1 00:00:00,005 --> 00:00:02,001 - [Instructor] While most of the laws related 2 00:00:02,001 --> 00:00:04,008 to information security fall into the categories 3 00:00:04,008 --> 00:00:07,001 of civil and administrative law, 4 00:00:07,001 --> 00:00:10,004 occasionally, we cross paths with criminal law. 5 00:00:10,004 --> 00:00:13,009 Cases of information theft, system intrusion, 6 00:00:13,009 --> 00:00:18,002 identity theft, and other crimes are harmful to society 7 00:00:18,002 --> 00:00:21,000 and may trigger criminal sanctions. 8 00:00:21,000 --> 00:00:24,006 The Computer Fraud and Abuse Act, or CFAA, 9 00:00:24,006 --> 00:00:27,009 is a criminal law that makes it a federal offense 10 00:00:27,009 --> 00:00:31,002 to engage in many types of hacking activity. 11 00:00:31,002 --> 00:00:35,008 Specifically, the CFAA prohibits unauthorized access 12 00:00:35,008 --> 00:00:38,005 to any computer system that is engaged 13 00:00:38,005 --> 00:00:41,008 in interstate commerce, and that basically applies 14 00:00:41,008 --> 00:00:44,007 to any computer system that exists. 15 00:00:44,007 --> 00:00:48,008 CFAA also prohibits the creation of malicious code 16 00:00:48,008 --> 00:00:52,002 that might cause damage to a protected computer system. 17 00:00:52,002 --> 00:00:54,006 There are many nuances to this law, 18 00:00:54,006 --> 00:00:56,008 but the bottom line is that CFAA 19 00:00:56,008 --> 00:00:59,002 makes hacking a criminal offense, 20 00:00:59,002 --> 00:01:02,004 punishable by fine and/or imprisonment. 21 00:01:02,004 --> 00:01:06,006 The Electronic Communications Privacy Act, or ECPA, 22 00:01:06,006 --> 00:01:08,005 restricts the government interception 23 00:01:08,005 --> 00:01:11,005 of communications and stored information. 24 00:01:11,005 --> 00:01:13,005 That includes telephone calls, 25 00:01:13,005 --> 00:01:16,006 network transmissions, email messages, 26 00:01:16,006 --> 00:01:20,004 and pen registers that log records of communications. 27 00:01:20,004 --> 00:01:22,006 Under the ECPA, the government 28 00:01:22,006 --> 00:01:24,005 must meet stringent requirements 29 00:01:24,005 --> 00:01:26,002 before receiving a search warrant 30 00:01:26,002 --> 00:01:28,006 for electronic communications. 31 00:01:28,006 --> 00:01:31,005 The Identity Theft and Assumption Deterrence Act 32 00:01:31,005 --> 00:01:35,005 makes it a federal crime to steal an individual's identity. 33 00:01:35,005 --> 00:01:39,003 This includes using or possessing false identification 34 00:01:39,003 --> 00:01:42,000 and transferring or using identity information 35 00:01:42,000 --> 00:01:45,005 without consent with the intent of committing fraud. 36 00:01:45,005 --> 00:01:47,004 Violations of the Identify Theft 37 00:01:47,004 --> 00:01:49,008 and Assumption Deterrence Act are punishable 38 00:01:49,008 --> 00:01:54,008 by 15 years of imprisonment and a fine of up to $250,000.