1 / 6

Computer Fraud and Abuse Act (CFAA)

Computer Fraud and Abuse Act (CFAA). Preventing the Destruction of eDocuments Team 8 – Jason Conrad, Ben Sweeney, Jeff Woodward. Background on CFAA. Originally passed in 1984 as a way to protect classified information on government systems

marion
Download Presentation

Computer Fraud and Abuse Act (CFAA)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Fraud and Abuse Act(CFAA) Preventing the Destruction of eDocuments Team 8 – Jason Conrad, Ben Sweeney, Jeff Woodward

  2. Background on CFAA • Originally passed in 1984 as a way to protect classified information on government systems • In 1996 – the act was expanded from “government” computers to “protected” computers • Protected means any machine that engages in interstate commerce • In 2000 – through Shurgard Storage Centers v. Safeguard Self Storage – demonstrated the meaning of “protected” computer and “authorization”

  3. The Shurgard Case – Defining a “Protected Computer” • Mr. T, an employee of Safeguard, came to the company after leaving his previous employer, Shurgard • Sent messages containing trade secret information while still employed by Shurgard • Relevance of this case: the judge essentially said that “almost all computer use has become interstate in nature” and that “Shurgard’s computers were indeed protected computers” within the scope of the CFAA • Summary: all computers connected to the Internet are within the scope of the CFAA

  4. International Airports v. Citrin • The case: Citrin, a managing director at International Airports removed company files from a computer upon leaving the company • Company sued for violation of anti-hacking (CFAA) • Judge threw out case and said that removing files does not violate CFAA since he was an employee of the company and “was authorized” • When appealed, Judge Posner said that Citrin’s termination of employment meant that his authorization ended – he deleted files without authorization as an internal entity • In this case, appellate interpretations of the CFAA hold that permanently erasing files from an employer’s computer could trigger federal liability • Federal liability = you’re in trouble • CFAA requires that the “knowing transmission of a program, code or command intentionally damages, without authorization, a protected computer” in order to be enforced • Now, according to this case, this violation can occur externally as well as internally

  5. United States v. Mitra • Mitra, student at University of Wisconsin, transmitted radio signal that disabled communications for police, fire, ambulance, etc. • Argued that he never hacked into any computers because he used a radio frequency – not a computer • 7th Circuit opinion – a “computer” is an electronic device, which includes radios that contain chips for high speed data processing • Ruled that his disabling of the communications was actually “hacking” because it was hampering a “protected” interstate communication • Mitra argued that if his radio is a computer, then isn’t everything a computer? iPods, cell phone, cell tower, etc. – so doesn’t this give the government too much control according to CFAA? • Any use of radio frequency is considered interstate commerce because it is governed by the FCC • CFAA does not give government too much power – there are limitations, damage must be intentional, at least $5,000, or a threat to public safety • In summary: a “protected computer” could be anything but is necessary in order to protect vital communication and business systems

  6. Thank You • Questions? • Do you think the scope of the CFAA and the definition of protected computers is too wide, even though it protects interstate commerce and security? …team 7 does…

More Related