Hacking and Unauthorized Access
Guide to the Law about Hacking and Unauthorized Access to Systems and Accounts in the United States
The words “hack” or “hacking” are hard to pin down. Often they are even used in a positive way, such as is described on the website LifeHacker.com. But here we are taking about the illegal acts of digitally “breaking in” to an account or device.
Be sure to check out our full Guide to Laws about the Internet & Social Media.
What exactly is hacking?
Hacking generally is defined in the law as “unauthorized access” or exceeding authorized access to a computer, server, or other device such as a cell phone. This can range from using highly sophisticated “cracking” or coding to break into or damage a computer system, to simply finding or figuring out someone’s password and logging into their account without permission. Hacking is a crime under the federal Computer Fraud & Abuse Act as well as under state laws as well.118 USC Sec 1030
The penalties for hacking are up to 20 years in prison and/or a fine of up to $15,000.
It is also a crime to illegally intercept information or communications on the internet, which is called wiretapping.318 USC 2511 There is a related concept of online “wire fraud,” which involves using the internet to commit fraud, such as trying to get someone to send money based on a made-up story.418 USC 1343
What do I do if I think I’ve been hacked?
If you have evidence of a hacking and can identify who did it (or is continuing to do it), the law allows you to get authorities to take immediate action to disable the hacker. These laws come are found mostly in the Computer Fraud & Abuse Act. Contact local law enforcement or the Internet Criminal Complaint Center (see below).
Someone got into my email or social media account without my permission. Is that illegal?
If someone sneaks into, logs in, looks through or uses your email (such as gmail or Outlook), or other internet or social media account (such as facebook or twitter) without your consent, this is generally considered “hacking” and is probably illegal. This type of thing is a crime under the federal Computer Fraud & Abuse Act, and a crime under state laws as well.
It also may be considered “invasion of privacy” or “identity theft,” which are also illegal under federal and state laws.518 U.S.C. Sec 1028 The penalty for identity theft is generally up to 5 years in prison, but could be up to 15 years. See more at the Dept of Justice guide “Prosecuting Computer Crimes.”
Here’s a recent example of a woman who was convicted for figuring out the password and logging into the email accounts of some people she knew without their permission.
What is ransomware and is it illegal?
Ransomware is software that a person secretly installs remotely on another person’s computer which could destroy or download the computer’s data. Following this installation, the “hacker” then usually demands a “ransom” to prevent the destruction or publishing of the data. This is a form of extortion, and is illegal under most federal and state computer crime laws, but some states also have explicitly addressed ransomware.
What is phishing and is it illegal?
Phishing is where someone creates a deceptive email or text message that looks like it is from a reputable person or company, in an attempt to get the victim to give out their personal or financial information. It is generally illegal under wire fraud, identity theft, or other laws, but many states also have specific laws targeting phishing.
If you believe you have been hacked, contact local law enforcement (use non-emergency number unless your physical safety is at risk) and/or file a complaint with the Internet Criminal Complaint Center