Criminal cyberlaw

by John Bandler

Criminal cyberlaw is that portion of cyberlaw that relates to crime, meaning cybercrime. Let's break it down in the context of civil and criminal laws.

Cyberlaw recap

Cyberlaw foundations 2023-7 (2) more detailed

Remember that cyberlaw is the merging of two words, "cyber" and "law".

Cyber essentially means using cyberspace, using the Internet and a computer.

Law is our system of laws, which is a continually evolving process that started hundreds of years ago (thousands even) and continues.

More on this in my article on cyberlaw.

The parts of criminal cyberlaw

Criminal cyberlaw is the portion of cyberlaw that relates to "crime". Think cybercrime.

Cybercrime involves people and organizations committing those crimes, usually for profit and greed and to make money.

Cybercrime involves victims and people and organizations trying to protect against cybercrime attacks, and responding to them. Here we need to think about civil cyberlaws, which impose obligations upon these people and organizations for data breach reporting, cybersecurity, privacy, and more. More on this civil cyber laws below.

Cybercrime also involves government investigating and attempting to prosecute cybercriminals.

As we think about criminal cyberlaw, we think about two important parts:

  • Substantive criminal law (the laws that cybercriminals violate and could be charged with, if identified and apprehended)
  • Procedural criminal law (the process of investigating and prosecuting cybercriminals)

As above, I put the "civil" cyberlaws into a different category, covering them separately.

Substantive criminal cyber specific laws

First, remember that there are a lot of "traditional" criminal substantive laws that can be applied to cybercrime.

Starting with:

  • Theft crimes
  • Identity theft crimes
  • Money laundering crimes.

Then consider specific cybercrime statutes that relate to cybercrime conduct, including:

  • Laws about intruding into computers and data systems
  • Laws about stealing data
  • Laws about monitoring communications.

These crimes will include:

  • Computer Fraud and Abuse Act (CFAA)
  • Electronic Communications Privacy Act (ECPA), which includes
    • Wiretap Act
    • Stored Communications Act (SCA).

Procedural criminal cyber specific laws

Again, first remember that there are a lot of "traditional" criminal procedural laws that apply to cybercrime investigation and prosecution.

This starts with the U.S. Constitution and Amendments, including the Fourth Amendment regarding government search and seizure. Then it continues with all the established rules of criminal procedure being used in federal and state courts.

Then we look to how these traditional laws are applied to cybercrime, and we look to any cyber specific procedural mechanisms.

  • Electronic Communications Privacy Act (ECPA), which includes
    • Wiretap Act
    • Stored Communications Act (SCA).

Is there more to know about criminal cyberlaw?

Of course, see some of the references below, especially my 2020 book Cybercrime Investigations.


Criminal cyberlaw is a fascinating area built on traditional law. We can broaden our understanding of traditional law, and then see how it applies to cyber, and examine new rules relating to cyber.

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

Additional reading on this site

This article is hosted at, copyright John Bandler, all rights reserved.

Originally posted 6/2/2024, updated 6/11/2024.