Bus 242 Chapter 29 Computer privacy and speech

The two distinct rights of privacy recognized in the US are

1. Constitutional right to privacy (upheld by the US Supreme Court). 2. Privacy protecting information about individuals from widespread distribution.

Three typical company policies that restrict email sent or received by employees while on the employer's premises.

1. Emails may be read by the employer. 2. Employee is forbidden to encrypt messages. 3. May not install passwords unknown to the employer or without his permission.

Four rights that may be violated when individuals gain access to computers without proper authorization.

1. Invasion of privacy. 2. Unauthorized use of the computer itself. 3. Manipulation of financial, monetary and other records. 4. Unauthorized access to databases.

Laws that restrict speech but are constitutionally acceptable are

1. Obscene statements--that which is judge as such by local community standards. 2. Defamatory statements--Speech that harms a person's reputation. Slander (spoken), libel (written/published). 3. Certain one-to-one communications--i.e. telemarketers cease calling when requested. 4. Verbal or written threats to person or property. 5. Intentional infliction of emotional distress. Note: As a public figure s/he implicitly allows others to write about him/her. Also, IPS are not liable for defamations made while using their service without prior knowledge. If such thing happens again, they are liable.

Three examples of unauthorized computer use that can result in criminal prosecution.

1. Transfer funds from one bank account to another. 2. Change students' grades 3. Charge someone else for purchases made.

Electronic Funds Transfer Act (EFTA-1979)

A federal statute that makes it an offense to use any device that is part of an electronic transfer mechanism to steal money, goods, or services or to alter data, interrupt wire transmissions, or use stolen codes or passwords, when the purpose of such activity is to obtain something of value unlawfully.

Spoofing

A legitimate website is reproduced to fool users into thinking that they are connected to a trusted site.

Federal Trade Commission (FTC)

An agency that regulates a variety of business practices and curbs false advertising, misleading pricing, and deceptive packaging and labeling

Electronic Communications Privacy Act (ECPA)

Federal statute addressing hacking and other forms of illegal access to computers' systems. Emails send from home are protected as private but emails send from work have no right to privacy--an employer can check send or receive messages from an employee's computer. ECPA makes it a federal crime to monitor emails during real time (when it is being sent or received), unless they are law enforcement officials granted permission by a court to monitor emails.

Cookie

Filed embedded on the hard drive of a computer, often without a person's knowledge, that collects and stores information about user's online behavior, including websites that have been visited. No law protecting adults from this, but the prohibited when minors are involved without parental consent.

USA Patriot Act (2001)

Law passed due to 9/11 attacks; sought to prevent further terrorist attacks. Specific provisions: 1. Lowers the standards required for law enforcement officials and government agents to monitor email and personal electronic information. 2. Allows increased government cyber-surveillance. 3. Makes it easier to charge persons with serious computer-related crimes.

Unlawful Internet Gambling Enforcement Act (UIGEA, 2006)

Prohibits online gambling businesses from accepting payments related to Internet gambling in violation of federal or state law, and requires all financial institutions to block payments to unlawful online gambling businesses.

Spyware

Software that can change a computer's security settings or steal a victim's personal information (i.e. email addresses, bank account numbers, cc numbers).

Phishing

The practice of tricking individuals into disclosing personal information via email

Difference between the CFAA and the ECPA

Under ECPA there must be an intend to exceed authorization for a crime to be committed but the CFAA doesn't require such intend if the intrusion onto another person's computer-stored info causes damage.

Spam

Unwanted e-mail (usually of a commercial nature sent out in bulk). Undesirable because it can drain an ISP's resources, strain network bandwidth, and clog a user's email folders.

Computer Fraud and Abuse Act (CFAA)

a federal statute that prohibits unlawful access to computers used in national defense, by financial institutions, or by governments.