10. The Boundaries of Cybersecurity: Ethics, Rights, and Laws 273 sionals, is not an acceptable defense in a court of law. Part of due diligence is learning the law and understanding how it applies. 10.3.1 The United States Code Cybersecurity activities, especially ethical hacking, must be done in accordance with all applicable laws, otherwise criminal prosecution and civil litigation could result. The United States Code is an organized collection of every law created by the Legislative branch of the United States. It is organized into fifty-three titles covering all aspects of government from observed holidays (Title 36) to voting and elections (Title 52) to taxes (Title 26). Title 18: Crimes and Criminal Procedures, contains most of the laws for which a person can be charged with a federal crime and tried in a court of law (more on state laws later). It could be argued that there is nothing new under the sun, and that cyberspace is just a different setting for the types of criminal behaviors that have existed since the dawn of time (e.g., stealing, fraud, destruction of property, etc.). If that is the case, then laws that predate cyberspace could in theory apply to cybercrimes as well. However, lawyers are experts at arguing about the strict definitions of terms, and pre-cyberspace laws are not precise enough to hold up in a court of law. Laws need to be specific. Therefore, even if a person does something that seems like it should be illegal, without reference to a specific law “on the books” no criminal prosecution can occur. Crimes involving computer technology have necessitated the creation of new laws that better fit the crime. The three main federal cybercrime laws are listed in Table 10.5. The following subsections review each law. Table 10.5 The main federal cybercrime laws. 10.3.1.1 Computer Fraud and Abuse Act The Computer Fraud and Abuse Act (CFAA) was passed in 1986. It is the umbrella “anti-hacking” law. It is broad and is used to prosecute a huge variety of cases. It includes seven different sections, but the most often cited is Section 2 which reads in part, “Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains…information from any protected computer.”
RkJQdWJsaXNoZXIy MTM4ODY=