NETW 05A: APPLIED WIRELESS SECURITY Legislation

1. NETW 05A: APPLIED WIRELESS SECURITY Legislation By Mohammad Shanehsaz February 22, 2005

2. Objectives • U.S Federal laws regarding information security and illegal intrusion • U.S State laws regarding information security and illegal intrusion

3. Acts of US Congress • The U.S. Congress has been active in creating and maintaining laws that address wireless and the many different technologies that affect wireless. • Some of the specific Acts of the U.S. Congress are: • 1998 Identity Theft and Assumption Deterrence Act • 1986 Computer Fraud and Abuse Act • 1986 Electronic Communications Privacy Act

4. 1998 Identity Theft and Assumption Deterrence Act • Was created to address the problem of identity theft in several concrete ways. • It directed the Federal Trade Commission to establish the federal government’s central repository for identity theft complaints and to provide victim assistance and consumer education.

5. 1998 Identity Theft and Assumption Deterrence Act ( continue ) • The Act directs that the Commission establish procedures to: • Log the receipt of complaints by victims of identity theft • Provide the identity theft victims with informational materials • Refer complaints to appropriate entities, including the major national consumer reporting agencies and law enforcement agencies

6. 1998 Identity Theft and Assumption Deterrence Act ( continue ) • A violation of the act is punishable by up to 15 years of imprisonment and $250,000 in fines. • This legislation enables the secret service, the FBI, and other law enforcement agencies to combat this crime.

7. FTC ‘s principal components • In order to fulfill the purposes of the Act, the commission has developed and begun implementing a plan that centers on three principal components: • Toll-free telephone hotline 1-877-ID-THEFT • Identity theft complaint database • Consumer education

8. Computer Fraud and Abuse Act • The 1996 Computer Fraud and Abuse Act was enacted to clarify the definitions of criminal fraud and abuse for federal computer crimes and further defined the legal aspects of computer crime to eliminate any misunderstandings. • The focus of this Act was to protect government-interest computers, if compromised pose great risk to national security • Section 1030 of the Act was amended on October 26, 2001 by section 202 of the USA Patriot Act anti-terrorism legislation to expand the ability of service providers to get government help with hacking, DOS, and other violations

9. Computer Fraud and Abuse Act • The USA patriot Act dramatically changed the Computer Fraud and Abuse Act, however it does make it much easier to meet the definition of “ loss” which is the requirement that there must be damage and loss • There must be damage and loss which must exceed $5000 • Victims can now add nearly every conceivable expense associated with the incident to arrive at $5000 threshold

10. Electronic Communication Privacy Act • The ECPA sets out the provisions for access, use, disclosure, interception, and privacy protections of electronic communications. • The law was enacted in 1986 and covers various forms of wire and electronic communications. • The law prevents government entities from requiring disclosure of electronic communications from a provider without proper procedure

11. Electronic Communication Privacy Act • The ECPA permits providers of electronic messaging systems including employers to intercept messages on their own systems in the course of their normal operations.

12. State Laws • State laws differ greatly in their statutes on network penetration and intrusion. • Some states do not consider it a crime, while others consider it a felony. • Depending on the county, district, or other local municipality, some may not prosecute such crime until damage has reached over $50,000.

13. Resources • CWSP certified wireless security professional, from Mc Graw Hill