RealNews

Information Security and the Public Sector-An Introduction to the Criminal Law of Information Security

As we discussed in the first article in this series, the Computer Fraud and Abuse Act, 18 U.S.C.§ 1030 (the “CFAA”) is the primary computer crime statute in the United States. The CFAA imposes criminal liability for: Knowingly accessing a computer without authorization, or in excess of authorization, and obtaining classified information; Intentionally accessing a computer without authority and obtaining consumer financial information, information from any department or agency of the federal government, or information from any protected computer where access involves an interstate or foreign communication; Intentionally accessing, without authorization, a non-public computer of any department or agency of the federal government that is either used exclusively for governmental purposes, or with respect to a computer that is not used exclusively for government purposes, where the conduct affects the use of that computer by or for the federal government; Knowingly, and with wrongful intent, accessing a protected computer, without authorization or in excess of authorization, and by doing so, obtaining anything of value, other than the use of the computer itself (if the value of the computer use is less than $5,000 in any one year); Knowingly causing the transmission of a program, information, code, or command, and by doing so, intentionally causing unauthorized damage to a protected computer; or recklessly or negligently causing damage to a protected computer by intentionally accessing that computer without authorization or in excess of authorization; Knowingly, and with wrongful intent, trafficking in user names, passwords or other access credentials through which a computer may be accessed without authorization, if that conduct affects interstate or foreign commerce or if the computer is used by or for the federal government; or With the intent to extort money or anything of value from any person, firm, association, educational institution, financial institution, government entity, or other legal entity, transmitting in interstate or foreign commerce any communication containing a threat to damage a protected computer. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.