Computer Forensics Chapter 7 Quiz

Questions and Answers

The primary federal law enforcement provisions relating to cybercrime exist under Title 18.

True

A federal law relating to cybercrime does not include terrorism or espionage.

False

Smaller law enforcement agencies often rely on state and federal agencies due to a lack of resources.

True

Legislative action regarding computer crime has been rapidly progressing.

False

Access device fraud is a traditional statute applied to cybercrime.

True

The Computer Fraud and Abuse Act of 1986 was initially effective and specifically focused on computer hacking.

False

Title 17 addresses issues related to Copyright Infringement.

True

The Computer Fraud and Abuse Act of 1986 was later expanded to include all financial records.

True

Kevin Mitnick is known for stealing programs valued at more than $1 million from Digital Equipment Corporation.

True

The original version of the Computer Fraud and Abuse Act was never successfully prosecuted.

False

It is now a crime to possess another's identifying information without lawful authority.

True

The Identity Theft and Assumption Deterrence Act was enacted in 2000.

False

Identifying information includes an individual's fingerprint.

True

Restitution and attorney's fees are not provided for under the ITADA.

False

The Federal Trade Commission (FTC) is designated as the repository for consumer complaints under ITADA.

True

A passport number is not considered identifying information under the ITADA.

False

The intent to commit unlawful activity is not necessary for the unauthorized use of another's means of identification.

False

The National Information Infrastructure Act of 1996 focused exclusively on commercial computers.

False

The National Information Infrastructure Act of 1996 included provisions for transmitting classified government information.

True

The Protection of Children against Sexual Exploitation Act was established in 1984.

False

In New York v. Ferber (1982), child pornography was deemed protected under the First Amendment.

False

The Child Pornography Protection Act was enacted in 1996 and included virtual images of children.

True

The Child Protection & Obscenity Act (1988) was broader than its predecessor, the Child Protection Act (1984).

False

The National Information Infrastructure Act of 1996 dealt solely with Cyber Crime.

False

The U.S. Supreme Court struck down the CPPA in Ashcroft v. Free Speech Coalition.

True

Which challenge do law enforcement administrators face due to smaller agencies lacking resources?

Overreliance on state and federal agencies

Which traditional statute would most likely apply to someone committing illegal wiretapping?

Access Device Fraud

Which of the following is NOT listed as a primary federal law enforcement provision relating to cybercrime under Title 18?

Cyberbullying

What is a significant issue with the pace of legislative action concerning cybercrime?

It is often reactive rather than proactive.

Which of the following types of crimes does NOT fall under the federal law enforcement provisions for cybercrime?

Vandalism

What kind of offenses did the National Information Infrastructure Act of 1996 expand to include?

Hacking and malicious programming

Which legislation was a response to the inadequacies found in the original child pornography laws?

Child Pornography Protection Act (1996)

In which Supreme Court case was the Child Pornography Protection Act struck down?

Ashcroft v. Free Speech Coalition

What aspect did the National Information Infrastructure Act of 1996 specifically address in terms of computer offenses?

Accidental intrusions and their implications

What was one of the main focuses of the Computer Fraud and Abuse Act of 1986?

Addressing deliberate intrusions and access to computers

What constitutes unlawful use of identifying information under the Identity Theft and Assumption Deterrence Act of 1998 (ITADA)?

Knowingly using another's means of identification to help a crime

Which of the following items is NOT considered identifying information as per the ITADA?

Bank account number

What does the ITADA provide victims aside from criminal penalties for identity theft?

Restitution and attorney's fees

Who is designated as the central agency for consumer complaints regarding identity theft?

Federal Trade Commission (FTC)

Which of the following best defines 'identifying information' in the context of the ITADA?

Specific data that uniquely identifies an individual, including biometric data

What specific action is considered a violation under the ITADA?

All of the above

Which of the following is an example of unique biometric data as defined in the ITADA?

Voice print

What is a significant provision of the PROTECT Act regarding repeat child sex offenders?

Mandatory life penalty

Which of the following was NOT a measure introduced by the PROTECT Act?

Establishing a child registry database

What change did the PROTECT Act make regarding statues of limitation for child abduction and abuse?

Ended statues of limitation

How does the PROTECT Act address computer-generated child pornography?

Forbids it outright

What standard does the PROTECT Act apply to artistic representations involving minors?

The Miller standard of obscenity

What penalty can U.S. citizens or residents face for engaging in illicit sexual conduct abroad under the provisions of the PROTECT Act?

Imprisonment of up to 30 years

Which of the following reflects a limitation imposed by the PROTECT Act regarding persons charged under it?

Prohibition of pretrial release

What provision allows for quicker action in missing persons cases for young adults as per the PROTECT Act?

No more waiting periods for 18-21-year-olds

Legislative action regarding cybercrime has historically been characterized by a slow pace.

True

A primary federal law enforcement provision relating to cybercrime does not include child exploitation.

False

Smaller law enforcement agencies often have sufficient resources to effectively handle cybercrime on their own.

False

The National Information Infrastructure Act of 1996 included provisions for protecting commercial computers only.

False

RICO is a traditional statute that applies to cybercrimes.

True

The Computer Fraud and Abuse Act of 1986 originally focused on unauthorized access to any computer.

False

Kevin Mitnick is notably recognized for the theft of programs valued over $1 million from Digital Equipment Corporation.

True

The Counterfeit Access Device and Computer Fraud & Abuse Act was deemed effective from its inception.

False

The Computer Fraud and Abuse Act was modified to include unintentional intrusions after its initial enactment.

False

The Computer Fraud and Abuse Act was expanded to cover all types of communication and commerce-related computers.

True

The Identity Theft Enforcement and Restitution Act of 2008 expanded consequences for identity theft.

True

The Drivers Privacy Protection Act allows for the unrestricted use of Social Security numbers from motor vehicle records.

False

The President's Working Group on Unlawful Conduct on the Internet evaluates the sufficiency of existing federal laws.

True

The approach to regulating Internet criminal activity is only focused on punitive measures without addressing special needs and challenges.

False

Health organizations are permitted to disclose Social Security numbers freely according to the Health Insurance Portability & Accountability Act.

False

Efforts to protect personal information include empowering tools to minimize risks associated with unlawful activities.

True

Interagency cooperation is not emphasized in the efforts to combat internet crime.

False

It is illegal to knowingly use another person's identification without lawful authority in the context of federal law.

True

Unique biometric data does not include fingerprints or voice prints according to the ITADA.

False

The ITADA allows for victims of identity theft to receive restitution and attorney's fees.

True

An individual’s date of birth is classified as identifying information under the ITADA.

True

The Federal Trade Commission (FTC) serves as a repository for identity theft consumer complaints.

True

According to ITADA, email addresses are considered unique electronic identification numbers.

False

Possession of another person’s identifying information is not a crime under any circumstances.

False

An alien registration number is a type of identifying information as outlined in the ITADA.

True

Which challenges do law enforcement administrators encounter due to the reliance on state and federal agencies?

Overburdening of state agencies

Which of the following crimes is specifically mentioned as being included under the primary federal law enforcement provisions for cybercrime?

Terrorism

What does the Safeguards Rule require financial institutions to implement?

Security plans to protect personal information

What is one significant issue that impacts the legislative action concerning computer crime?

Pace of legislative action is slow

Which provision of FACTA addresses the issue of dumpster-diving?

Truncation of credit/debit account numbers

Which traditional statute most directly addresses cyber related schemes like forgery?

Access Device Fraud

Under FACTA, what must card issuers investigate?

Change of address requests and requests for new cards

Which of the following traditional statutes is aimed at combating crimes related to electronic extortion?

Extortion Act

Which of the following is a requirement for consumer reporting agencies as mandated by FACTA?

They must keep medical and financial records separate

What legal action is available when violations occur according to FACTA provisions?

Civil action against offending parties

Which of the following actions is a primary goal of the Terrorism Information Awareness Program (TIA)?

Forecasting future terrorist activities through data mining

What is the primary function of the Dragonware software suite in law enforcement operations?

To reconstruct the web-surfing trail of suspects

Which of the following components is NOT typically included in data mining processes for identifying potential threats?

Profiling geographic locations of crimes

What technology is utilized by the Cyber Knight project to assist in investigations?

Magic Lantern key logger

Which initiative is designed to discuss potential threats and integrate local leaders with law enforcement?

Infragard

What mandatory penalty does the PROTECT Act impose on repeat child sex offenders?

Mandatory life penalty

Which of the following provisions was NOT introduced by the PROTECT Act?

Extended statutes of limitations for child abuse

What legal standard does the PROTECT Act apply to depictions of minors in obscene situations?

The Miller standard of obscenity

What type of conduct does the PROTECT Act explicitly prohibit?

Creation of computer-generated child pornography

What is the maximum potential prison term for U.S. citizens or residents engaging in illicit sexual conduct abroad under the PROTECT Act?

30 years

Study Notes

Computer Forensics and Cyber Crime

• Computer forensics and cybercrime: Introduction, Chapter 7, Avenues for Prosecution and Government Efforts
• Learning Objectives: Knowledge of traditional computer crime statutes, recent federal legislation, investigative tools used by the government, data mining, and international efforts to solve computer crime
• Introduction: Law enforcement administrators face challenges like smaller agencies with limited resources, leading to dependence on state and federal agencies, and historically low interest in non-violent crimes and slow legislative action in dealing with such crimes.

Traditional Statutes

• Primary federal law provisions relating to cybercrime exists under Title 18
• Examples of crimes: Fraud, Embezzlement, Terrorism or Espionage, Child Seduction & Exploitation, Stalking, Kidnapping (The Hobbs Act), Forgery and Counterfeiting, Extortion, RICO, Access Device Fraud, and Illegal Wiretapping
• Supplemental federal criminal law relating to cybercrime include Title 15 (Credit card Fraud and Software Piracy) and Title 17 (Copyright Infringement)

The Evolution of Computer-Specific Statutes

• Computer Fraud and Abuse Act of 1986 (CFAA): An initial version focused on unauthorized access to computers, but it was considered ineffective due to vagueness.
• Later expansions of the CFAA applied it to computers used in commerce and communication, extended it to all financial records, and the act now applies the law to intentional intrusions, not just inadvertent ones.
• Subsequent successful prosecutions (examples like Kevin Mitnick, Shadowhawk, and Robert Morris)
• National Information Infrastructure Act of 1996 (NIIPA): This focused on loopholes in the CFAA, addressing issues like accidental intrusions, computer-related offenses where computer data wasn't the primary target, and offenses on computers not involved in commerce but connected to the internet.
• Expanded scope of the CFAA to include actions like transmitting classified government information, obtaining information from financial institutions and government, and affecting government use of computers and agency non-public computers. It also added hacking and malicious programming that may include unintentional damages. Other additions are trafficking in passwords and extortion.

Evolving Child Pornography Statutes

• Efforts to ban child pornography use piecemeal legislation like the Protection of Children against Sexual Exploitation Act (1977), and Supreme Court rulings. Various additions and amendments occurred based on the cases like New York v. Ferber (1982) which determined child pornography is not protected by the first amendment.
• Subsequent actions by Congress to create the Child Protection Act (1984), and later the Child Protection & Obscenity Act (1988), but most were limited to obscene material. Amendments like the Child Pornography Protection Act (CPPA) (1996) was expanded into virtual images of children including altered images. However, these actions have been significantly challenged.
• The PROTECT Act addressed issues like mandatory life penalties for repeat offenders, criminal history/background checks for organizations that work with children, and electronic eavesdropping. Additional actions included prohibiting pretrial releases, ended statutes of limitation on the abduction and abuse of children, appointed a National AMBER Alert Coordinator, and limited waiting periods for missing persons cases. Further actions include application of the Miller standard of obscenity and sentencing enhancements for possession and distribution of child pornography.

Identity Theft and Financial Privacy Statutes

• Identity Theft and Assumption Deterrence Act of 1998 (ITADA): Made it a crime to possess another's identifying information that could be used to commit unlawful actions. It addressed issues like transferring or using a means of identification without lawful authority
• ITADA encompasses identifying information including name, Social Security number, date of birth, official government-issued driver's license or identification number, Alien registration number, Passport number, Employer or taxpayer identification number, unique biometric data (like fingerprints, voice print or retina/iris images), electronic identification numbers or routing codes, telecommunication identifying information, and access devices.
• The Financial Modernization Act of 1999: Established guidelines for financial institutions to disclose privacy practices (like opt-out of disclosure for some personal information) and for businesses to devise security bans to protect that information. These actions also addressed various situations relating to financial information being used to obtain personal information using false pretenses or pretexting.
• Fair and Accurate Credit Transactions Act of 2003 (FACTA): Included free credit reports, fraud alerts, and truncation of numbers (to prevent dumpster diving) for credit/debit and social security numbers and one call fraud alerts. It also instituted enhanced victim resolution processes for reporting and resolving the damage to victims, as well as mandates from the government relating to notification to investigate, change of address requests, fraud, and financial reporting of consumers.
• The Identity Theft Penalty Enhancement Act of 2004 and Identity Theft Enforcement and Restitution Act of 2008: Expanded penalties for identity theft, including mandatory sentences, Expanded consequences of identity theft.

Additional Efforts to Protect Personal Information

• Drivers Privacy Protection Act: Prohibits the use of social security numbers and other personal information from a motor vehicle record in situations that are not specifically permitted by law.
• Health Insurance Portability & Accountability Act: Restricts health care organizations from disclosing social security numbers and health information.

Federally Funded Initiatives and Collaborations

• The President's Working Group on Unlawful Conduct on the internet created various groups that brought together business, government, and non-profit advocacy entities together to evaluate the sufficiency of existing laws, whether new laws would be needed for the various technologies, and education and empowerment for those that use these technologies. The resulting approaches included regulating Internet criminal activity, recognition of the needed challenges and challenges, funding and enhanced training to deal with these issues, and development of curricula relevant to cyber ethics and information to private entities.
• Examples of initiatives include Presidential Decision Directive 63 and the Innocent Images initiative.

Law Enforcement Operations and Tools in the United States

• Packet sniffers and key loggers (such as Dragonware, Magic Lantern): These record communication and actions on the internet and computers for use by law enforcement in investigating crimes.
• Data mining: Using statistical models, algorithms, and artificial intelligence to analyze large data sets to identify potential terrorists. Examples of efforts like the Terrorism information Awareness Program, Computer-Assisted Passenger Prescreening System (CAPPS II) and others.

Collaborations and Professional Associations

• Examples of collaborative efforts between agencies, entities like the Cyber Science Laboratory, and professional associations like the High Tech Computer Investigators Association (HTCIA).

International Efforts

• OECD and the Select Committee of Experts on Computer-Related Crime: Generated various lists of suggestions for harmonizing criminal laws.
• Additional suggestions include defining the alteration or damage of computer data or programs, the practice of computer espionage, unauthorized computer or protected program use. These activities formed the basis for creating and harmonizing laws between various countries, and including mandatory offenses for all countries. Additional groups that were created like the Council of Europe's Cybercrime Conventions
• Examples include The Virtual Global Task Force, United Nations' Convention against Transnational Organized Crime (UNCATOC). International collaborations included the Association of Southeast Asian Nations (ASEAN), that shared interests in training, criminal legislation, and international collaboration.

Conclusions

• Increased recognition of the problems associated with computer and cybercrimes, noting there's still more work to do in this area
• Continued use of traditional laws while waiting for more technology-specific legislation
• Importance of increasing international cooperation concerning the laws to protect against cybercrimes, but the issues of sovereignty are a complicating factor in proceeding.

Description

Test your knowledge of computer forensics and cybercrime as outlined in Chapter 7. This quiz covers traditional statutes, recent federal legislation, and government efforts in prosecuting cyber crimes. Dive into the complexities and challenges law enforcement faces in tackling these issues.