Current Laws and Acts that Pertain to Computer Security

Introduction

With a rapid increase in the use of computers around the world, new criminal behaviors have been spawned and laws are being made continuously to counter the emerging problems of computer security.

A computer security incident is any unlawful, unauthorized, or unacceptable action that involves a computer system or a computer network. There can be many kinds of computer crimes such as robbing business secrets, sending spam emails or harassing through emails, breaking into computer systems in an unauthorized manner, blocking other authorized users from entering the system, etc. With more and more services being computerized, computers are used to facilitate crimes such as drug trafficking, prostitution, child pornography, and pedophilia. According to the Department of Justice (“DOJ”), computer crimes are violations of the law using computers (Nicholson et al, 2000).

Thesis: International, federal, state and city laws help protect the rights of individuals to keep personal matters private by regulating access to programs and data and also maintain computer security by regulating the use, development, and ownership of data, programs, computer information, and services.

Background

Computer-related crimes are treated as a distinct category of federal crime after the passing of the Counterfeit Access Device and Computer Fraud and Abuse Law in 1984. This Act was passed in order to protect classified military and financial information of the Government. Later, in 1986, 1988, 1989, and 1990 the law was expanded to include many other computer security crimes. In 1996, the Act was altered and launched as NIIPA (National Information Infrastructure Protection Act).

Here, the term “protected computers” was replaced by “federal interest computers”. This meant that the law included all computers that were used across the country and also all computers attached to the internet (Nicholson et al, 2000). Section 1030(a) has seven main sections and each of them deals with a type of computer crime such as unauthorized use of computers and accessing files, obtaining financial information illegally, breaking into the government database in a planned manner, hacking, committing fraud, and indulging in criminal activities (Nicholson et al, 2000).

Important Federal Statutes

Copyright protection is based on the U.S. Constitution. Relevant copyright statutes include the U. S. copyright law of 1978 which was updated in 1998 as the Digital Millenium Copyright Act specifically to deal with computers and other electronic media such as digital video and music (Pfleeger and Pfleeger, 2003). The 1998 changes brought U.S. Copyright law into general conformance with the World Intellectual Property Organization treaty of 1996, an international copyright standard to which 95 countries adhere. Software should not be copied or distributed without obtaining a legal license.

When people indulge in crossing such boundaries, they may be subject to punishment for infringing on copyright laws (Pfleeger and Pfleeger, 2003). Other federal statutes dealing with computer security include the “National Stolen Property Act, the mail and wire fraud statutes, the Electronic Communications Privacy Act, the Communications Decency Act of 1996, the Child Pornography Prevention Act, and the Child Pornography Prevention Act of 1996” (Nicholson et al, 2000). National Stolen Property Act prohibits the transport of sensitive computer-related material valued at over five thousand dollars across the state boundaries.

This statute has been found applicable to many crimes such as illegal transfers of funds with the intent of fraud. There are also laws that prohibit sending emails or wireless messages with the intent of cheating people of money or property. These laws are applicable to any kind of computer-related misuses such as abuse of interstate wire, or abuse through emails. Electronic Communications Privacy Act of 1986 (“ECPA”) prohibits the interception of wire or internet communications. The ECPA can be used in response to computer hacking, which has increased dramatically in recent years. The Computer Fraud and Abuse Act is used to prosecute hackers.

The ECPA is particularly used to bring to justice people who indulge in stealing encrypted television broadcasts that are relayed through satellite channels. Communications Decency Act of 1996 and Child Online Protection Act of 1998 are two statutes that help in censoring information on the internet through regulations in order to protect minors (Smith et al, 2005). The Child Online Protection Act was passed mainly with the view of protecting children from harmful material on the internet such as porn or graphic violence. Similarly, the Child Pornography Prevention Act of 1996 was passed to protect children from being exploited.

It criminalizes the production, distribution, and reception of computer-generated, sexual images of children. In 1978, laws were passed in states such as Arizona and Florida in the context of computer security. Since then, all states have had computer security laws mostly based on the “Federal Computer Systems Protection Act”

Some federal laws indirectly help maintain computer security. The Economic Espionage Act of 1996 is designed to prevent abuse of information gained by an individual working in one company and employed by another. Federal Privacy Act of 1974 concerns the protection of personal information. Gramm-Leach-Bliley Act of 1999 or Federal Services Modernization Act deals with issues of privacy in the context of financial institutions. Health Insurance Portability & Accountability Act (HIPAA) of 1996 regulates the storage and transmission of sensitive personal information in electronic form (Smith et al, 2005).

There are many more laws that prevent or regulate the disclosure of consumer information. These laws require companies to safeguard the privacy of the data in certain circumstances. Some such laws are: “Section 5 of the Federal Trade Commission Act the Fair Credit Reporting Act (FCRA), and Title V of the Gramm-Leach-Bliley Act” (Smith et al, 2005). Congress also has passed several laws specifically related to identity theft: “the 1998 Identity Theft and Assumption Deterrence Act; and the 2003 Fair and Accurate Credit Transactions (FACT) Act” (Smith et al, 2005).

Network Monitoring

There are three main US (federal) laws that pertain to network monitoring: “the Wiretap Act, Pen Register Statute, and the Electronic Communications Privacy Act” (Hellewell, 2003). All of these laws affect the monitoring of the network. The Wiretap Act ensures that wire-based communications such as phone transmissions are not affected through illegal interception or monitoring. But it permits reasonable monitoring of the network in exceptional cases. The Pen/Trap Act allows monitoring of the message header of email messages alone but does not regulate the contents of the mail (Hellewell, 2003). The Patriot Act and the Homeland Security Act are aimed at preventing any kind of criminal information from being passed through a computer system (Hellewell, 2003).

More Federal Statues on Computer Crimes

A new federal law that prohibits phishing is the Identity Theft Penalty Enhancement Act of 2004 (ITPEA). This ACT criminalizes the theft of identity. The first laws against phishing were passed in 2004 and later in 2005 in the form of the Anti-Phishing Act of 2005. After the terrorist attacks on the WTC on September 11, 2001, Congress enacted the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT ACT), in order to give law enforcers greater liberty to trap terrorists who use computers for networking (Smith et al, 2005).

The Homeland Security Act of 2002 increased the penalty for computer crimes. One of the more recent computer security-related bills is the one passed on May 22, 2008 – Bill H.R. 6123 – which amended title 18 of the US Code adding a new cause of action for cyberbullying. The bill is entitled the ”Megan Meier Cyberbullying Prevention Act” (Sanchez and Hulshof, 2008).

Recommendations

New computer laws address such things as unauthorized computer tampering, fraud, trespass, and theft of services. However, there are new types of computer crimes coming up every day. Cyber-threats are among them. Threats over the internet can not only intimidate the target but can also be a criminal solicitation to others unknown, complete with valuable information that aids n the proposed crime’s commission.

The borderless nature of computer crimes and the fact that laws that work well for physical activities are not equally effective in the context of computer security underline the fact that there should be greater federal involvement in computer-related criminal lawmaking.

Conclusion

Computer security is a new challenge of the digital age. The Computer Fraud and Abuse Act of 1986, the Computer Security Act of 1987, the Computer Virus Eradication Act of 1988, etc have all been designed to combat and eliminate computer crimes by providing necessary legal powers to prosecute offenders. However, existing laws are not enough to meet the ever-expanding innovative crimes using computers. Senator Patrick Leahy (D-VT) has said that though there are laws that punish people who commit computer crimes there is also a need for preventing such breaches of security using computers (Gerth, 1988). Thus, there is an ever-increasing need to find prevention measures for computer crimes, especially through protective software.

Bibliography

Hellewell, Rick (2003). Is that a felony on your computer? Web.

Rick Hellewell is a security expert working for the government.

Nicholson, J. Laura; Shebar, F. Tom and Weinberg, R. Meredith (2000). Computer Crimes. American Criminal Law Review. Volume: 37. Issue: 2.  Page Number: 207.

This is a peer-reviewed journal article.

Pfleeger, P. Charles and Pfleeger, Lawrence, Shari (2003). Security in Computing. Prentice Hall PTR.

The book “Security in Computing” provides an overview of all types of computer security from centralized systems to distributed networks. Charles P. Pfleeger is an independent consultant specializing in computer and information system security. His customers include government and commercial clients throughout the world. Shari Lawrence Pfleeger is a senior researcher at the RAND Corporation working on information technology issues.

Sanchez, T. Linda and Hulshof, Kenny (2008). A BILL – To amend title 18, United States Code, with respect to cyberbullying. Web.

This is an official document of the United States Government. (110th Congress, 2nd Session, H.R. 6123).

Smith, S. Marcia; Moteff, D. John; Kruger, G. Lennard; Seifert, W. Jeffrey; Figliola, Moloney Patricia and Tehan, Rita (2005). Internet: An Overview of Key Technology Policy Issues Affecting Its Use and Growth. CRS Report for Congress. Web.

This is an original government document presented as a report for Congressional hearing.