Friday, March 20, 2009


We were talking about online theft in a class, and that led me to think about robbery. Specifically, I started thinking about whether it is possible to commit robbery online.

To understand why that may be an issue, you need to know a little bit about the law of theft: Centuries ago, English common law developed a crime called larceny. Larceny consisted of “taking another’s property from his possession without his consent, even though no force was used.” Lee v. State, 59 Md.App. 28, 474 A.2d 537 (Maryland Court of Appeals 1984). To constitute larceny, the person taking another’s property also had to do with the intent to steal, i.e., with the intention to deprive the rightful owner of the possession and use of his/her property.

As I explained in an earlier post, common law later developed a related crime called “larceny by trick.” It needed the new crime to deal with situations in which I persuade you to give me your property by lying to you (telling you you’re buying a bold mine, say). In that situation, I clearly get your property wrongfully, and I implicitly have the intent to steal (to keep the money for myself, thereby depriving you of its possession and use), but I didn’t take it from you without your consent. We still have the larceny by trick crime though, as I noted in an earlier post, we call it “fraud.” And as I’ve explained in other posts, you can commit fraud online; indeed, cyberspace makes it even easier to commit lots and lots of fraud.

You can clearly commit larceny – or, as we usually refer to it, theft – online. In 1994, Vladimir Levin, a Russian working as a computer programmer for AO Saturn, allegedly hacked into the accounts of Citigroup customers and transferred millions of dollars into accounts controlled by him and his cohorts. That kind of online activity is clearly theft: You’re taking the rightful owner’s property without his/her consent with the intent to steal it; we could arguably have an issue as to whether the property was taken from the owner’s possession, but that element isn’t particularly important in modern theft laws. It’s theft if you steal my car from a parking lot while I’m in a restaurant, for example. The Model Penal Code, which is a basic template of criminal laws, defines theft as unlawfully taking “movable property of another with purpose to deprive him thereof.” Model Penal Code § 223.2. The MPC doesn't require that the property have been taken "from" the owner; it simply requires that you take property you know belongs to someone else to deprive him/her of it (not, for example, to borrow it with the owner's permission.)

I also did a post on a kind of theft that can only occur online: non-zero-sum theft as opposed to the zero-sum theft in my example above. In zero-sum theft, the possession and use of the property is transferred entirely from the rightful owner to the thief, so the owner is completely deprived of the possession and use of the property; in non-zero-sum theft, the thief acquires some quantum of the possession and use of the property. As I noted in an earlier post, copying a company’s password file from one of its database is an example of non-zero-sum theft; the company still has the passwords, but the thief has them, too. And the fact the thief has them deprives the company of some quantum of the value of the passwords; they can still be used, but they can’t be used with any confidence that the accounts they control are secure.

That brings me back to robbery. Common law defined robbery as “the . . . forcible taking from the person of another any goods or money . . . by violence or putting in fear.” State v. Campbell, 41 Del. 342, 22 A.2d 390 (Delaware Supreme Court 1941). Robbery is an aggravated theft crime because it involves using force or violence or the threat of force or violence to induce someone to give up possession of his/her property. Robbery is also defined as larceny committed by violence of intimidation. The Model Penal Code defines it a little differently:
A person is guilty of robbery if, in the course of committing a theft, he:

(a) inflicts serious bodily injury upon another; or
(b) threatens another with or purposely puts him in fear of immediate serious bodily injury; or
(c) commits or threatens immediately to commit any felony of the first or second degree.
Model Penal Code § 222.1(1). The first two options under the Model Penal Code provision retain the common law requirements, but the Model Penal Code adds the third option – committing or threatening to commit a serious felony.

I can’t find any cases dealing with the third option, but the logic is that I can commit robbery by hurting you, by threatening to hurt you or by threatening to hurt someone (rape or murder) or something (arson) you care about. And if you’re wondering why the third option doesn’t constitute extortion (which is actually another kind of theft crime), here’s the reason: In robbery, I use the threat to commit a serious felony against you or something/someone you care about to force you to give me the money or property I’m after against your will; in extortion, the theory is, I use a similar threat, but you give me the property willingly (with your consent). You weigh the options and decide to give in, which makes it extortion not theft.

Let’s get back to robbery. I’m not sure that robbery in the traditional sense – the forcible taking of property from someone by using or threatening violence – can be committed online. As to the first option, I can’t think of a scenario – using current technology – in which you could inflict bodily injury on someone to get them to hand over their property. Since I don’t see how you can inflict serious bodily injury in the online context, I also don’t see how you can use the threat of such injury to commit robbery (at least not, again, using current technology . . . all this might be possible someday).

That brings us to the third, Model Penal Code option: Using the threat to commit a serious felony (e.g., rape, murder, arson) to coerce someone into handing over their property. I can certainly see that part of the dynamic would work online: I can send you a threat to burn your business or home, say, to coerce you to give me your money. The problem I have with taking this scenario to the next step, which is where it would become robbery, is the “immediately” requirement. Remember, robbery consists of using force or the threat of force to take the property or money from the person at that moment; it’s not intended to be a long, drawn-out process, which is what it seems to me it has to be online.

So far, anyway, I’m pretty sure that robbery in the strict legal sense cannot be committed online . . . .


Adam Steinbaugh said...

What about the scenario in which an online casino is threatened by Black Hat folks who explain that unless they get a cut of the profits from a big gambling event (e.g., the Superbowl), they'll use a Denial of Service attack to bring down the operator's website (and deny them any profits from that event)?

That would present some level of immediacy (depending on when the threat is made, in relation to when the event/attack is supposed to occur) and threatens to commit a felony absent the mark's compliance.

PatHMV said...

Can I get movie-creative with this? Suppose I somehow hack into your car while you're driving. I text your iPhone to tell you that if you don't give me the password to your on-line bank account, I'm going to disable the break and open the throttle up fully through my electronic control of your car. As an example, I cause your breaks to tap 3 times in rapid succession, just to show I can do it.

I think that would be "cyber robbery" under most definitions. Would it still be so if, in order to accomplish this, I had to wire some controller device into your car without your knowledge? Then part of the offense would involve the physical intrusion into your car to install the control device.

In other words, what if Dennis Hopper used computers, e-mail, and text messages to communicate in Speed, rather than cell phones and notes? Would that make his crime a cyber robbery?

Susan Brenner said...

First, as to the Black Hat scenario, I think that would qualify as robbery under the Model Penal Code's predicating robbery on a threat to commit a serious felony. As you note, you'd have the immediacy element (or at least a good argument that you have that element).

If I were a defense attorney, I'd probably argue that the charge was no good because what my clients committed, assuming they actually did what they're accused of doing, was extortion, not robbery. . . relying on the distinction I noted in the post.

Susan Brenner said...

I like the movie-creative scenario, especially the first one. It seems to me that would clearly qualify as using the threat of serious physical injury to force someone to hand over their property (in a kind of attenuated sense, but since the password is the key to the account, I think it would work).

I don't see that the wiring a controller into the car -- or hacking into the car's system, for that matter -- would undermine the argument that it's robbery. All that would do, I think is to allow you to be charged with hacking (and maybe some kind of physical damage to the property if you actually had to wire a device to it to accomplish the crime), as well as with robbery.

Chris Forsyth said...

If the criminal need only put the victim "in fear of immediate serious bodily injury" then wouldn't it suffice to electronically threaten to blow up the computer in the victim's face? Would it matter if the perpetrator couldn't really do it? Surely computers are used by many people today who would not know that such a thing was not possible, particularly given the prevalence of such exploits in movies and televisions.