U.S federal laws you should learn about that pertain to computer crimes

Introduction



Today, we are going to discuss a list of U.S federal laws, that you should probably be familiar with if you want to become a Information Security "pro" or a Security Administrator here in the U.S. I am going to reference the SANS document below [1] as your primary resource, but I am briefly going to summarize and bullet-list each U.S federal law. You may also need to know any of these laws, if you have to work with local law enforcement or other federal investigators such as the F.B.I and D.H.S CISA, if your company has suffered some sort of major data breach. Even if you ARE NOT a lawyer it does help to have a firm grasp of these laws in context and an understanding of what they mean. Let's begin:

U.S Federal Computer Laws:



  • Computer Fraud and Abuse Act - This law is used for charging Black Hat Hackers with crimes, which include DDoS attacks, data breaches, and using malicious code to damage computer networks. If the damage is more then $5,000 dollars to the resulting "said" network, then the Black Hat Hacker can be charged with a felony and face up to 10 years in prison
  • Electronic Communications Privacy Act - This is an amendment to the federal wiretap law known as the Title III statue. It makes it illegal to store or intercept electronic communications without proper "authorization" first. There is provision in this law that is sometimes used called the "Stored Communications Act" that you may hear about that's often invoked by legal counsel in some cases, when it comes obtaining electronic data with or without a warrant
  • Cybersecurity Enhancement Act - This law is an extension of the older U.S Patriot Act of 2001, now the U.S.A Freedom Act. It makes sweeping changes to the U.S criminal code. If an unauthorized individual "said" electronic attack on the U.S critical infrastructure results in loss or physical injury, then the penalty is up 20 years to life in prison
  • CLOUD Act - this law is an amendment to the Stored Communcations Act that allows U.S federal law enforcement to compel American tech companies with a subpoena or warrant, to hand over data stored on servers regardles of whether the data is stored in the U.S or overseas. It was designed to supercede any MLAT or Mutual Legal Assitance Treaties overseas to speed up investigations.
  • Judicial Redress Act - This is a law between the U.S, E.U, and E.U member states, that covers twenty seven European countries. It allows for the prevention, detection, and prosecution of criminal offenses between countries i.e if a "said" individual commits a computer crime in the U.K, against a person in the U.K and conceals evidence of it on a data center located inside the U.S, U.S authorities by law have to aid the prosecution of that offender by cooperating with authorities in the U.K to help apprehend them
  • Digital Millennium Copyright Act - This law is used in charging individuals with piracy and other intellectual property violations (even outside the U.S under the WIPO Treaty of 1996). It also makes it a crime to circumvent copy protection measures, unless the purpose for doing so is for "research purposes". It should be noted that the U.S Copyright Office grants exemptions from newer technologies every three years, since the laws enactment in 1998. The last three exemptions were in 2010, 2013, and 2016. The latest was in early 2019
  • Mail and Wire Fraud Act - This law makes it a crime for a person to intentionally or voluntarily use a communications device that send's information over state lines in a scheme to defraud another out of money or other valuables. The device can consist of any electronic device including a telephone, cell phone, computer, or tablet. The fine is up to $250,000 and the penalty is up to 20 years in prison.
  • Economic Espionage Act - This law stops trade secret "misappropriation", meaning it's a crime to knowingly steal trade secrets. The fine is up to $5,000,000 and the penalty is up to 15 years in prison.
  • Other laws - Different states in the U.S have various laws that touch on some combination of the laws mentioned above or have their own statutes i.e Texas is one of the ONLY states in the United States that has a law against botnets [2]. This means that if a companies computer servers were wiped out by a botnet then if the "said" individuals are caught, the company can be reimbursed up to $200,000 depending upon the crime and circumstances, if the data has been damaged or lost. Some other states like New York i.e if the individual is charged with Aggravated Electronic Identity Theft they can be charged up to twenty times!. You need to check with your local state laws in order to determine, what other computer laws might exist in your state

I think that about covers it! Below I am listing some resources, including the SANS Institute document that you can use to better guide you to understand these laws more efficiently and in more detail. I am also listing a book [2] called "Computer, Crime, Investigation and the Law" that was published by author and lecturer Chuck Easttom in 2010. It's an invaluable source of information and includes many state laws more in depth, then the ones that I mentioned above. In that book pay close attention to chapters one through seven, if you decide to read it. If you have any more questions, drop me a line. Trackbacks are always welcome! I hope everyone is having an awesome week. I will be back in a couple of days with a new entry.

References:



1. SANS Institute. "Federal Computer Crime Laws" https://docs.google.com/viewer?a=v&q=cache:0CglMXgfzP8J:www.sans.org/reading_room/whitepapers/legal/federal-computer-crime-laws_1446+lists+of+U.s+federal+computer+laws&hl=en&gl=us&pid=bl&srcid=ADGEESium9UM1eXk7rn04IMQtvL8lGxNsvC4GRSZZtRYF2w98GcitOzKVHP9fcq9Se830_bgyexYZcdKRhAK3a-zVXTjNwq-eGacqi5O5hg3T0a1ziSit9FjPg4nm41ECIc669rIMneY&sig=AHIEtbTBCza3K7jspyoqCUDdNFZnf0EKYw accessed 13 Nov 2012. 2004
2. Easttom, Chuck & Taylor, Jeffrey. Computer Crime, Investigation, and the Law. Boston. Course Technology PTR. 2010. ISBN-13: 9781435455320

Comments

Post a Comment

Popular posts from this blog

Encoding Opus files in Linux with opusenc for your own collection and HTML 5

Introduction Hello everyone! I am finally back to writing a new blog entry, after taking a very long month off. I hope all of my U.S readers had a great Fourth of July and are enjoying the summer. Today, I am going to be discussing and showing you how to encode with the the new IETF working audio codec called "Opus". Briefly, Opus is a combination of Xiph.org "CELT" codec and Skype's "SILK" codec combined into one project. It's a low-latency audio codec that was designed with "scalability" in mind and does things "fundamentally" different, even though it should sound the same if not better in different situations for speech and music. The project was finally completed this past winter and standardized and will be used in the new WebRTC project (for video conferencing), Skype (for video calls), and other companies that wish to use it. Google is NOW (as of July 2013) incorporating it, into the next generation codebase of WebM, wh
Read more

Encoding Vorbis files in Linux using oggenc for your own music collection and HTML 5

Introduction In today's topic, I will be showing readers different ways you can encode your music collection, if you just moved over to Linux from Windows using open source codecs! You do not have to encode your music files with Vorbis, due to the fact that MP3 is also supported in Linux and HTML 5, but there are some substantial benefits to doing in this day and age (at least from the perspective of an open-source nerd 8-)). The first is you don't have to worry about royalty's and licensing rates (especially if you are opening up a store for indie musicians). The second is that both objectively and subjectively Vorbis sounds substantially better and has been greatly improved with the help of dedicated "audiophiles" and the open source community, since it's first public release over a decade ago, way back in 2002. Today, I will show you some tips and tricks if you are new to encoding your music collection in Linux using the oggenc command-line program in Li
Read more

Transcoding H.264 files to Google's WebM format (VP8/Vorbis) in FFMPEG 0.6 or better using Linux for your own collection and HTML 5

Introduction Note: I want to stress that I DO NOT CONDONE using this guide to encode movies that are infringing upon international and local copyright laws (which include the WIPO Treaty in Europe and the DMCA in the U.S). These examples ASSUME your encoding material in which you OWN The RIGHTS too! I will not be held responsible for individuals that are using it to encode copyrighted material in those respective countries! If there are disputes about this or any other questions please DO NOT hesitate to contact me right away! Thank you. This week I am going to focus on showing you how to transcode videos to WebM, which is playable in both VLC and most HTML 5 compatible web browsers including Firefox, Chrome, Opera, and I.E 10! If you recall way back several months ago (if you had been following my old blog) I showed you some code snippets for how to encode directly to WebM using an older version of libvpx 0.6.1 code named "Bali", that came out last year, but has since be
Read more