In 1977 Senator Abraham Ribikoff was the Chairman of the U.S. Senates Government Operations Committee. His committee is credited with drafting the first comprehensive proposal on computer crime in the United States; and, later that year Senator Ribikoff introduced legislation to congress referred to as the Ribikoff Bill 1. This Bill was the first Federal computer crime legislation in the U.S. that specifically prohibited unauthorized use of computers; the Bill, while not adopted, raised awareness in Congress to the potential problems unauthorized computer usage could cause. Since 1977 Congress (and all fifty states) passed computer laws, these new laws make a number of computer activities illegal. Congress, in 1984 adopted 18 USC 1030 The Computer Fraud and Abuse Act commonly referred to as CFAA. Congressional efforts to keep up with technology and cyber crime have seen the CFAA amended many times since 1984 (1986, 2001, 2004 and 2006) 2. Nowadays the CFAA makes activities intended to access restricted or classified information maintained on computers in financial institutions; credit card companies; consumer reporting agencies; any department or agency of the U.S Government; or, any protected computer, a crime.
You may or may not agree with me, but I relate crime to gangsters and outlaws, terrorists, spies or assassins; even so, take a moment and consider this: accessing a computer is the fundamental step for anything we do through a computer; so we shouldnt be too surprised to learn Unauthorized Access is becoming the base offense in the field of computer crime. The CFAA potentially criminalizes behavior like using a co-workers computer, using your laptop to connect to a wireless computer network, or transmitting an e-mail from your computer. Interestingly as you read through the CFAA nowhere does it define "access. The dictionary provides us with a general definition, to "gain access to, or exercise the "freedom or ability to . . . make use of" something. In other words, when you connect to a wireless computer network, regardless of where it is or who it belongs to, you would be accessing" bandwidth; or, when you send an e-mail message from your computer, and the message is transmitted to another computer or through a number of other computers until it reaches its destination, your are making use of all of those computers, and would therefore be "accessing" them; using a co-workers computer, even when permitted by the co-worker, is an access issue that becomes more complicated when company policy prohibits the use of any computers not assigned to you.
Any of that sound familiar? How many times have we used someone elses computer, or connected to a hotels wireless system. Think about it, then think about the guy in Sparta Michigan. Each day around noontime he would drive to the Union Street Coffee Shop, park just outside and without entering the cafe, connect to the internet using the shops unsecured wireless network. He would download his e-mails and surf the net. He was charged with unauthorized use of computer access (the shops WiFi System), a felony. He later pled guilty to a misdemeanor, was fined, ordered to perform community service and enroll in a diversion program 3. He could have gone to jail. Use common sense folks, casual access can lead to serious criminal charges, become a huge embarrassment, and cost you money and time. All this guy had to do was go inside, buy a cup of coffee, or just sit at a table, enjoy the ambiance and use their wireless system like everyone else in the cafe.
Did you ever wonder what kind of problems the wireless system you installed at home could create? Ask yourself is my wireless system secured or unsecured? If you dont know you better find out! Unsecured wireless systems can be used by anyone to gain access to the internet. Someone could, like the guy in Michigan, sit outside your home and use your unsecured wireless signal to access the internet and commit a crime. Adding insult to injury, Attorneys and victims are beginning to fight back not against the unauthorized user, but against the homeowner! It appears victims now have a cause-of-action against the owner of the unsecured wireless system used as the access point to commit a crime; the cause-of-action is negligence. Dont be twice a victim (hacker and a lawsuit), take steps to ensure your home wireless system is secure so you can continue to enjoy wireless flexibility safely within your home.
The information we handle everyday is also a source of potential problems. Several years ago, a young woman in Sacramento 4 working in a local financial institution, had access to confidential customer account information maintained on the institutions computer. She willingly provided this information to a girl friend that just started a Real Estate Business. Unknown to the young woman, her friend provided some of the confidential information to someone who just happened to be part of an identity theft scheme. Imposters used the customers account information to steal their identity and conduct transactions at the institution. The imposters were caught and prosecuted. The young woman was convicted of unauthorized access, a felony and sentenced to 36 months probation. Dont let yourself get schmoozed, cajoled or conned by friends or relatives into providing them with confidential information.
Sending e-mails is also a starting place for potential problems. Recently an older fellow in Connecticut retired and began working in a financial institution regulated by his former employer. One of his new responsibilities was to develop financial and operational programs designed to assist managers and staffs in small financial institutions. He loaded and personalized a software-program onto his work laptop. The program provided form and function while assisting the analysis process; this program was also used by his former employer and was capable of creating an e-mail request for financial information from his former employer. The guy created the request and addressed the e-mail to his former employers public access web site. When received at the web site, the e-mail was electronically read, redirected by the web site to another system of his former employer. The request was again electronically read and a new electronic e-mail response was created with the requested information attached. The new e-mail response was then returned to his e-mail address at the institution where he was working. Upon receipt he loaded this information into the software program on his laptop. This information received assisted the analysis process for institutions that contracted his employers services. After about a year, his former employer transitioned to a new software-program and created a list of those still requesting data from the software no longer in use. His name came up on the list; many knew him and knew he retired. The former employer referred the case to the FBI and US Attorney. The guy pled guilty to one count of unauthorized access and was sentenced to 2 years probation, a $4,000 fine and 50 hours of community service. Dont fool yourself into believing what you're doing is for the good of the people youre helping, youre only fooling yourself. Take the time to reinvent the wheel.
What am I getting at here? Simply this, please use common sense while youre working with computers, managing sensitive information in computer data bases, sending e-mail requests for information or accessing networks; hey, ignorance of the law is not an excuse. So whether youre at home or at work, here are some simple suggestions to follow while computering around:
Above all, while working with or around computers and or wireless systems, if it does't seem right to do, don't do it; you could accidentally be committing a felony.
1 Bill S. 1766 (95th Congress) "Federal Computer Systems Act of 1977"
2 U.S. Code Classification Tables
3 June 18, 2007 Wood TV8, Grand Rapids Michigan
4 US Department of Justice, Eastern District of California, November 30, 2001
Ray Lindeman sent an e-mail and was charged with unauthorized access; if you or someone you know had similar experiences and would like to share the story, you can contact him through this site.
Got something to add? Send me email.
More Articles by Ray Lindeman © 2009-12-06 Ray Lindeman