Chapter 4 Flashcards
Criminal Law - United States Code (USC)
Civil Law - USC
Administrative Law - Code of Fed Regulations (CFR)
CFAA (Computer Fraud and Abuse Act)
Computer crime related to “federal interest” computer systems, cross-state, interstate commerce, financial institutions
NIIPA (National Info Infra Protection Act) - include international commerce and national infra (power, gas, electr, telecomm, rail)
FISMA (Federal Information Security Management Act)
Require fed agencies to implement an information
security program that covers the agency’s operations
Copyright
70 years after death of last surviving author
Works for hire or anonymous - whichever is shorter of:
- 95 years after 1st publication
- 120 year after creation
Trademark
- 10 year periods
- filed with USPTO
- cannot be confused with another
- cannot be descriptive
Patent
Utility patents:
- idea of invention
- 20 years
Design patents:
- form (appearance) of invention
- 15 years
Economic Espionage Act
Protect IP and trade secrets; criminal law
Defend Trade Secrets Act - extension of EEA to add civil right of action (civil lawsuits)
Software license types
- Perpetual license - forever
- Subscription license
- Open source license (e.g. GNU)
- Freeware - may come with less features
- Enterprise license (ELA)
- End user license agreement (EULA) - acceptable use
- Concurrent user license - set number of users at the same time
- Named user license
- Cloud service license - link or flash info on screen when accessing service
ITAR (International Traffic in Arms Regulation)
Covers military and defense items including tech info
- US Munitions List (USML)
EAR (Export Administration Regulations)
Covers commercial items that may have military applications
- Commerce Control List (CCL)
Export countries of concern
Cuba, North Korea, Iran, Syria
Bureau of Industry and Security (BIS)
Looks after export of security software
Fourth Amendment
Gov’t cannot search or wiretap without warrant & probable cause
Privacy Act
Applies to fed gov’t agencies only
ECPA (Electronic Comm Privacy Act)
- Includes phone, mobile phone, comm over physical wire, electronic comm
- Illegal to intercept, monitor or disclose
CALEA (Comm Assist for Law Enforcement Act)
Amend ECPA to require carriers to make wiretap with court order
HIPAA (Health Info Portability and Accountability Act)
For hospitals, insurance co, health care providers and other orgs that store and process private medical info
HITECH - amend to add notification of breach, and inclusion of business associates
COPPA (Children’s Online Privacy Protection Act)
- websites catering to children
- under 13
- provide privacy notice
- parents can access info, request deletion
- parents must give consent
GLBA (Graham-Leach-Bliley Act)
Governs info exchanged between financial institutions
US PATRIOT Act
- Wiretap all communications of a person with single warrant
- ISP’s may provide info to gov’t with subpoena
CLOUD (Clarifying Lawful Overseas Use of Data) Act
- applies to US-based companies
- Gov’t can get access to info stored on servers outside US
- Foreign gov’t can get access if country has agreement
FERPA (Federal Educational Rights and Privacy Act)
- Parent/student right to inspect educational records
- Parent/student right to request for correction
- No disclosure without written consent
EU GDPR
- Legal and transparent processing of personal info
- Purpose(s) must be clearly stated
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability and demonstrate compliance
2 ways to comply for non-EU companies:
- Standard contractual clauses (SCC)
- Binding corp rules (BCR)
Cannot share with US
PIPEDA (Canada)
- Covers info on individual that makes person identifiable
- excludes info about org or business, gov’t, public servants, anonymous, purely for personal purposes
PIPL (China)
Similar to GDPR
POPIA (South Africa)
Similar to GDPR
- Has special heightened restrictions on children personal info
CCPA (California Consumer Privacy Act)
Similar to GDPR
