Professor of Law and Technology
Joined on January 27, 2009
Total Post Views: 129,486
About |
Susan Brenner is the NCR Distinguished Professor of Law and Technology at the School of Law. A renowned cybercrime scholar, Professor Brenner speaks internationally and writes extensively on cybercrime. Her website, http://www.cybercrimes.net, was featured on NBC Nightly News. She is a member of the American Bar Association’s International Cybercrime Project and has served on the National District Attorneys Association’s Committee on Cybercrimes. She is also a member of the U.S. Department of Justice’s National Forensic Science Technology Center Digital Evidence Project.
Cybercrimes, according to Professor Brenner, are using a computer to commit fraud, like theft or stalking, or to commit other illegal activity, like create viruses. Interested in computer technology and the Internet, as well as criminal law, she finds the study of cybercrimes exciting. “There are always new crimes emerging,” she says. Her website offers text-based resources and model legislation for cybercrime law that the students in her cybercrimes class helped develop.
Before joining the School of Law faculty in 1988, Professor Brenner taught at the Indiana University School of Law. She was an associate at Silets and Martin, Ltd., in Chicago, where she defended federal white-collar prosecutions and tax offenses, and at Shellow, Shellow & Glynn in Milawaukee, where she specialized in criminal defense. Professor Brenner has also clerked for two federal district court judges.
Except where otherwise noted, all postings by Susan Brenner on CircleID are licensed under a Creative Commons License.
The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more
A recent decision from a federal district court addresses an issue I hadn't seen before: whether searching malware on the suspect's computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn't tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose. more
Maybe you saw the stories recently about comments that were made at a recent World Economic Forum debate on cyberwarfare. As one of them notes, Hamadoun Toure, Secretary General of the International Telecommunications Union, proposed a treaty in which countries would pledge not to attack each other without having been attacked. This post isn't about Mr. Toure's proposal. It's about a comment the story attributes to Craig Mundie, Chief Research and Strategy Officer for Microsoft. According to The Raw Story, Mundie "called for a `driver's license' for internet users." more
This post was prompted by questions I was asked to address when I participated in a panel discussion of cybersecurity. Here are the relevant questions: "Should we reconsider the notion that companies under attack are prohibited from investigating the attackers and trying to locate them? We allow private investigators to conduct some activities that usually only the police are allowed to do; should we accredit private cyber investigators?" ...The one I found more interesting is the second question: whether we should accredit private cyber investigators. more
This post isn't about -- or isn't only about -- the use of computer technology to commit crimes. It's more about the use of computer technology to commit war. A few weeks ago, I was part of a conversation about the legal issues cyberwarfare raises. We were talking about various scenarios -- e.g., a hostile nation-state uses cyberspace to attack the U.S. infrastructure by crippling or shutting down a power grid, air traffic control systems, financial system, etc. Mostly, we were focusing on issues that went to the laws of war, such as how and when a nation-state that is the target of a cyberattack can determine the attack is war, rather than cybercrime or cyberterrorism. more
Maybe you saw this story: A Chinese man (whose name is not given) has been sentenced to serve three years in prison for extorting "virtual items and currency" from a "fellow Internet café user." The currency was worth 100,000 yuan or $14,700. The man who's sentenced to three years and the three friends who helped him also "extorted virtual equipment for online games" from their victim. The friends only seem to have been given a fine; the primary extortionist got both a fine and a jail time. The virtual currency was QQ coins... As I'm sure all of us know, there's a thriving market in virtual goods and currency... more
In 2001, I published an article on "virtual crime." It analyzed the extent to which we needed to create a new vocabulary -- and a new law -- of "cybercrimes." The article consequently focused on whether there is a difference between "crime" and "cybercrime." It's been a long time, and cybercrime has come a long way, since I wrote that article. I thought I'd use this post to look at what I said then and see how it's held up, i.e., see if we have any additional perspective on the relationship between crime and cybercrime... more
In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more
Maybe you've seen one of the news stories about the revised Georgia statute (Georgia Code § 41-1-12) that now requires sex offenders to turn their Internet passwords, screen names and email addresses over to authorities. The purpose of the revised statute is to give authorities the ability to track what sex offenders are doing online, to, in the words of one news story, "make sure" they "aren't stalking children online or chatting with them about off-limits topics." more