the opportunity to evaluate and comment. . . ."). A flexible
policy statement, rather than a specific sentencing guideline, is a more
appropriate way to handle sentencing under the Computer Fraud and Abuse
Act until there has been enough litigation on which to base a guideline.
Judges Must Be Permitted to Craft Their Own Sentences for Cases
Involving Special Circumstances.
Individual sentencing decisions are best left to the discretion of the
sentencing judge, who presumably is most familiar with the facts unique
to each case. To promulgate an inflexible sentencing guideline, which
would cover all crimes that could conceivably be prosecuted under the
Computer Fraud and Abuse Act, is premature at this time.
As discussed above, there have only been five reported decisions where
the Computer Fraud and Abuse Act has been applied. In three of these
reported CFAA cases, the judges involved used their discretion and
fashioned unique sentences for the defendants based on the special facts
of the case. See, Morris, 928 F.2d at 506 (where the judge placed
Defendant Morris on probation for three years to perform 400 hours of
community service, ordered him to pay fines of $10,050, and ordered him
to pay for the cost of his supervision at a rate of $91 a month); Carron
at 3 (where the judge found that Defendant Carron's criminal history
justified a sentence of 12 months incarceration followed by 12 months of
supervised release and restitution to the two injured credit card
companies); and DeMonte at 4 (where the trial court judge held that
Defendant DeMonte's "extraordinary and unusual level of cooperation"
warranted a sentence of three years probation with no incarceration).
Judges must be permitted to continue fashioning sentences that are just,
based on the facts of a specific case.
Computer communications are still in their infancy. Legal precedents,
particularly the application of a sentencing guideline to violations of
the Computer Fraud and Abuse Act, can radically affect the course of the
computer technology's future, and with it the fate of an important tool
for the exchange of ideas in a democratic society. When the law limits
or inhibits the use of new technologies, a grave injustice is being
perpetrated. The Electronic Frontier Foundation respectfully asks the
Commission to hold off promulgating a sentencing guideline for the
Computer Fraud and Abuse Act until there are enough prosecutions on
which to base a guideline.
Thank you in advance for your thoughtful consideration of our concerns.
We would be pleased to provide the Commission with any further
information that may be needed.
The Electronic Frontier Foundation is a privately funded, tax-exempt,
nonprofit organization concerned with the civil liberties, technical and
social problems posed by the applications of new computing and
telecommunications technology. Its founders include Mitchell Kapor, a
leading pioneer in computer software development who founded the Lotus
Development Corporation and developed the Lotus 1-2-3 Spreadsheet