Computer Fraud and Abuse Act - Essay Example

 Computer Fraud and Abuse Act Computer Fraud and Abuse Act – 1986 (CFAA) The advancements of computer technologies where on one hand has created ease for us, on the other hand, this technology has produced many criminal minds for which it is necessary to develop and implement law and legislations. According to Benson et al, “Congress has treated computer-related crimes as distinct federal offenses since 1984 after passage of the Counterfeit Access Device and Computer Fraud and Abuse Law (CFAA)” (Benson et al, 1997) CFAA originally known as the Counterfeit Access Device and Computer Fraud and Abuse Act was first enacted in 1984, in order to treat computer-related crimes as separate federal offenses. Ferrera et al concludes “This made it unnecessary to individually amend every federal law to include offenses committed with the use of computers. In 1996, the CFAA was amended by the National Information Infrastructure Protection Act. This Act amends all computers joined to the Internet and all computer activities, whether they occur locally or nationally”. (Ferrera et al, 2001, p. 308) According to Ferrera et al, the CFAA has three goals: 1. Confidentiality of the data/communications. 2. Integrity of the data/communications. 3. Availability of the data/communications (Ferrera et al, 2001, p. 309) In accordance with these goals, “the CFAA prohibits using computers to commit any of the following seven crimes: 1. To knowingly commit spy by accessing information without authorization or exceeding authorized access. (1030(a)(1)) 2. To access other information without authorization, or exceeding authorized access. (1030(a)(2)) 3. To access any nonpublic government computer (1030(a)(3)) 4. To access any computer with an intent to commit fraud (1030(a)(4)) 5. To knowingly or intentionally damage a computer (1030(a)(5)) 6. To knowingly traffic in passwords (1030(a)(6)) 7. To threaten to cause damage to a computer with the intent to extort money or other things of value” (1030(a)(7)) (Ferrera et al, 2001, p. 309) The Act was introduced and amended in Title 18 of the United States Code (Ferrera et al, 2001, p. 309) for prosecuting cyber crimes like drugs dealing, fraud, the transmission of pornography, international crime, money-laundering and the policing methodologies such as electronic eavesdropping. “Since it is hard to prohibit criminals from the market, as can be done in some areas of white-collar crime or, increasingly via the civil law, from stores or even private shopping malls, the damage caused even by individual acts of computer fraud or vandalism may be entirely disproportionate to offenders’ assets and income, far more so than in shop theft or fraud”. (Bamfield, 1997) According to Wall, “The term ‘cyber crime’ does not actually do much more than signify the occurrence of a harmful behaviour that is somehow related to a computer. It has no specific referent in law, and it is a concept that has been largely invented by the media. (Wall, 2001, p. 3) The Internet has a profound deep impact upon criminal activity in three main ways. According to Wall (2001) “the first way is the way Internet has become a vehicle for communications which sustain existing patterns of harmful activity, such as drug trafficking, and also hate speech, bomb-talk, stalking and so on. Newsgroups, for example, circulate information about how to bypass the security devices in mobile telephones or digital television decoders. Second, the Internet has created a transnational environment that provides new opportunities for harmful activities that are currently the subject of existing criminal or civil law. Examples would include paedophile activity, and also fraud. Third, the nature of the virtual environment, particularly with regard to the way that it distanciates time and space, has engendered entirely new forms of (unbounded) harmful activity such as the unauthorized appropriation of imagery, software tools and music products, etc. Indeed, at the far extreme of this third category, the transjurisdictional, contestable and private nature of some of the harms indicates a scenario where there exists new wine, but no bottles at all! It is important, therefore, to disaggregate these three levels of impact because they each invoke different policy responses and require quite different bodies of understanding. Cutting across these three levels, or depths, of impact lie four broad areas of harmful activity which are currently raising concerns”. (Wall, 2001, p. 3) Types of Computer Crime One problem in the development of comprehensive laws is lack of legislative appreciation for the potentially wide variety of crimes, which can be perpetrated using a computer. Still there is a need to develop policies regarding today’s computer based crimes as the current policies are not sufficient enough to handle cyber crime. Unauthorized access to data Unauthorized access to private data can lead the company towards bankruptcy or any other huge loss like loss of data which took months and years to compose. In this context four techniques are used to prevent loss of data: Physical Security Some of the common measures to physically secure your system are locking disc files, limited access to other systems and making data backups in order to prevent the threat of loss. “A proper procedure would include a method of proving that the individual requesting entry is in fact an employee. This authentication method may include electronic pictures, for the guard to examine or it may include a call to another employee to vouch for the individual. Some organizations rely only on the employee’s signature in the appropriate register. This method may allow an intruder to gain access to the facility”. (Maiwald, 2001, p. 110) Password Identification This requires the user to enter any form of identification in order to gain access to the system. In response to such situation where there is a doubt of unauthorized access by hacking, biometric techniques are used, which after scanning of handprints, finger prints, eyes or voice recognition provide access to the desired system. Data Encryption Method This method is used in banks and financial institutions where there is a continuous threat of hacker or stolen password. In order to conduct a risk free secure transaction, Data Encryption Standard (DES) makes it possible for any institution to freely encrypt or decrypt data while transferring. Screen blanking As mentioned by Schmalleger, (2001) “Screen blanking lacks the sophistication of the methods mentioned above. However, it depends upon a relatively simple technology, which causes video monitors to go blank after a set period of nonuse. Hence data entry stations left unattended cannot be casually viewed by unauthorized personnel”. (Schmalleger, 2001, p. 708) Whatever laws and policies are followed, there will always remain a threat for cyber crime as long as computer usage is there. References & Bibliography Bamfield, J. (1997) Making Shoplifters Pay, London: Social Market Foundation Benson Carl, Jablon V. Andrew, Kaplan J. Paul & Rosenthal Elena Mara, (1997) Computer Crimes In American Criminal Law Review. Volume: 34. Issue: 2. Ferrera Gerald, Lichtenstein D. Stephen, Reder E., Margo, August Ray & Schiano T. William, (2001) Cyber Law: Text and Cases. United States: West Maiwald Eric, (2001) Network Security: A Beginner’s Guide. McGraw-Hill Schmalleger Frank, (2001) Criminal Justice Today: An Introductory text for the twenty first century. Prentice Hall Wall S. David, (2001) Crime and the Internet: Routledge: New York. Read More