The Computer Fraud and Abuse Act of 1986 is the primary federal legislation aimed at curtailing computer crime. It especially applies to interstate crimes that fall under federal jurisdiction. The act was designed to strengthen, expand, and clarify the intentionally narrow Computer Fraud and Abuse Act of 1984. It safeguards sensitive data harbored by government agencies and related organizations, covering nuclear systems, financial institutions, and medical records.
The act forbids interference with any federal-interest computer system or any system that spans across state lines. Obviously, the act assumed greater importance as the Internet, World Wide Web, and e-commerce grew in prominence. The law prohibits the unauthorized access of any computer system and the obtainment of classified government information. More specifically, it specifies three categories of unclassified information: information belonging to a financial institution, credit card issuer, or consumer reporting agency; information from a department or agency of the United States; and information from any computer deemed "protected," or used exclusively by a financial institution, the U.S. government, or used in interstate or foreign commerce or communication. In addition, the act aims to safeguard computer system integrity with specific prohibitions against computer vandalism. This includes the transmission of a virus or similar code intended to cause damage to a computer or system; unauthorized access that causes damage recklessly; or unauthorized access of a computer from which damage results, but where malicious intent may not be present.
For purposes of prosecution, the law focuses its attention on the actual damage done to computer systems and the specific economic losses stemming from an act of computer fraud or abuse. For instance, while possession of a code for a computer virus cannot be prosecuted under the law, the loading of such a virus onto a network would be criminal under the Computer Fraud and Abuse Act. Violators are prosecuted for knowingly or recklessly damaging such systems, and can be punished with prison sentences as long as 20 years and fines reaching as high as $250,000. Prosecutors under the law, however, often face the difficult challenge of proving that the defendant knowingly inflicted the damage, thereby establishing intent.
FURTHER READING:
Cantos, Lisa, Chambers, Chad, Fine, Lorin, and Randi Singer. "Internet Security Legislation Introduced in the Senate." Journal of Proprietary Rights. May, 2000.
Conley, John M., and Robert M. Bryan. "A Survey of Computer Crime Legislation in the United States." Information & Communications Technology Law. March, 1999.
Montana, John C. "Viruses and the Law: Why the Law is Ineffective." Information Management Journal. October, 2000.
SEE ALSO: Computer Crime; Fraud, Internet
User Comments Add a comment…