Chapter 4 - Laws, Regulations, And Compliance Flashcards
Scope of Computer Fraud and Abuse Act
Originally, Congress first enacted computer crime law as part of the Comprehensive Crime Control Act (CCCA). The major provisions of the act are that it is a crime to perform the following:
- Access classified information or financial information in a federal system without authorization or in excess of authorized privileges
- Access a computer used exclusively by the federal government without authorization
- Use a federal computer to perpetrate a fraud
- Cause malicious damage to a federal computer system in excess of $1,000
- Modify medical records in a computer when doing so impairs or may impair the examination, diagnosis, treatment, or medical care of an individual
- Traffic in computer passwords if the trafficking affairs interstate commerce or involves a federal computer system
CCCA was amended by the more well -known Computer Fraud and Abuse Act (CFAA) in 1986 to change the scope of regulation. The widened coverage act to include the following:
- Any computer used exclusively by the U.S government
- Any computer used exclusively by a financial institution
- Any computer used by the government or a financial institution when the offense impedes the ability of the government or institution to use that system
- Any combination of computers used to commit an offense when they are not all located in the same state
The scope of Computer Security Act of 1987
- To give the National Institute of Standards and Technology (NIST) responsibility for developing standards and guidelines for federal computer systems. For this purpose, NIST draws on the technical advice and assistance (including work products) of the National Security Agency where appropriate.
- To provide for the enactment of such standards and guidelines,
- To require the establishment of security plans by all operators of federal computer systems that contain sensitive information.
- To require mandatory periodic training for all people involved in management, use, or operation of federal computer systems that contain sensitive information.
Fourth Amendment
The basis for privacy rights is in the Fourth Amendment to the US constitution. It reads as follows:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The direct interpretation of this amendment prohibits government agents from searching private property without a warrant and probable cause.
Privacy Act of 1974
It’s perhaps the most significant piece of privacy legislation restricting the way the federal government may deal with private information about individual citizens. It severely limits the ability of federal government agencies to disclose private information to other persons or agencies without the prior written consent of the affected individuals.
Scope of Children’s Online Privacy Protection Act of 1998
- Websites must have a privacy notice that clearly states the types of information they collect and what it’s used for, including whether any information is disclosed to third parties. The privacy notice must also include contact information for the operators of the site.
- Parents must be provided with the opportunity to review any information collected from their children and permanently delete it from the sites records.
- Parents must give verifiable consent to the collection of information about children younger than the age of 13 prior to any such collection. Exceptions in the law allow websites to collect minimal information solely for the purpose of obtaining such parental consent.
Types of license agreements
- Contractual license agreements use a written contract between the software vendor and the customer, outlining the responsibilities of each.
- Shrink-wrap license agreements are written on the outside of the software packaging. They commonly include a clause stating that you acknowledge agreement to the terms of the contract simply by breaking the shrink-wrap seal on the package.
- Click-through license agreements are becoming more commonplace than shrink-wrap agreements. In this type of agreement, the contract terms are either written on the software box or included in the software documentation.
- Cloud services license agreements take click-through agreements to the extreme. Most cloud services do not require any form of written agreement and simply flash legal terms on the screen for review. In some cases, they may simply provide a link to legal terms and a check box for users to confirm that they read and agree to the terms.
Patent Grant Period
US patent law provides for an exclusivity period of 20 years beginning at the time the patent application is submitted to the Patent and Trademark Office.
What category of law deals with regulatory standards that regulate performance and conduct?
Administrative/regulatory law deals with regulatory standards that regulate performance and conduct. Government agencies create these standards, which are usually applied to companies and individuals within those specific industries. Some examples of administrative laws could be that every building used for business must have a fire detection and suppression system, must have easily seen exit signs, and cannot have blocked doors, in case of a fire. Companies that produce and package food and drug products are regulated by many standards so the public is protected and aware of their actions. If a case was made that specific standards were not abided by, high officials in the companies could be held accountable, as in a company that makes tires that shred after a couple of years of use. The people who held high positions in this company were most likely aware of these conditions but chose to ignore them to keep profits up. Under administrative, criminal, and civil law, they may have to pay dearly for these decisions.
Copy right law protection
A copyright covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, and computer programs. In most countries, once the work or property is completed or is in a tangible form, the copyright protection is automatically assumed.
Copyright protection is weaker than patent protection, but the duration of protection is considerably longer (e.g., a minimum of 50 years after the creator’s death or 70 years under U.S. copyright protection).
What evidence is defined as inference of information from other, intermediate, relevant facts?
Circumstantial evidence is defined as inference of information from other, intermediate, relevant facts. Secondary evidence is a copy of evidence or oral description of its contents. Conclusive evidence is incontrovertible and overrides all other evidence and hearsay evidence is evidence that is not based on personal, first-hand knowledge of the witness, but was obtained from another source. Computer-generated records normally fall under the category of hearsay evidence.
Real evidence
Real evidence is tangible and able to stand alone without the need for supplementary evidence. Usually real evidence consists of physical things that were captured from the crime scene. For example, a videotape showing the suspect would be a good example of real evidence.
Patent protects the idea.
N/A
Proximate Causation
In order for a company to be liable, proximate causation must be proven. This means that it can be proven that the company was actually at fault and responsible for a negative activity that took place.
Information Warfare
Information warfare is action of attacking another nations infrastructure to gain military advances through information gathering and intelligence, and carrying out active attacks to manipulate and possibly destroy systems and networks.
Secondary Evidence
Secondary evidence is not a reliable form of evidence. Typically, oral evidence like testimonies, are placed in this category. Also, copies of documents are considered secondary in nature.
