Post 1: Ayesha’s Post
Online privacy issues range from the information you don’t mind sharing to the things that make you nervous. Privacy concerns with the Internet have a long history. But the growth of the Web and the widespread adoption of social media has brought the issue to a new level. It’s not just the number of users sharing intimate details that’s the problem. It’s the nature of those details and the way they can easily be seen, aggregated and shared. One of the key issues at the heart of the debate is whether users know or care about the information they are sharing on the Internet and, if they don’t know, whether that information should be taken away. “It’s almost impossible for anyone to understand the impact that that data can have on them personally,” said Danah Boyd, a senior researcher at Microsoft Research who studies issues relating to online privacy. “So, in order to protect their personal information, users are really relying on companies and businesses to protect them (Naman, 2021).”
The Internet is vast, and it changes rapidly. With all the ways that you communicate on the Web, it’s important to constantly be on top of your privacy settings. If you don’t do that, you may find yourself with a bunch of unwanted third-party cookies or ads showing up on sites you haven’t visited recently, or you may be leaving your profile open to people you don’t want to share information with (Fang, 2021).
The federal Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, is the primary statutory mechanism for prosecuting cybercrime, including hacking. Its scope is broad, and federal prosecutors have been increasingly creative in applying the statute to criminalize cyber-enabled offenses that were not previously the subject of CFAA prosecutions. Because the CFAA lacks an overt intent requirement, and is subject to broad interpretations of its reach, federal prosecutors must be careful in applying the statute to cases in which individuals allegedly gain access to computers without authorization to make an unauthorized modification. Moreover, there are some important limits on the scope of CFAA liability that must be considered by courts faced with the prospect of holding individuals criminally responsible for conduct which, while clearly illegal, was nevertheless outside the reach of the statute before 2009. The CFAA broadly criminalizes unauthorized access and damage to computers in order to obtain anything of value, without requiring proof of specific criminal intent. The statute applies to any person who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains…any information from any protected computer if the conduct involved an interstate or foreign communication.” 18 U.S.C. § 1030(a)(2)(C) (2006) (2008) (emphasis added). An individual is subject to CFAA liability for any damage he or she causes to a protected computer, regardless of whether he or she caused the harm. The Supreme Court explained the statute’s reach in an earlier opinion:
Another regulation was passed in 2013 and was dedicated to improving critical infrastructure cybersecurity. It requires that every organization that manages critical infrastructure or is involved in the operation or maintenance of such systems must develop, implement, and maintain a risk management program to address cybersecurity risks. This regulation was also followed by a guidance document, Federal Guidance on Developing an Organization’s Risk Management Program for Cybersecurity. However, no requirement exists to monitor risk. Although the majority of the data breaches occurred in the private sector, in March 2018 a major hack on a public sector agency compromised personal data for approximately 15.5 million individuals, an unprecedented exposure for this sector. The Office of Personnel Management had an “advanced persistent threat” on their system and was infiltrated through their unclassified database. OPM was the first major government agency to suffer a significant data breach (Duan, 2021).
Virtually everyone with an Android or an Apple device has suffered at some point from some other user accessing their sensitive data. For this reason, Google changed the way it handles app permissions for Android last year to stop this from happening. But with the change came a new set of problems as the company struggled to make sure legitimate apps were not being wrongly blocked. As the company has worked to roll out the change to some users, the problem has become acute for those with very sensitive devices (Duan, 2021).
Naman, H., Hussien, N., Al-dabag, M., & Alrikabi, H. (2021). Encryption System for Hiding Information Based on Internet of Things.
Fang, Z., Wang, J., Du, J., Hou, X., Ren, Y., & Han, Z. (2021). Stochastic optimization aided energy-efficient information collection in internet of underwater things networks. IEEE Internet of Things Journal.
Duan, C. (2021). Hacking Antitrust: Competition Policy and the Computer Fraud and Abuse Act. Colo. Tech. LJ, 19, 313.
Post 2: Cathrine’s Post
Concerns And Issues of Privacy
Internet privacy is a subgroup of data privacy that includes collecting, using, and storing personal information. Internet privacy primarily focuses on how personal information is exposed to cyber threats over the web. “E-mail addresses, banking, passwords, physical addresses, phone numbers and more can inadvertently find their ways to scammers, hackers, undesired marketers, and more” (Thomson Reuters, 2020). The three major issues relating to internet privacy are snooping and spying information mishandling, and location tracking. Trackers keep records of online activities for advertisement purposes, but a breach can make the information public. Similarly, websites have cookies and often store personal information that is not encrypted and accessed by anyone. Stolen data can lead to phishing attacks, extortion, identity theft, and other threats.
Laws and Regulations
Laws and regulations are created to maintain and prohibit undesired behaviors. Cyberlaw applies to the internet and internet-related technology. Cybercrime is categorized based on how a computer is involved in criminal activity. Statutory law, administrative law, and common law are commonly associated with cybercrime. “Specific statutory laws, such as the Computer Fraud and Abuse Act (CFAA), govern behavior” (Conklin, 2018). Some of the laws in this field are ECPA, CFAA, CAN-SPAM, US PATRIOT ACT, GLBA, SOX, and privacy laws. The Computer Fraud and Abuse Act (CFAA) is the primary mechanism for cybercrime including hacking and ransomware in the context of crime. It specifically prohibits unauthorized access to a computer, damaging a computer, transmitting threats, trafficking passwords, and cyber extortions. It provides civil and criminal penalties for these crimes. ECPA (Electronic Communication and Protection Act) addresses legal privacy issues, interception of communication, and protection of communication in storage and transit through electronic means. Penalties for violating ECPA could result in up to five years in prison and $250000 fines.
Some of the challenges to enforce and implement these laws and regulations are the continuous advancement in the field of technology, large ecosystem, new devices, low prioritization of enforcement, lack of awareness, and impact of legislation on various stakeholders. In my opinion, strategies that can help enforce cyber law are
1. Develop awareness among the people
2. Dedicate resources to develop laws for the ever-growing technology
3. Establish rules and procedures to track attacks
4. Educate law enforcement officers on concepts such as cyber forensics, electronic data sensitivity.
As technology has expanded and developed, so did the rate of cybercrime. Cyberlaw needs to be constantly developed and updated to provide legal protection to people in this field. The net neutrality law SB 822 enforces the principle of net neutrality in which the service providers allow broadband as a telecommunication service to preserve net neutrality. It protects consumers by preventing ISP’s speeding and higher charges. On the other hand, it will hinder the growth of infrastructure, payments will be made only for the services, and illegal content can be easily accessed. In conclusion, the regulations related to net neutrality should consider all factors before it is passed.
Thomson Reuters. 2020. Internet privacy laws revealed- how your personal information is protected online. Thomson Reuters. https://legal.thomsonreuters.com/en/insights/articles/how-your-personal-information-is-protected-online#:~:text=Internet%20privacy%20is%20a%20subset,data%20sharing%2C%20and%20cybersecurity%20threats.
Conklin, Wm., A. et al. Principles of Computer Security: CompTIA Security and Beyond, Fifth Edition. Available from: Slingshot eReader, (5th Edition). McGraw-Hill Professional, 2018.