Computer Fraud and Abuse Act

src: www.slate.com

The Computer Fraud and Abuse Act ( CFAA ) is a US cybersecurity bill enacted in 1986 as an amendment to an existing computer fraud law (18 USCÃ,§à ¢ 1030), which has been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing computers without authorization, or exceeding authorization.

The original 1984 bill was enacted in response to concerns that computer-related crimes may go unpunished. The House Committee's report on the original computer criminal bill marked the 1983 movie techno-thriller WarGames - in which a young Matthew Broderick broke into a US military supercomputer programmed to predict the likely outcome of a nuclear war and unwittingly almost started World War III - as "Realistic Representations from the ability to call and access automatically from a personal computer. "

The CFAA was written to increase the scope of an earlier version of 18 USC Ã, § 1030 while, in theory, limiting the federal jurisdiction to the case "with interesting federal interests-that is, where computers from the federal government or certain financial institutions are involved or where crime itself is inter-state. "(see" Computer Protected ", below). In addition to amending some of the provisions in the original 1030 section, the CFAA also criminalizes additional computer-related actions. Terms of handling the distribution of malicious code and denial of service attacks. Congress also incorporates CFAA provisions that criminalize trading of passwords and similar goods.

Since then, the Act has been amended several times - in 1989, 1994, 1996, in 2001 by the USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act.

In January 2015 Barack Obama proposed expanding the CFAA and the RICO Act in the Modernization Enforcement Cyber ​​Law Enforcement Proposal . The organizers of DEF CON and Cloudflare researchers, Marc Rogers, Senator Ron Wyden, and Representative Zoe Lofgren have objected to this with the excuse that it will make many ordinary Internet activities illegal and move beyond what they are trying to accomplish with Aaron's Law.

Video Computer Fraud and Abuse Act

Protected computer

The only computer, in theory, is covered by a CFAA defined as a "protected computer". They are defined under section 18 of AS. 1030 (e) (2) means the computer:

• exclusively for the use of a financial institution or the United States Government, or any computer, when the behavior constituting an offense affects the use of computers by or to a financial institution or Government; or
• used in or affecting inter-country or overseas commerce or communications, including computers located outside the United States used in a manner that affects interstate or overseas commerce or United States communications...

In practice, every regular computer has been under the jurisdiction of the law, including mobile phones, due to the inter-state nature of most Internet communications.

Maps Computer Fraud and Abuse Act

Criminal violations under the Act

The CFAA's provisions that effectively make it a federal crime to violate Internet site service provisions have been criticized for allowing companies to prohibit legitimate activities such as research, or remove protection found elsewhere in law. Terms of service can be changed at any time without notifying the user. Tim Wu called the CFAA "the worst law in technology".

Aaron Swartz

After the prosecution and suicide of Aaron Swartz (who infiltrated MIT's computer network to download tax-financed research articles and then criticized), MPs proposed amendments to the Computer Fraud and Abuse Act. Representative Zoe Lofgren drew up a bill that would help "prevent what happens to Aaron happening to other Internet users". Aaron's Law (H.R. 2454, S. 1196) shall exclude service violation provisions of the 1984 Computer Fraud and Abuse Act and from wire fraud laws, despite the fact that Swartz is not prosecuted under the Terms of Service violations.

In addition to Lofgren's efforts, Representatives Darrell Issa and Jared Polis (also on the House Judiciary Committee) raised questions about the government's handling of the case. Polis called the accusations "silly and contrived," referring to Swartz as a "martyr." Issa, chairman of the House Supervisory Committee, announced an investigation into the prosecution of the Department of Justice.

In May 2014, Aaron's Law stalled on the committee, reportedly due to the financial interests of Oracle's technology companies.

Aaron's law was reintroduced in May 2015 (H.R. 2454, S. 1030) and once again stopped.

src: lawfare.s3-us-west-2.amazonaws.com

Change history

2008

• Eliminates the requirement that information must have been stolen through interstate or foreign communications, thereby expanding the jurisdiction for cases involving the theft of information from a computer;
• Eliminates the requirement that the defendant's actions should result in a loss of more than $ 5,000 and creates a crime offense in which damage affects ten or more computers, closes the loopholes in the law;
• Expands 18 USCÃ,§1030 (a) (7) to criminalize not only explicit threats to cause damage to the computer but also threats against (1) stealing data on victim computers, (2) openly disclosing data theft, or (3) does not repair the damage that the violator has caused to the computer;
• Make a criminal offense for conspiring to commit a computer hack violation in section 1030;
• Extends the definition of "protected computer" in 18 U.S.C.Ã, §§, 1030 (e) (2) to fully strengthen the Congress trade by including computers used in or affecting trade or interstate or foreign communications; and
• Provide a mechanism for the detention of property in civil and criminal cases used in or derived from violation of section 1030.

src: slideplayer.com

See also

• Secret Defense Act of 1911/Espionage Act of 1917/McCarran Internal Security Act 1950
• Comprehensive California Computer Data Access and Fraud Act
• Electronic Communications Privacy Act
• LVRC Holdings LLC v. Brekka
• In DoubleClick re
• Transportation Authority of Massachusetts Bay v. Anderson
• Information technology audit
• Information technology security audit
• Computer fraud
• Hacker Crackdown (state law & amp; an eponymous Chicago task force)
• Protected computer
• WikiLeaks
• Weev

src: s-i.huffpost.com

References

src: i.ytimg.com

External links

• 18 AS 1030, legal text
• Cybercrime: Sketch 18 U.S.C. 1030 and Federal Related Criminal Law, by Charles Doyle, CRS, 12 27 2010, (FAS.org)

Source of the article : Wikipedia