D333 Ethics & the Law

Foreign Corrupt Practices Act

•makes it a crime for a U.S, citizen to bribe a foreign official, foreign political party, or candidate for foreign political office.

Computer Fraud and Abuse Act

•addresses several fraud related activities such as illegal access, transmitting harmful codes and commands, trafficking passwords, and threatening to damage a computer program.

Fraud and Related Activity in Connection with Access Data Statute

•covers false claims regarding unauthorized use of credit cards.

The Fourth Amendment

protects citizens from 'unreasonable searches and seizures' by the government

Fair Credit Reporting Act

regulates how credit reporting bureaus collect, store, and use credit information.

Right to Financial Privacy Act

protects customers from unauthorized scrutiny of financial records by the federal government.

Gramm-Leach-Bliley Act

repealed Glass-Steagall - a law that made it illegal for financial institutions to offer more than one service. Contains three provisions: Financial Privacy, Safeguards Rule, Pretexting Rule.

Fair and Accurate Credit Transactions Act

allows consumers to obtain a free credit report once a year from each primary consumer reporting agencies (Equifax, Experian, and TransUnion).

Health Insurance Portability and Accountability Act (HIPAA)

requires written consent from patients prior to disclosing medical records.

The American Recovery and Reinvestment Act

Subsection HITECH: •Banning sale of health data

•Promoting audit trails and encryption

•Providing rights of access for patients

•Required notification of patients whose data had been exposed

Sarbannes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations.

Family Educational Rights and Privacy Act (FERPA)

assigns rights to parents regarding their children's educational records until the child reaches 18 years of age or completes high school. It also: •Access to educational records maintained by the school

•Ability to demand that educational record only be disclosed with student consent

•Ability to amend education records.

•Ability to file complaints if a school violates FERPA

Children's Online Privacy Protection Act (COPPA)

makes several requirements for websites that cater to children:

•Offer comprehensive privacy policies

•Notify guardians or parents about its data collection practices

•Receive parental consent when collecting data on children younger than 13 years of age.

•The Wiretap Act (1968)

aka •Title III of the Omnibus Crime Control and Safe Streets Act

•A wiretap requires a judge and probable cause. a wiretap order must describe the duration and scope of the surveillance, the conversations that can be captured, and the efforts to avoid innocent conversations.

Foreign Intelligence Surveillance Act (FISA)

describes the procedures for collecting foreign intelligence.

Foreign intelligence can be collected for up to a year without a court order unless there is a U.S. person involved.

A FISA court meets in secret to hear applications for orders approving electronic surveillance from anywhere in the United States.

Executive Order 123333

•Issued in 1981, Executive Order 12333 identified U.S. governmental agencies that can collect intelligence and defines what can be collected, retained, and disseminated by these agencies.

•Executive Order 12333 allows for the collection of incidentally obtained intelligence collected under lawful surveillance.

Electronic Communications Privacy Act (ECPA)

1.Protection of communications while transfer from sender to receiver

2.Protection of communications held in electric storage

3.Prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant

•Pen registers - record electronic impulses to identify numbers outgoing calls

•Trap and trace - a device that records the numbers of incoming calls

Communications Assistance for Law Enforcement Act (CALEA)

was passed by Congress as an amendment to the Wiretap Act and ECPA.

CALEA requires telecommunications companies to build tools into its products that federal investigators can use.

CALEA updates ECPA to cover new emerging technologies.

US Patriot Act

The PATRIOT Act gives law enforcement the ability to issue national security letters (NSLs) to banks, internet service providers, and credit reporting agencies without a court order.

The NSL gag order prohibits anyone from informing the subject of an NSL letter.

FISA Amendments

Foreign Intelligence Surveillance Amendments Act (2004) - amended FISA to authorize intelligence collecting on 'lone wolves' not affiliated with a terrorist organization.

Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 - -- expanded authority to collect foreign communications without a warrant.

USA Freedom Act (2015)

inspired by Edward Snowden revelations, terminated the bulk collection of metadata.

European Union Data Protection Directive (1995)

Requires all companies doing business inside of European Union countries to implement a set of privacy directives on the fair and appropriate use of information. The directives have six tenets

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is designed to strengthen data protection for individuals within the European Union by addressing the export of personal data.

Organizations that collect data from European Union must abide by the GDPR.

The GDPR replaces the Privacy Shield with more comprehensive rules.

The Freedom of Information Act (FOIA)

grants the right to access certain information and records of federal, state, and local governments.

Two requirements to get an FOIA:

1.The request must not be wide-ranging, unreasonable, or burdensome.

2.The request must be made according to agency procedural.

The Privacy Act (1974)

establishes a code of fair information practices that set rules for data that is kept in the systems of federal agencies.

All agencies that maintain data systems must publicly describe both the kinds of information in it and the manner in which the information will be used.

CIA and law enforcement data are excluded from the Privacy Act.

The First Amendment

protects Americans' rights to freedom of religion, freedom of expression, and freedom to assemble peaceably.

Speech not protected by the Constitution includes perjury, fraud, defamation, obscene speech, incitement of panic, incitement to a crime, 'fighting words,' and sedition.

Obscene speech and defamation are most relevant to information technology.

Communications Decency Act

is part of The Telecommunications Act (1996) that was aimed at protecting children from pornography by imposing $250,000 fines and prison terms for violators.

Much of CDA was ruled unconstitutional by the Supreme Court.

Section 230 of the CDA was ruled constitutional; it provides immunity to Internet service providers that publishes user-generated content as long as its actions do not rise to level as content provider.

Section 230 of the CDA also gives social networking sites, like Twitter and Facebook, protection from the content their users post.

1998 Child Online Protection Act (COPA)

prohibits making of harmful material to minors via the Internet.

Violators faced $50,000 fined and jail time.

Like CDA, much of COPA was rule to be unconstitutional because of the harm it could have on 'protected speech.'

Children's Internet Protection Act (CIPA)

requires federally funded schools and libraries to use filters so minors cannot access harmful material.

Schools must have a policy for monitoring the online activities of minors.

Schools must have a policy addressing access by minors to objectionable material.

Implementing CIPA is more difficult for libraries since users are from all ages.

Digital Millennium Copyright Act (DMCA)

The DCMA limits the liability of an Internet Service Provider (ISP) when users violate copyright law.

When copyright violations occur, an ISP must order the subscriber to takedown

SLAPP Lawsuits

A strategic lawsuit against public participation (SLAPP) is employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest.

John Doe Lawsuit

A John Doe lawsuit type of lawsuit that organizations may file to gain subpoena power to learn the identity of anonymous Internet users who have harmed the organization.

Hate Speech

Hate speech occurs when there is persistent or malicious harassment aimed at a specific person that can be prosecuted under law.

Defamation

Two Types: Libel and Slander. Libel is written, Slander is verbal. Defamation is making either an oral or written statement of alleged fact that is false and that harms another person.

Obscene Speech

Miller v. California is the 1973 Supreme Court case that established a test to determine if material is obscene and not protected by the First Amendment.

Obscenity is decided by three questions:

•Would the average person, applying contemporary community standards, find the work, taken as a whole, appeals to prurient interest (i.e., promote sexual interest).

•Does the work depict, in a patently offensive way, sexual conduct specifically defined by the appliable state law?

•Does the work, taken as a whole, lack serious literacy, artistic, political, or scientific value?

Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)

a law that establishes a set of requirements for SPAM emails to be legal.

Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008

created the position of Intellectual Property Enforcement Coordinator in the Executive Office of the President.

PRO-IP increased copyright and trademark enforcement and increased the penalties for infringement.

The Computer Hacking and Intellectual Property (CHIP) program is a network of prosecutors trained in computer and intellectual property crimes.

The General Agreement on Tariffs and Trade (GATT)

a multilateral agreement between 117 countries governing international trade.

GATT created the World Trade Organization (WTO) to enforce compliance with the agreement.

WTO TRIPS Agreement

The goal of the WTO is to help producers of goods and services, exporters, and importers conduct their business globally.

The WTO developed the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) to established minimal levels of protection that governments must provide to all WTO members.

Many developing nations see TRIPS as favoring wealthier nations.

World Intellectual Property Organization Copyright Treaty (WIPO)

an agency of the United Nations dedicated to 'the use of intellectual property as a means to stimulate innovation and creativity.'

WIPO advocates for the interests of intellectual property owners.

WIPO Copyright Treaty (1996)

ensures that computer programs are protected as literary works and protects material in databases.

Authors are given control over the rental and distribution of their works.

Leahy-Smith America Invents Act

changed U.S. patent system from 'first-to-invent' to a 'first-inventor-to-file" system.

The American Invents Act expanded the definition of prior art to include works outside of the U.S.

Uniform Trade Secrets Act

drafted in the 1970s to bring uniformity to all the United States in the area of trade secret law.

The UTSA defines a trade secret as 'information, including a formula, pattern, compilation, program, device, method, technique, or process that derives independent economic value and is the subject of efforts that are reasonable under the circumstances to maintain in secrecy.

Both hardware and software can qualify for trade secret protection.

Economic Espionage Act (EEA) of 1996

helps law enforcement agencies pursue economic espionage by imposing penalties of up to $10 million and 15 years in prison for the theft of trade secrets.

Prior to EEA, there were no specific criminal penalties for espionage.

Defend Trade Secrets Act of 2016 (DTSA)

amended the Economic Espionage Act to create a federal civil remedy for trade secret misappropriation.

Trade Secret misappropriation includes:

•Disclosure or use of a trade secret without express or implied consent

•Acquisition of a trade secret by anyone with reason to know the trade secret was acquired by theft or bribery, misrepresentation, breach, inducement of breach of duty to maintain secrecy or espionage through electronic means.

DTSA allows for the seizure of property under certain conditions to prevent the dissemination of the misappropriated trade secret.

Article 2 of the Uniform Commercial Code (UCC)

deals with the sale of goods and addresses product liability for manufacturers, sellers, and lessors for injuries caused by defective products.

Strict Liability

Defendant is liable for injuries caused by defective products regardless of negligence or intent.

Negligence

Failure to act with reasonable care

False Claims Act

Encourages reporting fraud against the government, offering financial rewards.

•Qui Tam Provision: Allows private citizens to sue on behalf of the government.

•Penalties: Violators face triple damages and fines.

•Rewards: Whistle-blowers can receive 15-30% of the recovery amount.