When we think about the word “mobster,” we often recall names such as Al Capone, and think of the time period of the early 20th century. We generally don’t associate the word “mobster” with hackers or the computer age. Recently, however, the Racketeering Influenced Corrupt Organizations Act (or RICO) has made such an association. Originally envisioned as a tool to target gang leaders who avoided direct liability by ordering subordinates to commit crimes, RICO has recently been used to target cybercriminals engaged in racketeering offenses. Rather than being used to target leaders of mafia-type activities, the law is now being used to prosecute and impose stiffer penalties on online criminals who engage in organized crime through various virtual networks.
RICO, passed in 1970, allows for the imposition of criminal penalties of up to 20 years imprisonment (or more if the underlying crime carries a higher maximum penalty), or civil penalties amounting to triple the actual damages incurred. Private individuals may also bring claims against anyone who has participated, directly or indirectly, in racketeering activities. To establish a claim under RICO, according to one Supreme Court case, a defendant must have “conduct[ed] or participat[ed] in the conduct of an enterprise ‘through a pattern of racketeering activity.’” Put simply, a defendant must have acted as part of a group that commits a series of at least two acts that qualify as racketeering activities. A useful breakdown of these elements can be found here.
The Act was initially utilized as a method to prosecute leaders of crime organizations by attributing the crimes committed by the members of the entire organization to the organization as a whole. This way, even though small-time crooks were the ones actually committing the crimes, the bosses who gave the orders could still be held accountable. Although the Act was initially used to target mafia leaders including the heads of New York’s “Five Families,” the Act has evolved over time, holding more contemporary business people accountable. For example, in 1989 RICO was used to charge American businessman Michael Milken with counts of insider trading.
Recently, RICO has evolved once again and is being used to hold cyber criminals accountable for their participation in online crime. In a recent case in Las Vegas, 22-year-old David Ray Camez was charged with and found guilty of RICO violations. The Wall Street Journal reports that Camez, accused of buying counterfeit IDs, credit cards and gift cards on the site Carder.su, was ultimately convicted of participating in a corrupt organization. Notably, the prosecution ultimately indicted 39 administrators, vendors, and users of the site on RICO charges. The indicted individuals reside in all parts of the world, and have no personal relationships with each other beyond their association through the site. These loose ties, leading to such joint liability, can have important implications for the use of RICO in targeting cybercrime going forward.
By utilizing RICO in the context of cybercrime, prosecutors may bring actions against large groups participating in organized crime, and may hold individuals who participate in such organizations guilty, even if they have not committed any of the specific crimes in question. One of the main issues that remains to be answered is the extent to which RICO may, and will, be used. Because RICO defines “racketeering activity” to include such things as the “unauthorized fixation of and trafficking in sound recordings and music videos of live musical performances,” participating in file-sharing sites could fall within the ambit of RICO. Since all participants can be held equally guilty when participating as such an organization, a casual or two-time user could find him or herself facing the same liability as a regular or deeply involved user. Whether RICO will be used to target such crimes remains to be seen. Ultimately, however, one message remains clear: anyone who participates as part of a group to commit any racketeering activity – beware.