I. Underlying Problems
- Theft of Hardware and DataWhen computers were first introduced some thirty years ago, business and government were quick to make use of their enormous potential as an information processing machine. About the same time, a number of enterprising individuals also saw the potential of these machines for personal gain and began to match their wits against them and find ways to use the computer for criminal purposes. The average armed robbery nets about $9,000 and the average computer fraud totals about $450,000. This is a high yield, low risk crime.
One area of computer crime is the theft of hardware and software. The outright theft of hardware and software is often reported and identified as the prime motive for a crime. For example, in one recent case over $300,000 worth of computer equipment was stolen using phony invoices. In some instances only parts of the computer are targeted. A number of DEC computer installations were recently hit by a rash of break-ins that result in the theft of VAX printed circuit boards. One haul consisted of 22 boards worth about $450,000.
- Fraud: The computer can create a unique environment in which unauthorized activities can occur. Crimes in this category have many traditional names including theft, fraud, embezzlement, extortion, etc. Computer related fraud includes the introduction of fraudulent records into a computer system, theft of money by electronic means, theft of financial instruments, theft of services, and theft of valuable data.
- Physical Abuse: The computer can be the object of attack in computer crimes such as the unauthorized use of computer facilities, alternation or destruction of information, data file sabotage and vandalism against a computer system. Computers have been shot, stabbed, short-circuited and bombed.
- Misuse of Information and Privacy Issues: Computers can be used symbolically to intimidate, deceive or defraud victims. Attorneys, government agencies and businesses increasingly use mounds of computer generated data quite legally to confound their audiences. Criminals also find useful phony invoices, bills and checks generated by the computer. The computer lends an ideal cloak for carrying out criminal acts by imparting a clean quality to the crime.
The computer has made the invasion of our privacy a great deal easier and potentially more dangerous than before the advent of the computer. A wide range of data are collected and stored in computerized files related to individuals. These files hold banking information, credit information, organizational fund raising, opinion polls, shop at home services, driver license data, arrest records and medical records. The potential threats to privacy include the improper commercial use of computerized data, breaches of confidentiality by releasing confidential data to third parties, and the release of records to governmental agencies for investigative purposes.
The basic law that protects our privacy is the Fourth Amendment to the United States Constitution, which mandates that people have a right to be secure in homes and against unreasonable search and seizure. In addition, many laws have been enacted to protect the individual from having damaging information stored in computerized databases.
- Issues of Adjudication and Regulation: Traditionally, prosecutors face a great deal of uncertainty when they attempted to use existing criminal statutes to prosecute offenses. Within the last few years, this has changed with the addition of computer crime statutes to many state and federal codes.
Computer crime laws can be seen as a generalized reaction to many types of computer crime. The goal of these laws is to define that acts will be punished, in the hopes that this will deter computer crime. Some of these acts include trespassing into a computerized system, the invasion of privacy of an individual, theft of money, service, data or programs from a computerized system, and data alteration or destruction. Computer laws also prevent or deter computer related fraud and the misuse of computerized information.
That is to say, the law provides compensation for injuries and, hopefully, deters wrongdoers by the smooth and efficient operation of the legal system. Generally, the law does not provide a remedy if no injury has occurred; it as a shield through its deterrent effect and not in a proactive manner. Where it is vital that the injury does not occur, then the physical and environmental controls described elsewhere in this text must be used as additional barriers against the wrongdoer. On the other hand, after a wrongdoer has compromised the physical or environmental security arrangements, the law is frequently the only tool available to the information security specialist to minimize the injury already done and to deter, as far as is possible, future wrong doing.