Criminal Law
A Better Interpretation of "Special Needs" Doctrine After Edmond and Ferguson
112 Yale L.J. 2591 (2003)
Digital Architecture as Crime Control
112 Yale L.J. 2261 (2003) The first generation of cyberlaw was about what regulates cyberspace. Led by Larry Lessig's path-breaking scholarship isolating architecture as a constraint on behavior online, a wide body of work has flourished. In a recent article, I took those insights and reverse-engineered them to show how attention to architecture in realspace (such as our city streets, parks, houses, and other buildings) constrains crime. It is time to begin a new generation of work, one that applies the lessons of realspace study back to the cybernetic realm. The question will not be what regulates cyberspace, but how to do so given the panoply of architectural, legal, economic, and social constraints. This Essay details how theories of realspace architecture inform the regulation of one aspect of cyberspace, computer crime. Computer crime causes enormous damage to the United States economy, with even a single virus causing damage in the billions of dollars and with a recent survey finding that ninety percent of corporations detected computer security breaches. Yet despite apparent metaphorical synergy, architects in realspace generally have not talked to those in cyberspace, and vice versa. There is little analysis of digital architecture and its relationship to crime, and the realspace architectural literature on crime prevention is often far too "soft" to garner significant readership among computer engineers. However, the architectural methods used to solve crime problems offline can serve as a template to solve them online. This will become increasingly obvious as the divide between realspace and cyberspace erodes. With wireless networking, omnipresent cameras, and ubiquitous access to data, these two realms are heading toward merger. Architectural concepts offer a vantage point from which to view this coming collision. This brief Essay sketches out design solutions to the problem of security in cyberspace. It begins by introducing four principles of realspace crime prevention through architecture. Offline, design can (1) create opportunities for natural surveillance, meaning visibility and susceptibility to monitoring by residents, neighbors, and bystanders; (2) instill a sense of territoriality so that residents develop proprietary attitudes and outsiders feel deterred from entering private space; (3) build communities; and (4) protect targets of crime. After introducing these concepts, the Essay discusses analogues to each principle in cyberspace. Naturally, the online and offline realms are not symmetric, but the animating rationales for the four principles can be translated to cyberspace. Some of the outlined modifications to digital architecture are major and will invariably provoke technical and legal concerns; others are more minor and can be implemented quickly to control computer crime. For example, we will see how natural surveillance principles suggest new virtues of open source platforms, such as Linux, and how territoriality outlines a strong case for moving away from digital anonymity toward pseudonymity. The goal of building communities will similarly expose some new advantages for the original, and now eroding, end-to-end architecture of the Internet--a design choice that eschewed barriers between computers and rejected preferences for certain types of content. Principles of community and target protection will illuminate why installing firewalls (which are simply pieces of hardware and software that prevent specified communications ) at end points will provide strong protection, why some computer programs subtly cue criminal acts, and why the government should keep some computer crimes secret. Throughout this Essay, each Section will employ the realspace architect's understanding of context to explain why many meta-claims in contemporary cyberlaw are too grand. These claims are proliferating and track the same binary formula: "open sources are more/less secure," "digital anonymity should be encouraged/prohibited," "end-to-end networks are more/less efficient," "peer-to-peer technologies are a threat/blessing," etc. Systematic predictions are possible about the benefits of open sources, end-to-end (e2e) networks, and the like, but caution is warranted before applying these predictions across the board. Such caution is a staple of crime prevention in realspace, as the four design principles are often in tension with each other. As this Essay progresses, these tensions will become evident in the cyberspace context as well. In total, these architectural lessons will help us chart an alternative course to the federal government's tepid approach to computer crime. In February of this year, after a year and a half of promising a revolutionary approach, the White House released its National Strategy To Secure Cyberspace. Unfortunately, the Strategy consists of little beyond an unbridled faith in "the market itself" to prevent cybercrime. By leaving the bulk of crime prevention to market forces, the government will encourage private barricades to develop--the equivalent of digital gated communities--with terrible consequences for the Net in general and interconnectivity in particular. Just as safety on the street depends in part on public police and public architecture, so, too, in cyberspace.
What Kind of Immunity? Federal Officers, State Criminal Law, and the Supremacy Clause
112 Yale L.J. 1943 (2003) When, if ever, may a State prosecute a federal officer for violating state criminal law while discharging his federal duties? Over the past decade, developments in the doctrines associated with "federalism" have redefined the constitutional status of federal attempts to regulate the States. The question posed here implicates the opposite, rarely examined, side of federalism's coin: the extent to which the Constitution constrains state attempts to regulate the federal government and its agents. It has been clear for over a century that federal officers enjoy some degree of immunity in this area, but the precise scope of, and basis for, that immunity--known as "Supremacy Clause immunity"--remain unclear. This Article seeks clarity. Drawing on recent litigation arising out of the 1992 standoff between federal law enforcement officers and armed separatists at Ruby Ridge, Idaho, it argues that federal officers acting within the scope of their employment should be immune from state prosecution for any action taken that they reasonably believe is necessary and proper to the performance of their federal functions. State criminal law, in other words, must not be applied so as to chill federal officers in the discharge of their federal duties as they reasonably understand them. In articulating this standard, the Article draws on related doctrines like qualified immunity in the civil context and on principles of preemption as derived from foundational cases like McCulloch v. Maryland. In addition to supporting the Article's view of the proper scope of Supremacy Clause immunity as a default matter, these analogies confirm that the degree of immunity in this area is largely subject to congressional control. Congress, the Article suggests, could completely immunize federal officers from state prosecution for conduct taken in the discharge of their duties, or it could expose federal officers to the full force of state law. Either congressional choice would change what a reasonable federal officer would think about the scope of his federal authority vis- -vis contrary state law, thus recalibrating the scope of his immunity. At bottom, Supremacy Clause immunity is concerned with resolving conflicts between state and federal law. Where the application of state law threatens the effectuation of federal law or policy, the Supremacy Clause provides a federal trump. This attention to actual state-federal conflict, the Article suggests, should inform courts' approaches to a whole range of issues of overlapping federal and state power. Rather than making categorical judgments about the division of sovereign power, courts should instead be attentive to the extent of actual conflict between state law and federal functions.
A Site Where Hackers Are Welcome: Using Hack-In Contests To Shape Preferences and Deter Computer Crime
112 Yale L.J. 1577 (2003) While the Internet has revolutionized communication and commerce, it has also created the conditions for a type of crime that can be committed anonymously, from anywhere in the world, and with consequences that are unprecedented in scope. With the failure of traditional law enforcement methods to deal with these challenges, computer crime requires a new approach to thinking about deterrence. Focusing on a particular type of computer crime, unwarranted intrusions into private computer networks, this Note argues that "tailoring the punishment to fit the crime" might mean focusing on something besides punishment. It proposes a regulated system of privately sponsored "hack-in" contests to supplement the criminal law, which has proved inadequate at deterring computer crime. Computer crime comes in many varieties, including online theft and fraud, vandalism, and politically motivated activities. Other hackers simply try to break code, seeking challenge, competition, and bragging rights. Whatever the motivation, intrusions have serious costs. At the very least, a violated site must patch the security hole. Even a nonmalicious trespass disrupts the victim's online services while the breach is fixed. Not knowing whether or not a breach was malicious, companies generally expend resources investigating the matter, often hiring private investigators so that they do not suffer reputational loss. If other hackers become aware of the site's vulnerability, a nonmalicious hack may be the precursor to more malicious attacks. Finally, considering the gravity of the risk, attack victims may change their behavior, becoming reluctant to put valuable information online. How can private actors, alongside government, deter such activity? Two basic approaches have been suggested. First, some scholars have imagined creative ways of reinforcing the criminal law with other kinds of constraints on behavior. Second, others have suggested that the least dangerous kinds of hacking should be decriminalized in ways that demarginalize the hacking community and actually increase Internet security. Those in the first group have expanded on the Beckerian framework, long dominant in thinking about deterrence, which limits policymakers to manipulation of two factors in deterring crime--probability of detection and severity of sentence. Scholars looking beyond this framework have incorporated social norms, architecture, and monetary costs as additional constraints on crime. Neal Katyal, for example, argues that monetary costs should supplement criminal sanctions because they constrain all actors, whereas legal sanction is only probabilistic. The insight is well taken. Criminal constraints alone will not effectively deter computer crime. Law must help second and third parties--victims of computer crime and Internet users--deter crime themselves. Even this most recent scholarship at the vanguard of deterrence theory, however, approaches deterrence from a cost perspective. Departing from this tradition, this Note argues that, just as the "law should strive to channel crime into outlets that are more costly," it should also encourage mechanisms that channel criminal behavior into legal outlets. The second group of scholars argues that "look-and-see" hacking, where hackers only explore systems without damaging them, and perhaps report that they have breached security, is victimless and should be decriminalized. They argue that decriminalization would result in a number of social benefits, including an increase in Internet security as hackers identify latent vulnerabilities, a better allocation of law enforcement resources, and the development of creative people with technological skills. The arguments do not satisfy opponents of decriminalization, however, who emphasize that decriminalization fails to signal clearly that hacking is a proscribed activity. This Note seeks to develop a proposal--the "hack-in contest"--that appeals to both proponents and opponents of decriminalization. First, contests can capture the benefits of decriminalization without sacrificing the expressive and preference-shaping functions of the criminal law. Second, contests provide positive incentives for law-abiding hacking, an important approach given a hacking subculture that may be unreceptive to sanctions. Seeking to introduce positive reinforcement and "channeling structures" into the toolbox of criminal deterrence, this Note argues that a system of structured hack-in days will channel behavior away from illegal hacking toward approved activities. An effective system of contests may even strengthen positive norms among hackers, shaping preferences for law-abiding behavior. While privately sponsored hack-in contests are already prevalent, these contests lack regularity and fail to distinguish between approved and illegal hacking. Unlike these private contests, a regulated system of competitions should be designed to deter computer crime. Part I of this Note outlines the current responses and proposals concerning computer crime and their general failure to prevent unwarranted intrusions. It contends that raising costs may not effectively deter hacking and that decriminalization undermines the expressive function of the criminal law. Part II begins by examining the preference-shaping function of the criminal law, arguing that "positive reinforcement" may be as effective at preference shaping as criminal sanctions. It then argues that the social norms latent in hacker culture may be more effectively harnessed by positive incentives than by sanctions. Part III proposes a hack-in contest framework that encourages law-abiding norms and shapes preferences for legal hacking. Part IV compares the contest proposal to broader decriminalization models and anticipates several objections to the proposal.
Conspiracy Theory
112 Yale L.J. 1307 (2003) Over one-quarter of all federal criminal prosecutions and a large number of state cases involve prosecutions for conspiracy. Yet, the major scholarly articles and the bulk of prominent jurists have roundly condemned the doctrine. This Article offers a functional justification for the legal prohibition against conspiracy, centering on psychological and economic accounts. Advances in psychology over the past thirty years have demonstrated that groups cultivate a special social identity. This identity often encourages risky behavior, leads individuals to behave against their self-interest, solidifies loyalty, and facilitates harm against nonmembers. So, too, economists have developed sophisticated explanations for why firms promote efficiency, leading to new theories in corporate law. These insights can be "reverse-engineered" to make conspiracies operate less efficiently. In reverse engineering corporate law principles and introducing lessons from psychology, a rich account of how government should approach conspiracy begins to unfold. In particular, law enforcement strives to prevent conspiracies from forming by imposing high up-front penalties for joiners but uses mechanisms to harvest information from those who have joined and decide to cooperate with the government. Traditional conspiracy doctrines such as Pinkerton liability and the exclusion from merger not only further cooperation agreements, they also make conspiracies more difficult to create and maintain by forcing them to adopt bundles of inefficient practices. The possibility of defection forces the syndicate to use expensive monitoring of its employees for evidence of possible collusion with the government. Mechanisms for defection also break down trust within the group and prime members to think that others are acting out of self-interest. This Article concludes by offering a variety of refinements to conspiracy law that will help destabilize trust within the conspiracy, cue the defection of conspirators, and permit law enforcement to extract more information from them.
Reconceptualizing VAWA's "Animus" for Rape in States' Emerging Post-VAWA Civil Rights Legislation
111 Yale L.J. 1417 (2002)
Architecture as Crime Control
111 Yale L.J. 1039 (2002) Building on work in architectural theory, Professor Katyal demonstrates how attention to cities, neighborhoods, and individual buildings can reduce criminal activity. The field of cyberlaw has been transformed by the insight that architecture can regulate behavior in cyberspace; Professor Katyal applies this insight to the regulation of behavior in real space. The instinct of many attorneys is to focus on criminal law as the dominant method of social control without recognizing physical constraints--constraints that are sometimes even shaped by civil law. Ironically, even an architectural problem in crime control--broken windows--has prompted legal, not architectural, solutions. The Article considers four architectural concepts: increasing an area's natural surveillance, introducing territoriality, reducing social isolation, and protecting potential targets. These mechanisms work in subtle, often invisible, ways to deter criminal activity and, if employed properly, could stymie the need for architectural self-help solutions that are often counterproductive because they increase overall crime rates. Professor Katyal then illustrates specific legal mechanisms that harness the power of architecture to prevent crime. Distinguishing situations where the government acts as a builder, as a civil regulator, and as a criminal enforcer, the Article suggests solutions in a variety of legal fields, drawing on property, torts, taxation, contracts, and criminal law. Procurement and taxation strategies can promote effective public architecture; crime impact statements, zoning, tort suits, and contractual regulation may engender private architectural solutions as well. Criminal law, particularly through forfeiture, may also play a role. Several problems with architectural regulation are considered, such as the extension of social control and potential losses in privacy. Professor Katyal concludes by suggesting that local jurisdictions devote more attention to architecture as a constraint on crime instead of putting additional resources toward conventional law enforcement.
Rethinking the Puzzle of Escalating Penalties for Repeat Offenders
110 Yale L.J. 733 (2001) The general principle of escalating penalties based on offense history is so widely accepted that it strikes most people as simple common sense. This principle, however, tests the explanatory limits of economics. Contrary to the assumptions in the existing literature, probabilities of detection increase for repeat offenders. As a result, the standard optimal-deterrence model in economics dictates declining, rather than escalating, penalties for repeat offenders. Mining the insights of the emerging behavioral economics literature only makes matters worse, because the salience and optimism biases both support declining penalties as well. The gap between economic theory and actual practice is thus much wider than has been previously recognized. This Article explores two alternative conceptions of the role of legal penalties that may help to bridge that gap: legal penalties as supplements to extralegal sanctions and as expressive devices that help shape perceptions of moral wrongfulness.
