SlideShare a Scribd company logo
1 of 22
Download to read offline
The Latest Developments in
  Computer Crime Law
      SOURCE Seattle
        June 15, 2011
     Marcia Hofmann, EFF
what we’ll talk about today
✪ The federal hacking law and why it’s problematic.

✪ A couple trends that have emerged from recent
cases in which courts have interpreted the scope of
this law.

✪ What these trends suggest about the future.
Background

The Computer Fraud and Abuse Act
       18 U.S.C. § 1030
seven basic prohibitions
1) espionage
2) improperly accessing financial records, government
    information, or information on a “protected computer”
3) trespass to government computers
4) improperly accessing someone else’s computer with intent
    to defraud
5) causing damage to someone else’s computer
6) password trafficking with intent to defraud
7) extortion
improper access
The CFAA prohibits, among other things,
“intentionally access[ing] a computer without
  authorization or in excess of authorization, and
  thereby obtain[ing] . . . information from any
  protected computer.”
18 U.S.C. § 1030(a)(2)(C).
improper access
 Courts have interpreted “obtaining information”
                      broadly.

Basically any computer connected to the internet is a
                “protected computer.”

  So the major limiting principle is “authorized.”
development 1

expansive theories of unauthorized
 access/exceeding authorized access
Some people have argued that authorization ends
  when an employee violates a duty of loyalty to
                 an employer...

       International Airport Centers v. Citrin
            LVRC Holdings v. Brekka
Others have gone so far as to argue that
authorization ends when a person violates a
          web site’s terms of use.

          United States v. Drew
        Facebook v. Power Ventures
         United States v. Lowson
The case law in this area recently took a turn for
   the worse when an appeals court found that
  violating an employer’s computer use policies
           “exceeds authorized access.”


              United States v. Nosal
The future?

Lee v. PMSI, Inc.

  Sony v. Hotz
development 2

attempts to double-count penalties for
          unauthorized access
A first-time violation of the “unauthorized
  access” provision is generally a misdemeanor.

However, it can be elevated to a felony in certain
     circumstances, like when the offense is
  committed in furtherance of another crime or
                   tortious act.
United States v. Drew

Government: felony unauthorized access to a
  computer in furtherance of intentionally
       inflicting emotional distress.

Jury: no, misdemeanor unauthorized access.

 Judge: no, violating terms of service is not
             unauthorized access.
United States v. Kernell

Government: felony unauthorized access to a
 computer in furtherance of unauthorized access
to email and unauthorized access to a computer.
United States v. Kernell

Government: felony unauthorized access to a
 computer in furtherance of unauthorized access
to email and unauthorized access to a computer.

                 Do over!
United States v. Kernell

Government: felony unauthorized access to a
computer in furtherance of invasion of privacy
 and aiding and abetting other unauthorized
           accesses to a computer.

Jury: no, misdemeanor unauthorized access.
United States v. Cioni

Government: felony unauthorized access to a
computer in furtherance of unauthorized access
                  to email.

          Jury: yup, two felonies.

           (This is a problem.)
The CFAA prohibits unauthorized access to and
    obtaining information from a computer.
               (Here, email.)

  The Stored Communications Act prohibits
unauthorized access to an electronic communication
  service and obtaining stored communications.
                (Here, email.)

              It’s the same thing.
United States v. Cioni

Government: felony unauthorized access to a
computer in furtherance of unauthorized access
                  to email.

          Jury: yup, two felonies.

Appeals court: no, these are misdemeanors.
The future?

legislative changes
(enhanced penalties?)
questions?

     Marcia Hofmann
Senior Staff Attorney, EFF
      marcia@eff.org

More Related Content

What's hot

Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeamOneI1MBA11
 
2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)Felipe Prado
 
Perspectivesmanage
PerspectivesmanagePerspectivesmanage
PerspectivesmanageArt Bowker
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal lawZaheer Irshad
 
Internet privacy and laws
Internet privacy and lawsInternet privacy and laws
Internet privacy and lawsjcmonnett
 
The Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionThe Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionSteven Brownstein
 
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...- Mark - Fullbright
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Peter Timusk
 
Digital law
Digital lawDigital law
Digital lawCAQUES01
 
Digital law
Digital lawDigital law
Digital lawmakylahh
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal lawHamza Cheema
 
Cyberbullying and the law
Cyberbullying and the lawCyberbullying and the law
Cyberbullying and the laworrhanna
 
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGTHE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGZac Darcy
 
2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)Felipe Prado
 
The Internet own boy
The Internet own boyThe Internet own boy
The Internet own boyPiXeL16
 

What's hot (18)

Team one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussionTeam one i1 mba11 cyber law discussion
Team one i1 mba11 cyber law discussion
 
2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)2600 v20 n2 (summer 2003)
2600 v20 n2 (summer 2003)
 
Perspectivesmanage
PerspectivesmanagePerspectivesmanage
Perspectivesmanage
 
trial
trialtrial
trial
 
Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
 
Internet privacy and laws
Internet privacy and lawsInternet privacy and laws
Internet privacy and laws
 
The Background Investigator October 2013 Edition
The Background Investigator October 2013 EditionThe Background Investigator October 2013 Edition
The Background Investigator October 2013 Edition
 
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
 
Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003Hacking Law Reform LAWS4305 2003
Hacking Law Reform LAWS4305 2003
 
OLC Presentation Jipson
OLC Presentation JipsonOLC Presentation Jipson
OLC Presentation Jipson
 
Reboot11 Elvira Berlingieri
Reboot11 Elvira BerlingieriReboot11 Elvira Berlingieri
Reboot11 Elvira Berlingieri
 
Digital law
Digital lawDigital law
Digital law
 
Digital law
Digital lawDigital law
Digital law
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
 
Cyberbullying and the law
Cyberbullying and the lawCyberbullying and the law
Cyberbullying and the law
 
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPINGTHE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
 
2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)2600 v14 n2 (summer 1997)
2600 v14 n2 (summer 1997)
 
The Internet own boy
The Internet own boyThe Internet own boy
The Internet own boy
 

Viewers also liked

How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...RootedCON
 
iPhone + Botnets = Fun
iPhone + Botnets = FuniPhone + Botnets = Fun
iPhone + Botnets = FunDavid Barroso
 
Open source malware analysis
Open source malware analysisOpen source malware analysis
Open source malware analysisS21Sec
 
Seguridad Lógica y Cibercrimen
Seguridad Lógica y CibercrimenSeguridad Lógica y Cibercrimen
Seguridad Lógica y CibercrimenBBVAtech
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineSource Conference
 
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón -  Lost in translation: WTF is happening inside m...Jaime Blasco & Pablo Rincón -  Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...RootedCON
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best PracticesSource Conference
 
Informe sobre Redes Sociales en España
Informe sobre Redes Sociales en EspañaInforme sobre Redes Sociales en España
Informe sobre Redes Sociales en EspañaIAB Spain
 

Viewers also liked (11)

How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
 
iPhone + Botnets = Fun
iPhone + Botnets = FuniPhone + Botnets = Fun
iPhone + Botnets = Fun
 
Open source malware analysis
Open source malware analysisOpen source malware analysis
Open source malware analysis
 
Seguridad Lógica y Cibercrimen
Seguridad Lógica y CibercrimenSeguridad Lógica y Cibercrimen
Seguridad Lógica y Cibercrimen
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual MachineForensic Memory Analysis of Android's Dalvik Virtual Machine
Forensic Memory Analysis of Android's Dalvik Virtual Machine
 
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón -  Lost in translation: WTF is happening inside m...Jaime Blasco & Pablo Rincón -  Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 
Threat Modeling: Best Practices
Threat Modeling: Best PracticesThreat Modeling: Best Practices
Threat Modeling: Best Practices
 
Banking Fraud Evolution
Banking Fraud EvolutionBanking Fraud Evolution
Banking Fraud Evolution
 
Informe sobre Redes Sociales en España
Informe sobre Redes Sociales en EspañaInforme sobre Redes Sociales en España
Informe sobre Redes Sociales en España
 

Similar to The Latest Developments in Computer Crime Law

Cyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sCyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sDhurba Mainali
 
Privacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal LawPrivacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal LawCharles Mudd
 
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...CODE BLUE
 
Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)Kim Moore
 
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Tech and Law Center
 
Technology & The Law
Technology & The LawTechnology & The Law
Technology & The Law34734
 
communication decency act
communication decency actcommunication decency act
communication decency actAditya Kumar
 
Cyber Law
Cyber LawCyber Law
Cyber Lawihah
 
Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11TeamOneI1MBA11
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the governmentguest70f067f
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the governmentguest70f067f
 
Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203Faridah Husin
 
Cyber Forensics.ppt
Cyber Forensics.pptCyber Forensics.ppt
Cyber Forensics.pptHODCSEKncet
 

Similar to The Latest Developments in Computer Crime Law (20)

Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Research
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
3170725_Unit-5.pptx
3170725_Unit-5.pptx3170725_Unit-5.pptx
3170725_Unit-5.pptx
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue'sCyber Crime and its Jurisdictional Issue's
Cyber Crime and its Jurisdictional Issue's
 
Privacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal LawPrivacy in the Workplace: Electronic Surveillance under State and Federal Law
Privacy in the Workplace: Electronic Surveillance under State and Federal Law
 
Internet Law Primer
Internet Law PrimerInternet Law Primer
Internet Law Primer
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
 
Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)Computer Fraud And Abuse Act Of 1986 (CFA)
Computer Fraud And Abuse Act Of 1986 (CFA)
 
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
Gillian Cafiero - "Codifying the Harm of Cybercrime": Injecting zemiology in ...
 
Technology & The Law
Technology & The LawTechnology & The Law
Technology & The Law
 
communication decency act
communication decency actcommunication decency act
communication decency act
 
Cyber Law
Cyber LawCyber Law
Cyber Law
 
Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11Cyber Law Discussion - Team One I1MBA11
Cyber Law Discussion - Team One I1MBA11
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the government
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the government
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203Assignment of cyber crimes for oumh1203
Assignment of cyber crimes for oumh1203
 
Cyber Forensics.ppt
Cyber Forensics.pptCyber Forensics.ppt
Cyber Forensics.ppt
 

More from Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsReputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsSource Conference
 

More from Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
Keynote
KeynoteKeynote
Keynote
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet BlacklistsReputation Digital Vaccine: Reinventing Internet Blacklists
Reputation Digital Vaccine: Reinventing Internet Blacklists
 

Recently uploaded

Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentationyogeshlabana357357
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewDianaGray10
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 

Recently uploaded (20)

Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
UiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overviewUiPath manufacturing technology benefits and AI overview
UiPath manufacturing technology benefits and AI overview
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 

The Latest Developments in Computer Crime Law

  • 1. The Latest Developments in Computer Crime Law SOURCE Seattle June 15, 2011 Marcia Hofmann, EFF
  • 2. what we’ll talk about today ✪ The federal hacking law and why it’s problematic. ✪ A couple trends that have emerged from recent cases in which courts have interpreted the scope of this law. ✪ What these trends suggest about the future.
  • 3. Background The Computer Fraud and Abuse Act 18 U.S.C. § 1030
  • 4. seven basic prohibitions 1) espionage 2) improperly accessing financial records, government information, or information on a “protected computer” 3) trespass to government computers 4) improperly accessing someone else’s computer with intent to defraud 5) causing damage to someone else’s computer 6) password trafficking with intent to defraud 7) extortion
  • 5. improper access The CFAA prohibits, among other things, “intentionally access[ing] a computer without authorization or in excess of authorization, and thereby obtain[ing] . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C).
  • 6. improper access Courts have interpreted “obtaining information” broadly. Basically any computer connected to the internet is a “protected computer.” So the major limiting principle is “authorized.”
  • 7. development 1 expansive theories of unauthorized access/exceeding authorized access
  • 8. Some people have argued that authorization ends when an employee violates a duty of loyalty to an employer... International Airport Centers v. Citrin LVRC Holdings v. Brekka
  • 9. Others have gone so far as to argue that authorization ends when a person violates a web site’s terms of use. United States v. Drew Facebook v. Power Ventures United States v. Lowson
  • 10. The case law in this area recently took a turn for the worse when an appeals court found that violating an employer’s computer use policies “exceeds authorized access.” United States v. Nosal
  • 11. The future? Lee v. PMSI, Inc. Sony v. Hotz
  • 12. development 2 attempts to double-count penalties for unauthorized access
  • 13. A first-time violation of the “unauthorized access” provision is generally a misdemeanor. However, it can be elevated to a felony in certain circumstances, like when the offense is committed in furtherance of another crime or tortious act.
  • 14. United States v. Drew Government: felony unauthorized access to a computer in furtherance of intentionally inflicting emotional distress. Jury: no, misdemeanor unauthorized access. Judge: no, violating terms of service is not unauthorized access.
  • 15. United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer.
  • 16. United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer. Do over!
  • 17. United States v. Kernell Government: felony unauthorized access to a computer in furtherance of invasion of privacy and aiding and abetting other unauthorized accesses to a computer. Jury: no, misdemeanor unauthorized access.
  • 18. United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. (This is a problem.)
  • 19. The CFAA prohibits unauthorized access to and obtaining information from a computer. (Here, email.) The Stored Communications Act prohibits unauthorized access to an electronic communication service and obtaining stored communications. (Here, email.) It’s the same thing.
  • 20. United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. Appeals court: no, these are misdemeanors.
  • 22. questions? Marcia Hofmann Senior Staff Attorney, EFF marcia@eff.org