How Computer Fraud and Abuse Evolved
Before 1984 there was little that could be done about computer fraud. In 1984 the Counterfeit Access Device and Computer Fraud and Abuse Act was the first legislation on computer fraud. The act made it a misdemeanor to illegally retrieve financial and credit information by computer. Also, the act made it illegal to cause harm to other computer systems. Around this time, what constitutes computer crime was still an ongoing discussion. As a Federal Act, only half of the states passed similar statues. (History of Computer Crime)
The Computer Fraud and Abuse Act can be violated in two ways, either by an outsider trespasses into a computer or by someone ...view middle of the document...
(History of Computer Crime)
The September 11 terrorist attack in 2001 led to the creation of the USA PATRIOT Act. Although it wasn't associated with computer fraud or abuse directly, the act allowed government agencies to intercept and stop terrorism by strengthening the capability to detect malicious computer activities. The Computer Security Institute discovered that security breaches had been reported in 90% of government agencies and in large cooperation’s in 2002. They also discovered that $455 million was loss due to the abuse of computers. (History of Computer Crime)
Prior to the USA PATRIOT Act, The Computer Fraud and Abuse Act contained no distinct definition for a loss. In the case United States v. Middleton, a case argued before the passing of the USA PATRIOT Act. In this case Middleton accessed his former employer’s computer system without authorization and as a result, the company was forced to pay to repair the system. This case defined the definition of a loss as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” (Virus: A Retrospective - Legal Implications)
In 2008, The Computer Fraud and Abuse Act were amended by the Identity Theft Enforcement and Restitution Act. The amendment made causing damage to ten or more computers into a felony. Also it done away with the need for a plaintiff loss to bee more than $5,000 but they still need to show they suffered from a loss or damage. (Computer Fraud and Abuse Act (CFAA))
It’s important for all organizations to protect their information system from computer fraud. Organizations are starting to implement policies or action that will decrease the potential for fraud and any loss as a result. These policies or actions include, improving the detection of fraud, reduce the fraud loses, making it more difficult to commit fraud, and making it less likely...