SlideShare a Scribd company logo

The Latest Developments in Computer Crime Law

Source Conference
Source Conference

SOURCE Seattle 2011 - Marcia Hofmann

Technology
1 of 22
Download to read offline
The Latest Developments in Computer Crime Law SOURCE Seattle June 15, 2011 Marcia Hofmann, EFF
what we’ll talk about today ✪ The federal hacking law and why it’s problematic. ✪ A couple trends that have emerged from recent cases in which courts have interpreted the scope of this law. ✪ What these trends suggest about the future.
Background The Computer Fraud and Abuse Act 18 U.S.C. § 1030
seven basic prohibitions 1) espionage 2) improperly accessing financial records, government information, or information on a “protected computer” 3) trespass to government computers 4) improperly accessing someone else’s computer with intent to defraud 5) causing damage to someone else’s computer 6) password trafficking with intent to defraud 7) extortion
improper access The CFAA prohibits, among other things, “intentionally access[ing] a computer without authorization or in excess of authorization, and thereby obtain[ing] . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C).
improper access Courts have interpreted “obtaining information” broadly. Basically any computer connected to the internet is a “protected computer.” So the major limiting principle is “authorized.”
development 1 expansive theories of unauthorized access/exceeding authorized access
Some people have argued that authorization ends when an employee violates a duty of loyalty to an employer... International Airport Centers v. Citrin LVRC Holdings v. Brekka
Others have gone so far as to argue that authorization ends when a person violates a web site’s terms of use. United States v. Drew Facebook v. Power Ventures United States v. Lowson
The case law in this area recently took a turn for the worse when an appeals court found that violating an employer’s computer use policies “exceeds authorized access.” United States v. Nosal
The future? Lee v. PMSI, Inc. Sony v. Hotz
development 2 attempts to double-count penalties for unauthorized access
A first-time violation of the “unauthorized access” provision is generally a misdemeanor. However, it can be elevated to a felony in certain circumstances, like when the offense is committed in furtherance of another crime or tortious act.
United States v. Drew Government: felony unauthorized access to a computer in furtherance of intentionally inflicting emotional distress. Jury: no, misdemeanor unauthorized access. Judge: no, violating terms of service is not unauthorized access.
United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer.
United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer. Do over!
United States v. Kernell Government: felony unauthorized access to a computer in furtherance of invasion of privacy and aiding and abetting other unauthorized accesses to a computer. Jury: no, misdemeanor unauthorized access.
United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. (This is a problem.)
The CFAA prohibits unauthorized access to and obtaining information from a computer. (Here, email.) The Stored Communications Act prohibits unauthorized access to an electronic communication service and obtaining stored communications. (Here, email.) It’s the same thing.
United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. Appeals court: no, these are misdemeanors.
The future? legislative changes (enhanced penalties?)
questions? Marcia Hofmann Senior Staff Attorney, EFF marcia@eff.org

Recommended

Cyber Harassment
Cyber HarassmentCyber Harassment
Cyber HarassmentBennet Kelley
 
BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"Wendy Knox Everette
 
Misuse of computer
Misuse of computerMisuse of computer
Misuse of computerMuhammad Haroon
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinInternet Law Center
 
Municipalities & The Internet: A Few Legal Issues
Municipalities & The Internet: A Few Legal IssuesMunicipalities & The Internet: A Few Legal Issues
Municipalities & The Internet: A Few Legal IssuesShawn Tuma
 
CAN-SPAM at 5
CAN-SPAM at 5CAN-SPAM at 5
CAN-SPAM at 5Internet Law Center
 
Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeamOneI1MBA11
 
Ways of Misusing The Computer System
Ways of Misusing The Computer SystemWays of Misusing The Computer System
Ways of Misusing The Computer SystemEjiro Ndifereke
 

Recommended

Cyber Harassment
Cyber HarassmentCyber Harassment
Cyber HarassmentBennet Kelley
 
BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"BSidesPDX "An update from the crypto wars 2.0"
BSidesPDX "An update from the crypto wars 2.0"Wendy Knox Everette
 
Misuse of computer
Misuse of computerMisuse of computer
Misuse of computerMuhammad Haroon
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinInternet Law Center
 
Municipalities & The Internet: A Few Legal Issues
Municipalities & The Internet: A Few Legal IssuesMunicipalities & The Internet: A Few Legal Issues
Municipalities & The Internet: A Few Legal IssuesShawn Tuma
 
CAN-SPAM at 5
CAN-SPAM at 5CAN-SPAM at 5
CAN-SPAM at 5Internet Law Center
 
Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeamOneI1MBA11
 
Ways of Misusing The Computer System
Ways of Misusing The Computer SystemWays of Misusing The Computer System
Ways of Misusing The Computer SystemEjiro Ndifereke
 
Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeamOneI1MBA11
 
2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)Felipe Prado
 
Perspectivesmanage
PerspectivesmanagePerspectivesmanage
PerspectivesmanageArt Bowker
 
trial
trialtrial
trialashlagscommerce
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
Internet privacy and laws
Internet privacy and lawsInternet privacy and laws
Internet privacy and lawsjcmonnett
 
The Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionThe Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionSteven Brownstein
 
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...- Mark - Fullbright
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Peter Timusk
 
OLC Presentation Jipson
OLC Presentation JipsonOLC Presentation Jipson
OLC Presentation JipsonUniversity of Dayton
 
Reboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriReboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriElvira.Berlingieri
 
Digital law
Digital lawDigital law
Digital lawCAQUES01
 
Digital law
Digital lawDigital law
Digital lawmakylahh
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal lawHamza Cheema
 
Cyberbullying and the law
Cyberbullying and the lawCyberbullying and the law
Cyberbullying and the laworrhanna
 
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGTHE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGZac Darcy
 
2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)Felipe Prado
 
The Internet own boy
The Internet own boyThe Internet own boy
The Internet own boyPiXeL16
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
 
iPhone + Botnets = Fun
iPhone + Botnets = FuniPhone + Botnets = Fun
iPhone + Botnets = FunDavid Barroso
 
Open source malware analysis
Open source malware analysisOpen source malware analysis
Open source malware analysisS21Sec
 

More Related Content

What's hot

Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeamOneI1MBA11
 
2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)Felipe Prado
 
Perspectivesmanage
PerspectivesmanagePerspectivesmanage
PerspectivesmanageArt Bowker
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
Internet privacy and laws
Internet privacy and lawsInternet privacy and laws
Internet privacy and lawsjcmonnett
 
The Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionThe Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionSteven Brownstein
 
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...- Mark - Fullbright
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Peter Timusk
 
Digital law
Digital lawDigital law
Digital lawCAQUES01
 
Digital law
Digital lawDigital law
Digital lawmakylahh
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal lawHamza Cheema
 
Cyberbullying and the law
Cyberbullying and the lawCyberbullying and the law
Cyberbullying and the laworrhanna
 
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGTHE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGZac Darcy
 
2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)Felipe Prado
 
The Internet own boy
The Internet own boyThe Internet own boy
The Internet own boyPiXeL16
 

What's hot (18)

Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussion
 
2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)
 
Perspectivesmanage
PerspectivesmanagePerspectivesmanage
Perspectivesmanage
 
trial
trialtrial
trial
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
Internet privacy and laws
Internet privacy and lawsInternet privacy and laws
Internet privacy and laws
 
The Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionThe Background Investigator October 2013 Edition
The Background Investigator October 2013 Edition
 
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003
 
OLC Presentation Jipson
OLC Presentation JipsonOLC Presentation Jipson
OLC Presentation Jipson
 
Reboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriReboot11 Elvira Berlingieri
Reboot11 Elvira Berlingieri
 
Digital law
Digital lawDigital law
Digital law
 
Digital law
Digital lawDigital law
Digital law
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
 
Cyberbullying and the law
Cyberbullying and the lawCyberbullying and the law
Cyberbullying and the law
 
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGTHE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
 
2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)
 
The Internet own boy
The Internet own boyThe Internet own boy
The Internet own boy
 

Viewers also liked

How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
 
iPhone + Botnets = Fun
iPhone + Botnets = FuniPhone + Botnets = Fun
iPhone + Botnets = FunDavid Barroso
 
Open source malware analysis
Open source malware analysisOpen source malware analysis
Open source malware analysisS21Sec
 
Seguridad Lógica y Cibercrimen
Seguridad Lógica y CibercrimenSeguridad Lógica y Cibercrimen
Seguridad Lógica y CibercrimenBBVAtech
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineSource Conference
 
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...RootedCON
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
Informe sobre Redes Sociales en España
Informe sobre Redes Sociales en EspañaInforme sobre Redes Sociales en España
Informe sobre Redes Sociales en EspañaIAB Spain
 

Viewers also liked (11)

How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
 
iPhone + Botnets = Fun
iPhone + Botnets = FuniPhone + Botnets = Fun
iPhone + Botnets = Fun
 
Open source malware analysis
Open source malware analysisOpen source malware analysis
Open source malware analysis
 
Seguridad Lógica y Cibercrimen
Seguridad Lógica y CibercrimenSeguridad Lógica y Cibercrimen
Seguridad Lógica y Cibercrimen
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual Machine
 
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
Banking Fraud Evolution
Banking Fraud EvolutionBanking Fraud Evolution
Banking Fraud Evolution
 
Informe sobre Redes Sociales en España
Informe sobre Redes Sociales en EspañaInforme sobre Redes Sociales en España
Informe sobre Redes Sociales en España
 

Similar to The Latest Developments in Computer Crime Law

Cyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sCyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sDhurba Mainali
 
Privacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal LawPrivacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal LawCharles Mudd
 
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...CODE BLUE
 
Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)Kim Moore
 
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Tech and Law Center
 
Technology & The Law
Technology & The LawTechnology & The Law
Technology & The Law34734
 
communication decency act
communication decency actcommunication decency act
communication decency actAditya Kumar
 
Cyber Law
Cyber LawCyber Law
Cyber Lawihah
 
Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11TeamOneI1MBA11
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the governmentguest70f067f
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the governmentguest70f067f
 
Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203Faridah Husin
 
Cyber Forensics.ppt
Cyber Forensics.pptCyber Forensics.ppt
Cyber Forensics.pptHODCSEKncet
 

Similar to The Latest Developments in Computer Crime Law (20)

Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
3170725_Unit-5.pptx
3170725_Unit-5.pptx3170725_Unit-5.pptx
3170725_Unit-5.pptx
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sCyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue's
 
Privacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal LawPrivacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal Law
 
Internet Law Primer
Internet Law PrimerInternet Law Primer
Internet Law Primer
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
 
Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)
 
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
 
Technology & The Law
Technology & The LawTechnology & The Law
Technology & The Law
 
communication decency act
communication decency actcommunication decency act
communication decency act
 
Cyber Law
Cyber LawCyber Law
Cyber Law
 
Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the government
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the government
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203
 
Cyber Forensics.ppt
Cyber Forensics.pptCyber Forensics.ppt
Cyber Forensics.ppt
 

More from Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsReputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsSource Conference
 

More from Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
Keynote
KeynoteKeynote
Keynote
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsReputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet Blacklists
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

The Latest Developments in Computer Crime Law

  • 1. The Latest Developments in Computer Crime Law SOURCE Seattle June 15, 2011 Marcia Hofmann, EFF
  • 2. what we’ll talk about today ✪ The federal hacking law and why it’s problematic. ✪ A couple trends that have emerged from recent cases in which courts have interpreted the scope of this law. ✪ What these trends suggest about the future.
  • 3. Background The Computer Fraud and Abuse Act 18 U.S.C. § 1030
  • 4. seven basic prohibitions 1) espionage 2) improperly accessing financial records, government information, or information on a “protected computer” 3) trespass to government computers 4) improperly accessing someone else’s computer with intent to defraud 5) causing damage to someone else’s computer 6) password trafficking with intent to defraud 7) extortion
  • 5. improper access The CFAA prohibits, among other things, “intentionally access[ing] a computer without authorization or in excess of authorization, and thereby obtain[ing] . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C).
  • 6. improper access Courts have interpreted “obtaining information” broadly. Basically any computer connected to the internet is a “protected computer.” So the major limiting principle is “authorized.”
  • 7. development 1 expansive theories of unauthorized access/exceeding authorized access
  • 8. Some people have argued that authorization ends when an employee violates a duty of loyalty to an employer... International Airport Centers v. Citrin LVRC Holdings v. Brekka
  • 9. Others have gone so far as to argue that authorization ends when a person violates a web site’s terms of use. United States v. Drew Facebook v. Power Ventures United States v. Lowson
  • 10. The case law in this area recently took a turn for the worse when an appeals court found that violating an employer’s computer use policies “exceeds authorized access.” United States v. Nosal
  • 11. The future? Lee v. PMSI, Inc. Sony v. Hotz
  • 12. development 2 attempts to double-count penalties for unauthorized access
  • 13. A first-time violation of the “unauthorized access” provision is generally a misdemeanor. However, it can be elevated to a felony in certain circumstances, like when the offense is committed in furtherance of another crime or tortious act.
  • 14. United States v. Drew Government: felony unauthorized access to a computer in furtherance of intentionally inflicting emotional distress. Jury: no, misdemeanor unauthorized access. Judge: no, violating terms of service is not unauthorized access.
  • 15. United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer.
  • 16. United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer. Do over!
  • 17. United States v. Kernell Government: felony unauthorized access to a computer in furtherance of invasion of privacy and aiding and abetting other unauthorized accesses to a computer. Jury: no, misdemeanor unauthorized access.
  • 18. United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. (This is a problem.)
  • 19. The CFAA prohibits unauthorized access to and obtaining information from a computer. (Here, email.) The Stored Communications Act prohibits unauthorized access to an electronic communication service and obtaining stored communications. (Here, email.) It’s the same thing.
  • 20. United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. Appeals court: no, these are misdemeanors.
  • 22. questions? Marcia Hofmann Senior Staff Attorney, EFF marcia@eff.org