Chapter 9

 

Criminal Law and Cyber Crime

 

 

 

Answers to Learning Objectives

at the Beginning of the Chapter

 

1A.               How does the burden of proof differ in criminal versus civil cases?  In a civil case, the plaintiff usually must prove his or her case by a preponderance of the evidence. Under this standard, the plaintiff must convince the court that, based on the evidence presented by both parties, it is more likely than not that the plaintiff’s allegation is true.

In a criminal case, in contrast, the state must prove its case beyond a reasonable doubt. If the jury views the evidence in the case as reasonably permitting either a guilty or a not guilty verdict, then the jury’s verdict must be not guilty. In other words, the prosecutor must prove beyond a reasonable doubt that the defendant has committed every essential element of the offense with which she or he is charged.

 

2A.               What two elements normally must exist before a person can be held liable for a crime? Two elements must exist simultaneously for a person to be convicted of a crime: (1) the performance of a prohibited act and (2) a specified state of mind or intent on the part of the actor. A corporation may be held liable for crimes that their agents and employees commit within the course and scope of their employment.

 

3A.               What are five broad categories of crimes? What is white-collar crime? Traditionally, crimes have been grouped into the following categories: violent crime (crimes against persons), property crime, public order crime, white-collar crime, and organized crime.

White-collar crime is an illegal act or series of acts committed by an individual or business entity using some nonviolent means usually in the course of a legitimate occupation.

 

4A.               What defenses can be raised to avoid liability for criminal acts? Among the most defenses to criminal liability are infancy, intoxication, insan­ity, mistake, consent, duress, justifiable use of force, entrapment, the statute of limitations, and immunity.

 

5A.               What constitutional safeguards exist to protect persons accused of crimes? Under the Fourth Amendment, before searching or seizing private property, law enforcement officers must obtain a search warrant, which requires probable cause.

Under the Fifth Amendment, no one can be deprived of “life, liberty, or property without due process of law.” The Fifth Amendment also protects persons against double jeopardy and self-incrimination.

The Sixth Amendment guarantees the right to a speedy trial, the right to a jury trial, the right to a public trial, the right to confront witnesses, and the right to counsel. Individuals who are arrested must be informed of cer­tain con­stitutional rights, including their Fifth Amendment right to remain silent and their Sixth Amendment right to counsel. All evi­dence obtained in violation of the Fourth, Fifth, and Sixth Amendments, as well as all evidence derived from the ille­gally ob­tained evidence, must be excluded from the trial.

The Eighth Amendment prohibits ex­cessive bail and fines, and cruel and unusual punishment.

 

6A.               How has the Internet expanded opportunities for identity theft? The Internet provides easy access to private data. Web users surrender information about themselves without knowing it. Many company websites use “cookies” to collect data on users who visit the sites. The data can include the areas of the site the user visits and the links on which the user clicks. Browsers often store information such as users’ names and e-mail addresses. Every time a purchase is made online, the item is linked to the purchaser’s name, allowing Web retailers to amass a database of who is buying what.

 

 

Answers to Critical Thinking Questions

in the Features

 

Adapting the Law to the Online Environment—Critical Thinking

What other types of cyberstalking crimes might involve tweets? Cyberstalking involves troubling someone steadily and malevolently, or harassing a person or business persistently. Types of cyberstalking crimes that might involve tweets are limited only by the legal definitions of the crimes and the imaginations of the criminals who violate them.

These could include any of the crimes mentioned in the text. For instance, the feature illustrates the use of a link to commit assault and, arguably, battery. Additionally, a tweet might be used to commit larceny, obtain goods by false pretenses, or aid and abet forgery. A public order crime—drunkenness, drug use, prostitution, or gambling—might be the impetus that launches other criminal activity, including steady, malevolent, or persistent harassment or similar behavior via tweet. A criminal attempt to gain a personal business advantage through such violations as embezzlement, mail or wire fraud, bankruptcy fraud, theft of trade secrets, or insider trading could be initiated, furthered, or accomplished by cyberstalking tweets. A money-laundering scheme could also fall into this category, as could every digital crime in the “book”—cyber fraud, theft, hacking, or terrorism. Conspiring to commit any of these crimes, or to cover them up, or merely to attempt them by tweet would meet the appropriate definitions.

Any or all of these might be committed as part of a cyberstalking scheme.

 

Managerial Strategy—Business Questions

1. Why might a corporation’s managers agree to pay a large fine rather than to be indicted and proceed to trial? Most corporate managers choose to pay the fine because they worry that a criminal indictment will harm their corporation’s reputation, its profitability, and ultimately, its existence.

 

2. How does a manager determine the optimal amount of legal research to undertake to prevent her or his company from violating the many thousands of federal regulations? Every manager is faced with the task of determining how best to use the limited resources at her or his disposal.  Clearly, no manager in a small company would decide to devote 50 percent of the company’s annual costs to preventing violations of federal regulations.  Hence, each manager must weight the potential costs if violating federal rules and regulations with the legal fees that must be incurred to learn about those regulations.

 

 

Answers to Critical Thinking Questions

in the Cases

 

Case 9.1—Critical Thinking Questions

Legal Environment

Could Crabtree have successfully avoided her conviction by arguing that her only “crime” was “naively trusting her co-workers?” Why or why not? No, Crabtree is not likely to have avoided her conviction by arguing that her only “crime” was “naively trusting her co-workers.” This claim would have been refuted by the same evidence that supported the jury’s finding of her knowledge of, and voluntary participation in, the fraud with which she was charged.

This evidence included the testimony of HCSN employees that Crabtree complied with their requests to modify patient notes to satisfy Medicare qualifications. Further, Crabtree acknowledged in conversation that some of the patients suffered from conditions that were unsuitable for treatment at HCSN. In addition, there was the evidence that Crabtree fulfilled requests to change and falsify notes for billing and Medicare purposes. This supported the finding that she voluntarily joined the conspiracy.

 

Ethical

It seems reasonable to assume that one of the purposes of any business is to “maximize billing potential.” When does conduct to accomplish that purpose become unethical? Conduct to “maximize billing potential,” or to realize any other financial objective, becomes unethical when decisions and actions fail to reflect “good corporate citizenship.”

In the Crabtree case, for example, the defendant (and, of course, others who participated in the fraud with which she was charged) failed to evaluate—at a minimum—the legal implications of their conduct before engaging in it. Most importantly, Crabtree should have taken into account the health needs of the patients whose therapy she vouched for. She might also have given thought to the possible consequences of her ill-conceived actions on her family and her reputation, as well as within the healthcare community generally.

 

 

Case 9.2—Critical Thinking Question

Legal

Why was Sisuphan convicted of embezzlement instead of larceny? What is the difference between these two crimes? One of the key differences between embezzlement and larceny has to do with the element of possession. Larceny involves the wrongful taking of property in the possession of another, as does robbery (the latter crime involves the violent taking of the property). Embezzlement, in contrast, involves the wrongful appropriation of property that has been entrusted to the person appropriating it, typically an employee. In other words, the property is already in the perpetrator’s possession. Thus, Sisuphan was convicted of embezzlement instead of larceny because, as a dealership employee, he was in legitimate possession of the money until he took the added step of keeping it.

 

 

Case 9.3—Critical Thinking Questions

Legal Environment

Why is a computer-generated summary of business records created solely for a trial generally not admissible? How were the spreadsheets in this case different? Computer-generated business records are admissible if they were kept according to a routine procedure designed to assure their accuracy, as noted in the text. A computer-generated summary of business records created solely for a trial is generally not admissible, however—it is normally considered to be hearsay.

In the Warner case, “although the spreadsheets were formatted to be easier to understand and printed for litigation, the underlying records were kept in the ordinary course of business and the data was not modified or combined when entered into the spreadsheets.”

 

Ethical

Is filing a false tax return to obtain a refund unethical? If so, is filing more than five thousand false returns more unethical? Explain. Yes, filing a false tax return to obtain a refund is unethical. Compliance with the law is the moral minimum. If people and entities only comply with the law, they are acting at the lowest ethical level that society will tolerate. If they do not at least comply with the law, as would occur with the filing of false tax returns, they are not conforming to even this low standard.

Committing the act of filing a false return involves deceit, a serious ethical transgression. In the Warner case, the jury found that the defendant knowingly filed tax returns without the authority of the individuals whose identities were stolen or knowing that those individuals were not entitled to the claimed refunds—5,000 times. Filing a single false return is clearly unethical. Filing more than 5,000 false returns is more unethical—to the extent that any accumulation of transgressions is more unethical than one—because that number of fraudulent filings involves at least the same number of transgressions.

 

 

Answers to Questions in the Practice and Review Feature

at the End of the Chapter

 

1A.               State of mind

Yes, because he was the corporate officer responsible for the project and had the power to prevent the criminal violation. Corporate directors and officers are personally liable for the crimes they commit, and can also be held liable for the crimes of employees under their supervision. Because Hanousek was the corporate officer responsible for every detail of the “6-mile” quarry, he had the power to prevent the criminal violation. Therefore, Hanousek can be held criminally negligent for the backhoe operator puncturing the pipeline.

 

2A.               Theory of liability

Under the responsible corporate officer doctrine, a corporate officer can be held liable for a crime because he was in a responsible relationship to the corpora­tion and could have prevented the violation. The corporate officer does not have to intend the crime or even know about it, to incur liability under this doctrine.

 

3A.               Liability of employee

No, because he did not have the required mental state (mens rea) and was not a cor­porate officer in a responsible position to prevent the criminal violation. Criminal liability requires a guilty act at the same time as the defendant had a wrongful mental state.  In this situation, the backhoe operator did pierce the pipeline (the guilty act), but he did not have a wrongful mental state because he was unaware that the pipeline was there. As an employee, a court would not use the same standard as if he were a responsible corporate officer who “knew or should have known” of the existence of the pipeline.  Because both elements of criminal liability (guilty act and wrongful mental state) did not occur, the backhoe operator could not be charged with a crime.

 

4A.               Ignorance of the law

No, because Hanousek was the corporate officer responsible for the project and should have known the requirements of the law. Because Hanousek was in a responsible position at the corporation and specifically in charge of the 6-mile quarry, a court would find that he “should have known” of the requirements of the law.  Therefore, lack of knowledge of the requirements of the Clean Water Act would not operate as a defense in his case.

 

 

Answer to Debate This Question in the Practice and Review Feature at the End of the Chapter

 

Because of overcriminalization, particularly by the federal government, Americans may be breaking the law regularly without knowing it. Should Congress rescind many of the more than four thousand federal crimes now on the books? Drastic times require drastic measures. This nation now has more than three hundred million residents who move frequently. Moreover, the pervasiveness of the Internet means that business fraud is increasing at a rapid rate. Consequently, the federal government must step in to make sure that criminal actions do not go unpunished. That’s why so many new federal crimes have been added to the body of criminal statutes.

The Constitution reserves for the states police powers for activities within state boarders. Crimes have always been defined by state and local governments. Just because we have a larger population that has access to the Internet does not mean that Congress should be in the business of creating so many federal crimes. Moreover, many new federal criminal statutes do not require intent—a cornerstone of the prosecution of most crimes for ages.

 

 

Answers to Issue Spotters

at the End of the Chapter

 

1A.     Dana takes her roommate’s credit card, intending to charge expenses that she incurs on a vacation. Her first stop is a gas station, where she uses the card to pay for gas. With respect to the gas station, has she com­mitted a crime? If so, what is it? Yes. With respect to the gas sta­tion, she has obtained goods by false pretenses. She might also be charged with larceny and forgery, and most states have spe­cial statutes covering illegal use of credit cards.

 

2A.     Without permission, Ben downloads consumer credit files from a computer of Consumer Credit Agency. He then sells the data to Dawn. Has Ben committed a crime? If so, what is it? Yes. The Counterfeit Access Device and Computer Fraud and Abuse Act provides that a person who accesses a computer online, without permission, to obtain classified data—such as consumer credit files in a credit agency’s database—is subject to criminal prosecution. The crime has two elements: (1) accessing the computer without permission and (2) taking data. It is a felony if done for private financial gain. Penalties include fines and imprisonment for up to twenty years. The victim of the theft can also bring a civil suit against the criminal to obtain damages and other relief.

 

 

Answers to Business Scenarios and Case Problems

at the End of the Chapter

 

9–1A.           Types of cyber crimes

1. This is a form of identity theft. The traditional crimes of theft (rob­bery, burglary, larceny, and other) consist of wrongfully taking and carrying away an­other’s per­sonal property with the intent of depriving the owner permanently of it. Unique to crimes of identity theft is that they involve taking another’s identity, and unique to cyber variations of the offense is that the criminal acts are committed with computers, often online. A stolen identity is typically used to commit more crimes.
2. As in the previous problem, this is a form of identity theft. This problem de­scribes a factual situation referred to as phishing. In such a set of circumstances, once an unsuspecting individual responds by entering the requested information, the phisher can use it to pose as that person or to steal the funds in his or her bank or other account.

 

9–2A.           Cyber scam

Kayla has committed fraud in an e-mail sent via the Internet. The elements of the tort of fraud are as follows:

1. The misrepresentation of material facts or conditions was made with knowledge that they were false or with reckless disregard for the truth.
2. There was an intent to induce another to rely on the misrepresentation.
3. There was justifiable reliance on the misrepresentation by the deceived party.
4. Damages were suffered as a result of the reliance.
5. There was a causal connection between the misrepresentation and the injury.

If any of Kayla’s recipients reply to her false plea with cash, it is likely that all of these requirements for fraud will have been met.

 

9–3A.           Business Case Problem with Sample Answer—White-collar crime

Yes, the acts committed by Matthew Simpson and the others, and described in this problem, constitute wire and mail fraud. Federal law makes it a crime to devise any scheme that uses the U.S. mail, commercial carriers (FedEx, UPS), or wire (telegraph, telephone, television, the Internet, e-mail) with the intent to defraud the public.

Here, as stated in the facts, Simpson and his cohorts created and operated a series of corporate entities to defraud telecommunications companies, creditors, credit reporting agencies, and others. Through these entities, Simpson and the others used routing codes and spoofing services to make long distance calls appear to be local. They stole other firms’ network capacity and diverted payments to themselves. They leased goods and services without paying for them. And they assumed false identities, addresses, and credit histories, and issued false bills, invoices, financial statements, and credit references, in order to hide their association with their entities and with each other. The “scheme” was to defraud telecommunications companies and other members of the public to the perpetrators’ gain of a variety of goods and services. Wire services—the Internet, and presumably phones and other qualifying services—were used to further the scheme.

In the actual case on which this problem is based, a federal district court convicted Simpson of participating in a wire and mail fraud conspiracy (and other crimes). On appeal, the U.S. Court of Appeals for the Fifth Circuit affirmed the conviction.

 

 

 

9–4A.           Defenses to criminal liability

Yes, Barta could be absolved of the charge of conspiracy to commit bribery on a defense of entrapment. This defense is designed to prevent police officers and other government agents from enticing persons to commit crimes so that they can later be prosecuted for criminal acts. For entrapment to succeed as a defense, both the suggestion and the inducement to commit the crime must take place. The critical question is whether the person who is charged with the commission of a crime was predisposed to commit it or did so only because the officer induced it.

In this problem, the government, through its agent George Castro, entrapped Barta into participating in a conspiracy to bribe a fictional county official. The government conceded at Barta’s trial that he was not predisposed to conspire to commit bribery. Castro frequently e-mailed and called Barta over a period of months, with no response from him, even when the messages included deadlines and ultimatums. And Barta’s statement, when he eventually did write a check on his company’s account to Castro, that it was to help his friend gave the government reason to believe that Barta was making a deal only to benefit his friend.

In the actual case on which this problem is based, Barta was arrested, charged, and tried for conspiracy to commit bribery. He pleaded entrapment but was convicted. The U.S. Court of Appeals for the Seventh Circuit reversed his conviction, on the reasoning stated above.

 

9–5A.           Criminal process

Peters can be perceived as an arrogant person—displaying a feeling of superiority—and lacking empathy for others, particularly those victims who trusted him and those whom he threatened. There is no indication that he had any sense of what it takes to live in society without lying to, stealing from, and victimizing others. To behave ethically requires at least a willingness to refrain from illegal conduct and a degree of empathy for others. Peters’s misconduct showed that his character lacked these qualities. In other words, he seems to have had no ethical principles.

It might be pointed out that if Peters had put the ingenuity and energy he expended on his illegal schemes to legal, practical use, he might have engineered a successful business. Instead, his lack of ethics robbed himself and others of money and property, as well as the opportunity to trust and be trusted and to do business in good faith.

The court that sentenced Peters concluded that a sentence of forty-eight months imprisonment was appropriate. The court found the federal sentencing guidelines “entirely inadequate in this case. They fail to account for the threats that were made to the victim and his wife. They fail to account for the kinds of vulnerabilities that someone in this victim’s situation faced. The guidelines are too low in this case in relationship to the defendant’s criminal history and the defendant’s conduct. . . . His own family describes him as a thief.”

The U.S. Court of Appeals for the Eleventh Circuit affirmed the sentence. “An above-guideline range sentence was necessary to achieve the statutory purposes of sentencing. As the court found, the conduct underlying the offense was serious.” Peters’s criminal history supported a need for “deterrence in fashioning an appropriate sentence. The sentence is also supported by the need to protect the public from further crimes of Peters.” The court added, “The 48–month sentence was considerably lower than the statutory maximum sentence of 20 years, signaling that the sentence was substantively reasonable.”

 

9–6A.           Criminal procedures

Yes, it would be reasonable to admit evidence revealed in the “protective sweep” of the defendant’s house in this problem during Norman’s trial on the arrest charges.

The Fourth Amendment to the U.S. Constitution protects the “right of the people to be secure in their persons, houses, papers, and effects.” Under this amendment, before searching private property, law enforcement officers must obtain a search warrant. Evidence obtained in violation of this requirement is not admissible at trial. But a warrantless search can be reasonable when probable cause and exigent circumstances exist. Thus, when an officer possesses a reasonable belief based on specific facts that an individual posing a danger is hidden inside a certain location, a search for the individual—a “protective sweep”— confined to those places on site in which a person might be hiding would be reasonable.

In this problem, from outside a house belonging to Kateena Norman, during the execution of a warrant for the arrest of Norman on charges of credit-card fraud and identity theft, federal officers saw another woman and a caged pit bull inside. The officers further believed that Norman’s boyfriend, who had a criminal record and was also suspected of identify theft, could be inside. In less than a minute, the officers searched only those areas within the house in which a person could hide. Under these circumstances, the warrantless search was reasonable and therefore any evidence discovered in the search would be admissible during her trial on the arrest charges.

In the actual case on which this problem is based, Norman filed a motion to suppress this evidence, which the court denied. The U.S. Court of Appeals for the Eleventh Circuit affirmed. “The protective sweep was reasonable.”

 

9–7A.           Types of crimes

Briscoe committed the crime of obtaining property by false pretense. This is a crime in which the goal is economic gain through the acquisition of another’s money, services, or property. This type of theft is accomplished by trickery or fraud.

In the Briscoe case, Briscoe leased Chigger Ridge Ranch for twelve months. The lease delineated the vehicles and equipment that belonged to the ranch, and which VPW could use for the term, but the lease did not convey any ownership interest. Despite the lack of ownership rights, Briscoe had his employees sell some of the vehicles and equipment. The buyers had the impression that Briscoe either owned the property or was authorized to sell it, and he did nothing to correct their false impression of this pretense. The buyers paid with checks, which Briscoe deposited in his own account. The goal of this scheme was to acquire the buyers’ money. The theft was accomplished by fraud.

In the actual case on which this problem is based, Briscoe was convicted in a Texas state court of giving a false statement to obtain property. A state intermediate appellate court affirmed. “Briscoe obtained the checks by deception—that is, by failing to correct [the buyers’] impression that he .  .  . owned the equipment or was authorized to sell it.”

 

9–8A.           A Question of Ethics—The IDDR approach and identity theft

1. No, the evidence does not support Broussard’s assertion. In fact, it suggests the opposite—that Broussard knew what was going on.

In this problem, Heesham Broussard obtained counterfeit money instruments. To distribute the items, he used FedEx account information and numbers misappropriated by hackers. Broussard’s text messages indicated that he had participated in an earlier, similar scam. Further, the messages showed that he knew the packages would be delivered only if the FedEx accounts were “good.” Charged with identity theft, he argued that the government could not prove he knew the FedEx accounts belonged to real persons or businesses. His text messages, however, indicated the contrary. A judge or juror could infer from these statements that he knew the packages would not be delivered successfully unless the account information and numbers belonged to real customers.

From an ethical perspective, it does not matter whether Broussard knew that the accounts belonged to real customers. And it does not matter whether he knew the owners of the accounts, whether they knew him, or whether the accounts belonged to persons or businesses. Broussard committed a crime. An accompanying violation of any standard of ethics is certain. Here, he acted dishonestly, with fraudulent intent, misrepresenting himself as the authorized sender of FedEx packages filled with counterfeit money instruments.

In the actual case on which this problem is based, the court convicted Broussard of the charge of identity theft. The U.S. Court of Appeals for the Fifth Circuit affirmed the conviction, responding to his argument on appeal according to the reasoning stated above.

2. The conclusion seems foregone—if FedEx knew that its customers’ account information had been compromised, the company had an ethical obligation to take steps to protect those customers from theft.

The first step of the IDDR approach is an Inquiry—identify the issue, the stakeholders, and ethical standards. In the facts of this question, hackers stole the account information of FedEx customers. Was FedEx obligated to act to protect those customers from theft? Besides those customers and FedEx, the stakeholders could include the owners and employees of the company, as well as the society as a whole. Relevant ethical standards could derive from the company’s policies, or from religious, philosophical, or other standards. These would include such general principles as acting for the benefit of the most people.

The second step of the approach is a Discussion to analyze actions that might address the issue. Factors include the strengths and weaknesses of those actions, considering their consequences and the effects on stakeholders. To protect against theft through the use of stolen account information, FedEx might have to do as little as assign its customers new account names, numbers, or passwords. If the information could be used for illicit purposes other than fraudulent delivery charges, FedEx could notify its customers, publicize the theft, and alert law enforcement. The company might offer to pay to monitor victimized customers’ credit information. None of these actions would seem to be weak or costly, and their results and effects could be almost entirely beneficial—customers might feel protected, society’s interest in the reliability of FedEx accounts could be reassured, and the owners and employees of the company might believe more strongly in its continued success.

The third step of the IDDR approach is to make a Decision and state the reasons. The decision is clear—FedEx should act to protect its customers and the other stakeholders. The actions the company should take include those discussed above. The reasons for this conclusion are also stated above—to benefit those customers, the owners and employees of the company, and the public generally. This would further assure these stakeholders of the commitment of the firm to the continuing viability of its business.

The final step of this approach is a Review to weigh the success or failure of the action to resolve the issue, and satisfy the stakeholders. According to the facts, FedEx policy is to deliver packages only if an account is “good.” Thus, if FedEx were to take the steps indicated above, its actions would likely prove successful. The stolen data would not be able to initiate FedEx deliveries, and would become potentially useless for almost any other purpose. These results could satisfy all of the stakeholders.

 

 

Critical Thinking and Writing Assignments

 

9–9A.           Critical Legal Thinking

No. A separate crime occurs only when there are separate distinct acts of seizing the property of another. In the circumstances described in the question, Ray committed the crime of grand theft because of the value of property in the purse, including the value of the gun. Only one crime of theft occurred, however. Ray saw the purse and took it without know­ing what it contained: there was one intent and one act.

 

9–10A.         Time-Limited Group Assignment—Cyber crime

1. It goes without saying that the higher the anticipated cost of engaging in cyber crime activity, the lower will be the amount demanded.  In other words, heavy fines and long jail sentences would have some deterrent effect.  The real question is by how much. Many hackers who bring down corporate and government computer systems are teenagers. They cost businesses billions of dollars, yet gain no monetary reward for their hacking—they do it to prove that they are as good or better than other hackers.  If caught, they could not engage in much meaningful restitution to their corporate victims.  In contrast, adult cyber criminals who engage in identity theft, credit-card fraud, and online auction fraud often make larges sums of money from this criminal activity.  They could be forced to engage in meaningful restitution to their victims. They could be sentenced to long jail terms, just as we routinely do for traditional thieves.  Restitution and long jail terms might serve as a deterrent to such cyber criminal activities. U.S. authorities, though, cannot easily arrest, try, convict, and sentence cyber criminals living and operating in, say, Russia.
2. Protection against cyber crime starts with the awareness at management and staff levels of the potential harm that could result. Even the temporary loss of a system’s functions while its software is replaced due to a virus’s infection or other destructive event could prove costly. Thus, management should make appropriate funds available to pay for security, impose procedures to identify the system’s vulnerability, require the use of security hardware and software, and conduct security audits on an ongoing basis. The use of passwords among those with access to the system is also an important step when used correctly. Backed-up data can be key, and storing the backed-up data off-site can be even more effective.
3. A cyber criminal could and should arguably be ordered to pay restitution to his or her victims whenever those persons or businesses suffer a financial loss. The victims whose computers are infected with worms or viruses most likely must pay for cleansing software or a security sweep, or more, to clear their data of the infections. Victims of theft of course experience financial loss.

The measure of the restitution might include the value of what was taken, the cost to recover it, the expense of repair, and the price of the investigation that it may have taken to discover the illegal breach.

There is no reason why large companies—such as Facebook, Apple, Netflix, or Alphabet—should not be entitled to the same restitution as other victims.