Procedural criminal cyberlaw
by John Bandler
Procedural criminal cyberlaw is that portion of cyberlaw that relates to the process of investigating and prosecuting (litigating) cybercrime.
Explaining the terms and where you are
Let's unpack each word in the term "procedural criminal cyberlaw" with some rough definitions.
- Cyberlaw = cyber + law. Areas of law that involve computers and the internet
- Criminal law = areas of law that are not "civil law", and involve crimes and their prosecution
- Procedural law = laws of process (in contrast to laws of substance, or rules for conduct).
Since this article is about procedural criminal cyberlaw, it is about the process of investigating and prosecuting cybercrime, from a criminal justice and criminal law perspective.
Cyberlaw recap
Remember that cyberlaw is the merging of two words, "cyber" and "law".
Cyber essentially means using cyberspace, using the Internet and a computer.
Law is our system of laws, which is a continually evolving process that started hundreds of years ago (thousands even) and continues.
We could say that cyberlaw sits on a foundation of traditional law (see diagram). We could also say that cyberlaw is a subset of all law.
More on cyberlaw in my article and my 2025 book (links below).
The parts of criminal cyberlaw
Criminal cyberlaw is the portion of cyberlaw that relates to "crime". Think cybercrime.
Cybercrime involves people and organizations committing those crimes, usually for profit and greed and to make money.
Cybercrime involves victims and people and organizations trying to protect against cybercrime attacks, and responding to them. Here we need to think about civil cyberlaws, which impose obligations upon these people and organizations for data breach reporting, cybersecurity, privacy, and more. More on this civil cyber laws below.
Cybercrime also involves government investigating and attempting to prosecute cybercriminals.
As we think about criminal cyberlaw, we think about two important parts:
- Substantive criminal law (the laws that cybercriminals violate and could be charged with, if identified and apprehended)
- Procedural criminal law (the laws for the process of investigating and prosecuting cybercriminals)
This article focuses on the procedure.
Procedural criminal cyber specific laws
Remember that there are a lot of "traditional" criminal procedural laws that apply to cybercrime investigation and prosecution. In fact, we have an existing criminal justice system and that is the same system that would be used to investigate and prosecute any cybercrime, with the same prosecutors, judges, and general rules for process.
These laws for process start with the U.S. Constitution and Amendments, including the Fourth Amendment regarding government search and seizure. Then it continues with all the established rules of criminal procedure being used in federal and state courts.
We think like a prosecutor would, and remember this investigation starts either from a federal or state prosecutor, and will be brought to a corresponding grand jury, then court, using the rules of that government entity.
Then we look to how these traditional laws are applied to cybercrime, and we look to any cyber specific procedural mechanisms.
The investigation is governed first by the Fourth Amendment, which limits how government can collect evidence, and imposes requirements for everything government does to search, seize, or obtain evidence.
From this, we have laws to allow for legal processes to obtain evidence. This includes subpoenas, pen registers, search warrants, and wiretaps.
To collect digital evidence, federal and state authorities must comply with the Electronic Communications Privacy Act (ECPA). ECPA has both procedural and substantive criminal provisions, in this article we focus on the procedural provisions. (State law enforcement will also have to comply with their own state laws).
ECPA is in three parts (called "titles")
- Title I: Wiretap Act 18 U.S.C. §§ 2510–2523, https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119
- Title II: Stored Communications Act (SCA) 18 U.S.C. §§ 2701–2713, https://www.law.cornell.edu/uscode/text/18/part-I/chapter-121
- Title III: Pen Registers and trap and trace devices 18 U.S.C. §§ 3121–3127, https://www.law.cornell.edu/uscode/text/18/part-II/chapter-206
Within each part is a section that says how law enforcement can obtain that type of legal process. For example:
- 18 U.S. Code § 3122 - Application for an order for a pen register or a trap and trace device, https://www.law.cornell.edu/uscode/text/18/3122 (says how a prosecutor can apply for a pen register)
- 18 U.S. Code § 2516 - Authorization for interception of wire, oral, or electronic communications, https://www.law.cornell.edu/uscode/text/18/2516 (says how a prosecutor can apply for a wiretap order)
- 18 U.S. Code § 2703 - Required disclosure of customer communications or records, https://www.law.cornell.edu/uscode/text/18/2703 (says how a prosecutor can obtain stored communications records, including via subpoena and search warrant)
Is there more to know about criminal cyberlaw?
Of course, see my other articles and my 2025 book on Cyberlaw (with reference pages) and my 2020 book Cybercrime Investigations (links below).
Conclusion
Criminal cyberlaw is a fascinating area built on traditional law. We can broaden our understanding of traditional law, and then see how it applies to cyber, and examine new rules relating to cyber.
This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.
Additional reading on this site
- Introduction to Law (Outline)
- Rules
- Law
- Cyberlaw
- Cyberlaw Book
- Civil Law
- Criminal Law
- U.S. Constitution
- Cybercrime
- Introduction to Cybersecurity and Information Security
- Cybersecurity for the Home and Office (book)
- Cybercrime Investigations (book), special attention to Chapter 6 and Chapter 7
This article is hosted at https://johnbandler.com/criminal-cyberlaw-procedural, copyright John Bandler, all rights reserved.
Originally posted 9/29/2024, updated 9/18/2025.