Information Security & US & Life & Love & Fashion & Hacking & Passion

In good times and bad, Skadden's lawyers make money on upheavals in global capitalism.

Overview of U.S. Federal Laws

Although some hackers might have the benefit of bouncing around the globe from system to system, your work will likely occur within the confines of the host nation. The United States and some other countries have instigated strict laws to deal with hackers and hacking. During the past five years, the U.S. federal government has taken an active role in dealing with computer, Internet, privacy, corporate threats, vulnerabilities, and exploits. These are laws you should be aware of and not become entangled in. Hacking is covered under law Title 18: Crimes and Criminal Procedure: Part 1: Crimes: Chapter 47: Fraud and False Statements: Section 1029 and 1030. Each are described here:

• Section 1029— Fraud and related activity with access devices. This law gives the U.S. federal government the power to prosecute hackers that knowingly and with intent to defraud, produce, use, or traffic in one or more counterfeit access devices. Access devices can be an application or hardware that is created specifically to generate any type of access credentials, including passwords, credit card numbers, long distance telephone service access codes, PINs, and so on for the purpose of unauthorized access.

  The Evolution of Hacking Laws In 1985, hacking was still in its infancy in England. Because of the lack of hacking laws, some British hackers felt there was no way they could be prosecuted. Triludan the Warrior was one of these individuals. Besides breaking into the British Telecom system, he also broke an admin password for Prestel. Prestel was a dialup service that provided online services, shopping, email, sports, and weather. One user of Prestel was His Royal Highness, Prince Phillip. Triludan broke into the Prince's mailbox along with various other activities, such as leaving the Prestel system admin messages and taunts. Triludan the Warrior was caught on April 10, 1985, and was charged with five counts of forgery, as no hacking laws existed. After several years and a 3.5 million dollar legal battle, Triludan was eventually acquitted. Others were not so lucky because in 1990, Parliament passed The Computer Misuse Act, which made hacking attempts punishable by up to five years in jail. Today, the UK, along with most of the Western world, has extensive laws against hacking.

  
  

• Section 1030— Fraud and related activity in connection with computers. The law covers just about any computer or device connected to a network or Internet. It mandates penalties for anyone who accesses a computer in an unauthorized manner or exceeds one's access rights. This a powerful law because companies can use it to prosecute employees when they use the rights the companies have given them to carry out fraudulent activities.

The federal punishment described in Sections 1029 and 1030 for hacking into computers ranges from a fine or imprisonment for no more than one year. It might also include a fine and imprisonment for no more than twenty years. This wide range of punishment depends on the seriousness of the criminal activity and what damage the hacker has done. Other federal laws that address hacking include

• Electronic Communication Privacy Act— Mandates provisions for access, use, disclosure, interception, and privacy protections of electronic communications. The law encompasses USC Sections 2510 and 2701. According to the U.S. Code, electronic communications "means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic, or photo optical system that affects interstate or foreign commerce." This law makes it illegal for individuals to capture communication in transit or in storage. Although these laws were originally developed to secure voice communications, it now covers email and electronic communication.

• Computer Fraud and Abuse Act of 1984— The Computer Fraud and Abuse Act (CFAA) of 1984 protects certain types of information that the government maintains as sensitive. The Act defines the term "classified computer," and imposes punishment for unauthorized or misused access into one of these protected computers or systems. The Act also mandates fines and jail time for those who commit specific computer-related actions, such as trafficking in passwords or extortion by threatening a computer. In 1992, Congress amended the CFAA to include malicious code, which was not included in the original Act.

• The Cyber Security Enhancement Act of 2002— This Act mandates that hackers who carry out certain computer crimes might now get life sentences in jail if the crime could result in another's bodily harm or possible death. This means that if hackers disrupt a 911 system, they could spend the rest of their days in jail.

• The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001— Originally passed because of the World Trade Center attack on September 11, 2001. Strengthens computer crime laws and has been the subject of some controversy. This Act gives the U.S. government extreme latitude in pursuing criminals. The Act permits the U.S. government to monitor hackers without a warrant and perform sneak and peek searches.

• The Federal Information Security Management Act (FISMA)— Signed into law in 2002 as part of the E-Government Act of 2002, replacing the Government Information Security Reform Act (GISRA). FISMA was enacted to address the information security requirements for non-national security government agencies. FISMA provides a statutory framework for securing government owned and operated IT infrastructures and assets.

• Federal Sentencing Guidelines of 1991— Provide guidelines to judges so that sentences would be handed down in a more uniform manner.

• Economic Espionage Act of 1996— Defines strict penalties for those accused of espionage.

• U.S. Child Pornography Prevention Act of 1996— Enacted to combat and reduce the use of computer technology to produce and distribute pornography.

• U.S. Health Insurance Portability and Accountability Act (HIPPA)— Established privacy and security regulations for the health care industry.

Harvard professor hopes to torpedo the music industry's lawsuits against online song-swappers BOSTON (AP) -- The music industry's courtroom campaign against people who share songs online is coming under counterattack.A Harvard Law School professor has launched a constitutional assault against a federal copyright law at the heart of the industry's aggressive strategy, which has wrung payments from thousands of song-swappers since 2003

The professor, Charles Nesson, has come to the defense of a Boston University graduate student targeted in one of the music industry's lawsuits. By taking on the case, Nesson hopes to challenge the basis for the suit, and all others like it.

Nesson argues that the Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 is unconstitutional because it effectively lets a private group -- the Recording Industry Association of America, or RIAA -- carry out civil enforcement of a criminal law. He also says the music industry group abused the legal process by brandishing the prospects of lengthy and costly lawsuits in an effort to intimidate people into settling cases out of court.

Nesson, the founder of Harvard's Berkman Center for Internet and Society, said in an interview that his goal is to "turn the courts away from allowing themselves to be used like a low-grade collection agency."

Nesson is best known for defending the man who leaked the Pentagon Papers and for consulting on the case against chemical companies that was depicted in the film "A Civil Action." His challenge against the music labels, made in U.S. District Court in Boston, is one of the most determined attempts to derail the industry's flurry of litigation.

The initiative has generated more than 30,000 complaints against people accused of sharing songs online. Only one case has gone to trial; nearly everyone else settled out of court to avoid damages and limit the attorney fees and legal costs that escalate over time.

Nesson intervened after a federal judge in Boston asked his office to represent Joel Tenenbaum, who was among dozens of people who appeared in court in RIAA cases without legal help.

The 24-year-old Tenenbaum is a graduate student accused by the RIAA of downloading at least seven songs and making 816 music files available for distribution on the Kazaa file-sharing network in 2004. He offered to settle the case for $500, but music companies rejected that, demanding $12,000.

The Digital Theft Deterrence Act, the law at issue in the case, sets damages of $750 to $30,000 for each infringement, and as much as $150,000 for a willful violation. That means Tenenbaum could be forced to pay $1 million if it is determined that his alleged actions were willful.

The music industry group isn't conceding any ground to Nesson and Tenenbaum. The RIAA has said in court documents that its efforts to enforce the copyright law is protected under the First Amendment right to petition the courts for redress of grievances. Tenenbaum also failed, the music group noted, to notify the U.S. Attorney General that that he wanted to contest the law's constitutional status.

Cara Duckworth, a spokeswoman for the RIAA, said her group's pursuit of people suspected of music piracy is a fair response to the industry's multibillion-dollar losses since peer-to-peer networks began making it easy for people to share massive numbers of songs online.

"What should be clear is that illegally downloading and distributing music comes with many risks and is not an anonymous activity," Duckworth said.

Still, wider questions persist on whether the underlying copyright law is constitutional, said Ray Beckerman, a Forest Hills, N.Y.-based attorney who has represented other downloading defendants and runs a blog tracking the most prominent cases.

One federal judge has held that the constitutional question is "a serious argument," Beckerman said. "There are two law review articles that have said that it is unconstitutional, and there are three cases that said that it might be unconstitutional."

In September, a federal judge granted a new trial to a Minnesota woman who had been ordered to pay $220,000 for pirating 24 songs. In that ruling, U.S. District Judge Michael J. Davis called on Congress to change copyright laws to prevent excessive awards in similar cases. He wrote that he didn't discount the industry's claim that illegal downloading has hurt the recording business, but called the award "wholly disproportionate" to the industry's losses.

In the Boston case, Nesson is due to meet attorneys for the music industry for a pretrial conference on Tuesday, ahead of a trial set for Dec. 1.

Entertainment attorney Jay Cooper, who specializes in music and copyright issues at Los Angeles-based Greenberg Traurig, is convinced that Nesson will not persuade the federal court to strike down the copyright law. He said the statutory damages it awards enable recording companies to get compensation in cases where it is difficult to prove actual damages.

The record companies have echoed that line of defense. In court filings in Tenenbaum's case, they contend that the damages allowed by the law are "intended not only to compensate the copyright owner, but also to punish the infringer (and) deter other potential infringers."

But are these lawsuits the only way the record industry could deter piracy? Nesson believes the industry could develop new ways to prevent copyright material from being shared illegally. One idea would be to bundle music with ads and post it for free online, he says.

Sir Isaac Newton's third law of motion states that "for every action there is an equal and opposite reaction." The incoming Obama administration should keep this natural law in mind when considering the endless stream of ideas and programs that policymakers, pundits and bureaucrats will be putting in front of it over the next few months.

The government has already dipped deep into its toolkit. The Federal Reserve has lent money to investment banks, financed mergers and acquisitions and backstopped the commercial paper market. The Treasury Department seized Fannie Mae (nyse: FNM - news - people ) and Freddie Mac (nyse: FRE - news - people ), is guaranteeing money-market funds and then forced private banks to accept the taxpayer as a shareholder via purchases of preferred shares.

All of these policies will have consequences that have yet to fully materialize, as will any other policies that the government adopts. And some of these unintended consequences could harm the economy.

Take, for example, the extension of unemployment benefits enacted in June. Normally, jobless benefits are available for 26 weeks. The extension, which will last temporarily through early next year, added another 13 weeks. Following this, between June and October--in only four months--the unemployment rate has risen from 5.5% to 6.5%, a full percentage point.

What's odd about the jump in the jobless rate is that it has been accompanied by an unusual increase in the number of people who say they are looking for work. Normally, when the unemployment rate leaps upward we see a decline in the share of the population either working or looking for work (what economists call the participation rate). Not this time.

In order to receive unemployment benefits, a person must be looking for work, so the extension of benefits is artificially coaxing many people who would no longer be in the workforce at all to say they are still looking for work, just so they can continue to collect benefits. The unintended consequence is that the unemployment rate is boosted further and more quickly than normal in a recession, making it more likely that policymakers further extend benefits, escalating the deficit and pushing up future tax payments.

The aggressive Fed rate cuts in late 2007 and early 2008--well before the recent risk-aversion hysteria set in--also resulted in unintended consequences. Lower base rates for floating-rate loans have hurt community bank income streams. This has hurt some financial institutions instead of helping them. There are always two sides to the interest-rate coin. Someone pays and someone receives. For some reason, many only think of the borrower and not the lender.

Another example of unintended consequences is the new ability of the Fed to pay interest on bank reserves, a policy it has long wanted to implement to give it more accurate control over monetary policy. Regardless of how much sense this policy may make over the long term, it may be undermining the growth of bank lending right now. Excess reserves by deposit-taking banks typically hover at about $2 billion. In October, these excess reserves were at $268 billion. So with one hand the government is injecting capital into banks to boost lending, but with the other it is enticing banks to hold extra cash as reserves.

As policymakers mull concerns like a bailout of U.S. automakers, they need to be clear that no matter their goals, there will be ramifications across many economic and financial dimensions they cannot possibly anticipate.