Many countries, particularly those with economies that have more fully integrated computing
and telecommunications technologies, are struggling to develop laws and rules for
dealing with computer crimes.We will cover selected U.S. federal computer crime laws in
order to provide a sample of these many initiatives; a great deal of detail regarding these
laws is omitted and numerous laws are not covered. This chapter is not intended to provide
a thorough treatment of each of these laws, or to cover any more than the tip of the
iceberg of the many U.S. technology laws. Instead it is meant to raise the importance of
considering these laws in your work and activities as an information security professional.
That in no way means that the rest of the world is allowing attackers to run free and wild.
With just a finite number of pages, we cannot properly cover all legal systems in the world
or all of the relevant laws in the United States. It is important that you spend the time to
fully understand the lawthat is relevant to your specific location and activities in the information
security area.
The following sections survey some of the many U.S. federal computer crime statutes,
including:
• 18 USC 1029: Fraud and Related Activity in Connection with Access Devices
• 18 USC 1030: Fraud and Related Activity in Connection with Computers
• 18 USC 2510 et seq.: Wire and Electronic Communications Interception and
Interception of Oral Communications
• 18 USC 2701 et seq.: Stored Wire and Electronic Communications and
Transactional Records Access
• The Digital Millennium Copyright Act
• The Cyber Security Enhancement Act of 2002
