Source Conference, profile picture
Uploaded bySource Conference
PDF, PPTX1,541 views

The Latest Developments in Computer Crime Law

The document summarizes recent developments in computer crime law, specifically regarding interpretations of the federal Computer Fraud and Abuse Act. It discusses how courts have broadly interpreted what constitutes unauthorized access, including violating an employer's computer use policies. It also notes problems with prosecutors trying to double-count penalties for unauthorized access by charging it as a felony in furtherance of another crime when it is essentially the same conduct. The future could see legislative changes enhancing penalties for computer crimes.

Embed presentation

Download as PDF, PPTX
The Latest Developments in Computer Crime Law SOURCE Seattle June 15, 2011 Marcia Hofmann, EFF
what we’ll talk about today ✪ The federal hacking law and why it’s problematic. ✪ A couple trends that have emerged from recent cases in which courts have interpreted the scope of this law. ✪ What these trends suggest about the future.
Background The Computer Fraud and Abuse Act 18 U.S.C. § 1030
seven basic prohibitions 1) espionage 2) improperly accessing financial records, government information, or information on a “protected computer” 3) trespass to government computers 4) improperly accessing someone else’s computer with intent to defraud 5) causing damage to someone else’s computer 6) password trafficking with intent to defraud 7) extortion
improper access The CFAA prohibits, among other things, “intentionally access[ing] a computer without authorization or in excess of authorization, and thereby obtain[ing] . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C).
improper access Courts have interpreted “obtaining information” broadly. Basically any computer connected to the internet is a “protected computer.” So the major limiting principle is “authorized.”
development 1 expansive theories of unauthorized access/exceeding authorized access
Some people have argued that authorization ends when an employee violates a duty of loyalty to an employer... International Airport Centers v. Citrin LVRC Holdings v. Brekka
Others have gone so far as to argue that authorization ends when a person violates a web site’s terms of use. United States v. Drew Facebook v. Power Ventures United States v. Lowson
The case law in this area recently took a turn for the worse when an appeals court found that violating an employer’s computer use policies “exceeds authorized access.” United States v. Nosal
The future? Lee v. PMSI, Inc. Sony v. Hotz
development 2 attempts to double-count penalties for unauthorized access
A first-time violation of the “unauthorized access” provision is generally a misdemeanor. However, it can be elevated to a felony in certain circumstances, like when the offense is committed in furtherance of another crime or tortious act.
United States v. Drew Government: felony unauthorized access to a computer in furtherance of intentionally inflicting emotional distress. Jury: no, misdemeanor unauthorized access. Judge: no, violating terms of service is not unauthorized access.
United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer.
United States v. Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer. Do over!
United States v. Kernell Government: felony unauthorized access to a computer in furtherance of invasion of privacy and aiding and abetting other unauthorized accesses to a computer. Jury: no, misdemeanor unauthorized access.
United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. (This is a problem.)
The CFAA prohibits unauthorized access to and obtaining information from a computer. (Here, email.) The Stored Communications Act prohibits unauthorized access to an electronic communication service and obtaining stored communications. (Here, email.) It’s the same thing.
United States v. Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. Appeals court: no, these are misdemeanors.
The future? legislative changes (enhanced penalties?)
questions? Marcia Hofmann Senior Staff Attorney, EFF marcia@eff.org

More Related Content

PDF
Cyber Harassment
byBennet Kelley
 
PPTX
BSidesPDX "An update from the crypto wars 2.0"
byWendy Knox Everette
 
PDF
Misuse of computer
byMuhammad Haroon
 
PDF
Cyber exploitation-law-enforcement-bulletin
byInternet Law Center
 
PDF
Municipalities & The Internet: A Few Legal Issues
byShawn Tuma
 
PPT
CAN-SPAM at 5
byInternet Law Center
 
PPTX
Team one i1 mba11 cyber law discussion
byTeamOneI1MBA11
 
PPTX
Ways of Misusing The Computer System
byEjiro Ndifereke
 
Cyber Harassment
byBennet Kelley
 
BSidesPDX "An update from the crypto wars 2.0"
byWendy Knox Everette
 
Misuse of computer
byMuhammad Haroon
 
Cyber exploitation-law-enforcement-bulletin
byInternet Law Center
 
Municipalities & The Internet: A Few Legal Issues
byShawn Tuma
 
CAN-SPAM at 5
byInternet Law Center
 
Team one i1 mba11 cyber law discussion
byTeamOneI1MBA11
 
Ways of Misusing The Computer System
byEjiro Ndifereke
 

What's hot

PPTX
Team one i1 mba11 cyber law discussion
byTeamOneI1MBA11
 
PDF
2600 v20 n2 (summer 2003)
byFelipe Prado
 
PDF
Perspectivesmanage
byArt Bowker
 
PPTX
trial
byashlagscommerce
 
PPTX
Computer misuse and criminal law
byZaheer Irshad
 
PPTX
Internet privacy and laws
byjcmonnett
 
PDF
The Background Investigator October 2013 Edition
bySteven Brownstein
 
PDF
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
by- Mark - Fullbright
 
PPT
Hacking Law Reform LAWS4305 2003
byPeter Timusk
 
PPT
OLC Presentation Jipson
byUniversity of Dayton
 
PPT
Reboot11 Elvira Berlingieri
byElvira.Berlingieri
 
PPTX
Digital law
byCAQUES01
 
PPTX
Digital law
bymakylahh
 
PPT
computer misuse n criminal law
byHamza Cheema
 
PPTX
Cyberbullying and the law
byorrhanna
 
PDF
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
byZac Darcy
 
PDF
2600 v14 n2 (summer 1997)
byFelipe Prado
 
PPTX
The Internet own boy
byPiXeL16
 
Team one i1 mba11 cyber law discussion
byTeamOneI1MBA11
 
2600 v20 n2 (summer 2003)
byFelipe Prado
 
Perspectivesmanage
byArt Bowker
 
trial
byashlagscommerce
 
Computer misuse and criminal law
byZaheer Irshad
 
Internet privacy and laws
byjcmonnett
 
The Background Investigator October 2013 Edition
bySteven Brownstein
 
Reporter's Recording Guide: A state-by-state guide to taping phone calls and ...
by- Mark - Fullbright
 
Hacking Law Reform LAWS4305 2003
byPeter Timusk
 
OLC Presentation Jipson
byUniversity of Dayton
 
Reboot11 Elvira Berlingieri
byElvira.Berlingieri
 
Digital law
byCAQUES01
 
Digital law
bymakylahh
 
computer misuse n criminal law
byHamza Cheema
 
Cyberbullying and the law
byorrhanna
 
THE ETHICAL DILEMMA OF THE USA GOVERNMENT WIRETAPPING
byZac Darcy
 
2600 v14 n2 (summer 1997)
byFelipe Prado
 
The Internet own boy
byPiXeL16
 

Viewers also liked

PPTX
How To: Find The Right Amount Of Security Spend
bySource Conference
 
PDF
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
byRootedCON
 
PPT
iPhone + Botnets = Fun
byDavid Barroso
 
PPT
Open source malware analysis
byS21Sec
 
PDF
Seguridad Lógica y Cibercrimen
byBBVAtech
 
PPTX
Forensic Memory Analysis of Android's Dalvik Virtual Machine
bySource Conference
 
PDF
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
byRootedCON
 
PPTX
Everything you should already know about MS-SQL post-exploitation
bySource Conference
 
PDF
Threat Modeling: Best Practices
bySource Conference
 
PDF
Banking Fraud Evolution
bySource Conference
 
PDF
Informe sobre Redes Sociales en España
byIAB Spain
 
How To: Find The Right Amount Of Security Spend
bySource Conference
 
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
byRootedCON
 
iPhone + Botnets = Fun
byDavid Barroso
 
Open source malware analysis
byS21Sec
 
Seguridad Lógica y Cibercrimen
byBBVAtech
 
Forensic Memory Analysis of Android's Dalvik Virtual Machine
bySource Conference
 
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
byRootedCON
 
Everything you should already know about MS-SQL post-exploitation
bySource Conference
 
Threat Modeling: Best Practices
bySource Conference
 
Banking Fraud Evolution
bySource Conference
 
Informe sobre Redes Sociales en España
byIAB Spain
 

Similar to The Latest Developments in Computer Crime Law

PDF
CFAA & Fourth Amendment Writing Sample
byAndre Craig Jr
 
DOCX
cyber crime midterm paper--nosal
bySHIH-LAN(Allison) CHEN
 
PDF
International Cybercrime (Part 2)
byGrittyCC
 
PDF
Employee can be prosecuted for violation of employer restrictions
byAndres Baytelman
 
PDF
9th circuit
byAndres Baytelman
 
PDF
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
byShawn Tuma
 
PDF
Computer Crimes: An American Case Study
byEddan Katz
 
PDF
Computer Fraud and Abuse Act
byStefanMartinez6
 
PPTX
Cyber laws of US
byAkshay Jaryal
 
ODP
DefCamp 2013 - A few cybercrime cases that could make us think...
byDefCamp
 
PPT
2010 Privacy in the Workplace: Electronic Surveillance under State and Federa...
byCharles Mudd
 
PDF
Privacy & Security of Consumer and Employee Information - Conference Materials
byRachel Hamilton
 
PPTX
2013.05.16 cfaa powerpoint for ima.v1
byShawn Tuma
 
PPT
Computer forensics law and privacy
bych samaram
 
PDF
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
byCODE BLUE
 
PPT
Cybercrime
bynayakslideshare
 
PDF
Cyber Laws
bymayur_ceh
 
PPTX
Review of the Jamaican Cybercrime Act of 2010
byTyrone Grandison
 
PDF
The CFAA and Aarons Law
byThomas Jones
 
PPTX
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
byShawn Tuma
 
CFAA & Fourth Amendment Writing Sample
byAndre Craig Jr
 
cyber crime midterm paper--nosal
bySHIH-LAN(Allison) CHEN
 
International Cybercrime (Part 2)
byGrittyCC
 
Employee can be prosecuted for violation of employer restrictions
byAndres Baytelman
 
9th circuit
byAndres Baytelman
 
Federal Computer Fraud and Abuse Act & Texas Computer Hacking Statutes
byShawn Tuma
 
Computer Crimes: An American Case Study
byEddan Katz
 
Computer Fraud and Abuse Act
byStefanMartinez6
 
Cyber laws of US
byAkshay Jaryal
 
DefCamp 2013 - A few cybercrime cases that could make us think...
byDefCamp
 
2010 Privacy in the Workplace: Electronic Surveillance under State and Federa...
byCharles Mudd
 
Privacy & Security of Consumer and Employee Information - Conference Materials
byRachel Hamilton
 
2013.05.16 cfaa powerpoint for ima.v1
byShawn Tuma
 
Computer forensics law and privacy
bych samaram
 
[CB20] Keynote1:Reforming cybercrime legislations to support vulnerability re...
byCODE BLUE
 
Cybercrime
bynayakslideshare
 
Cyber Laws
bymayur_ceh
 
Review of the Jamaican Cybercrime Act of 2010
byTyrone Grandison
 
The CFAA and Aarons Law
byThomas Jones
 
Overview and Update on the Computer Fraud and Abuse Act (CFAA) for the Data ...
byShawn Tuma
 

More from Source Conference

PPTX
Million Browser Botnet
bySource Conference
 
PDF
iBanking - a botnet on Android
bySource Conference
 
PPTX
I want the next generation web here SPDY QUIC
bySource Conference
 
PPTX
From DNA Sequence Variation to .NET Bits and Bobs
bySource Conference
 
PPTX
Extracting Forensic Information From Zeus Derivatives
bySource Conference
 
PPTX
How to Like Social Media Network Security
bySource Conference
 
PDF
Wfuzz para Penetration Testers
bySource Conference
 
PDF
Security Goodness with Ruby on Rails
bySource Conference
 
PDF
Securty Testing For RESTful Applications
bySource Conference
 
PPSX
Esteganografia
bySource Conference
 
PPTX
Men in the Server Meet the Man in the Browser
bySource Conference
 
PDF
Advanced Data Exfiltration The Way Q Would Have Done It
bySource Conference
 
PPTX
Adapting To The Age Of Anonymous
bySource Conference
 
PDF
Are Agile And Secure Development Mutually Exclusive?
bySource Conference
 
PDF
Advanced (persistent) binary planting
bySource Conference
 
PPTX
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
bySource Conference
 
PDF
Who should the security team hire next?
bySource Conference
 
PDF
JSF Security
bySource Conference
 
PPTX
Keynote
bySource Conference
 
PDF
Reputation Digital Vaccine: Reinventing Internet Blacklists
bySource Conference
 
Million Browser Botnet
bySource Conference
 
iBanking - a botnet on Android
bySource Conference
 
I want the next generation web here SPDY QUIC
bySource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
bySource Conference
 
Extracting Forensic Information From Zeus Derivatives
bySource Conference
 
How to Like Social Media Network Security
bySource Conference
 
Wfuzz para Penetration Testers
bySource Conference
 
Security Goodness with Ruby on Rails
bySource Conference
 
Securty Testing For RESTful Applications
bySource Conference
 
Esteganografia
bySource Conference
 
Men in the Server Meet the Man in the Browser
bySource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
bySource Conference
 
Adapting To The Age Of Anonymous
bySource Conference
 
Are Agile And Secure Development Mutually Exclusive?
bySource Conference
 
Advanced (persistent) binary planting
bySource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
bySource Conference
 
Who should the security team hire next?
bySource Conference
 
JSF Security
bySource Conference
 
Keynote
bySource Conference
 
Reputation Digital Vaccine: Reinventing Internet Blacklists
bySource Conference
 

Recently uploaded

DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
MGw_MRS Benfits seu beficios de redes 4g
byJoaquimBarros18
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 5
byVICTOR MAESTRE RAMIREZ
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
UiPath Autonomous Agents | Building and Orchestrating Agents End-to-End
byUiPathCommunity
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 

The Latest Developments in Computer Crime Law

  • 1.
    The Latest Developmentsin Computer Crime Law SOURCE Seattle June 15, 2011 Marcia Hofmann, EFF
  • 2.
    what we’ll talkabout today ✪ The federal hacking law and why it’s problematic. ✪ A couple trends that have emerged from recent cases in which courts have interpreted the scope of this law. ✪ What these trends suggest about the future.
  • 3.
    Background The Computer Fraudand Abuse Act 18 U.S.C. § 1030
  • 4.
    seven basic prohibitions 1)espionage 2) improperly accessing financial records, government information, or information on a “protected computer” 3) trespass to government computers 4) improperly accessing someone else’s computer with intent to defraud 5) causing damage to someone else’s computer 6) password trafficking with intent to defraud 7) extortion
  • 5.
    improper access The CFAAprohibits, among other things, “intentionally access[ing] a computer without authorization or in excess of authorization, and thereby obtain[ing] . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C).
  • 6.
    improper access Courtshave interpreted “obtaining information” broadly. Basically any computer connected to the internet is a “protected computer.” So the major limiting principle is “authorized.”
  • 7.
    development 1 expansive theoriesof unauthorized access/exceeding authorized access
  • 8.
    Some people haveargued that authorization ends when an employee violates a duty of loyalty to an employer... International Airport Centers v. Citrin LVRC Holdings v. Brekka
  • 9.
    Others have goneso far as to argue that authorization ends when a person violates a web site’s terms of use. United States v. Drew Facebook v. Power Ventures United States v. Lowson
  • 10.
    The case lawin this area recently took a turn for the worse when an appeals court found that violating an employer’s computer use policies “exceeds authorized access.” United States v. Nosal
  • 11.
    The future? Lee v.PMSI, Inc. Sony v. Hotz
  • 12.
    development 2 attempts todouble-count penalties for unauthorized access
  • 13.
    A first-time violationof the “unauthorized access” provision is generally a misdemeanor. However, it can be elevated to a felony in certain circumstances, like when the offense is committed in furtherance of another crime or tortious act.
  • 14.
    United States v.Drew Government: felony unauthorized access to a computer in furtherance of intentionally inflicting emotional distress. Jury: no, misdemeanor unauthorized access. Judge: no, violating terms of service is not unauthorized access.
  • 15.
    United States v.Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer.
  • 16.
    United States v.Kernell Government: felony unauthorized access to a computer in furtherance of unauthorized access to email and unauthorized access to a computer. Do over!
  • 17.
    United States v.Kernell Government: felony unauthorized access to a computer in furtherance of invasion of privacy and aiding and abetting other unauthorized accesses to a computer. Jury: no, misdemeanor unauthorized access.
  • 18.
    United States v.Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. (This is a problem.)
  • 19.
    The CFAA prohibitsunauthorized access to and obtaining information from a computer. (Here, email.) The Stored Communications Act prohibits unauthorized access to an electronic communication service and obtaining stored communications. (Here, email.) It’s the same thing.
  • 20.
    United States v.Cioni Government: felony unauthorized access to a computer in furtherance of unauthorized access to email. Jury: yup, two felonies. Appeals court: no, these are misdemeanors.
  • 21.
  • 22.
    questions? Marcia Hofmann Senior Staff Attorney, EFF marcia@eff.org