Applicable Statutes by domainlawyer

VIEWS: 100 PAGES: 44

									Government & University vs. Harry
Harry hacks into databases at the FBI and NSA using the University’s computers. Harry has created a virus designed to disrupt strategic Federal computer networks within 72 hours if it is not disabled.

Issues
1.What Federal statutes have been violated? 2. Can Harry’s actions in hacking or creating a virus be construed as a form of terrorism?

Security Statutes
WHO: PROTECTS PRIVATE USERS AND PROVIDERS WHAT: PROTECT AGAINST INTERCEPTING PRIVATE MESSAGES WHY: DISCOVER PERPETRATORS WHEN: AFTER DULY AUTHORIZED SEARCH WARRANT, WIRETAP, OR SUBPOENA

Applicable Statutes
FRAUD (18 USC 1030)Unauthorized access or computer intrusion via theft into a government computer 2. WIRE FRAUD (18 USC 1343)- Bans use of wire, radio communications to defraud using interstate commerce 3. INTERSTATE TRANSPORT OF STOLEN PROPERTY (18 USC 2314) 4. WIRETAPPING STATUTE (18 USC 1029)Fraudulent use of access devices
1. COMPUTER

Applicable Statutes
5. ELECTRONIC COMMUNICATIONS PRIVACY ACT OF 1986- (18 USC 2701)prohibits government from intercepting voice and e-mail without the authorization of one of the parties, or a court order. 6. USA PATRIOT ACT- (PL 107-56) Expands law enforcement powers under other statutes

Computer Fraud Act of 1986 (18 USC 1030)
Criminalizes unauthorized access into or theft of federal interest computers. Prevent access to classified national defense or foreign relations information, financial information or consumer reporting agency records, or manipulating information on a computer operated on behalf of the United States

Computer Fraud Act
Covers: (a)(1)-- computer espionage, (a)(2)--theft of specific types of information, (a)(3)--computer trespass, (a)(4)--computer fraud, (a)(5)--damage to a protected computer, (a)(6)--trafficking in passwords, and (a)(7)--computer extortion.

Elements of Computer Fraud
"Unauthorized access" includes someone who steals another's identity to hack into a protected computer. The perpetrator must intend to hack into the system or gain access. Perpetrator must access a "protected computer," i.e. all government computers; operated on behalf of the government; used in interstate or foreign commerce or communications, financial institution computers, and foreign computers. Must cause some damage.

Causing Damage
Impairment to the integrity or availability of data, a program, a system or information >$5000 in 1 year period Impairment to medical information Physical injury to a person Threatens public health or safety USA Patriot Act adds “damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security”

Additional Amendments
Increased statutory sentence maximums but eliminated mandatory minimum Clarified no intent to cause damage Defined loss for $5000 impairment


“includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or other information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service” (Codifies Middleton)

ECPA and Title III
Scope of subpoenas under 2703(c)


 

Expanded scope: basic subscriber, payment information, “temporarily assigned network address” and “records of session times and durations” Permits historical tracing of a communication No content

Voice mail fix


All stored voice is treated like email

Computer Trespasser Exception
New exception to Title III: allows law enforcement to intercept “computer trespasser” with consent of computer owner

USA Patriot Act, Computer Crime and Terrorism
“Federal Crime of Terrorism”
Act calculated to influence or affect the conduct of the Government by intimidation or coercion or to retaliate for Government conduct and  Act violates section 1030(a)(1) or (a)(5)(A)(i) and (B)(ii)-(iv) (intentional conduct and not just monetary damages)


Harry vs. Government & University
FBI and NSA trace the hack back to the University of Tech. The University’s president gives them access to trace the hack to the Computer Lab; allows them to see the student records of Middle Eastern students. FBI and NSA have been secretly intercepting all of Harry’s and his fiancé's telephone calls and e-mails per U.S. Patriot Act.

Facts
University has policies and procedures that 1. All work developed using University resources and time belong to the University. 2. Reserve the right to audit and monitor Internet use; 3. Warn that information flowing through the University's network is not confidential; 4. Users of University computers are subject to penalties for misuse; 5. The University's right to conduct inspections, 6. The University owns the computers and explicitly reserves ownership of data stored within it.

ISSUES
1. Did the FBI and NSA properly trace the hack back to the University? 2. If so, did the University properly give the government access to the computer network and to the student records of Middle Eastern students? 3. Did the FBI violate the fiance’s rights by wiretapping her phone and e-mail without a specific warrant?

USA Patriot Act
202 Authority to Intercept Voice Communications in Computer Hacking Investigations: Law enforcement can get a wiretap on telephone conversations when investigating Computer Fraud and Abuse Act. Section 209 Obtaining Voice-mail and Other Stored Voice Communications: Law enforcement can get a search warrant to access stored email and attachments; and voicemail.

USA Patriot Act
Section 210 Scope of Subpoenas for Electronic Evidence: Law enforcement can use a subpoena to get session times and durations; as well as temporarily assigned network addresses, i.e. IP address; and means and source of payment, i.e., credit card information. Section 213 Authority to Delay Notice of the Execution of a Warrant: Law enforcement can delay notifying targets of searches if the court finds reasonable cause to believe endanger of life, flight, evidence tampering, witness intimidation for 7 days, with extensions. Does not delay notice of seizures.

USA Patriot Act
Section 507 Disclosure of Educational Records The Attorney General or Federal officer may apply for an ex parte order requiring an educational agency to collect education records for investigation of terrorism or for official purposes related to investigations that require confidentiality.

USA Patriot Act
Section 216 Pen Register & Trap and Trace Statute: Law enforcement can use pen/trap orders to trace communications on the Internet under order that has nationwide effect; and must submit a report when installing monitoring device on a public provider. Can get all dialing, routing, addressing and signaling information.

FACTS
University gives the FBI access to Harry’s room without his knowledge and without a warrant, seize the computers, reads through his files and disks.

U.S. v. Bivens
 Bivens v. Six Unknown Named Agents, 403

US 398 (1971)
Facts: Fed. Bureau of Narcotics acting under color of federal authority made a warrantless entry into and search of apartment, and subsequent arrest. All acts were done without probable cause. Ct. held that D could recover damages upon proof of injury resulting from the violation. Fourth Amendment is a limit on federal power regardless of whether the state would prohibit or penalized the action if conducted by a private citizen.

ISSUES
1. Did access to Harry’s room without a warrant violate

any of Harry’s rights? 2. Did the FBI have probable cause under the exigent circumstance to access Harry’s room without his knowledge and without a warrant? 3. Did the seizure of the computer violate state or federal right? 4. Did reading of the computer files and disk violate Harry’s Fourth Amendment, California Constitution, and/or statutory rights. 5. If so, what are Harry’s remedies?

Domestic Terrorism
Based on international terrorism definition Acts occurring within the territorial US
  

That are dangerous to human life That are a violation of the criminal laws and That appear to be intended to intimidate or coerce a civilian population, influence the policy of a government by intimidation or coercion, or affect the conduct of a government by mass destruction, assassination or kidnapping

Acts of Terrorism
Which of these acts could constitute an act of terrorism? A) Hack into NASA computers to access unclassified files. B) Development of TAISP to simulate terrorist activities. C) Creating the virus to disable strategic government computers. D) Unleashing the virus to disable strategic government computers.

FACTS
The Government detains Harry without filing charges for 3 days, denying access to a lawyer.

Riverside v. McLaughlin, 111 SCt 1661 (1991)
Class action against the county for violation of Fourth Amendment by failing to provide prompt judicial determination of probable cause. Once you arrest, you must bring promptly before the magistrate for a determination of probable cause. Court held that to bring a defendant before magistrate within 48 hours of arrest was not unreasonable.

Electronic Communications Privacy Act of 1986 (ECPA), 18 USC 2511

The provides broad statutory privacy protection for wireless, wire, and electronic communications and storage of digitized text information, such as e-mail. ECPA prohibits government agents and third parties from intercepting voice and e-mail without the authorization of one of the parties, or a court order. Statutory damages are limited to $1,000 for most offenses by government officers.

U.S. v. Maxwell, 45 MJ 406 (1996)

Violation of the warrant requirement means that the "fruits" of the illegal search are inadmissible in a court of law.

Shartzer v. Israels, 59 Cal Rptr 2d 296 (1996)
Defense counsel (Israel) unlawfully read and disseminated confidential mental health records acquired accidentally, and used in cross examination of Shartzer, causing damage and constituted an invasion of privacy under Article I of California Constitution. Charge of sexual battery of plaintiff Shartzer. Ct. held plaintiff had a reasonable expectation of privacy.

People v. Superior Court
• University student was charged with possession of
marijuana for sale based on evidence seized from his dormitory room in a warrantless search. • Held: 1) student's dormitory room was protected by Fourth Amendment; 2) housing contract student signed did not waive Fourth Amendment rights; 3) university safety officer could not consent to search of room; and 4) evidence was admissible under inevitable discovery doctrine.

California Privacy Act
Provides civil and criminal penalties for anyone who engages in unauthorized wiretapping or eavesdropping with an electronic amplifying recording device. Act covers all “confidential” communications where there is no consent.

California Constitution Article 1, section 1 Applies to government and private entities. In order to establish claim, employee must establish: (a) reasonable expectation of privacy (b) a legally protected privacy interest (fundamental to personal autonomy (c) conduct by the defendant that constitutes a “serious” invasion of privacy.

Tort of Intrusion
Intrusion requires a reasonable expectation of privacy (objective standard) and a “highly offensive” invasion thereof (reasonable person standard).

Torture
Deliberate use of inhumane treatment that causes severe and cruel pain and suffering, with the purpose of breaking the spirit of the suspect and coercing him into performing an act; or to cause pain for another reason.

Eighth Amendment
Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishment inflicted.

Defenses
Justified when it is used to prevent harmful action from occurring. Necessary as the lesser of two evils to prevent a greater wrong. Problem: Reliability of information obtained & Immorality.

ISSUES
1.Which of Harry’s rights did the government violate? 2. Did Harry’s detention violate his rights? 3. What remedy does Harry have against the Government? 4. Could the government’s threat to take action to deport fiance if he does not cooperate constitute torture?

Harry’s Interest
Get out of jail, Negotiate the return of his computer and files, Avoid expulsion from University, Protect his fiance and her family, Dispose of the secrecy order, and Perfect or dispose of any intellectual property rights in TAISP.

Harry: Rules and Defenses
Harry’s hack
Virus

Access to room w/o warrant

Liable for intent to access Patriot Act Terrorism if affect gov action ECPA Warrant or exigency

Computer Fraud

Authority N/A
No threat to life -$1K in Damages; -no use of evidence

Government’s Interests
Disable the virus, Collect information about Harry's fiance's father, Recover TAISP and all copies of the source code; Punish Harry for hacking into their network, and Learn how TAISP works, Learn how Harry hacked into FBI and NSA files.

Government: Rules and Defenses
Patriot Act CA. privacy ECPA Access to -Fourth Harry’s room Amendment -Shartzer Detention for Riverside 3 days Threats to Torture, 8th fiance amendment Wiretap phones & emails All no. of target Probable cause & warrant Got wiretap order Risk of flight

Reasonable Interrogation required No cruel & Necessity unusual

University’s Interests
Avoid any liability for Harry's actions in using the University's Supercomputer; Learn how Harry navigated through their network to hack into the government's system; Assert an interest in TAISP; and Recognition and grants for Harry's research in artificial intelligence.

University: Rule and Defenses
Access to Patriot Act student Ca. Rt. To records privacy Access to Patriot Act room & computer FBI Trace Computer to lab Fraud Victims can monitor
Warrant required Victims can trace

State actor & owns computers
State actor & owns dorm


								
To top