Computer laws in US. Computer Fraud and Abuse Act - Research Paper Example

?Computer laws in US Computers have been in existence for many years with greater impact in business, education, government services and all other areas including criminal activities. Computers have facilitated many other inventions in all sectors of life. Just like any other invention, computers have two sides; the positive and the negative side. The positive side is where business flourish, scientists do more invention and government offer better services while on the other hand, it gives criminals an extra tool to commit more crimes and get away with it. Computer crimes have been on rapid increase since the advent of intern. Internet has facilitated the criminal activities as a means of access other people’s computers regardless of geographical location. Crimes such as cyber-stalking, child pornography, fraud and scams, hacking copyright violations, malicious code are some of the computer crimes that are now easily committed because of the internet. Compute crimes are unavoidable to organizations that use IT in delivering their services and products. Computer professional therefore should ensure that there are frameworks put in place to protect and face these challenges through laws. This paper will identify and detail some of the computer laws put in place by US federal legislation. Computer laws face greater challenge because of the dynamic nature of computer crimes because of the new and evolving technologies. The wire fraud statute was the first law in the US used to prosecute computer criminals. This law prohibited the use of communication wires that are used in the international commerce with an attempt to commit a fraud. This law is still in place and is used to date to prosecute computer criminals. The following are some of the new laws tailored to deal with computer related crimes. Computer Fraud and Abuse Act This was a laws passed by the congress in response to computer crimes. This served as the first federal computer crime statute it was entitled Computer Fraud and Abuse Act of 1984 (CFAA). This law was first amended in 1986 with the aim of writing effective computer crime legislation. This law is very important in the US because all other laws about computer crime are drafted from it. The challenges with the initial structure of CFAAA was that to successfully prosecute fraud charges, one must provide evidence that the suspect gained unauthorized access into the computer system (CFAA, 1986). Have a clause that touched on the method of entry into the computer system rather than focusing on the computer usage was a loophole for crimes committed by insiders. An employee within the company who has legal access to the computer can also commit a crime using the computer. Since it will not be proved that he/she had illegal access, then such person will not be prosecuted. CFAA was modified for the second time in 1994 so as to deal with the act of malicious code such as viruses, worms and other programs designed with an aim of changing or damaging data on the computer (Title 18 U.S.C section 1030). This amendments enhanced the law because initially it focused on the access to the computer system without looking at how the computer system was used. The law was now able to prosecute those who executed illegal or malicious programs on computers with indention of causing damage to data or the computer. There are several acts that have been passed to add strength or deal with loopholes in CFAA. The National Information Act (NIIA) was enacted in 1996 to protect computer systems against those who access them using other people’s authorization. Penalties under CFAA Offense Minimum sentence Maximum sentence Getting national security information 10 year 20 years Unauthorized access in government computer 1 year 10 years Knowing access and damage 1 year 10 years Knowing access and reckless damage 5 years 20 years Trafficking in passwords 1 year 10 years Extortion involving threats of damage computer 5 years 10 years Theofel v. Farey-Jones in 2003 is a lawsuit that started as civil case involving Alwyn Farey-Jones and Integrated Capital Associates (ICA). Farey-Jones’ attorney demanded access to the e-mails of ICA through an internet service provider company. The ISP complied with the demands but failed to notify ICA their customer. The e-mails provided had personal information of the employees. The employees who felt that their e-mails have been compromised filed a lawsuit against Farey-jones and his attorney. They were accused of violating three federal statute; Stored Communications Act, the Computer Fraud and Abuse Act and wiretap Act. Initially, the court rejected the claims leveled against the two parties but Court of Appeal upheld the accusations. The court ruled that “using a civil subpoena which is patently unlawful, bad faith and at least gross negligence” was indeed a breach of Computer Fraud and Abuse Act. Electronic Communications Privacy Act Electronic Communications Privacy Act (ECPA) was passed in 1986 as an amendment of the federal wiretap law. This law illegalized the interception of data stored or transmitted electronically without authorization. This law was aimed at protecting users of electronic communication by setting out provisions of access, use and disclosure of intercepted and privacy protected communication. The Act defines electronic communication as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic or photo optical system that affects interstate or foreign commerce." The Act also prohibits government agencies of requiring disclosure of electronic communication from service providers such as Internet Service Providers (ISP) before going through a proper legal channel. ECPA had its first amendment by the Communication Assistance for Law Enforcement Act (CALEA) in 1994. The law demanded that ISP to put in place infrastructures that enable monitoring and surveillance of specific people. These amendments did not give law enforcement agencies direct access to individuals electronic communication without a warrant but it meant to enhance availability of such information should they be required. United states v. Councilman was a very important case. The vice president of Interloc and Alibris, a book service and email services to book dealers. Mr. Councilman had a program that imported all the emails from Amazon.com to those book dealers into his own email box. This malicious act enable him to intercept many emails. The defendant argued that emails were still on the server and had not been delivered to the recipients hence it does not violate wiretap Act. The judge upheld this argument pointing out the ambiguities in the Act regarding interception of emails. Cyber Security Enhancement Act This Act is abbreviated as ACSEA, it was enacted in 2002 along with the Homeland Security Act in 2002. The two Acts were passed to enable law enforcement agencies have more powers and increase penalties set out in the Computer Fraud and Abuse Act. ECPA illegalized divergence of personal information by ISP to any government agencies without a search warrant. ACSEA on the other hand, allows ISP to give information they believe are of crime related activities to the government agent. The Act allows law enforcement agents to have access to electronic communication of an individual without search warrant. The Act provides hard sentences to people who intentionally or recklessly commit computer crimes that cause death or serious bodily injuries. The sentence ranges from 20 year to life imprisonment. References Baker, Glenn D. (1993). “Trespassers Will be Prosecuted: Computer Crime in the 1990's.”Computer/Law Journal Vol. 12, No. 1:68. Cyber Security Enhancement Act, retrieved from, http://www.usdoj.gov/criminal/cybercrime/homeland_CSEA.htm Communications Assistance for Law Enforcement Act, retrieved from, http://www.techlawjournal.com/agencies/calea/47usc1001.htm Computer Professionals for Social Responsibility. Electronic Communications Privacy Act of 1986. http://cpsr.org/issues/privacy/ecpa86/ Read More