Computer Fraud and Abuse Act Richard Warner. Liability under the CFAA  1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer.

Slides:

Advertisements

Similar presentations

How to protect yourself, your computer, and others on the internet

Advertisements

Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.

Computer Fraud and Abuse Act (CFAA) Preventing the Destruction of eDocuments Team 8 – Jason Conrad, Ben Sweeney, Jeff Woodward.

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

Chapter 15 Intentional Torts Intentional Torts - When people deliberately cause harm or loss to another person Intent – the desire to commit an act for.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with.

Chapter Fourteen Negligence and Intentional Torts This multimedia presentation and its contents are protected under copyright law. The following are prohibited.

Faking It: Calculating Loss in Computer Crime Sentencing Jennifer S. Granick, Esq. Stanford Law School Center for Internet and Society

Private Wrongs: Torts Negligence and Strict Liability Chapter 14.

Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,

Security, Privacy, and Ethics Online Computer Crimes.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.

Introducing Computer and Network Security

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.

Cybercrime Richard Warner What Is Cybercrime?  Most broadly, cybercrime consists of any crime committed using computers.  Such.

Online Safety Workshop Stephanie Rojas, IMG Krystle Donnelly, IMG Cyndi Backstrom, UNLV OIT.

General Purpose Packages

Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 11 Cyberlaw Twomey Jennings Anderson’s Business Law and the Legal.

Spam and The Computer Fraud and Abuse Act Richard Warner.

Intentional Torts Law in Action – Ch. 15.

 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.

Essentials Of Business Law Chapter 30 Professionals’ Liability McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.

The Case for The Right to Prevent Access Richard Warner.

HIPAA OBJECTIVES  Define HIPAA  Define PHI  Use of PHI  Your rights  Your responsibilities.

Employer Alert: New Duty to Police Illegal Activities in the Workplace Presented by M. Karen Thompson.

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

Acceptable Use Policy.  The District system includes:  A network of computers that serves all the schools  Saved files on a server for student work.

Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.

Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

The Claire Davis Safety Act What does it mean for Charters?

Stalking Awareness And Prevention Francis A. Arenas, Esq.

Trespass to Chattels: Spam Richard Warner. CompuServe v. Cyber Promotion  :“CompuServe has received many complaints from subscribers threatening to discontinue.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.

 Development of Strict Liability.  Defendant’s liability for strict liability is without regard to: Fault, Foreseeability, Standard of Care or Causation.

American Public School Law Torts n Definition of a tort – Intentional interference – Strict Liability – Negligence – Elements of Negligence – Defenses.

Copyright 2000, Marchany Computer Law Threats and Issues VA Computer Crime Act Randy Marchany VA Tech Computing Center ©Marchany,2001.

1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall.

Yes. You’re in the right room.. Hi! I’m David (Hi David!)

LANDMARK DECISIONS and STATUTES IN CYBERLAW Business Law I Chapter 2 Angela Creech, Instructor.

Chapter 11 CYBERLAW. 2 Cyberlaw is not a new body of laws. Cyberlaw is not a new body of laws. Cyberlaw is the application of existing laws and legal.

Security Debate Why cracking should be criminalized.

Chapter 10 – Crimes Against Property. Arson The willful and malicious burning of a person’s property Intentionally burning a building to defraud the insurance.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

ACCEPTABLE USE POLICY: INFORMATION TECHNOLOGY RESOURCES IN THE SCHOOLS The school's information technology resources, including and Internet access,

Virginia RULES Teens Learn & Live the Law Crimes Against Persons.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

Digital Citizenship Project Submitted by: Etta Pope Instructor: Laurie Fowler.

Substance Addiction(Compulsory Assessment and Treatment) Act 2017 Processes

18 USC § 1030 Computer Fraud and Abuse Act

Hacking: public policy

Chapter 20 Legal Liability

ETHICAL & SOCIAL IMPACT OF INFORMATION SYSTEMS

Answer the questions to reveal the blocks and guess the picture.

Update on the Computer Fraud and Abuse Act

Fraud – legal update Peter Carter QC.

Faculty of Science IT Department By Raz Dara MA.

Laws Against Computer Hacking

Presentation transcript:

Computer Fraud and Abuse Act Richard Warner

Liability under the CFAA  1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains... information from any protected computer if the conduct involved an interstate or foreign communication.” Computers used in “interstate or foreign commerce or communication” are “protected.” 1030(e)(2).

Liability under the CFAA  1030(a)(5) imposes liability on anyone who (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.

Damage Defined  1030 (e)(8): the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that-- (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals; (B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals; (C) causes physical injury to any person; or (D) threatens public health or safety

§ 1030(e)(8)(A) Aggregation  damages and losses under may only be aggregated across victims and over time for a single act.  The relevant clause states that "the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information that--(A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals."

United States v. Morris  United States v. Morris applies the CFAA.  Morris was a Cornell university computer science doctoral student.  He released a worm over the Internet. A worm is a self-replicating computer program designed to spread over the Internet without any further human interaction with the program once it is released.

Purpose of the Morris Worm  Morris did not intend his worm to cause any harm.  As the court notes, “The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers.”

The Design of the Worm  Morris designed the worm to copy itself from Internet system to Internet system; however, before it copied itself, the worm first asked the computer if it already had a copy of the worm.  Point: multiple copies would slow the computer down and make the computer owner aware of the worm’s presence.  Morris wanted to show that the worm could spread undetected.

The Design of the Worm  The worm did not copy itself if it got a “yes” answer.  However, Morris also worried that system owners who became aware of the worm would stop its spread by programming their computers to answer “yes.”  So he programmed the worm to copy itself every seventh time it received a “yes” from the same computer.

The Error  Morris greatly underestimated the number of times a computer would be asked if it had the worm.  The worm spread with great rapidity over the Internet causing computer slowdowns and shutdowns and imposing on system owners the cost of removing the worm.  Morris was prosecuted criminally under the Computer Fraud and Abuse Act.

The Issues  The court: “The issues raised are (1) whether the Government must prove not only that the defendant intended to access a federal interest computer, but also that the defendant intended to prevent authorized use of the computer's information and thereby cause loss; and (2) what satisfies the statutory requirement of ‘access without authorization.’”

The Ruling  The court holds that the only intent required is the intent to access the system.  The authorization issue: Morris was authorized to access the computers he initially accessed.  He exceeded the use he was authorized to make.  Is this enough to make his access unauthorized?  The court answers that it is.