Abstract
Computer crime which is referred as an illegal access to a computer system is on the rise in the recently. Computer crimes ranges from; hacking, phishing, cyber stalking, computer viruses and identity theft. Due to advancement in technology, data in various institutions is no longer kept in file papers but in computers.
Human beings have found a way of reaching this information without permission with an aim of using it for personal gain. To counter all these evils, the US congress had to introduce some ethical values in form of laws which act to protect all important forms of data and to ensure privacy security of personal information.
Such laws include; Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act of 2002 (Sarbox), Children’s Online Privacy Protection Act of 1998 (COPPA).
California Database Security Breach Act of 2003, Computer Security Act, Privacy Act of 1974, Uniform Electronic Transactions Act, electronic Signatures in Global and National Commerce Act and Uniform Computer Information Transactions Act. All these were introduced with an aim of protecting information in various departments from being accessed.
Computer crimes have various negative results such as alteration, modification and loss of important information through computer crash. Therefore there is an agent need for measures to protect such forms of impacts and to promote privacy of personal information.
Introduction
The rate of computer crime committed at the present is alarming, especially with the advent of the internet. Computer crime can be defined as a criminal act whereby information technology is used to reach admission into a computer system with the sole intention of damaging, erasing or modifying data in an illegal manner. Electronic plagiarism, data theft and copy right manipulations are also activities considered to be crime.
Apart from the physical destruction, alteration of private data and important information, software theft whereby privacy settings are interfered with, is also considered to be crime. Due to these crimes, measures have been put in place to ensure security. These crimes that are committed can be categorized into different types as described below;
Hacking; this is a case whereby one breaks into a computer system and illegally accesses the information saved in there. It is the most common crime and it involves an authorized disclosure of passwords and IP addresses with the aim of carrying out business transactions with a vague identity.
Phishing; this is where sensitive information such as usernames, passwords and credit card particulars are obtained through the use of popular websites; usually, the user is requested to give such details. Because the trust entrusted to such websites, one ends up being lured to give such useful information.
Cyber stalking; cyber stalkers usually gather information about the user through social sites such as face book, chat rooms and websites and use this information to harass the users. False allegations, giving of threat, spoil of records and equipment, offensive phone calls and obscene mails can be put under this category.
Computer viruses; these are programs that deletes files, replicates them or completely crashes a computer system. They are transferred through removable devices such as the CDs, flash disks and others. Virus infections lead to ultimate crash down of the computer resulting into loss of a huge amount of data.
Identity theft; a false identity is used in order to steal money from other people’s accounts. This involves use of someone else’s credit card details or pretence of being someone in order to obtain what is not rightfully he’s/hers. The above forms a list of identifiable crimes today.
Information technology is of great importance but when such acts come into play; it can be considered a curse (Oak 2011). Due to these crimes, some acts have been enacted to look into security issues, they include the following:
Health Insurance Portability and Accountability Act (HIPAA)
It was enacted in 1996 by the US congress due to the increasing need by the patients to keep their health records in privacy. Title I of HIPAA is concerned with the health insurance cover for workers, in case of job loss or shift while Title II or Administration Simplification (AS),ensures security sand confidentiality of health record.
Here, institution of nationalized principles for electronic healthy care business, identifiers for providers, health cover policy and employers are required. All these protocols are aimed at promoting the health care service delivery. They improve it by providing a widespread utilization of electronic data exchange in the United States.
Title II of HIPAA identifies various offenses pertaining to health care and provides its civil and criminal punishment. It also safeguards against fraud in the health care system by requiring the Department of Health and Human Services (HHS) to provide standards for information pertaining to health care use and distribution. Some of the rules set are given below which only apply to the covered entities.
Privacy rules; it is mainly for controlling the use and revelation of information such as medical service givers and health insurer involved in a business transaction. It also looks at the security of Protected Health Information (PHI).This information can only be disclosed to an individual 30 days after a request has been made, when required by law for example when filling a case regarding child abuse to the welfare agencies.
Transaction and code set rules; this concerns medical givers who file electronically. HIPAA helps track their payments. Various EDI are used in this transaction such as EDI Health Care Claim Transaction set, EDI Retail Pharmacy Claim Transaction and many others.
Security rule; it concerns Electronic Protected Health Information (EPHI). A provision for administrative, physical and technical security is made here. An example of violation of HIPAA is the case of a health officer who reached out records on celebrity in California, Los Angeles and transacted the information with the tabloids.
In this case those who were affected were required to file a case with the HHS. Heavy punishment of not less than $2,500 is executed on this law violates as it can jeopardize everyone’s health data (Privacy rights clearinghouse 2003).
Sarbanes-Oxley Act of 2002 (Sarbox)
This act is concerned with exposure and control of fraud in the financial statement. Acts of fraud has greatly affected the world’s economy over the past recent. It is more evident in popular and big companies such as the Enron Corporation and the WorldCom.
The US congress passed the law to protect investors against fraud by improving the precision and trustworthiness of company disclosure.
The above two mentioned corporations collapsed due to recompense plans that were set by the senior management and the executives whereby they wanted to have large gains by incorporating liability receptors such as the special purpose entities (SPEs) which scrubbed off large amount of dollars of debts in the balance sheet.
After which they abandoned the companies leaving the shareholders with nothing thus contributing to their collapse. Such acts reduce shareholder’s trust in the share markets.
It was after the collapse of Enron that the then US president George W Bush commissioned senator Sarbanes and Congressman Mike Oxley to come up with tough rules that would counter the chances for such scandals.
Such laws are evident in various sections of the constitution such as the following few; section 406 requires executive managers to sign a code of ethics, section 409 calls for a timely announcement in the change of financial materials, section 802 and 1101 forbids any modification, damage or fabrication of any documented information so as to hinder inquiry on any issue.
These and many more ensures that all companies or shareholders in the US stock market comply to the SOX (Holt 2008).
Children’s Online Privacy Protection Act of 1998 (COPPA)
This act became effective on 21st April 2000 in the US. It looks at online gathering of personal information by an operator from children of thirteen years and below. It sets clear of what an operator should consider in privacy policy, what time and which manner to acquire information with approval from a parent or guardian. The act relates to electronic services, operated for money-making intentions.
Here, children under thirteen are involved whereby they are requested to give information. The Federal Trade Commission (FTC) is accountable for giving regulations and effects COPPA.It also ensures a secure harbor such as that given to TRUSTe, ESRB, CARU and Privo. It ensures a sliding scale on which the consent of the parents is based, giving accountability of the way information is acquired and the uses it is put into.
Violators of COPPA regulations are subject to fines, for example, Xanga websites was made to pay USD $1 million because of letting children under 13 to sign up for service on several occasions without their parents knowledge and UMG Recordings gave a fine of USD $400,000 for promoting the Lil Romeo and supporting children games.
Website operators should ensure that they deal with the parents by maybe doing one of the following; making use of the credit card particulars, a digital signature via emails, parent’s signed forms through poster and calling them through a suggested telephone line. Following such rules safeguards against disclosure of private information by a person disguising parenthood (Bro 2004).
California database security breach act of 2003
This is meant to protect citizen’s private information against theft whereby the details can be used to carry out a transaction with the thief disguising identity. The act came into effect on 1st July 2003 and it was warmly welcomed by the citizens due to the then increased cases of identity theft.
The act concerns organizations that are accountable for guarding vital information; these organizations are to report any case of crime in the most appropriate time. It does not only apply to the businesses in California but also to those outside though affiliated to the state.
The act is also responsible for alerting the citizens over a suspected security breach, this is at times feared as it can jeopardize a company’s reputation and encourage hackers as they delight in causing customer panic. Sensitive information processed via the internet is also controlled by this law.
Various methods have been adopted to guarantee security; such include, installation of certain software which detects unusual behavior and prevents any access to the server and gateways which are used to sense any unauthorized access to personal information.
Customer alerts through email and web postings on breaches is also sponsored by this act. An example of a protection company that offer such protection is the Andy Lawson and Southland shredding (Tendick 2010).
The Computer Security Act
The computer security act of 1987 aims at offering security and privacy of personal information for the federal computer systems and also giving acceptable measures to effect security. It was enacted by the united State Congress through the Federal Information Management Act of 2002, section 305 (a).
The act regards sensitive information as that which when lost, altered or destroyed with no permission, can lead to adverse effects on the reputation of the centralized system thus leading to loss of interest by the public. In the past, the act has not satisfactorily provided security to this kind of data in the government systems thus their exposure remains a challenge.
Under this act, the following are the provisions made; National Institute of Standards and Technology (NIST) which is required to lay down approved laws to safeguard information. Security plans are established and the owners or users of the system are required to undergo some training on how to implement the laid down measures.
Annual and independent assessment of the security plans is carried out to determine their efficiencies and conformity with Federal Information Security Act, (FISMA) necessities. FISMA also requires the establishment of an incident center whose aim is to offer technical help to federal agencies in the detection, analysis and compilation of federal data.
Examples of federal computer crime includes; accessing a federal computer system without permission, accessing security, financial or credit information from a state computer system illegally or transmitting a code that can cause destruction to a protected computer.
Any detected crime is to be forwarded to the congress through a court order. It is not the role of the federal government to protect information stored in non-governmental computers and therefore the act does not consider illegal access to such information to be crime though it requires certain information in the same non-governmental system to be safeguarded.
An example is the November 1999 case with the Social Security Administration (SSA) which deals with the largest percentage of the federal government expenditure which was threatened with hacking. Also in July, Department of Transportation (DOT) system was illegally accessed through the internet, putting the information on health, benefits and other areas at risk (Willemssen 2000).
The Privacy Act of 1974
This act was put into place due to security issues pertaining the development and use of computerized information. To offer security, four practical and substantive privileges were created. Firstly, an individual can be shown information stored on him/her.
Secondly, it required that the agencies be fair in their dealings by following given laws. Thirdly, how the agencies share an individual information with others is restricted. Lastly, an individual is in a position to file cases against the state upon violation of their personal information.
The act also exempts some cases where ones information can be disclosed, such situations include; when there is need to enforce a law, when the information needs to be stored in archives for historical purposes by the united government, when carrying out statistical analysis by the census bureau, for daily uses with the government agency for administration uses and investigation purposes.
Due to advancement in technology, individual information can be kept in databases, the risk of accessing this data is evident and this necessity the need of such a law so as to ensure security.
In 1973, the department of Health, Education and Welfare (HEW), gave a report that required the congress to adopt a code that could ensure fair information practice of personal information. The code had several guidelines which included the following;
- No system for recording personal details should be kept in secret
- An individual has the right to know what information is kept on him/her and intentions for the same
- An individual is entitled to the right of ensuring data collected on him/her is used for its original purpose and not for other reasons
- An individual can correct or alter information kept on him/her
- Any organization concerned with record keeping of identifiable data should ensure its rightful use.
The privacy act only protects information in the centralized systems. Violation of this act has both the civil and criminal penalties such as follows; suing an agency on refusal to access, correct some data on request where the court passes an order for amendment and causes the US government to pay certain fee such as the litigation and Attorney’s fee.
A fine of $5,000 maximum is also passed to any person or agency that intentionally asks for identifiable data about an individual in disguise, keeps this information in secret or discloses the information without the owners consent (The privacy act of 1974 2009)
Uniform Electronic Transactions Acts
The uniform electronic transactions act (UETA), was established in 1999 with the sole purpose of countering barriers against ecommerce. Due to many states agreeing to use different forms of signature, there was a need to come up with a uniform one so as to facilitate ecommerce. This was to be effective by including signatures that could have the same impact on the electronic data as it had on paper.
The esignatures are associated with the electronic record and a person carrying out a transaction should adopt it. The word record here is used to denote information that is stored electronically and can be retrieved. The act does not create any new rule but fosters for the inclusion of contracts, signatures and records to be included in electronic data. In 2000, after the enactment of EUTA, US congress passed the E SIGN act.
The act applies to parties who agree to carry out their transactions electronically. This becomes significant because when one involves in a business, signature is very important for clarification and easy tracking when it comes to payment, receiving a mare email cannot be a good evidence of the terms and conditions agreed on.
Without the signature, it is easier for the involved party to deny the conditions agreed on in the transaction, as such, this evidence is vital for smooth and fair transactions.
The act covers those transactions that concerns business, commerce and state. Section seven of this act allows use of electronic signatures, records and contracts in business transactions as long as there is an agreement between the parties involved to use them. The act is also concerned with ensuring that the person who sends an electronic item is the one whose signature is used.
This is termed as attribution ,as the signature is always attributed to the sender of the records. Timing is also an aspect under UETA, a record is said to have been sent when it reaches the recipient in a manner that his/her computer system can read or when the record is no longer in the hands of the sender.
UETA also ensures that records are received in the recipient business place on residence if there is no such business place available (Miller.Jentz 2009).
Electronic in Global and National Commerce and the state
This act was enacted by the US congress on 30th June 2000 and its aim was to promote the use of electronic records in both the local and international business transactions. The act ensures the legality of any business carried out online. Confirmation of the consumer consent is required to be put in writing by the law. This act came into effect in October 2000.
The act allows for information required by the law in writing to be passed electronically with the consent of the customer and with a confirmation that he/ she can access this information if transferred electronically.
This act has several requirements such as; that the Esign, which is only effective when the concerned party has intended to sign, that a party not only uses electronic signatures and records but also, facilitate their legal use, that a federal state be neutral in terms of technology used in carrying out transactions and that no need of other embossing devices or seals is required as long as there is provision for them in electronic means
Like any other act, ESIGN has exceptions such as; when supply of a utility like water or electricity has been cancelled, in case of court orders requirement to carry out an execution and when there is need for a document in the process of handling hazardous material.
The act concerns business involving two or more entities and records that do not involve regulations governing wills such as divorce and adoption. Two steps are involved in the signing of documents electronically; firstly, revelation of the right by the consumer to use paper followed by a notification of the electronic procedures. Secondly, the actual capture of the signature.
Files stored electronically should be accurate and made available to both parties; this is achieved by all the involved parties saving their work in their computers. This calls for businesses to choose an ESIGN that is flexible and can be easily accessed and is readable (Bowman 2009).
Uniform Computer Information Transactions Act
The Uniform Computer Information Transaction Act (UCITA) was passed by the United State law to set a precise and standardized principles to control the transaction of computer information such as software licensing. The failure of Uniform Commercial Code to provide coverage of the software business facilitated to UCITA birth.
It was presented by the National Conference of Commissioners on Uniform State Laws in 1999 (NCCUSL) in collaboration with the American Law Institute (ALI) as a alteration of the standardized Commercial Code to guarantee uniformity. It was introverted in 2002. It aims at making the rules that govern the transactions in information technology into a common ground like the Uniform Commercial Code applies in business.
Under the same act, clarification of rules regarding good use, consumer protection, shrink-wrap licenses and their timing and ability to make transfers is ensured.
The consumers are allowed to return goods if only their licenses are invalid. It has not been embraced by all states because, some fill that the Act is not adequate in its provision of security to the software transaction as there other organization which can not only offer protection but also manufacture them. This act applies majorly when computer information is used in a transaction.
The act defines computer information transaction as a contract to generate or alter computer information. It defines computer information as digital information that can be processed by a computer. This act does not deal with services on financial business, animations or image programming.
It is the first law developed to ensure uniformity of the technology economy, though it has been embraced partially it is only in Virginia and Maryland that the act has succeeded. Efforts to enforce it in other states have failed due to controversies over its effectiveness (Uniform Computer Information Transaction Act n.d).
Conclusion
Due to technological advances that are evident in the current world, there is a great need to keep records that were previously stored in papers in an electronic medium. Business transactions are also carried out through electronic media.
This method of data storage and transaction is not very secure as computer crime is also on the rise thus causing risk of alteration, modification, misuse and eventual loss of very large amount of useful and sensitive data. Privacy of personal information is also at threat of being illegally accessed. It is all these reasons that have seen to the enactment and enforcement of the above discussed laws so as to safeguard these information.
References List
Bowman, I. (2009). Electronic Signatures in Global and National Commerce Act (“ESIGN”). Web.
Bro, H., R. (2004). The E-business legal arsenal: practitioner agreements and checklists. Washington, DC: American Bar Association.
Holt, F., M. (2008). The Sarbanes-Oxley Act: costs, benefits and business impact. Burlington: Butterworth- Heinemann.
Miller, L., R. Lentz,A, G.(2009). Fundamentals of Business Law: Excerpted Cases. Wodsworth: Cengage Learning.
Oak, M. (2011). Types of computer crimes. Web.
Privacy rights clearinghouse. (2003). Web.
Tendick, R. (2010). California Data Security Breach Act Helps Protect Private Information. Web.
The Privacy Act of 1974. (2009). Web.
Uniform Computer Information Transactions Act. Web.
Willemssen, J., C. (2000). Computer Security. Web.