Law, Investigations, and Ethics

Thou Shalt Not Use a Computer to Harm Other People.

Thou Shalt Not Interfere with Other People’s Computer Work.

Thou Shalt Not Snoop Around in Other People’s Computer Files.

Thou Shalt Not Use a Computer to Steal.

Thou Shalt Not Use a Computer to Bear False Witness.

Thou Shalt Not Copy or Use Proprietary Software for Which You Have Not Paid.

Thou Shalt Not Use Other People’s Computer Resources Without Authorization or Proper Compensation.

Thou Shalt Not Appropriate Other People’s Intellectual Output.

Thou Shalt Think About the Social Consequences of the Program You Are Writing or the System You Are Designing.

Thou Shalt Always Use a Computer in Ways That Ensure Consideration and Respect for Your Fellow Humans.

Dr. Ramon C. Barquin “In Pursuit of a ‘Ten Commandments’ for Computer Ethics”
  • Identify the types and targets of computer crime
    • Military and intelligence attacks: Criminals and intelligence agents illegally obtain classified and sensitive military information and police files.
    • Business attacks: Increasing competition between companies frequently leads to illegal access of proprietary information.
    • Financial attacks: Banks and other financial institutions provide attractive targets for computer criminals, for obvious reasons.
    • Terrorist attacks: The U.S. Department of Homeland Security monitors the level of “chatter” on the Internet, looking for evidence of planned terrorist attacks against computer systems and geographic locations.
    • Grudge attacks: Companies are increasingly wary of disgruntled employees who feel mistreated and exact their revenge using computer systems.
    • Thrill attacks: Unlike grudge attackers who want some kind of revenge, thrill attackers hack computer systems for the fun of it, for bragging rights, or simply for a challenge.
  • Summarize the major types of attacks performed by cybercriminals
    • Denial of service (DoS) attacks
    • Rogue code
    • Software piracy
    • Social engineering
    • Dumpster diving
    • Spoofing of Internet Protocol (IP) addresses
    • Emanation eavesdropping
    • Embezzlement
    • Information warfare
  • Understand the context of the computer in the legal system
    • Administrative law is also referred to as natural justice
    • Civil law
    • Criminal law
    • Regulatory law
  • Appreciate the complexities of intellectual property law
    • legal framework protecting intellectual property. The computer and its Internet connection make the theft of music, video, and software files possible.
    • Inventors rush to patent their ideas to prevent others from using them.
    • The Trademark Act defines a trademark as “any word, name, symbol, or device, or any combination thereof” that the individual intends to use commercially and wants to distinguish as coming from a unique source
    • Trade Secretes – “software intellectual property” – As long as no one but you knows about your idea, it belongs to you
  • Discuss the issues surrounding computer security and privacy rights
    • Notice/Awareness – Websites should tell visitors
    • Choice/consent – Websites should give control to visitors
    • Access/participation – Ability to review, correct, and, in some cases, delete personally-identifying by users information on a particular website
    • Security/integrity – The site must implement policies, procedures, and tools that will prevent unauthorized access
    • 1970 U.S. Fair Credit Reporting Act
    • 1986 U.S. Electronic Communications Act – protect against unauthorized eavesdropping
    • 1987 U.S. Computer Security Act: Security and privacy of sensitive information
    • 1996 U.S. Kennedy-Kassenbaum Health Insurance and Portability Accountability Act (HIPAA) : Protects the confidentiality and portability of personal health care information
    • 2000 National Security Directive 42 (NSD-42): Directive 42 (NSD-42): Established the Committee on National Security Systems (CNSS), which provides guidance on the security of national defense systems
    • 2001 U.S. Patriot Act HR 3162: enhance law enforcement investigatory tools, and for other purposes related to international terrorism
    • 2002 Federal Information Security Management Act: basic statutory requirements for protecting federal computer systems
    • 2010 Fair Debt Collection Practices Act: Addresses unfair or unconscionable means to collect or attempt to collect any debt
  • Articulate the challenges of computer forensics
    • Investigating crimes committed with computers is known as computer forensics
    • Successful litigation frequently depends on obtaining irrefutable computer evidence. Without solid computer evidence, you might not have a case.
    • Your evidence might not be as good as the opposition’s if you are using less sophisticated data detection techniques.
    • Your adversaries do not want you to obtain the data you need.
    • The technology used to create the data you need might have already disappeared. Time is of the essence.
  • Recognize ethical issues related to information security
    • Protect society, the commonwealth, and the infrastructure.
    • Act honorably, honestly, justly, responsibly, and legally.
    • Provide diligent and competent service to principals.
    • Advance and protect the profession.

Code of Fair Information Practices

  • There must be no personal data record-keeping systems whose very existence is secret.
  • There must be a way for an individual to find out what information is in his or her file and how the information is being used.
  • There must be a way for an individual to correct information in his or her records.
  • Any organization creating, maintaining, using, or disseminating records of personally identifiable information must assure the reliability of the data for its intended use and must take precautions to prevent misuse.
  • There must be a way for an individual to prevent personal information obtained for one purpose from being used for another purpose without his or her consent.