Computer Forensics Chapter 7 Quiz

Questions and Answers

The primary federal law enforcement provisions relating to cybercrime exist under Title 18.

True (A)

A federal law relating to cybercrime does not include terrorism or espionage.

False (B)

Smaller law enforcement agencies often rely on state and federal agencies due to a lack of resources.

True (A)

Legislative action regarding computer crime has been rapidly progressing.

False (B)

Access device fraud is a traditional statute applied to cybercrime.

True (A)

The Computer Fraud and Abuse Act of 1986 was initially effective and specifically focused on computer hacking.

False (B)

Title 17 addresses issues related to Copyright Infringement.

True (A)

The Computer Fraud and Abuse Act of 1986 was later expanded to include all financial records.

True (A)

Kevin Mitnick is known for stealing programs valued at more than $1 million from Digital Equipment Corporation.

True (A)

The original version of the Computer Fraud and Abuse Act was never successfully prosecuted.

False (B)

It is now a crime to possess another's identifying information without lawful authority.

True (A)

The Identity Theft and Assumption Deterrence Act was enacted in 2000.

False (B)

Identifying information includes an individual's fingerprint.

True (A)

Restitution and attorney's fees are not provided for under the ITADA.

False (B)

The Federal Trade Commission (FTC) is designated as the repository for consumer complaints under ITADA.

True (A)

A passport number is not considered identifying information under the ITADA.

False (B)

The intent to commit unlawful activity is not necessary for the unauthorized use of another's means of identification.

False (B)

The National Information Infrastructure Act of 1996 focused exclusively on commercial computers.

False (B)

The National Information Infrastructure Act of 1996 included provisions for transmitting classified government information.

True (A)

The Protection of Children against Sexual Exploitation Act was established in 1984.

False (B)

In New York v. Ferber (1982), child pornography was deemed protected under the First Amendment.

False (B)

The Child Pornography Protection Act was enacted in 1996 and included virtual images of children.

True (A)

The Child Protection & Obscenity Act (1988) was broader than its predecessor, the Child Protection Act (1984).

False (B)

The National Information Infrastructure Act of 1996 dealt solely with Cyber Crime.

False (B)

The U.S. Supreme Court struck down the CPPA in Ashcroft v. Free Speech Coalition.

True (A)

Which challenge do law enforcement administrators face due to smaller agencies lacking resources?

Overreliance on state and federal agencies (D)

Which traditional statute would most likely apply to someone committing illegal wiretapping?

Access Device Fraud (C)

Which of the following is NOT listed as a primary federal law enforcement provision relating to cybercrime under Title 18?

Cyberbullying (B)

What is a significant issue with the pace of legislative action concerning cybercrime?

It is often reactive rather than proactive. (C)

Which of the following types of crimes does NOT fall under the federal law enforcement provisions for cybercrime?

Vandalism (C)

What kind of offenses did the National Information Infrastructure Act of 1996 expand to include?

Hacking and malicious programming (A)

Which legislation was a response to the inadequacies found in the original child pornography laws?

Child Pornography Protection Act (1996) (D)

In which Supreme Court case was the Child Pornography Protection Act struck down?

Ashcroft v. Free Speech Coalition (A)

What aspect did the National Information Infrastructure Act of 1996 specifically address in terms of computer offenses?

Accidental intrusions and their implications (B)

What was one of the main focuses of the Computer Fraud and Abuse Act of 1986?

Addressing deliberate intrusions and access to computers (C)

What constitutes unlawful use of identifying information under the Identity Theft and Assumption Deterrence Act of 1998 (ITADA)?

Knowingly using another's means of identification to help a crime (C)

Which of the following items is NOT considered identifying information as per the ITADA?

Bank account number (D)

What does the ITADA provide victims aside from criminal penalties for identity theft?

Restitution and attorney's fees (C)

Who is designated as the central agency for consumer complaints regarding identity theft?

Federal Trade Commission (FTC) (B)

Which of the following best defines 'identifying information' in the context of the ITADA?

Specific data that uniquely identifies an individual, including biometric data (C)

What specific action is considered a violation under the ITADA?

All of the above (D)

Which of the following is an example of unique biometric data as defined in the ITADA?

Voice print (B)

What is a significant provision of the PROTECT Act regarding repeat child sex offenders?

Mandatory life penalty (A)

Which of the following was NOT a measure introduced by the PROTECT Act?

Establishing a child registry database (B)

What change did the PROTECT Act make regarding statues of limitation for child abduction and abuse?

Ended statues of limitation (C)

How does the PROTECT Act address computer-generated child pornography?

Forbids it outright (B)

What standard does the PROTECT Act apply to artistic representations involving minors?

The Miller standard of obscenity (A)

What penalty can U.S. citizens or residents face for engaging in illicit sexual conduct abroad under the provisions of the PROTECT Act?

Imprisonment of up to 30 years (D)

Which of the following reflects a limitation imposed by the PROTECT Act regarding persons charged under it?

Prohibition of pretrial release (D)

What provision allows for quicker action in missing persons cases for young adults as per the PROTECT Act?

No more waiting periods for 18-21-year-olds (A)

Legislative action regarding cybercrime has historically been characterized by a slow pace.

True (A)

A primary federal law enforcement provision relating to cybercrime does not include child exploitation.

False (B)

Smaller law enforcement agencies often have sufficient resources to effectively handle cybercrime on their own.

False (B)

The National Information Infrastructure Act of 1996 included provisions for protecting commercial computers only.

False (B)

RICO is a traditional statute that applies to cybercrimes.

True (A)

The Computer Fraud and Abuse Act of 1986 originally focused on unauthorized access to any computer.

False (B)

Kevin Mitnick is notably recognized for the theft of programs valued over $1 million from Digital Equipment Corporation.

True (A)

The Counterfeit Access Device and Computer Fraud & Abuse Act was deemed effective from its inception.

False (B)

The Computer Fraud and Abuse Act was modified to include unintentional intrusions after its initial enactment.

False (B)

The Computer Fraud and Abuse Act was expanded to cover all types of communication and commerce-related computers.

True (A)

The Identity Theft Enforcement and Restitution Act of 2008 expanded consequences for identity theft.

True (A)

The Drivers Privacy Protection Act allows for the unrestricted use of Social Security numbers from motor vehicle records.

False (B)

The President's Working Group on Unlawful Conduct on the Internet evaluates the sufficiency of existing federal laws.

True (A)

The approach to regulating Internet criminal activity is only focused on punitive measures without addressing special needs and challenges.

False (B)

Health organizations are permitted to disclose Social Security numbers freely according to the Health Insurance Portability & Accountability Act.

False (B)

Efforts to protect personal information include empowering tools to minimize risks associated with unlawful activities.

True (A)

Interagency cooperation is not emphasized in the efforts to combat internet crime.

False (B)

It is illegal to knowingly use another person's identification without lawful authority in the context of federal law.

True (A)

Unique biometric data does not include fingerprints or voice prints according to the ITADA.

False (B)

The ITADA allows for victims of identity theft to receive restitution and attorney's fees.

True (A)

An individual’s date of birth is classified as identifying information under the ITADA.

True (A)

The Federal Trade Commission (FTC) serves as a repository for identity theft consumer complaints.

True (A)

According to ITADA, email addresses are considered unique electronic identification numbers.

False (B)

Possession of another person’s identifying information is not a crime under any circumstances.

False (B)

An alien registration number is a type of identifying information as outlined in the ITADA.

True (A)

Which challenges do law enforcement administrators encounter due to the reliance on state and federal agencies?

Overburdening of state agencies (A)

Which of the following crimes is specifically mentioned as being included under the primary federal law enforcement provisions for cybercrime?

Terrorism (A)

What does the Safeguards Rule require financial institutions to implement?

Security plans to protect personal information (A)

What is one significant issue that impacts the legislative action concerning computer crime?

Pace of legislative action is slow (B)

Which provision of FACTA addresses the issue of dumpster-diving?

Truncation of credit/debit account numbers (A)

Which traditional statute most directly addresses cyber related schemes like forgery?

Access Device Fraud (C)

Under FACTA, what must card issuers investigate?

Change of address requests and requests for new cards (B)

Which of the following traditional statutes is aimed at combating crimes related to electronic extortion?

Extortion Act (B)

Which of the following is a requirement for consumer reporting agencies as mandated by FACTA?

They must keep medical and financial records separate (A)

What legal action is available when violations occur according to FACTA provisions?

Civil action against offending parties (A)

Which of the following actions is a primary goal of the Terrorism Information Awareness Program (TIA)?

Forecasting future terrorist activities through data mining (D)

What is the primary function of the Dragonware software suite in law enforcement operations?

To reconstruct the web-surfing trail of suspects (A)

Which of the following components is NOT typically included in data mining processes for identifying potential threats?

Profiling geographic locations of crimes (A)

What technology is utilized by the Cyber Knight project to assist in investigations?

Magic Lantern key logger (D)

Which initiative is designed to discuss potential threats and integrate local leaders with law enforcement?

Infragard (A)

What mandatory penalty does the PROTECT Act impose on repeat child sex offenders?

Mandatory life penalty (C)

Which of the following provisions was NOT introduced by the PROTECT Act?

Extended statutes of limitations for child abuse (D)

What legal standard does the PROTECT Act apply to depictions of minors in obscene situations?

The Miller standard of obscenity (B)

What type of conduct does the PROTECT Act explicitly prohibit?

Creation of computer-generated child pornography (B)

What is the maximum potential prison term for U.S. citizens or residents engaging in illicit sexual conduct abroad under the PROTECT Act?

30 years (C)

Flashcards

Traditional Cybercrimes

Existing laws like Title 18 address cybercrimes like fraud, terrorism, child exploitation, and stalking.

Federal Cybercrime Laws

Federal laws, mainly Title 18, cover a wide range of cybercrimes, including fraud, terrorism, child exploitation, and more.

Challenges to Law Enforcement

Limited resources in smaller agencies, previously limited attention to non-violent crime, and slow legislative action.

Access Device Fraud

Using unauthorized access to financial information or systems to commit crimes.

Title 18

Federal law covering a wide range of criminal offences, which includes many cybercrimes.

Computer Fraud and Abuse Act of 1986 (CFAA)

A US law that addresses computer-related crimes, initially focusing on unauthorized computer access but later expanded to cover commercial and communication use, and financial records. It also focused on intentional, not accidental, intrusions.

Title 15 (cybercrime)

A section of US Federal law dealing with credit card fraud and software piracy, relevant to cybercrime.

Title 17 (cybercrime)

A section of US Federal law that addresses copyright infringement, relevant to cybercrime.

Kevin Mitnick (cybercrime)

A notable figure in early cybercrime prosecutions, convicted of computer theft.

Robert Morris (cybercrime)

A figure in early cybercrime prosecutions known for creating the Morris Worm.

ITADA

The Identity Theft and Assumption Deterrence Act of 1998 makes it a federal crime to possess, transfer, or use someone else's personal identifying information without permission.

What is considered 'identifying information' under ITADA?

ITADA defines identifying information as anything that can be used to verify someone's identity, including their name, social security number, date of birth, driver's license number, passport number, employer ID, unique biometric data like fingerprints, and specific electronic identification codes.

ITADA and Unlawful Activity

ITADA makes it illegal to use someone else's identifying information to commit or aid in any unlawful activity, whether it's a federal crime, state felony, or local felony.

ITADA and Restitution

The ITADA allows victims of identity theft to receive restitution for financial losses, attorney's fees, time lost from work, and credit denial caused by the crime.

FTC and ITADA

The Federal Trade Commission (FTC) was designated as the central point for consumer complaints and information dissemination related to identity theft under the ITADA.

Biometric Data

ITADA includes unique biometric data, such as fingerprints, voice prints, retina or iris images, or other unique physical representations, as part of identifying information.

Telecommunication Identifying Information

Under ITADA, telecommunication identifying information or access devices are considered protected information.

NIIPA

The National Information Infrastructure Act of 1996 addressed legal loopholes in the CFAA by expanding the scope to cover accidental intrusions, offenses using computers, and scenarios where computer data is not the primary target.

NIIPA's Expansion

NIIPA expanded the CFAA to include offenses related to transmitting classified government information, obtaining information from sensitive sources, affecting government computer systems, related fraud, malicious programming, password trafficking, and extortion.

Child Pornography Laws

Laws tackling child pornography have evolved through piecemeal legislation and Supreme Court rulings, reflecting changing societal attitudes and technological advancements.

New York v. Ferber (1982)

This Supreme Court case ruled that child pornography is not protected by the First Amendment's free speech provisions, establishing a foundation for future legislation.

Child Protection Act (1984)

This act was later supplanted by the Child Protection & Obscenity Act (1988), reflecting the ongoing evolution of legal approaches to child pornography.

Child Pornography Protection Act (CPPA) (1996)

This law aimed to outlaw virtual child pornography, including altered images and cartoons, but was deemed unconstitutional by the Supreme Court.

Ashcroft v. Free Speech Coalition

The Supreme Court struck down the CPPA in this case, ruling that its broad definition of child pornography violated the First Amendment.

Child Pornography Laws (Summary)

Laws combating child pornography have evolved through legislation and judicial decisions, balancing free speech rights with child protection, and adapting to technology.

Traditional Cybercrime Laws

Existing laws, often under Title 18, cover a range of computer-related criminal acts like fraud, terrorism, child exploitation, and stalking.

RICO

The Racketeer Influenced and Corrupt Organizations Act, a law used to combat organized crime, can be applied to cybercrime, especially when there's evidence of a pattern of criminal activity.

National Information Infrastructure Act (NIIPA)

A 1996 law addressing loopholes in the Computer Fraud and Abuse Act (CFAA), broadening its scope to include accidental computer intrusions, offenses using computers, and cases where computer data is not the primary target. It also covered crimes related to classified government information, financial institutions, and government computers.

Child Protection & Obscenity Act (1988)

A federal law, replacing the earlier Child Protection Act of 1984, targeting child pornography. It's a key step in the evolution of legislation to combat child sexual exploitation.

Biometric Data in ITADA

ITADA includes unique biometric data, such as fingerprints, voice prints, retina or iris images, or other unique physical representations, as part of identifying information that is protected.

PROTECT Act

A law passed in 2003 that strengthened protections for children by imposing stricter penalties for child sex offenders, requiring background checks for volunteers, and expanding law enforcement tools.

What is the legal status of computer-generated child pornography?

The PROTECT Act outlawed computer-generated child pornography, but this is still being challenged in court. It's a legal gray area.

Miller Standard for Child Pornography

The Miller test, used to determine obscenity, is also applied to child pornography. Material is deemed obscene if it depicts minors in sexually explicit situations or activities.

Sentencing for Child Pornography

The PROTECT Act significantly increased penalties for possessing and distributing child pornography, including fines and prison sentences up to 30 years.

Why was CPPA overturned?

The CPPA was overturned because the Supreme Court ruled that it violated the First Amendment by criminalizing images that weren't real, including cartoons and computer-generated images.

Free Speech Coalition

This group challenged the CPPA, arguing that it criminalized images that were protected by the First Amendment, as they were not real.

Evolving Child Pornography Laws

Laws regarding child pornography have evolved over time to keep up with technological changes and changing societal views. Penalties have become much stricter.

CFAA Expansion

The National Information Infrastructure Act (NIIPA) broadened the scope of the Computer Fraud and Abuse Act (CFAA) to cover accidental intrusions, offenses using computers, and cases where computer data is not the primary target.

PROTECT Act Aim

The PROTECT Act passed in 2003 to strengthen child protection by imposing stricter penalties for child sex offenders, requiring background checks for volunteers, and expanding law enforcement tools.

CFAA Focus

The Computer Fraud and Abuse Act (CFAA) originally emphasized unauthorized access to computer systems, especially those related to financial information and government computers. It wasn't as effective as it could be because it was too vague and overemphasized financial access.

Kevin Mitnick

A famous early cybercriminal who was convicted for crimes involving theft of computer programs and manipulation of telecommunications systems. His case is considered a significant landmark in cybercrime prosecution.

Title 15 & 17

Two supplemental federal laws that address cybercrime: Title 15 covers credit card fraud and software piracy, while Title 17 focuses on copyright infringement.

Robert Morris

A figure in early cybercrime prosecutions who is best known for creating the Morris Worm, which caused widespread damage to computer systems. His case highlighted the potential for malicious software to cause significant disruption.

Identity Theft Penalty Enhancement Act

This 2004 law established stricter penalties for aggravated identity theft, including mandatory sentences.

Identity Theft Enforcement and Restitution Act

Passed in 2008, this law broadened the consequences of identity theft, making it tougher for criminals.

Drivers Privacy Protection Act

This law prevents the misuse of personal information from driver's licenses, like social security numbers, for unauthorized purposes.

Health Insurance Portability & Accountability Act (HIPAA)

HIPAA protects health information and Social Security numbers from unauthorized disclosure by healthcare organizations.

President's Working Group on Unlawful Conduct on the Internet

This group, formed to address cybercrime, brought together businesses, government, and civil liberty groups to analyze Internet crime.

Cybercrime Regulation

One approach to online criminal activity is to regulate it similarly to traditional crimes, using existing laws.

Cybercrime Investigation Challenges

Investigating and prosecuting cybercrime presents unique challenges, like tool development, training, and international cooperation.

What does ITADA consider 'identifying information'?

ITADA defines identifying information as anything that can be used to verify someone's identity, including their name, social security number, date of birth, driver's license number, passport number, employer ID, unique biometric data like fingerprints, and specific electronic identification codes.

What is protected under Biometric Data?

ITADA includes unique biometric data, such as fingerprints, voice prints, retina or iris images, or other unique physical representations, as part of identifying information that is protected.

What is Telecommunication Identifying Information?

Under ITADA, telecommunication identifying information or access devices are considered protected information.

What does ITADA stand for?

The Identity Theft and Assumption Deterrence Act of 1998.

What are some traditional statutes for cybercrime?

Title 18 of the U.S. Code covers a wide range of cybercrimes, including fraud, terrorism, child exploitation, stalking, and more.

What is the CFAA?

The Computer Fraud and Abuse Act of 1986 is a key US law regarding computer-related crimes. It was initially focused on unauthorized access to computers but later expanded to cover commercial and communication use, as well as financial records.

What is the impact of NIIPA?

The National Information Infrastructure Act of 1996 expanded the scope of the CFAA to include accidental intrusions, offenses involving computers, and cases where computer data wasn't the primary target. It also dealt with sensitive government information, financial institutions, and government computer systems.

What is the ITADA?

The Identity Theft and Assumption Deterrence Act of 1998 makes it a federal crime to possess, transfer, or use someone else's identifying information without permission.

Financial Modernization Act of 1999

This law, also known as Gramm-Leach-Bliley, established the Financial Privacy Rule and Safeguards Rule, requiring financial institutions to protect consumer information and provide them with privacy choices.

Financial Privacy Rule

Part of the Financial Modernization Act, it requires financial institutions to disclose their privacy practices and allow customers to "opt-out" of sharing certain personal information.

Safeguards Rule

Another part of the Financial Modernization Act, it requires financial institutions to implement security measures to protect customer information.

Fair and Accurate Credit Transactions Act of 2003 (FACTA)

This law aims to protect consumers from identity theft by providing them with free credit reports, fraud alerts, and other safeguards. It also addresses "dumpster diving" by requiring truncation of credit card and Social Security numbers.

What are some key provisions of FACTA?

FACTA includes provisions like free credit reports, fraud and active duty alerts, truncation of credit/debit account numbers (to address dumpster-diving), truncation of Social Security numbers, one-call fraud alerts, and enhanced victim resolution processes.

Virtual Child Pornography

The PROTECT Act outlawed computer-generated (virtual) child pornography, even if the images depict fictional scenarios. However, this remains a controversial topic in legal circles, as some argue it violates free speech rights.

Miller Standard for Obscenity

The Miller standard, used to determine obscenity in general, also extends to child pornography. Under this standard, material depicting minors in sexually explicit situations or activities is considered obscene, even if it involves fictional characters.

Free Speech Coalition's Challenge

The Free Speech Coalition argued that the CPPA (Child Pornography Protection Act) was too broad, criminalizing even virtual child pornography that didn't involve actual children, thereby violating the First Amendment's free speech provisions.

PDD 63

A Presidential Decision Directive issued in 1998 that led to the creation of the National Infrastructure Protection Center's (NIPC) Infragard program, aiming to bring together local leaders, corporate executives, and law enforcement to discuss potential threats.

Data Mining

A technique that uses statistical models, algorithms, and/or artificial intelligence to analyse large datasets, looking for patterns and connections in events, classifications, clustering of unknown facts, and forecasting future activities.

Infragard

A program initiated under PDD 63 as part of the National Infrastructure Protection Center (NIPC) to bring together local leaders, corporate executives, and law enforcement to discuss potential threats to critical infrastructure.

Packet Sniffers

Software tools used for network monitoring and analysis. They capture and analyze data packets that flow over a network, allowing for identification of network traffic patterns, potential security threats, and troubleshooting issues.

Key Loggers

Software or hardware used to record every keystroke made on a computer. They capture sensitive information like passwords, usernames, and other confidential data.

Study Notes

Computer Forensics and Cyber Crime

• Computer forensics and cybercrime: Introduction, Chapter 7, Avenues for Prosecution and Government Efforts
• Learning Objectives: Knowledge of traditional computer crime statutes, recent federal legislation, investigative tools used by the government, data mining, and international efforts to solve computer crime
• Introduction: Law enforcement administrators face challenges like smaller agencies with limited resources, leading to dependence on state and federal agencies, and historically low interest in non-violent crimes and slow legislative action in dealing with such crimes.

Traditional Statutes

• Primary federal law provisions relating to cybercrime exists under Title 18
• Examples of crimes: Fraud, Embezzlement, Terrorism or Espionage, Child Seduction & Exploitation, Stalking, Kidnapping (The Hobbs Act), Forgery and Counterfeiting, Extortion, RICO, Access Device Fraud, and Illegal Wiretapping
• Supplemental federal criminal law relating to cybercrime include Title 15 (Credit card Fraud and Software Piracy) and Title 17 (Copyright Infringement)

The Evolution of Computer-Specific Statutes

• Computer Fraud and Abuse Act of 1986 (CFAA): An initial version focused on unauthorized access to computers, but it was considered ineffective due to vagueness.
• Later expansions of the CFAA applied it to computers used in commerce and communication, extended it to all financial records, and the act now applies the law to intentional intrusions, not just inadvertent ones.
• Subsequent successful prosecutions (examples like Kevin Mitnick, Shadowhawk, and Robert Morris)
• National Information Infrastructure Act of 1996 (NIIPA): This focused on loopholes in the CFAA, addressing issues like accidental intrusions, computer-related offenses where computer data wasn't the primary target, and offenses on computers not involved in commerce but connected to the internet.
• Expanded scope of the CFAA to include actions like transmitting classified government information, obtaining information from financial institutions and government, and affecting government use of computers and agency non-public computers. It also added hacking and malicious programming that may include unintentional damages. Other additions are trafficking in passwords and extortion.

Evolving Child Pornography Statutes

• Efforts to ban child pornography use piecemeal legislation like the Protection of Children against Sexual Exploitation Act (1977), and Supreme Court rulings. Various additions and amendments occurred based on the cases like New York v. Ferber (1982) which determined child pornography is not protected by the first amendment.
• Subsequent actions by Congress to create the Child Protection Act (1984), and later the Child Protection & Obscenity Act (1988), but most were limited to obscene material. Amendments like the Child Pornography Protection Act (CPPA) (1996) was expanded into virtual images of children including altered images. However, these actions have been significantly challenged.
• The PROTECT Act addressed issues like mandatory life penalties for repeat offenders, criminal history/background checks for organizations that work with children, and electronic eavesdropping. Additional actions included prohibiting pretrial releases, ended statutes of limitation on the abduction and abuse of children, appointed a National AMBER Alert Coordinator, and limited waiting periods for missing persons cases. Further actions include application of the Miller standard of obscenity and sentencing enhancements for possession and distribution of child pornography.

Identity Theft and Financial Privacy Statutes

• Identity Theft and Assumption Deterrence Act of 1998 (ITADA): Made it a crime to possess another's identifying information that could be used to commit unlawful actions. It addressed issues like transferring or using a means of identification without lawful authority
• ITADA encompasses identifying information including name, Social Security number, date of birth, official government-issued driver's license or identification number, Alien registration number, Passport number, Employer or taxpayer identification number, unique biometric data (like fingerprints, voice print or retina/iris images), electronic identification numbers or routing codes, telecommunication identifying information, and access devices.
• The Financial Modernization Act of 1999: Established guidelines for financial institutions to disclose privacy practices (like opt-out of disclosure for some personal information) and for businesses to devise security bans to protect that information. These actions also addressed various situations relating to financial information being used to obtain personal information using false pretenses or pretexting.
• Fair and Accurate Credit Transactions Act of 2003 (FACTA): Included free credit reports, fraud alerts, and truncation of numbers (to prevent dumpster diving) for credit/debit and social security numbers and one call fraud alerts. It also instituted enhanced victim resolution processes for reporting and resolving the damage to victims, as well as mandates from the government relating to notification to investigate, change of address requests, fraud, and financial reporting of consumers.
• The Identity Theft Penalty Enhancement Act of 2004 and Identity Theft Enforcement and Restitution Act of 2008: Expanded penalties for identity theft, including mandatory sentences, Expanded consequences of identity theft.

Additional Efforts to Protect Personal Information

• Drivers Privacy Protection Act: Prohibits the use of social security numbers and other personal information from a motor vehicle record in situations that are not specifically permitted by law.
• Health Insurance Portability & Accountability Act: Restricts health care organizations from disclosing social security numbers and health information.

Federally Funded Initiatives and Collaborations

• The President's Working Group on Unlawful Conduct on the internet created various groups that brought together business, government, and non-profit advocacy entities together to evaluate the sufficiency of existing laws, whether new laws would be needed for the various technologies, and education and empowerment for those that use these technologies. The resulting approaches included regulating Internet criminal activity, recognition of the needed challenges and challenges, funding and enhanced training to deal with these issues, and development of curricula relevant to cyber ethics and information to private entities.
• Examples of initiatives include Presidential Decision Directive 63 and the Innocent Images initiative.

Law Enforcement Operations and Tools in the United States

• Packet sniffers and key loggers (such as Dragonware, Magic Lantern): These record communication and actions on the internet and computers for use by law enforcement in investigating crimes.
• Data mining: Using statistical models, algorithms, and artificial intelligence to analyze large data sets to identify potential terrorists. Examples of efforts like the Terrorism information Awareness Program, Computer-Assisted Passenger Prescreening System (CAPPS II) and others.

Collaborations and Professional Associations

• Examples of collaborative efforts between agencies, entities like the Cyber Science Laboratory, and professional associations like the High Tech Computer Investigators Association (HTCIA).

International Efforts

• OECD and the Select Committee of Experts on Computer-Related Crime: Generated various lists of suggestions for harmonizing criminal laws.
• Additional suggestions include defining the alteration or damage of computer data or programs, the practice of computer espionage, unauthorized computer or protected program use. These activities formed the basis for creating and harmonizing laws between various countries, and including mandatory offenses for all countries. Additional groups that were created like the Council of Europe's Cybercrime Conventions
• Examples include The Virtual Global Task Force, United Nations' Convention against Transnational Organized Crime (UNCATOC). International collaborations included the Association of Southeast Asian Nations (ASEAN), that shared interests in training, criminal legislation, and international collaboration.

Conclusions

• Increased recognition of the problems associated with computer and cybercrimes, noting there's still more work to do in this area
• Continued use of traditional laws while waiting for more technology-specific legislation
• Importance of increasing international cooperation concerning the laws to protect against cybercrimes, but the issues of sovereignty are a complicating factor in proceeding.

Description

Test your knowledge of computer forensics and cybercrime as outlined in Chapter 7. This quiz covers traditional statutes, recent federal legislation, and government efforts in prosecuting cyber crimes. Dive into the complexities and challenges law enforcement faces in tackling these issues.