Cybercrime is, undoubtedly, a growing problem. Scarcely a week goes by without reports of massive online misconduct. The primary federal legislative response so far has been to impose computer abuse liability on network attackers. Every state has enacted a similar statute.
But do these cybercrime statutes actually punish and deter hackers? Members of Congress and Department of Justice prosecutors think so—and have repeatedly sought to expand the scope and consequences of liability. Meanwhile, scholars, advocates, and some judges have argued that computer abuse legislation is overbroad and ineffective. Law and policy debate has proceeded from these dueling narratives, not from data.
This Article presents the first comprehensive empirical analysis of litigation under the federal cybercrime statute, the Computer Fraud and Abuse Act. Drawing on a new dataset compiled from hundreds of civil and criminal pleadings, the Article addresses fundamental and unanswered questions about the on‐the‐ground function of cybercrime law.