Protected computer

Last updated

Protected computers is a term used in Title 18, Section 1030 of the United States Code, (the Computer Fraud and Abuse Act) which prohibits a number of different kinds of conduct, generally involving unauthorized access to, or damage to the data stored on, "protected computers". The statute, as amended by the National Information Infrastructure Protection Act of 1996, [1] defines "protected computers" (formerly known as "federal interest computers") as:

United States Code official compilation and codification of the United States federal laws

The Code of Laws of the United States of America is the official compilation and codification of the general and permanent federal statutes of the United States. It contains 53 titles. The main edition is published every six years by the Office of the Law Revision Counsel of the House of Representatives, and cumulative supplements are published annually. The official version of those laws not codified in the United States Code can be found in United States Statutes at Large.

The Computer Fraud and Abuse Act (CFAA) is a United States cybersecurity bill that was enacted in 1984 as an amendment to existing computer fraud law, which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization. Prior to computer-specific criminal laws, computer crimes were prosecuted as mail and wire fraud, but the applying law was often insufficient.

The National Information Infrastructure Protection Act was Title II of the Economic Espionage Act of 1996, as an amendment to the Computer Fraud and Abuse Act.

Contents

a computer—

(A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or

(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States. [2]

The law prohibits unauthorized obtaining of "information from any protected computer if the conduct involved an interstate or foreign communication," [3] and makes it a felony [4] to intentionally transmit malware to a protected computer if more than $5000 in damage (such as to the integrity of data) were to result.

Scope

The U. S. Justice Department explains:

In the 1994 amendments (of the National Information Infrastructure Act), the reach of this subsection (E. Subsection 1030(a)(5)) was broadened by replacing the term "federal interest computer" with the term "computer used in interstate commerce or communications." The latter term is broader because the old definition of "federal interest computer" in 18 U.S.C. § 1030(e)(2)(B) covered a computer "which is one of two or more computers used in committing the offense, not all of which are located in the same State." This meant that a hacker who attacked other computers in the same state was not subject to federal jurisdiction, even when these actions may have severely affected interstate or foreign commerce. For example, individuals who attack telephone switches may disrupt interstate and foreign calls. The 1994 change remedied that defect.

However, the definition of federal interest computer actually covered more than simply interstate activity. More specifically, 18 U.S.C. § 1030(e)(2)(A) covered, generically, computers belonging to the United States Government or financial institutions, or those used by such entities on a non-exclusive basis if the conduct constituting the offense affected the Government's operation or the financial institution's operation of such computer. By changing § 1030(a)(5) from "federal interest computer" to "computer used in interstate commerce or communications," Congress may have inadvertently eliminated federal protection for those government and financial institution computers not used in interstate communications. For example, the integrity and availability of classified information contained in an intrastate local area network may not have been protected under the 1994 version of 18 U.S.C. § 1030(a)(5), although its confidentiality continued to be protected under 18 U.S.C. § 1030(a)(1). To remedy this situation in the 1996 Act, 18 U.S.C. § 1030(a)(5) was redrafted to cover any "protected computer," a new term defined in § 1030(e)(2) and used throughout the new statute--in § 1030(a)(5), as well as in §§ 1030(a)(2), (a)(4), and the new (a)(7). The definition of "protected computer" includes government computers, financial institution computers, and any computer "which is used in interstate or foreign commerce or communications."

This broad definition addresses the original concerns regarding intrastate "phone phreakers" (i.e., hackers who penetrate telecommunications computers). It also specifically includes those computers used in "foreign" communications. With the continually expanding global information infrastructure, with numerous instances of international hacking, and with the growing possibility of increased global industrial espionage, it is important that the United States have jurisdiction over international computer crime cases. Arguably, the old definition of "federal interest computer" contained in 18 U.S.C. § 1030(e)(2) conferred such jurisdiction because the requirement that the computers used in committing the offense not all be located in the same state might be satisfied if one computer were located overseas. As a general rule, however, Congress's laws have been presumed to be domestic in scope only, absent a specific grant of extraterritorial jurisdiction. E.E.O.C. v. Arabian American Oil Co., 499 U.S. 244 (1991). To ensure clarity, the statute was amended to reference international communications explicitly. [5]

See also

Computer trespass

Computer trespass is a computer crime in the United States involving unlawful access to computers. It is defined under the Computer Fraud and Abuse act.

Defense Intelligence Agency United States federal agency

The Defense Intelligence Agency (DIA), an external intelligence service of the United States federal government, specializes in defense and military intelligence.

Interpol international law enforcement agency

The International Criminal Police Organization, more commonly known as Interpol, is an international organization that facilitates worldwide police cooperation. It was established in 1923 as the International Criminal Police Commission (ICPC); it chose INTERPOL as its telegraphic address in 1946, and made it its common name in 1956.

Related Research Articles

Patriot Act 2001 United States anti-terrorism law

The USA PATRIOT Act is an Act of the U.S. Congress that was signed into law by President George W. Bush on October 26, 2001. The title of the Act is a contrived three letter initialism (USA) preceding a seven letter acronym (PATRIOT), which in combination stand for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. The acronym was created by a 23 year old Congressional staffer, Chris Kyle.

The Commerce Clause describes an enumerated power listed in the United States Constitution. The clause states that the United States Congress shall have power "To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribes." Courts and commentators have tended to discuss each of these three areas of commerce as a separate power granted to Congress. It is common to see the individual components of the Commerce Clause referred to under specific terms: the Foreign Commerce Clause, the Interstate Commerce Clause, and the Indian Commerce Clause.

Electronic Communications Privacy Act US Act of Congress

The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act, and added so-called pen trap provisions that permit the tracing of telephone communications . ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).

PROTECT Act of 2003

The PROTECT Act of 2003 is a United States law with the stated intent of preventing child abuse as well as investigating and prosecuting violent crimes against children. "PROTECT" is a backronym which stands for "Prosecutorial Remedies and Other Tools to end the Exploitation of Children Today".

Title V: Removing obstacles to investigating terrorism is the fifth of ten titles which comprise the USA PATRIOT Act, an anti-terrorism bill passed in the United States after the September 11, 2001 attacks. It contains 8 sections regarding the capture and prosecution of terrorists.

Section summary of the Patriot Act, Title II

The following is a section summary of the USA PATRIOT Act, Title II. The USA PATRIOT Act was passed by the United States Congress in 2001 as a response to the September 11, 2001 attacks. Title II: Enhanced Surveillance Procedures gave increased powers of surveillance to various government agencies and bodies. This title has 25 sections, with one of the sections containing a sunset clause which sets an expiration date, 31 December 2005, for most of the title's provisions. On 22 December 2005, the sunset clause expiration date was extended to 3 February 2006.

The USA PATRIOT Act was passed by the United States Congress in 2001 as a response to the September 11, 2001 attacks. It has ten titles, each containing numerous sections. Title III: International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001 is actually an act of Congress in its own right as well as being a title of the USA PATRIOT Act, and is intended to facilitate the prevention, detection and prosecution of international money laundering and the financing of terrorism. The title's sections primarily amend portions of the Money Laundering Control Act of 1986 and the Bank Secrecy Act of 1970.

Title 18 of the United States Code is the main criminal code of the federal government of the United States. The Title deals with federal crimes and criminal procedure. In its coverage, Title 18 is similar to most U.S. state criminal codes, which typically are referred to by such names as Penal Code, Criminal Code, or Crimes Code. Typical of state criminal codes is the California Penal Code. Many U.S. state criminal codes, unlike the federal Title 18, are based on the Model Penal Code promulgated by the American Law Institute.

The USA PATRIOT Act was passed by the United States Congress in 2001 as a response to the September 11, 2001 attacks. It has ten titles, with the third title written to prevent, detect, and prosecute international money laundering and the financing of terrorism.

Title VIII: Strengthening the criminal laws against terrorism is the eighth of ten titles which comprise the USA PATRIOT Act, an anti-terrorism bill passed in the United States one month after the September 11, 2001 attacks. Title VIII contains 17 sections and creates definitions of terrorism, and establishes or re-defines rules with which to deal with it.

Information technology law concerns the law of information technology, including computing and the internet. It is related to legal informatics, and governs the digital dissemination of both (digitalized) information and software, information security and electronic commerce. aspects and it has been described as "paper laws" for a "paperless environment". It raises specific issues of intellectual property in computing and online, contract law, privacy, freedom of expression, and jurisdiction.

Fraud Enforcement and Recovery Act of 2009

The Fraud Enforcement and Recovery Act of 2009, or FERA, Pub.L. 111–21, S. 386, 123 Stat. 1617, enacted May 20, 2009, is a public law in the United States enacted in 2009. The law enhanced criminal enforcement of federal fraud laws, especially regarding financial institutions, mortgage fraud, and securities fraud or commodities fraud.

Child pornography laws in the United States specify that child pornography is illegal under federal law and in all states and is punishable by up to 20 years' imprisonment or fine of $5000. The Supreme Court of the United States has found child pornography to be "legally obscene", a term that refers to offensive or violent forms of pornography that have been declared to be outside the protections of the First Amendment to the United States Constitution. Federal sentencing guidelines on child pornography differentiate between production, distribution, and purchasing/receiving, and also include variations in severity based on the age of the child involved in the materials, with significant increases in penalties when the offense involves a prepubescent child or a child under the age of 12. U.S. law distinguishes between pornographic images of an actual minor, realistic images that are not of an actual minor, and non-realistic images such as drawings. The latter two categories are legally protected unless found to be obscene, whereas the first does not require a finding of obscenity.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

United States of America v. Ancheta is the name of a lawsuit against Jeanson James Ancheta of Downey, California by the U.S. Government and was handled by the United States District Court for the Central District of California. This is the first botnet related prosecution in U.S history.

<i>United States v. Ivanov</i>

United States v. Ivanov was an American court case addressing subject-matter jurisdiction for computer crimes performed by Internet users outside of the United States against American businesses and infrastructure. In trial court, Aleksey Vladimirovich Ivanov of Chelyabinsk, Russia was indicted for conspiracy, computer fraud, extortion, and possession of illegal access devices; all crimes committed against the Online Information Bureau (OIB) whose business and infrastructure were based in Vernon, Connecticut.

Travel Act

Travel Act or International Travel Act of 1961, 18 U.S.C. § 1952, is a Federal criminal statute which forbids the use of the U.S. mail, or interstate or foreign travel, for the purpose of engaging in certain specified criminal acts.

The National Stolen Property Act is an Act of Congress which prohibits certain offenses relating to stolen property and forgery. The definitions related to the Act are codified at 18 U.S.C. § 2311 and the offense are codified at 18 U.S.C. §§ 2314–2315.

References

  1. Pub. L. No. 104-294, 110 Stat. 3491-3494.
  2. 18 U.S.C. § 1030(e)(2) (2006).
  3. 18 U.S.C. Archived 2008-10-15 at the Wayback Machine .§ 1030(a)(2).
  4. See 18 U.S.C. § 1030(a)(5); 18 U.S.C. § 3559.
  5. Cybercrime.gov THE NATIONAL INFORMATION INFRASTRUCTURE PROTECTION ACT OF 1996 Archived 2007-11-04 at the Wayback Machine .