Computer Fraud and Abuse Legislation
Computer Fraud and Abuse Legislation
Forensic science relies on data. Using the global resources of the Internet, forensic scientists can probe databases to sift out information. Furthermore, much information they gather, such as digital images and reports, is preserved as computer files. This reliance on computer technology comes at a price. The data is vulnerable to theft or alteration by those who can gain access to the files. Federal forensic science data falls under the protective umbrella of legislation that was created several decades ago. Such legislation also provides a set of laws under which forensic investigators can act to develop evidence in cases where computers (and other devices housing digital information) are used or are compromised in violation of law.
The United States Computer Fraud and Abuse Act of 1986 served to define criminal fraud and abuse for computer crimes on the federal level. The act specified a misdemeanor crime for the trafficking and misuse of passwords. Two felony offenses were specified by the act for unauthorized access to federal information systems and private computers deemed to have a "federal interest." The act removed several legal ambiguities that surrounded computer information theft, such as the lack of specific legislation mentioning computers and the slightness of legal precedence in such cases.
Computer data systems of varying sorts had been used by the United States government since the 1960s. This is certainly true for forensic science, with national and international databases available for information on fingerprints, ballistics , felons, and genetic sequences of disease causing microorganisms.
In the early 1980s, the first computers for business and home use were available in the marketplace. This expanse of the computer-owning and software-literate population forced the government to begin finding ways to protect data, either through encryption or protective barrier mechanisms around certain files. With the advent of intranets and computer-to-computer communication through telephone lines, hacking, or the breaking into other computer systems, became more commonplace. In 1981, a computer-savvy 24-year-old named Ian Murphy hacked into several government systems, including the White House switchboard. Murphy used the switchboard to order various products before turning his attention to cracking the codes protecting sensitive military files. Murphy was arrested, but prosecutors did not have the legal recourse to try him for computer crimes, as no such laws existed. Murphy was eventually convicted of theft and knowingly receiving stolen goods.
By 1982, Congress began collecting data on computer crime, and gathering testimony from computer fraud victims. Most of the victims were major corporations who did not want their security breaches and vulnerability to become public knowledge. Not only was it easy for random hackers to crack a system, but also corporations could hack into the data systems of rival companies, engaging in corporate espionage. After five years, Congress introduced the Computer Fraud and Abuse Act of 1986. The bill passed decisively. That same session, the Electronic Communication Privacy Act of 1986 was passed, criminalizing the seizure and interception of digital messages and communication signals.
In January of 1989, Herbert Zinn was the first person to be convicted under the Computer Fraud and Abuse Act. As a teenager, Zinn broke into computer systems at the Department of Defense, wreaking havoc with several hundred files. Zinn was sentenced to nine months in prison and fined; he would have possibly received a harsher judgment if he had been over eighteen years-old at the time of the crime.
Since its inception, the Computer Fraud and Abuse Act has weathered changing technology and the development of the Internet. However, computer crime is once again on the rise, and only a fraction of victims report these crimes. Subsequent court proceedings and legislation such as the Computer Abuse Amendments Act of 1994 have provided specific wording criminalizing the promulgation of computer viruses and other damaging code.
In 1996, the act was amended, extending the "federal interest" to include any computer that is connected to the Internet. Appropriately, the phrase "federal interest" was replaced by the broader phrase "protected computer." Thus, the act that originally applied just to computers directly associated with federal functions now potentially applies to any computers that are involved in interaction with the federal government.
The United States Patriot Act was signed into law on October 25, 2001. The act, which was designed to strengthen the country's ability to withstand terrorist action, affected the Computer Fraud and Abuse Act. The Patriot Act specifically addressed the concept of "damage" in the act, providing more substance of what constituted damage and loss in a computer hacking incident. An individual can now be prosecuted for deliberately attempting to cause damage, even if no damage resulted from the hacking. Whether these amendments stand up to legal scrutiny awaits court challenges.
see also Computer hackers; Computer hardware security; Computer keystroke recorder; Computer modeling; Computer security and computer crime investigation; Computer software security; Document destruction.