Abstract image of a woman sitting on books and studying on a laptop

Computer Crimes: An American Case Study

Eddan Katz, profile picture
Eddan Katz

This document summarizes computer crime laws in the United States, including statutes governing child pornography, computer fraud, spam laws, criminal copyright provisions, and anti-circumvention measures. It also discusses constitutional issues regarding free speech and search/seizure. Key concepts covered include authorization, intent, and reasonable expectations of privacy in the context of unauthorized access and cybercrime conventions. The Computer Fraud and Abuse Act and its penalties are explained in detail.

1 of 20
Downloaded 55 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Computer Crimes: An American Case Study Eddan Katz International Affairs Director Electronic Frontier Foundation Thai Netizen Network Digital Rights Workshop July 26, 2009 Wednesday, December 29, 2010 1
Cybercrime Legal Regime Child Pornography Statutes Computer Fraud and Abuse Act CAN-SPAM Act Criminal Copyright Anti-Circumvention Provisions Electronic Communications Privacy Act Identity Theft Wednesday, December 29, 2010 2
Defining Computer Crime US Dep. of Justice: “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.” Applying Criminal Laws to actions taken with a computer crimes present primarily technical problems in prosecution Criminal acts as the use of and access to a computer system not connected to taking money or tangible items from a 3rd person. Unauthorized access to a computer Unauthorized use of computer-processing services Unauthorized tampering with data in a computer Unauthorized taking (copying & reading) of information from a computer Unauthorized acts that preclude access to a computer by other parties Wednesday, December 29, 2010 3
Constitutional Issues First Amendment - Freedom of Speech Fourth Amendment - Search and Seizure The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Wednesday, December 29, 2010 4
Free Speech Issues Reno v. American Civil Liberties Union (ACLU) strict scrutiny for speech regulation Internet communications struck down Communications Decency Act provisions prohibiting transmission of “indecent” and “patently offensive” as being constitutionally vague and overbroad CAN-SPAM Act political and non-commercial speech Export Control Regulations Code is Speech Wednesday, December 29, 2010 5
Three Major Concepts Authorization Intent Expectation of Privacy Wednesday, December 29, 2010 6
Unauthorized Access new criminal concept define a computer system as a protected environment and make control of access to this environment a protected right define severity in terms of amount taken unclear in regards to intangible property Wednesday, December 29, 2010 7
Authorization Interactive Communication on the Internet Security Research & Quality Assurance No “Obtaining Anything of Value” Fair Use Anti-Competitive Behavior Wednesday, December 29, 2010 8
Intent Information Intermediaries to commit the act to commit the harm functionality of code Wednesday, December 29, 2010 9
Computer as Subject of Crime Spam - unsolicited bulk email Viruses - modifies other computer programs Worms - viruses that self-replicate Trojan Horses - contain hidden malicious code Logic Bombs - activate at specific time Sniffers - network analyzers Wednesday, December 29, 2010 10
Reasonable Expectation of Privacy public-private space distinction content of communications specificity of warrant Wednesday, December 29, 2010 11
Cybercrime Convention & Intermediaries Art. 9 - “making available,” “distributing,” and “transmitting” Art. 11 - aiding and abetting commission of offenses Explanatory Report Par. 119 - aided by another person who also intends that the crime be committed no duty on an intermediary to monitor Art. 12 - acting under its authority Par. 125 - customer, user. Not like an employee. Wednesday, December 29, 2010 12
Computer Fraud and Abuse Act (CFAA) 1. Access computer files without authorization and to subsequently transmit classified government information if information can be used. 2. prohibits obtaining, without authorization, information from financial institutions, the United States, or private computers that are used in interstate commerce. 3. intentionally accessing US department or agency nonpublic computer without authorization 4. accessing a protected computer, without authorization, with the intent to defraud or obtain something of value Wednesday, December 29, 2010 13
CFAA, continued 5. computer hacking knowingly causing the transmission of a program, code, or command, that intentionally causes damage to a protected computer. intentional access without authorization that results in damage but does not require intent 6. trafficking in passwords knowingly and with intent to defraud 7. illegal to transmit any threat to cause damage Wednesday, December 29, 2010 14
Computer Fraud and Abuse Act Penalties Wednesday, December 29, 2010 15
Criminal Copyright No Electronic Theft (NET) Act (1998) (i) existence of a valid copyright (ii) that the defendant willfully (iii) infringed (iv) either (1) for commercial advantage or private financial gain (2) by reproducing or distributing infringing copies with a retail value of over $1,000 over a 180-day period by distributing a work being prepared for commercial distribution by making it available on a publicly-accessible network. Wednesday, December 29, 2010 16
Digital Millennium Copyright Act (1998) §1201 Act of Circumvention to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner. Circumvention Device Ban No person may manufacture, import, offer to the public, provide, or otherwise traffic in a technology, product, service, or device that is used to circumvent such technological measures. primarily designed or produced to circumvent limited commercial use marketed for use in circumventing Wednesday, December 29, 2010 17
DMCA §1201 Exceptions non-profit library, archive, and educational institutions personal privacy reverse engineering security testing encryption research protection of minors Wednesday, December 29, 2010 18
Electronic Communication Privacy Act (1986) updating existing federal prohibitions against intercepting wire and electronic communications curb hacking activities by fortifying privacy rights of computer users enabling law enforcement officers to employ electronic surveillance in the course of investigating crimes Wednesday, December 29, 2010 19
Thank you. Eddan Katz eddan@eff.org Wednesday, December 29, 2010 20

More Related Content

PDF
Thainetizennetwork slides day1
Eddan Katz
 
PDF
Copyrightcontraband cepe2007
Eddan Katz
 
PDF
Copyrightcontraband
Eddan Katz
 
PDF
Presentation on hadopi laws
bsookman
 
PPTX
Streaming under the DMCA Disney Enter., Inc. et al. v. VidAngel, Inc.
Workman Nydegger
 
ODP
Thinking Technology
rcic3607
 
PPT
Technology And Space
kyuri
 
PDF
Essentials Of Cyberspace Law Cal Bar Cyberspace Commt
Internet Law Center
 
Thainetizennetwork slides day1
Eddan Katz
 
Copyrightcontraband cepe2007
Eddan Katz
 
Copyrightcontraband
Eddan Katz
 
Presentation on hadopi laws
bsookman
 
Streaming under the DMCA Disney Enter., Inc. et al. v. VidAngel, Inc.
Workman Nydegger
 
Thinking Technology
rcic3607
 
Technology And Space
kyuri
 
Essentials Of Cyberspace Law Cal Bar Cyberspace Commt
Internet Law Center
 

Similar to Computer Crimes: An American Case Study (20)

PDF
Thainetizennetwork globalcybercrime 07272009
Eddan Katz
 
PPT
Computer forensics law and privacy
ch samaram
 
PPT
Cybercrime
nayakslideshare
 
PPTX
ANTI CYBERCRIME LAWvyufytfgfytfyty6yr.pptx
mabinifirestation21
 
PPT
Computer crime
Uc Man
 
PPT
Computer crime
Vinil Patel
 
PPTX
Cybercrime law
Tearsome Llantada
 
PPT
Introduction to Cyber Law
n|u - The Open Security Community
 
PPTX
Chapter 4_Information, Control, and Privacy.pptx
norwinadriatico
 
PDF
The Philippine Cybercrime Prevention Act of 2012
Jim Ayson
 
PDF
Cyber Laws
mayur_ceh
 
PPTX
Unit-3 Cyber Crime PPT.pptx
ParasSehgal12
 
PPTX
What constitutes a cyber crime in the country
Ujjwal Tripathi
 
DOCX
Ethical Dilemma/Issues is Cyberworld
Amae OlFato
 
PDF
proposal of Informatics crimes act in Iraq
Hayder Hamzoz
 
PPT
Ethical Hacking
Binit Kumar
 
PPT
REPUBLIC ACT NO. 10175 CYBERCRIME PREVENTION ACT OF 2012 (1).ppt
RachealSantos1
 
PPT
REPUBLIC ACT NO. 10175 CYBERCRIME PREVENTION ACT OF 2012.ppt
RachealSantos1
 
DOC
It act 2000 & cyber crime 111111
Yogendra Wagh
 
PDF
Cyber law-it-act-2000
Mayuresh Patil
 
Thainetizennetwork globalcybercrime 07272009
Eddan Katz
 
Computer forensics law and privacy
ch samaram
 
Cybercrime
nayakslideshare
 
ANTI CYBERCRIME LAWvyufytfgfytfyty6yr.pptx
mabinifirestation21
 
Computer crime
Uc Man
 
Computer crime
Vinil Patel
 
Cybercrime law
Tearsome Llantada
 
Introduction to Cyber Law
n|u - The Open Security Community
 
Chapter 4_Information, Control, and Privacy.pptx
norwinadriatico
 
The Philippine Cybercrime Prevention Act of 2012
Jim Ayson
 
Cyber Laws
mayur_ceh
 
Unit-3 Cyber Crime PPT.pptx
ParasSehgal12
 
What constitutes a cyber crime in the country
Ujjwal Tripathi
 
Ethical Dilemma/Issues is Cyberworld
Amae OlFato
 
proposal of Informatics crimes act in Iraq
Hayder Hamzoz
 
Ethical Hacking
Binit Kumar
 
REPUBLIC ACT NO. 10175 CYBERCRIME PREVENTION ACT OF 2012 (1).ppt
RachealSantos1
 
REPUBLIC ACT NO. 10175 CYBERCRIME PREVENTION ACT OF 2012.ppt
RachealSantos1
 
It act 2000 & cyber crime 111111
Yogendra Wagh
 
Cyber law-it-act-2000
Mayuresh Patil
 
Ad

More from Eddan Katz (8)

PDF
Tacdconference actaslides
Eddan Katz
 
PDF
Mapping A2K Advocacy: Towards a Coalition Against ACTA
Eddan Katz
 
PDF
Freecultureforum barcelona2009 acta
Eddan Katz
 
PDF
Eddankatz publicvoice globalflowsofdata
Eddan Katz
 
PDF
Eddankatz democratic culture_freecultureforum_slides
Eddan Katz
 
PDF
A2krussia
Eddan Katz
 
PDF
A2k rit
Eddan Katz
 
PDF
Leveraging the INDECT Project: An Activist Strategy to Implement Privacy Ethi...
Eddan Katz
 
Tacdconference actaslides
Eddan Katz
 
Mapping A2K Advocacy: Towards a Coalition Against ACTA
Eddan Katz
 
Freecultureforum barcelona2009 acta
Eddan Katz
 
Eddankatz publicvoice globalflowsofdata
Eddan Katz
 
Eddankatz democratic culture_freecultureforum_slides
Eddan Katz
 
A2krussia
Eddan Katz
 
A2k rit
Eddan Katz
 
Leveraging the INDECT Project: An Activist Strategy to Implement Privacy Ethi...
Eddan Katz
 
Ad

Computer Crimes: An American Case Study

  • 1. Computer Crimes: An American Case Study Eddan Katz International Affairs Director Electronic Frontier Foundation Thai Netizen Network Digital Rights Workshop July 26, 2009 Wednesday, December 29, 2010 1
  • 2. Cybercrime Legal Regime Child Pornography Statutes Computer Fraud and Abuse Act CAN-SPAM Act Criminal Copyright Anti-Circumvention Provisions Electronic Communications Privacy Act Identity Theft Wednesday, December 29, 2010 2
  • 3. Defining Computer Crime US Dep. of Justice: “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.” Applying Criminal Laws to actions taken with a computer crimes present primarily technical problems in prosecution Criminal acts as the use of and access to a computer system not connected to taking money or tangible items from a 3rd person. Unauthorized access to a computer Unauthorized use of computer-processing services Unauthorized tampering with data in a computer Unauthorized taking (copying & reading) of information from a computer Unauthorized acts that preclude access to a computer by other parties Wednesday, December 29, 2010 3
  • 4. Constitutional Issues First Amendment - Freedom of Speech Fourth Amendment - Search and Seizure The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Wednesday, December 29, 2010 4
  • 5. Free Speech Issues Reno v. American Civil Liberties Union (ACLU) strict scrutiny for speech regulation Internet communications struck down Communications Decency Act provisions prohibiting transmission of “indecent” and “patently offensive” as being constitutionally vague and overbroad CAN-SPAM Act political and non-commercial speech Export Control Regulations Code is Speech Wednesday, December 29, 2010 5
  • 6. Three Major Concepts Authorization Intent Expectation of Privacy Wednesday, December 29, 2010 6
  • 7. Unauthorized Access new criminal concept define a computer system as a protected environment and make control of access to this environment a protected right define severity in terms of amount taken unclear in regards to intangible property Wednesday, December 29, 2010 7
  • 8. Authorization Interactive Communication on the Internet Security Research & Quality Assurance No “Obtaining Anything of Value” Fair Use Anti-Competitive Behavior Wednesday, December 29, 2010 8
  • 9. Intent Information Intermediaries to commit the act to commit the harm functionality of code Wednesday, December 29, 2010 9
  • 10. Computer as Subject of Crime Spam - unsolicited bulk email Viruses - modifies other computer programs Worms - viruses that self-replicate Trojan Horses - contain hidden malicious code Logic Bombs - activate at specific time Sniffers - network analyzers Wednesday, December 29, 2010 10
  • 11. Reasonable Expectation of Privacy public-private space distinction content of communications specificity of warrant Wednesday, December 29, 2010 11
  • 12. Cybercrime Convention & Intermediaries Art. 9 - “making available,” “distributing,” and “transmitting” Art. 11 - aiding and abetting commission of offenses Explanatory Report Par. 119 - aided by another person who also intends that the crime be committed no duty on an intermediary to monitor Art. 12 - acting under its authority Par. 125 - customer, user. Not like an employee. Wednesday, December 29, 2010 12
  • 13. Computer Fraud and Abuse Act (CFAA) 1. Access computer files without authorization and to subsequently transmit classified government information if information can be used. 2. prohibits obtaining, without authorization, information from financial institutions, the United States, or private computers that are used in interstate commerce. 3. intentionally accessing US department or agency nonpublic computer without authorization 4. accessing a protected computer, without authorization, with the intent to defraud or obtain something of value Wednesday, December 29, 2010 13
  • 14. CFAA, continued 5. computer hacking knowingly causing the transmission of a program, code, or command, that intentionally causes damage to a protected computer. intentional access without authorization that results in damage but does not require intent 6. trafficking in passwords knowingly and with intent to defraud 7. illegal to transmit any threat to cause damage Wednesday, December 29, 2010 14
  • 15. Computer Fraud and Abuse Act Penalties Wednesday, December 29, 2010 15
  • 16. Criminal Copyright No Electronic Theft (NET) Act (1998) (i) existence of a valid copyright (ii) that the defendant willfully (iii) infringed (iv) either (1) for commercial advantage or private financial gain (2) by reproducing or distributing infringing copies with a retail value of over $1,000 over a 180-day period by distributing a work being prepared for commercial distribution by making it available on a publicly-accessible network. Wednesday, December 29, 2010 16
  • 17. Digital Millennium Copyright Act (1998) §1201 Act of Circumvention to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner. Circumvention Device Ban No person may manufacture, import, offer to the public, provide, or otherwise traffic in a technology, product, service, or device that is used to circumvent such technological measures. primarily designed or produced to circumvent limited commercial use marketed for use in circumventing Wednesday, December 29, 2010 17
  • 18. DMCA §1201 Exceptions non-profit library, archive, and educational institutions personal privacy reverse engineering security testing encryption research protection of minors Wednesday, December 29, 2010 18
  • 19. Electronic Communication Privacy Act (1986) updating existing federal prohibitions against intercepting wire and electronic communications curb hacking activities by fortifying privacy rights of computer users enabling law enforcement officers to employ electronic surveillance in the course of investigating crimes Wednesday, December 29, 2010 19
  • 20. Thank you. Eddan Katz eddan@eff.org Wednesday, December 29, 2010 20