CS 210: Cybercrime and the Law
Rule 41
- Federal Rules of Criminal Procedure - the legal rules dealing with investigating, prosecuting, adjudicating, and punishing individuals - Supreme Court produces them, Congress approves - Rule 41 authorizes remote searches of electronic devices (law enforcement hacking) - Changes allow for a single warrant to target multiple devices, regardless of location - Changes took effect Jan. 1st, 2016
National Security Letters
- a form of administrative subpoena - includes a gag order for recipient - no court oversight (no expectation of privacy) - investigative tool for terrorism and espionage - expanded use under Patriot Act has been controversial - judicial review allowed in Patriot Act renewal in 2006
CISA (Cybersecurity Information Sharing Act)
- allows companies to share information about cyberattacks with each other and DHS - no liability for companies sharing such data - EFF and ACLU concerned about broad language and inclusion of customer data
USA Patriot Act (2001)
- extended pen register definition to include internet analogues - extended "computer trespasser" definition to include cyberterrorism - extended CFAA to include definition of loss - allows nationwide warrants for e-mails - allows prosecution of attackers outside US - expanded the use of National Security Letters
Third Party Doctrine
- legal theory (based on precedent, not a law) - things held out in public are not considered reasonable private - information voluntarily given to a third party is not private - data shared with banks, ISPs, social media providers, cell providers, and email providers do not necessarily require a warrant
DMCA (1996)
17 U.S. Code 1201 Anti-Circumvention Provision criminalizes circumventing copyright protection (DRM) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
Stored Communications Act
18 U.S. Code Section 2701-3 Governs voluntary disclosure of stored information Governs how government can compel disclosure - Warrant - requires probable cause - 2703(d) order - requires specific facts be relevant - Subpoena - requires reasonable relevance Government does not need a warrant for communications stored by third party
Computer Fraud and Abue Act
Title 18 U.S. Code Section 1030 Enacted in 1896 - seen as a response to the movie War Games - protected "federal computers" (government interest) In 1996, expanded to "protected computer" - used by federal government or financial instutution - involved in interstate commerce - also expanded to include using malicious code
subpoena
a court order issued at the request of a party requiring a witness to testify, produce specified evidence, or both
cybercrime
a crime in which the criminal act can be carried out only through the use of cybertechnology and takes place only in the "cyberrealm"
cyber-assisted crime
a crime in which the criminal act is exacerbated or assisted by cybertechnology
civil law
a generic term for all non-criminal law, usually relating to settling disputes between private citizens
crime
a type of behavior that has been defined by the state as deserving of punishment, which usually includes imprisonment in the county jail or state or federal prison; crimes and their punishments are defined by Congress and state legislatures
law
any system of regulations to govern the conduct of the people of an organization, community, society, or nation
cybervandalism
disrupting communications or destroying data
18 U.S. Code Section 1037
fraud and related activity in connection with electronic mail
cybertrespass
gaining unauthorized access to a computer system or software
18 U.S. Code Section 1462
importation or transportation of obscene matters
criminal law
laws written by Congress and state legislators that make certain behavior illegal and punishable by fines and/or imprisonment - also includes decisions by appellate court that define crimes and regulate criminal procedure in the absence of clear legislated rules
18 U.S. Code Section 1466A
obscene visual representations of the sexual abuse of children
cyberpiracy
reproduce and/or distributing proprietary information
ECPA (Electronic Communications Privacy Act)
search warrant required for communication in transit (wiretap act); stored communications act; phone conversation content requires a warrant; pen register (non-content) requires a subpoena (pen trap provisions)
Fourth Amendment
warrant required when people has reasonable expectation of privacy
warrant
an order signed by a judge that directs owners of private property to allow the police to enter and search for items named in the warrant, must have probable cause
