Spam and The Computer Fraud and Abuse Act Richard Warner.

Slides:

Advertisements

Similar presentations

Chapter 20 Legal Liability McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Advertisements

How to protect yourself, your computer, and others on the internet

CHAPTER 6 REVIEW Let the Games Begin

What You’ll Learn How to define negligence (p. 88)

4Chapter SECTION OPENER / CLOSER: INSERT BOOK COVER ART Negligence and Strict Liability Section 4.2.

Computer Fraud and Abuse Act (CFAA) Preventing the Destruction of eDocuments Team 8 – Jason Conrad, Ben Sweeney, Jeff Woodward.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

Chapter 15 Intentional Torts Intentional Torts - When people deliberately cause harm or loss to another person Intent – the desire to commit an act for.

Business Law Tort Law.

Chapter 8 Crimes Twomey, Business Law and the Regulatory Environment (14th Ed.)

Chapter 3 Tort Law.

United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with.

© 2006 Prohibition of Torture Federal Ministry for Foreign Affairs of Austria.

The Judicial Branch. Court Systems & Jurisdictions.

Faking It: Calculating Loss in Computer Crime Sentencing Jennifer S. Granick, Esq. Stanford Law School Center for Internet and Society

Private Wrongs: Torts Negligence and Strict Liability Chapter 14.

U.S criminal law’s reinforcement of technological measures protecting property: where the DMCA fits in Elliot N. Turrini Assistant U.S. Attorney Computer.

Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,

Security, Privacy, and Ethics Online Computer Crimes.

Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.

OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.

 A body of rights, obligations, and remedies that is applied by courts in civil proceedings to provide relief for persons who have suffered harm from.

Prop. 46. Spectrum The purpose of prison is to reform the prisoner. The purpose of prison is to punish the prisoner. Non-violent felonies should be considered.

Cybercrime Richard Warner What Is Cybercrime?  Most broadly, cybercrime consists of any crime committed using computers.  Such.

Security Services Constitutional Issues in Private Security.

Bill of Rights  The Bill of Rights was not included in the 1787 Constitution.  The first ten amendments (Bill of Rights) were ratified on December 15,

Intentional Torts Law in Action – Ch. 15.

Business Law. Your neighbor Shana is using a multipurpose woodcutting machine in her basement hobby shop. Suddenly, because of a defect in the two-year.

Essentials Of Business Law Chapter 30 Professionals’ Liability McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.

Part 2 – The Law of Torts Chapter 5 – Negligence and Unintentional Torts Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 5-1.

Unit 6 – Civil Law.

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

U.S. Copyright Enforcement Benjamin Hardman Attorney / Advisor Office of Intellectual Property Policy & Enforcement, USPTO.

Acceptable Use Policy.  The District system includes:  A network of computers that serves all the schools  Saved files on a server for student work.

© 2007 West Legal Studies in Business, A Division of Thomson Learning Chapter 31 Professional Liability.

Chapter 5: General Computer Topics Department of Computer Science Foundation Year Program Umm Alqura University, Makkah Computer Skills /1436.

2 TORT Means“Wrong” 3 TORT A violation of a duty imposed by civil law.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

COMPLIANCE ACTIONS FDA Regulation & Licensure of Whole Blood & Blood Components, Including Source Plasma September 15-16, 2009 Helen Cowley Office of Compliance.

Stalking Awareness And Prevention Francis A. Arenas, Esq.

Trespass to Chattels: Spam Richard Warner. CompuServe v. Cyber Promotion  :“CompuServe has received many complaints from subscribers threatening to discontinue.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

Computer Fraud and Abuse Act Richard Warner. Liability under the CFAA  1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer.

CRIMES AGAINST PROPERTY

CRIMES Used by permission. For Educational purposes only.

American Public School Law Torts n Definition of a tort – Intentional interference – Strict Liability – Negligence – Elements of Negligence – Defenses.

Chapter 09 Negligence and Strict Liability Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.

Copyright 2000, Marchany Computer Law Threats and Issues VA Computer Crime Act Randy Marchany VA Tech Computing Center ©Marchany,2001.

1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall.

The Role of the Courts.

Comprehensive Volume, 18 th Edition Chapter 8: Crimes.

Trespass in the Spam Cases. CompuServe v. Cyber Promotion User complaints  “CompuServe has received many complaints from subscribers threatening.

Security Debate Why cracking should be criminalized.

CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.

Crime-Tort Jeopardy Business Related Crimes Elements of a Crime Classify Defenses Elements of a Tort Types of Torts Civil Procedure $100100$100100$100100$100100$100100$100100$

Virginia RULES Teens Learn & Live the Law Crimes Against Persons.

CHAPTER 18 PART I Torts: A Civil Wrong. A Civil Wrong In criminal law, when someone commits a wrong, we call it a crime. In civil law, when someone commits.

Article III: The Judicial Branch Chapters: 11,12

18 USC § 1030 Computer Fraud and Abuse Act

Hacking: public policy

THE CASE OF THE MISSING SHOES

Chapter 20 Legal Liability

Chapter 42 Liability of Accountants & Other Professionals

Update on the Computer Fraud and Abuse Act

INTELLECTUAL PROPERTY AND CYBER PIRACY

Chapter 6-3 Lesson Objectives

Laws Against Computer Hacking

Presentation transcript:

Spam and The Computer Fraud and Abuse Act Richard Warner

Liability under the CFAA  1030(a)(2)(C) imposes liability on whoever “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains... information from any protected computer if the conduct involved an interstate or foreign communication.” Computers used in “interstate or foreign commerce or communication” are “protected.” 1030(e)(2).

Liability under the CFAA  1030(a)(5) imposes liability on anyone who (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.

Liability Under The CFAA  1030(g): “Any person who suffers damage or loss by reason of a violation of the section, may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief.”

Damage Defined  1030 (e)(8): the term "damage" means any impairment to the integrity or availability of data, a program, a system, or information, that-- (A) causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals; (B) modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment, or care of one or more individuals; (C) causes physical injury to any person; or (D) threatens public health or safety

Spam and The CFAA  Sending spam can violate the Computer Fraud and Act, 1030 (a)(2)(C) and (a)(5)(C).  See AOL v. LCGM.  One remaining issue: What intent is required under 1030(a)(5) ?

1030(a)(5)  1030(a)(5) imposes liability on anyone who (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.

United States v. Morris  Morris was a Cornell university computer science doctoral student.  He released a worm over the Internet. A worm is a self-replicating computer program designed to spread over the Internet without any further human interaction with the program once it is released.

Purpose of the Morris Worm  Morris did not intend his worm to cause any harm.  As the court notes, “The goal of this program was to demonstrate the inadequacies of current security measures on computer networks by exploiting the security defects that Morris had discovered. The tactic he selected was release of a worm into network computers.”

The Design of the Worm  Morris designed the worm to copy itself from Internet system to Internet system; however, before it copied itself, the worm first asked the computer if it already had a copy of the worm.  Point: multiple copies would slow the computer down and make the computer owner aware of the worm’s presence.  Morris wanted to show that the worm could spread undetected.

The Design of the Worm  The worm did not copy itself if it got a “yes” answer.  However, Morris also worried that system owners who became aware of the worm would stop its spread by programming their computers to answer “yes.”  So he programmed the worm to copy itself every seventh time it received a “yes” from the same computer.

The Error  Morris greatly underestimated the number of times a computer would be asked if it had the worm.  The worm spread with great rapidity over the Internet causing computer slowdowns and shutdowns and imposing on system owners the cost of removing the worm.

Computer Fraud and Abuse Act  Morris was prosecuted criminally under the Computer Fraud and Abuse Act.  Section 2(d) punishes anyone who intentionally accesses [computers] without authorization... and damages or prevents authorized use of information in those computers, causing loss of $1,000 or more.

The Issues  The court: “The issues raised are (1) whether the Government must prove not only that the defendant intended to access a federal interest computer, but also that the defendant intended to prevent authorized use of the computer's information and thereby cause loss; and (2) what satisfies the statutory requirement of ‘access without authorization.’”

The Ruling  The court holds that the only intent required is the intent to access the system.  The authorization issue: Morris was authorized to use—in certain ways--the computers he initially accessed. He exceeded his authorized access. Is this enough to make his access unauthorized?  The court answers that it is.