Chapter 4 - Legal

Question 1

First computer crime law in Comprehensive Crime Control Act (CCCA) of 1984. Crime to:

Answer 1

Access classified or financial info
Access federal computer
Use federal computer for fraud
Cause malicious damage of $1000+
Modify medical records
Traffic in computer passwords

Question 2

Computer Fraud and Abuse Act of 1986

Answer 2

Widened coverage to cover:
○ An US Government computer
○ Any financial institution computer
○ Any combination of computers used to commit and offense when they are not all located in the same state.

Question 3

CCCA Amendments of 1994

Answer 3

○ Outlawed creation of malicious code.
○ Covered any computer used in interstate commerce
○ Allowed for the imprisonment of offenders - whether or not they intended to cause harm
○ Provided legal authority for the victims of computer crimes to pursue civil action

Question 4

Computer Security Act of 1987 outlines steps government must take to protect it’s own systems.

Answer 4

○ Give NIST responsibility for developing standards and guidelines
○ Provide for enactment of standards and guidelines
○ Require establishment of security plans by all operators of federal computer systems that contain sensitive info
○ Require mandatory periodic training

Question 5

Federal Sentencing Guidelines 1991 - helps judges

Answer 5

○ Formalized prudent man rule - sr execs must ensure due care
○ Minimize punishment for those that used due diligence in security
○ 3 burdens of proof:
§ Must have legally recognized obligation
§ Must have failed to comply with recognized standards
Must be a causal relationship between negligence and damages

Question 6

National Info Infrastructure Protection Act of 1996

Answer 6

○ Broadens CFAA to cover systems used in international commerce.
○ Extends protection to national infrastructure
Intentional or reckless actions causing damage as felony

Question 7

Paperwork Reduction Act of 1995

Answer 7

Agencies must have OMB approval before requesting certain info from public.

Question 8

Government Information Security Reform Act of 2000

Answer 8

○ 5 purposes:
§ Provide comprehensive framework for establishing and ensuring the effectiveness of controls over info resources that support federal operations and assets
§ Recognize need for highly networked, opportunities for interoperability not adversely affected
§ Provide effective government-wide management and oversight of the related info security risks, coordination of info security efforts
§ Provide for development and maintenance of minimum controls required to protect fed computers.
§ Provide mechanism for improved oversight of federal agency info security programs.
○ Created new category of computer system - mission critical system must:
§ Defined as national security system by other provisions of law
§ It is protected by procedures established for classified information
Loss, misuse, disclosure, unauthorized access, etc. would debilitate impact of mission of agency.

Question 9

Federal Information Security Management Act - 2002

Answer 9

○ Federal agencies implement info security program to cover agency operations.
§ Risk assessments
§ Policies and procedures
§ Plans for providing adequate info security
§ Awareness training
§ Periodic testing and evaluation of effectiveness
§ Remediation process
§ Incident management
§ Business continuity

Question 10

Copyrights

Answer 10

protect original works of authorship such as books, articles, poems, and songs.
○ 70 years after death of author
○ Works for hire and anonymous - 95 years after first publication or 120 years from date of creation

Question 11

Patents

Answer 11

protect creators of new inventions
○ Requirements
§ New, useful, not obvious
20 years from date of application

Question 12

Digital Millennium Copyright Act of 1998

Answer 12

prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of ISPs for activities of their users.
$1,000,000 and 10 years for repeat offenders

Question 13

Economic Espionage Act of 1996

Answer 13

• Provides penalties for individuals found guilty of the theft of trade secrets.
Harsher penalties when the individual knows that the information will benefit a foreign government.

Question 14

Uniform Computer Information Transactions Act

Answer 14

provides a framework for the enforcement of shrink-wrap and click-wrap agreements by federal and state governments.

Question 15

Privacy Act of 1974

Answer 15

limits ability of federal government to disclose private info without consent.

Question 16

Electronic Communications Privacy Act of 1986

Answer 16

crime to invade the electronic privacy of an individual.

§ Broadened the Federal Wiretap Act

Question 17

Communications Assistance for Law Enforcement Act (CALEA) of 1994

Answer 17

amended ECPA, requires all communications carriers to make wiretaps possible for law enforcement with court order.

Question 18

Economic and Protection of Proprietary Information Act of 1996

Answer 18

extends definition of proprietary economic information so theft of indo can be considered industrial or corporate espionage.

Question 19

Children’s Online Privacy Protection Act of 1998

Answer 19

collecting info online from kids (under 13)

Question 20

Identity Theft and Assumption Deterrence Act

Answer 20

makes identity theft a crime against the person whose identity was stolen.