StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Leaks and Hacks. When Is It Illegal To Get Hacked - Essay Example

Cite this document
Summary
Hacking basically refers to the breach of computer security. On the other hand, hacking can be used to describe smart or quick fix to computer problems or an awkward and inelegant resolution to a problem, this is according to computer science and technology way of definition…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.2% of users find it useful
Leaks and Hacks. When Is It Illegal To Get Hacked
Read Text Preview

Extract of sample "Leaks and Hacks. When Is It Illegal To Get Hacked"

of When is it illegal to Get Hacked Introduction Hacking basically refers to the breach ofcomputer security. On the other hand, hacking can be used to describe smart or quick fix to computer problems or an awkward and inelegant resolution to a problem, this is according to computer science and technology way of definition. The term is also used to describe variation of a program or mechanism to give the user entrance to computer features that otherwise would be inaccessible like the DIY circuit bending. Hacking has been considered a serious crime especially when one hacks in to a government. There are instances when some get involved in what is termed as "ethical hacking"; this is company's strategy to determine their security weaknesses or target for intruders. Even so, the ethical hacker may get in trouble with the law, it is therefore necessary that some one gets the Get out of jail Free Card (GOOJFC) which is a document that states that you have been authorized by someone in power to do so. Hacking is a federal crime and any cases of suspicion would be investigated by the federal Bureau of Investigation (FBI) and Department of Justice (DOJ), the crime can never be expunged unlike the other state crimes, depending on the damage caused, one could also be sued for damages ion the civil court leading to possible jail term or job termination. There are some critics who are proposing that any company hacked should be held responsible and make it a rule that it's illegal to be hacked. Taking Responsibility In the recent years, the Federal Trade Commission (FTC) has issued claims and charged hefty fine to some companies that had leaked data to hackers. This of course brought about some critical questions about taking responsibility if the firm in question is hacked (Severson.1997, 36). Usually it's very difficult to stop a company's computer system from being hacked if not impossible; hence imposing liability to the affected company could result in unintentional consequences. The development of disclosure laws has played a great deal in revealing that some of the security breaches that have bee common over the pas t few years were actually due to negligence on the part of the corporate information technology (IT) team failing to lock down the data in any considerable mode. This revelation encouraged the pressure on companies that get hacked to take responsibility for the crime. The computer systems hold very critical information about consumers, company's corporate management, finances and other critical information that should not be accessed by just anybody; companies that leak such information should be help responsible (Hammond & Hammond 2003, 36). This is according to Slashdot post at info world. Imposing serious penalties on the involved companies especially on claims of negligence is also very risky undertaking on the company and consumers. This is because the regulations may be very strict and could result in unintended consequences bearing in mind that hacking is inevitable, companies may even totally stop accepting credit cards from customer since the liability could be very great (Severson.1997, 42). This means that people would have to forego the convenience of using credit cards to protect their safety. Most of the credit card users however would rather use their credit cards for convenience and risk their safety since benefits outweigh the chances of risk. Leaks and Hacks The difference between leaks and hacks is not very distinct as in leaking information facilitates hacking and it's likened to the difference between negligence and wickedness (Hammond & Hammond 2003, 39). This is the basis on which some penalty is imposed on companies with arguments that doing something stupid that hams others should be penalized. This is like the situation when a driver falls asleep at the wheel and because a fatal accident, it's quite justified to hold him accountable for being negligent with other people's life, in the same way a negligent information technology staff should be for risking personal information. Leaking information is like doing something deliberately to harm others (Masnick 2008). When a system is hacked, people's personal information and company's data is at risk, when information is leaked the same situation presents but in the later case, the situation boils down to the question of intent. Being safe is very critical for any company to develop and grow in terms of customer trust and other corporate operations. Any company that has a questionable security measures gets interesting to deal with, the question is that they are not trying to be unsafe but they don't have a clue of safety implying that the company is incompetent to put safety measures in place. The definition of safe in terms of information security and federal regulation is very hard and it has been suggested that the federal government should come up with a definition that would not land everybody in jail but those actually guilty of the felony. Meaning that in case a company is confronted with such standard set by federal government as security measures and the company's information is compromised by an intruder, then the company should not suffer the same consequences as a corporation that disregards information security; this would be likened to penalizing a victim of an assault for not resisting or defending herself (Masnick 2008). Legal Regulations In general operations, there are industry standards in the field of information security which are raising debate on whether or not to make them enforceable. The existing legal frame work for safeguarding critical infrastructure consists of a hodgepodge of federal and state laws that should be intended to deter certain types of conduct that include protection of electronic information pertaining individual customers and for specific sectors such as the Gramm-Leach-Bliley (GLD) act for financial sector and health services is governed by Health Insurance Portability and accountability act (HIPAA) (Hammond & Hammond 2003, 45). The law, which is the tool for implementing policies, the legal structure for the safeguarding information should be considered in the larger context of business, ethical, technical and social aspects (Severson.1997, 53). The Department of justice (DOJ) specifically the Computer Crime and Intellectual Property Section of the United States gives a multidisciplinary action plan; 1. Technical solution where retailers have to produce safer products while on the other hand the consumers should demand systems that execute safer security measures 2. Corporations should adopt and share best management practices in their operations. This is safe management solution 3. Developing computer ethics and educating the public will help all the users to understand that computer use do require ethics, hence nuisance attacks would be cut down hence resources would target greater threats. 4. all the stakeholders need to be knowledgeable on the possible solutions, this means that the private sector as well as the law enforcers should collect and share information about susceptibility, threats and remedy The enactment of the Computer Fraud and Abuse Act (CFAA) has enabled criminalization of security breach for information especially when the information is classified information on government computers or financial systems or certain institutions (Hammond & Hammond 2003, 56). National security is the major concern in this information age and the federal law imposes a serious penalty or sentence for individuals wrongdoings for leading information or for illegal access, misuse, alteration or transmission of data stored by or is possession of important data infrastructure. Computer crimes could lead to serious negative effects such as the terrorist attacks of September 11, 2001 on the twin towers. The congress in reaction to such incidence passed a law that altered a range of penalties in the CFAA - Computer Fraud and Abuse Act to reflect the prospect that contravention of information security deliberately or carelessly could cause serious body injury or even death. To reduce chances of such occurrences however the company that is hacked should also be help responsible for their action whether it was with intent or not. Federal Information Security Management Act (FISMA) is another crucial body that regulates information security (Hammond & Hammond 2003, 64). A very important issue has arisen concerning the fate of ISP - Internet Service Providers and IT - Information Technology engineers in terms of the information security breach. Should the ISP and IT engineers be held responsible or not Primarily is better to stress the insufficient remedies for companies that are hacked in the present court systems, the legal systems cannot combat the high level of hacking civil responsibility despite vigilance. Due to all these blames and the cost of bearing responsibility, some stakeholders have proposed varied cause of action that include the third parties via whom the hacking takes place (Severson.1997, 52). This means that Internet service providers, system operators and information technology engineers would be penalized in an incidence of hacking. The supporters of this means of action against hacking crimes do so based on the ill-founded basis that the hackers are judgment proof and insolvent, in the real situation on the ground, such assumptions that hackers are young irresponsible adults or closeted teenagers is incorrect because it lacks the evidence to justify the claims. There are some courts that have identified trespass to chattels as a suitable cause of action against hackers, trespass falls under common law and covers the use of personal property without authorization and the primary significance is that there may be some recovery (Hammond & Hammond 2003, 36). Current Law The current laws that regulate computer hacking has incorporated the security codes of information. The regulations is very sophisticated with measures that take in to account all the stakeholders, internet providers, information technology and the companies that use them. Best Western is the popular hotel chain was attacked by hackers who stole names, credit cards information and addresses of every customer since the year 2007 (Masnick 2008). The hackers accessed databases and additional consumer information, however the information technology staff has taken measures to provide solution to the problem and render inoperative the compromised log in accounts; clients losses are however totally inevitable due to the bulkiness of information stolen from the chains databases. Laws that victimize the victims are ethically unacceptable but on the other hand however, security professionals must be competent enough in terms of skills in the area of security execution and they should be prepared to provide assistance to companies in bringing down the criminals. In order to do this, the security professional should be well conversant with the laws that govern privacy, criminal and civil activities in information security (Masnick 2008). The issues that comprise the investigations of computer crimes, evidences to be looked into, and that the company in question should comply with the laws plus the fact that the security professionals should be able to make prudent judgment in tense situations to facilitate decision making. A major setback to combating computer or cyber crime is the jurisdiction issues during investigations and the rapid development ion technology which has not been matched by the same advances in terms of cyber law. This is a swift crime that is not restricted by nation's boundaries and therefore the need to collectively address such crimes needs to be reevaluated by many nations so as to cooperate in investigations (Masnick 2008). The Certified Information Systems Security Professionals (CISSP) is a certified body that takes care of information security and provides education on the corporate security, privacy policies and defining the accepted character of employees. There are different laws that are covered and they include criminal, civil and regulatory laws which should be well understood by the security professional since the importance of the laws is continually increasing in the industry. Most civil crimes relate to intellectual property regulations that encompass trade secrets, trademarks, copyright and patents as the corporate value of many firms is embodied in these (Masnick 2008). All these have a value that must be classified to make sure that appropriate intensity of security is applied for their safeguarding. The ethics covered in the CISSP exam include the privacy laws including health insurance portability and accountability act, import and export laws and transborder information flow; federal privacy act and European Union principles on privacy, computer fraud and abuse act, Gramm-lech-Bliley Act and the computer security act. Information security crimes become serious issues for debate in the US in the 1990s and saw the passage of federal penalty guidelines on computer or cyber crimes that are related to anti-trust, fraud including other white collar crimes; the passage of the Economic Espionage act also gives the federal bureau of investigation (FBI) authority to look in to the corporate and industrial surveillance. Federal Trade Commission Unfair Practice The regulation of other institutions apart from financial institutions is very crucial in the development of economy. The federal trade commission provides that an act or practice would be considered deceptive if it entails an omission, a representation, or a practice that is likely to misguide customers and cause them to act irresponsibly under the circumstances and the omissions in place is materialistic (Hammond & Hammond 2003, 69). A product promotion is said to be deceptive when it includes some information that is forged or that is likely to misguide a customer. On the other hand an advert can be termed deceptive if it omits some material information that is likely to misguide a customer under the prevailing circumstances. Federal trade commission FTC has taken to regulate websites for violating their own standards and privacy policy claiming that this is a deceptive trade practice. The commission utilizes its section five powers to pursue deception claims against online companies for various cyber crimes; 1. spy ware and ad ware providers who furtively download software onto unsuspicious computer users 2. unlawful charges in association with phishing 3. A reverse auction site that used unacceptable promotional actions to petition for customers of competitive auction site. 4. a credit company that fails to substantiate the identity of persons to whom it is releasing private customer information to and also fail to scrutinize illegal activities among other practices. An act or practice is descried as unfair if it violates the requirements of the federal trade commission act causing injury to the customer. The injury which is; substantial, the clients could not realistically avoid and the injury that is outweighing the countervailing benefits to the customer and competition. In such an instance, the commission is authorized to seek an injunctive and other unbiased relief, which may include remedy, for the infringement of the act and also provide the foundation for the government enforcement of certain fair information applications. A company's failure to comply with the outlined information practices may constitute a deceptive practice, for these reason the commission uses the unfair jurisdiction in a wide range of cases including failure data security department to put into practice sensible protection to the consumer information and consequently cause injury that cannot counterbalance the benefits. Evidence of Intent The FTC regulations take into account the reasons fro a certain computer crime to be committed. Any company should not disclose individual's information to another institution without the consent of the owner of the information in place (Masnick 2008). If some evidence of intentional violation of the rules regarding disclosure of information is established, the company would be held responsible for that, however, there are some crucial concerns that affect some twisted cases in the same field say for example when a company deliberately sends an uniformed delegate to take part in the standards body and the agent fails to make proper disclosure (Severson.1997, 63). In this case, the FTC may be unable to obtain satisfactory verification of intent or on the other hand a firm may carry out a disorganized job of searching patents. Motives of Hacking The crimes faced in the information structure today are not so different for from those crimes before the computer age. Embezzlement, fraud and simple theft are the main motivating factors for the hacking crime. Computer crimes are getting more complicated, with the criminals working in groups to steal credit card information, cash, individual personal information and even armed forces secrets (Hammond & Hammond 2003, 72). It has been affirmed that some of the hackers may not have criminal intent, some are just curious smart students who may be trying out their skills, for security reasons, security professionals are require d to treat even the most innocent mischief as a deviant behavior that warrants punishment. There are several classes of common computer crimes; gaining excessive privileges on a system, in this manner allowing some un-permitted person the capacity to alter the presented data this is usually referred to as data diddling; carrying out less important attacks on the big crimes usually goes overlooked for example salami attacks; and implementing or handing out code that could lead to a denial of service attack; internet provider spoofing, password sniffing, wiretapping and signal production of capture is also used to collect information that is used to carry out such crimes. Some of the feature that can lead to hacking are however not technology based, they may be as simple as collecting personal information from littered documents, perusing through discarded garbage of credit card receipts and tricking people into disclosing their personal information described as social engineering attacks. For these reasons it's very important that security awareness programs be put in place and observance of appropriate disposal of wastes to avoid unintentional; leaking of information. It's quite essential that the firm's security staff have enough information and be aware of the possible types of crimes that can be accomplished within their environs and the resulting outcomes of the practices. Professional Ethics Ethics are described as a rule that regulate the socially acceptable means of performance and is usually resort to when the other rules and regulations do not give a clear direction or guidance pertaining a certain situation or circumstance. Those that deal with information security are expected to know and observe the laws and regulations that govern the use of computers and handling of information to the latter. The Certified Information Security System Professional (CISSP) is one such body that educates the information security professionals on such requirements. These responsibilities are essential to establishing confidence in the information security profession that motivate mutual respect from management and other stake holders; this encourages job performance to the fullest. Identity Theft A Crime The act of using someone else identity or stealing of somebody's identity is an illegal practice. Allowing hackers to access personal information in the first place is illegal and should never happen. There are recent incidences that include Best Western where al the personal consumer information since 2007 including credit cards information was stolen (Masnick 2008). How the hackers managed to access the information is very unclear and very hard to imagine, this make people to constantly change their credit card numbers several times over a short period of time. The other victims of identity theft are the TJ Maxx and Hannaford stores, though the banks covered the losses from illegal charges on the accounts, victims are forced to spend a lot of time revoking the cards, altering all kinds of direct charge accounts that may use the numbers stolen (Masnick 2008). These occasions usually bring about a lot of inconveniences including cancellation of a credit card while one is traveling. The victims of identity theft are proposing that the companies that leak their personal information be held responsible for the actions. They claim that the corporations are not supposed to keep the data in the first place, more or less to give it to some felonious people who manage to breach their information security, this being the bottom line of the matter. The information leaked once it gets to the hand of criminals does not matter whether it was stolen or leaked out through negligence or even on purpose but someone has to take responsibility and in this case, the victims claim that the hacked company should. This is because the company retains sensitive individual identity information and hence responsible for the attack (Severson.1997, 73). Criminal charges should include charges on both the receiver of the information and those who leak it. Incident Investigation When a company is hacked, it usually hires professionals to carry out a crime scene investigation, any information that provides evidence to the crime should be properly handled since mishandling may contradict any chance for prosecution. Forensic analysis of computer crime scenes is a particular science methodology steps must be followed. Very frequently a corporation will call in specialized consultants to conduct the crime scene investigation. On the other hand, all security professionals should be aware of the basics of how to safeguard a crime scene for additional examinations (Hammond & Hammond 2003, 55). To circumvent any blunder that could spoil the evidence, an incident response policy should provide details on how to deal with a particular kind of coordination in the event of a cyber or computer crime. Conclusion Computer exploitation and crime is a different way in which computers can be misused to cause problems to individuals and businesses. Computer use increases develops daily along hence the wide spread comes with felony. As we rely so much on the use of computers we need efficient regulation and legislation over them to help manage crime and misuse hence successful litigation and prosecution would require that corporations and the public get acquainted with hacking techniques and consequences. References Severson. R.J. (1997) The Principles of Information Ethics.M.E. Sharpe pp 34 - 76 Masnick M (2008) Should it Be Illegal To Get Hacked Might-be-a-bit-extreme Dept retrieved from http://.techdirt.com/articles/2008825/23200129094.shtml on 18th November 2008 at 1646hrs Hammond R.J & Hammond R.J Jnr (2003). Identity Theft. How to Protect Your Most Valuable Asset. Career Press pp 35 - 79 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Leaks and Hacks. When Is It Illegal To Get Hacked Essay”, n.d.)
Retrieved from https://studentshare.org/miscellaneous/1514534-when-is-it-illegal-to-get-hacked
(Leaks and Hacks. When Is It Illegal To Get Hacked Essay)
https://studentshare.org/miscellaneous/1514534-when-is-it-illegal-to-get-hacked.
“Leaks and Hacks. When Is It Illegal To Get Hacked Essay”, n.d. https://studentshare.org/miscellaneous/1514534-when-is-it-illegal-to-get-hacked.
  • Cited: 0 times

CHECK THESE SAMPLES OF Leaks and Hacks. When Is It Illegal To Get Hacked

Issues in Email Hacking

Hacking of an email account can yield disastrous results for the account owner and not many people are quite technically skilled enough to recover their email accounts after they have been hacked.... This paper discusses several ways in which email accounts can be hacked and the ethical and legal implications of hacking....
9 Pages (2250 words) Essay

How Hacking Can Be Helpful

In 1930s a major hacking event happened when Polish cryptologists Marian Rejewski, Henryk Zygalski, and Jerzy Rozycki hacked the Enigma machine code.... Although the concept of ethical hacking can be helpful for companies to improve their security levels, today hacking techniques are widely used for supporting illegal purposes like credit card fraud and information theft.... History of hackingThe known history of hacking could be dated back to the 1870s when several teenagers cracked the United States' brand new phone system, and since then the practice of hacking has been very widely reported around the globe....
12 Pages (3000 words) Essay

Changes in Technology and Criminal Law

Reproducing content or designing a program that is similar to another one without the consent of the original creator is illegal yet with advancement in technology, this is very common.... In terms of privacy, the law is very clear that selling or intentional exposure of people's personal infringes their privacy and hence it's illegal....
11 Pages (2750 words) Essay

Cyber Crime and Information Systems Security: The Concept of Phishing

hese crimes are illegal activities where computers are used as the primary interface.... The goal of this paper is to examine the techniques used in cybercrime as well as to provide an overall definition of information systems security.... In order to focus on one crime and in-depth analysis of it, the following pages describe Phishing in details as a crime against the information systems....
10 Pages (2500 words) Research Paper

Burning Chrome: As Compared to Blade Runner

It is these human emotions which led to the revolts of many a replicants making them illegal to be on Earth.... Thus, special replicants hunter units, called Blade Runners, were formed to eliminate the illegal replicants.... This paper is going to compare the Ridley Scott movie Blade Runner with the William Gibson short story “Burning Chrome....
7 Pages (1750 words) Essay

Analyzed the movie Margin Call from a legal perspective

Each bank's employees were aware that if they did not get in on this exceptionally lucrative new business branch, they would fall behind their rivals, their share price go down, they would get fired.... This Paper focuses on the legal perspectives and ideologies that arise in the is no character featuring the film that breaks the law, gets involved in conspiracy, or does anything any reasonable person would call unquestionably illegal.... having been produced and released at a period when the movement called Occupy Wall Street seeks to make mimicked villains of bankers and majority of he public blame this for a lagging economy exactly… n their shoulders, the movie offers an extremely attentive, fair and - for this very reason - eventually much more powerful analysis of how the financial system really works (Bernstein 1)....
3 Pages (750 words) Term Paper

Crime, Media and Technology

This crime has brought more harm to society when intruders can get access to information about an organization and use it to produce vague information.... hellip; Lastly, organizations producing software used in online/internet should be checked keenly, and the management is advised that they should not allow any illegal production of software by the companies.... when information has been distorted, it will be difficult to use it for the effectiveness and efficiency of a company relative to the task it had been aimed at (Zittrain 2008, 10)....
6 Pages (1500 words) Coursework

Cyber Net Fraud and How They Can Affect Accounting Information Systems

By doing this they are able to get money at the expense of the various business organizations that they disguise themselves as.... This research is being carried out to illustrates the different forms of cyber net fraud and how they can affect business accounting information systems....
6 Pages (1500 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us