Security: Is Your Computer Breaking The Law?

For many years, the Internet was the “final frontier,” operating largely unregulated — in part because of the jurisdictional nightmare involved in trying to enforce laws when communications crossed not just state lines but also national boundaries. That was then; this is now. Legislation that affects the use of Internet-connected computers is springing up everywhere at the local, state and federal levels. You might be violating one of them without even knowing.

This article looks at some of the existing laws and some of the pending legislation that can influence how we use our computers and the Internet. Nothing in this article should be construed as legal advice; this is merely an overview of some of the legislation that's out there, how it has been interpreted by the courts (if applicable), and possible implications for computer users

1: Digital Millennium Copyright (DMCA) Most computer users have heard of this law, signed in 1998 by President Clinton, implementing two World Intellectual Property Organization (WIPO) treaties. The DMCA makes it a criminal offense to circumvent any kind of technological copy protection — even if you don't violate anyone's copyright in doing so. In other words, simply disabling the copy protection is a federal crime.

There are some exemptions, such as circumventing copy protection of programs that are in an obsolete format for the purpose of archiving or preservation. But in most cases, using any sort of anti-DRM program is illegal. This applies to all sorts of copy-protected files, including music, movies, and software. You can read a summary of the DMCA here.

If you're a techie who likes the challenge of trying to “crack” DRM, be aware that doing so — even if you don't make or distribute illegal copies of the copyrighted material – is against the law.

2: No Electronic Theft (NET) Act This is another U.S. federal law that was passed during the Clinton administration. Prior to this act, copyright violations were generally treated as civil matters and could not be prosecuted criminally unless it was done for commercial purposes. The NET Act made copyright infringement itself a federal criminal offense, regardless of whether you circumvent copy-protection technology and whether you derive any commercial benefit or monetary gain. Thus, just making a copy of a copyrighted work for a friend now makes you subject to up to five years in prison and/or up to $250,000 in fines. This is the law referred to in the familiar “FBI Warning” that appears at the beginning of most DVD movies. You can read more about the NET Act here.

Many people who consider themselves upstanding citizens and who would never post music and movies to a P2P site think nothing of burning a copy of a song or TV show for a friend. Unfortunately, by the letter of the law, the latter is just as illegal as the former.

3: Anti-Counterfeiting Trade Agreement (ACTA)This treaty is still in negotiation between the United States, European Commission, Switzerland, Japan, Australia, Canada, Jordan, Mexico, Morocco, New Zealand, the Republic of Korea, Singapore, and the United Arab Emirates. The most recent round of negotiations took place in Mexico in January 2010, and the next is scheduled for April 2010 in New Zealand.

As with the DMCA, many regard the ACTA as a workaround for governments to impose regulations and penalties through international treaties that they would not be able to pass into law through their regular legislative processes. ACTA covers a number of areas, including counterfeit products and generic medicines, but the part that affects computer users is the chapter titled “Enforcement of Intellectual Property Rights.”
Although the treaty negotiations are conducted in secret, a leaked document indicated that one provision in the treaty would force ISPs to give information about customers suspected of copyright infringement without requiring a warrant. According to reports, another provision would allow customs agents to conduct random searches of laptops, MP3 players, and cell phones for illegally downloaded or ripped music and movies. Not surprisingly, the Recording Industry Association of America (RIAA) is a supporter of the treaty. The Electronic Frontier Foundation (EFF) opposes it, as does the Free Software Foundation. You can read the EFF's stance on ACTA here: http://www.eff.org/issues/acta

4: Court rulings regarding border searches Most Americans are aware of the protections afforded by the U.S. Constitution's fourth amendment against unreasonable searches and seizures. In general, this means that the government cannot search your person, home, vehicle, or computer without probable cause to believe that you've engaged in some criminal act.

What many don't know is that there are quite a few circumstances that the Courts, over the years, have deemed to be exempt from this requirement. One of those occurs when you enter the United States at the border. In April 2008, the Ninth Circuit Court of Appeals upheld the right of Customs officers to search laptops and other digital devices at the border (the definition of which extends to any international airport when you are coming into the country) without probable cause or even the lesser standard of reasonable suspicion. The Electronic Frontier Foundation (EFF) and other groups strongly disagree with the ruling. You can read more on the EFF Web site:
http://www.eff.org/deeplinks/2008/04/no-cause-needed-search-laptops-border

Meanwhile, be aware that even though you've done nothing illegal and are not even suspected of such, the entire contents of your portable computer, PDA, or smart phone can be accessed by government agents when you enter the Unites States. So if you have anything on your hard drive that could be embarrassing, you might want to delete it before crossing the border.

5: State and federal laws regarding access to networks Many states have criminal laws that prohibit accessing any computer or network without the owner's permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.

The wording of most such laws encompass connecting to a wireless network without explicit permission, even if the Wi-Fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor's wireless network instead of your own and you aren't aware of it, you haven't committed a crime. But if you decide to hop onto the nearest unencrypted Wi-Fi network to surf the Internet, knowing full well that it doesn't belong to you and no one has given you permission, you could be prosecuted under these laws.

A Michigan man was arrested for using a café's Wi-Fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska.
http://arstechnica.com/tech-policy/news/2007/05/michigan-man-arrested-for-using-cafes-free-wifi-from-his-car.ars

The federal law that covers unauthorized access is Title 18 U.S.C. Section 1030, which prohibits intentionally accessing a computer without authorization or exceeding authorized access. But it applies to “protected computers,” which are defined as those used by the U.S. government, by a financial institution, or used in or affecting interstate or foreign commerce. In addition to fines and imprisonment, penalties include forfeiture of any personal property used to commit the crime or derived from proceeds traceable to any violation. You can read the text of that section here.

In a recent case regarding unauthorized access, a high profile lawsuit was filed against a school district in Pennsylvania by students who alleged that district personnel activated their school-issued laptops in their homes and spied on them with the laptops' webcams. The FBI is investigating to determine whether any criminal laws were broken. Because the school district owned the computers, there is controversy over whether they had the right to remotely access them without the permission of the users.http://news.cnet.com/8301-17852_3-10457126-71.html?tag=leftCol;post-1400

6: "Tools of a crime" laws Some states have laws that make it a crime to possess a "criminal instrument" or the "tool of a crime" Depending on the wording of the law, this can be construed to mean any device that is designed or adapted for use in the commission of an offense. This means you could be arrested and prosecuted, for example, for constructing a high gain wireless antenna for the purpose of tapping into someone else's Wi-Fi network, even if you never did in fact access a network. Several years ago, a California sheriff's deputy made the news when he declared Pringles can antennas illegal under such a statute. http://www.engadget.com/2005/07/25/wifi-cantennas-now-illegal/

7: Cyberstalking and Cyberbullying laws Stalking is a serious crime and certainly all of us are in favor of laws that punish stalkers. As Internet connectivity has become ubiquitous, legislatures have recognized that it's possible to stalk someone from afar using modern technology. Some of the "cyberstalking" laws enacted by the states, however, contain some pretty broad language.

For example, the Arkansas law contains a section titled "Unlawful computerized communications" that makes it a crime to send a message via email or other computerized communication system (Instant Messenger, Web chat, IRC, etc.) that uses obscene, lewd, or profane language, with the intent to frighten, intimidate, threaten, abuse, or harass another person. Some of the lively discussions on mailing lists and Web boards that deteriorate into flame wars could easily fall under that definition. Or how about the furious email letter you sent to the company that refused to refund your money for the shoddy product you bought?

Closely related are the laws against cyberbullying. Such laws have been passed by some states and local governments. In April 2009, the Megan Meier Cyberbullying Prevention Act (H.R. 1966) was introduced in the U.S. Congress. The act would make it a federal crime to “intimidate, harass, or cause substantial emotional distress to another person, using electronic means to support severe, repeated and hostile behavior.” Subcommittee hearings have been held and the bill is continuing through the legislative process.

Opponents of the proposed law point out that the language is open to interpretation, and could be construed to apply to someone who merely gets into heated discussions on a web board or email list. The best policy is to watch your language when sending any type of electronic communications. Not only can a loss of temper when you're online come back to embarrass you, it could even get you thrown in jail.
http://www.cio-today.com/news/Teen-Suicide-Spurs-Cyberbullying-Law/story.xhtml?story_id=12000B111K60&full_skip=1

8: Internet gambling laws Like to play poker online or bet on the horse races from the comfort of your home? The federal Unlawful Internet Gambling Enforcement Act of 2006 criminalizes acceptance of funds from bettors — but what about the bettors themselves? Are they committing a crime?

Under this federal law, the answer is no, but some state laws do apply to the person placing the bet. For example, a Washington law passed in 2006 makes gambling on the Internet a felony. The King County Superior Court just recently upheld that law, although challengers have vowed to take it to the Supreme Court. Be sure to check out the state and local laws before you make that friendly online bet.
http://www.gambling-law-us.com/Federal-Laws/internet-gambling-ban.htm
http://seattletimes.nwsource.com/html/localnews/2004418390_gambling16m.html

9: Child pornography laws We all want to protect children and keep pedophiles away from them, but could you be arrested for possession of child pornography or for exposing children to pornography even though you would never voluntarily indulge in such a thing? Unfortunately, as the laws are written and enforced, the answer is "yes" In January 2007, a substitute teacher in Norwich, CT, was convicted of four felony pornography charges, although she claimed the offending pictures were the result of pop-ups and that she did not knowingly access the Web sites in question. The conviction was set aside after forensics and security experts examined her hard drive and found the school's antivirus software was out of date and the computer had no anti-spyware, firewall, or pop-up blocking technology. The teacher ended up pleading guilty to a misdemeanor charge. http://www.wired.com/threatlevel/2008/11/proof-porn-pop/

Pornographic images of children are illegal to possess. This includes not just photographs of actual children, but also computer-generated pictures and drawings in which no real people are involved and photos of models who are of adult age but look like children. There are many ways such images can get on a computer. Viruses can infect your system and allow another person to remotely access your hard drive. Your computer can be taken over to become a bot, controlled by someone else without your knowledge. Someone can email you an illegal image. You can click a link on a non-pornographic Web site that takes you to a site where the illegal images are displayed, and they're then downloaded into your Web cache on your hard drive.

In another 2007 case, a 16-year-old was charged with possession of child pornography and got 18 months probation and over a quarter of a million dollars in legal fees, even though he passed polygraph tests in which he denied knowledge of the images and an examination of the hard drive found more than 200 infected files and no firewall.
http://www.foxnews.com/story/0,2933,244009,00.html

10: Pro IP Act Returning to the copyright front, the Prioritizing Resources and Organization for Intellectual Property Act (Pro IP Act), which was signed into law in 2008, imposes stricter penalties for copyright infringement. It created a new position of "copyright enforcement czar" (formally called the Intellectual Property Enforcement Coordinator) in the federal bureaucracy and gives law enforcement agents the right to seize property from copyright infringers.
http://arstechnica.com/tech-policy/news/2008/05/piracy-now-public-nuisance-in-los-angeles-county.ars
http://arstechnica.com/tech-policy/news/2008/05/house-overwhelmingly-passes-controversial-pro-ip-act.ars

This may all sound fine in theory, but when you look at the way other seizure and forfeiture laws have been applied (for instance, the ability of drug enforcement officers to seize houses, computers, cars, cash, and just about everything else that belongs to someone tagged as a suspected drug dealer — and in some cases, not returning the property even when the person is acquitted or not prosecuted), it makes many people wary. Read more about the bill here.

Some local jurisdictions have also established seizure authority for piracy. In September 2009, Victoria Espinel was appointed as the first copyright czar. She has asked for public input by March 24, 2010.