Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 25.3 Network Denial of Service AttacksChapter 26Next: 26.2 Criminal Prosecution
 

26. Computer Security and U.S. Law

Contents:
Legal Options After a Break-in
Criminal Prosecution
Civil Actions
Other Liability

You may have studied this book diligently and taken every reasonable step toward protecting your system, yet someone still abused it. Perhaps an ex-employee has broken in through an old account and has deleted some records. Perhaps someone from outside continues to try to break into your system despite warnings that they should stop. What recourse do you have through the courts? Furthermore, what are some of the particular dangers you may face from the legal system during the normal operation of your computer system? What happens if you are the target of legal action?

This chapter attempts to illuminate some of these issues. The material we present should be viewed as general advice, and not as legal opinion: for that, you should contact good legal counsel and have them advise you.

26.1 Legal Options After a Break-in

You have a variety of different recourses under the U.S. legal system for dealing with a break-in. A brief chapter such as this one cannot advise you on the subtle aspects of the law. Every situation is different. Furthermore, there are differences between state and Federal law, as well as different laws that apply to computer systems used for different purposes. Laws outside the U.S. vary considerably from jurisdiction to jurisdiction; we won't attempt to explain anything beyond the U.S. system.[1]

[1] An excellent discussion of legal issues in the U.S. can be found in Computer Crime: A Crimefighter's Handbook (O'Reilly & Associates. 1995), and we suggest you start there if you need more explanation than we provide in this chapter.

You should discuss your specific situation with a competent lawyer before pursuing any legal recourse. As there are difficulties and dangers associated with legal approaches, you should also be sure that you want to pursue this course of action before you go ahead.

In some cases, you may have no choice; you may be required to pursue legal means. For example:

If you believe that your system is at risk, you should probably seek legal advice before a break-in actually occurs. By doing so, you will know ahead of time the course of action to take if an incident occurs.

To give you some starting points for discussion, this chapter provides an overview of the two primary legal approaches you can employ, and some of the features and difficulties that accompany each one.


Previous: 25.3 Network Denial of Service AttacksPractical UNIX & Internet SecurityNext: 26.2 Criminal Prosecution
25.3 Network Denial of Service AttacksBook Index26.2 Criminal Prosecution