Computer Security And The Law :: essays research papers

I. Introduction     You ar a calculating machine administrator for a large manufacturing company. Inthe spunk of a production run, all the mainframes on a crucial entanglement grind toa halt. Production is delayed costing your company millions of dollars. Uponinvestigating, you understand that a virus was released into the network through aspecific account. When you await the owner of the account, he claims heneither wrote nor released the virus, but he admits that he has distributed hispassword to "friends" who need ready access to his data files. Is he credible forthe loss suffered by your company? In whole or in part? And if in part, for howmuch? These and related questions are the subject of computer law. The answersmay very depending in which state the crime was committed and the pretend whopre spots at the trial. electronic computer credentials law is new field, and the court-ordered arrangement has yet to reach broad agreement on may lis t issues.     Advances in computer credentials law have been impeded by the reluctance onthe part of lawyers and judges to grapple with the good side of computersecurity issues1. This problem could be mitigated by involving technicalcomputer security professional in the development of computer security law andpublic policy. This paper is meant to help bridge to gap betwixt technical andlegal computer security communities.II. THE TECHNOLOGICAL PERSPECTIVEA. The Objectives of Computer Security     The principal objective of computer security is to protect and securethe confidentiality, integrity, and availability of automated informationsystems and the data they contain. Each of these terms has a precise meaningwhich is grounded in basic technical ideas about the escape of information inautomated information systems.B. Basic Concepts     There is a broad, top-level consensus regarding the meaning of mosttechnical compute r security concepts. This is partly because of governanceinvolvement in proposing, coordinating, and publishing the definitions of basicterms2. The meanings of the terms used in government directives andregulations are generally made to be consistent with past usage. This is not tosay that there is no disagreement over the definitions in the technicalcommunity. Rather, the range of such disagreement is much narrower than in thelegal community. For example there is presently no legal consensus on scarcelywhat constitutes a computer3.     The term used to establish the scope of computer security is "automatedinformation system," often abbreviated "AIS." An Ais is an assembly ofelectronic equipment, hardware, software, and firmware configured to collect,create, communicate, disseminate, process, store and control data or information.This includes numerous items beyond the central processing unit and associated