Previous Table of Contents Next


Intellectual Property

Intellectual property is made up of several key components: patents, trademarks, copyrights, and trade secrets. For the most part, intellectual property is a part of state raft; that is, federal law controls its validity and use. Only trade secrets are governed by state law. From the perspective of the Internet security practitioner, a fair number of rules are already in place. Violations or, more commonly, infringement of intellectual property rights can occur throughout large end-user organizations. The availability and convenience of E-mail and the Internet as a transportation medium increase the reach of a potential infringer. The literally unlimited horizons of the Internet raise the stakes for intellectual property problems.

The astute practitioner will bolster him or herself through aggressive policies and extensive education. Employees and others with access to an organization’s intellectual property should be placed under contractual control not to use that property improperly. As with other aspects of employee-related legal issues, notice and consent are critical. Organizations must be obligors on notice as to what information is a trade secret, and they must place conspicuous notice on copyright or trademarked items.

Organizations must remember that the Internet is another way in which employees can transport protected property to unauthorized parties. They must guard against the possibility of this occurring as they would with more traditional vulnerabilities.

Torts and Negligence

In cases involving the Internet and in others involving negligence, courts will apply (and will instruct jurors to apply) classic test factors. The common law test applied in these situations has the following elements:

  Gravity of the harm: how extensive was the damage?
  Likelihood to occur: given the surrounding circumstances, how likely was the event to happen?
  Cost to prevent: Given the size of the potential harm and its likelihood, what would have the cost been to prevent the harm and how reasonable would it have been to expend those funds?
  Duty of care: What responsibility did the defendant have to the plaintiff? For example, because banks hold their depositors’ money and are considered fiduciaries, they are held to a higher standard of care than a simple vendor of stationery goods would be.
  Standard of care: What do other similar persons or organizations do under the same circumstances? Do 95% or more of similar victims of a crime perpetuated over the Internet employ firewalls? How sophisticated is the victim as an Internet user or provider?

These factors will continue to be the yardsticks by which negligence actions will be measured.

Product liability is an area within tort law in which products used in Internet applications are included. By way of analogy, the New Jersey Supreme Court in Roberts v. Rich Foods, Inc., 139 N.J. 365 (1995) found that a computer used in a motor vehicle was defective. This computer was used by truck drivers to record mileage and fuel data. The court judged it as defective, because the device could be operated while the vehicle was in motion. It was reasoned that operating the computer would divert the driver’s attention from operating the vehicle, so that if there was an accident, the design of the computer would be a factor in that accident, and liability of the computer manufacturer for improper design had to be considered.

Criminal Law

Criminal law is a creature of the government. The plaintiff is the government or “The People.” To be guilty of a crime, one must have “broken the law” or violated a particular statute. Typical criminal law statutes require a voluntary or involuntary action (i.e., actus reus) in legal jargon and an intent (i.e., mens rea). Usually, Internet and other computer crime laws require voluntary acts (as opposed to involuntary or unconscious acts) and purposeful intent. Therefore, government prosecutors must be able to prove both. This proof must be to the higher standard known as “beyond a reasonable doubt,” which contrasts with civil law, where the standard is preponderance (i.e., majority) of the evidence.

Often, as with other laws, computer crime laws are shaped out of well-known past rules. For example, criminal harassment activity, stalking, and similar behavior have been a part of the legal landscape for some time. In June 1995, the State of Connecticut joined the ranks of computer crime pioneers by amending its existing harassment law to include a “computer network” as a means by which a defendant could employ with “the intent to harass, annoy, alarm, or terrorize.” Details can be found in the Connecticut General Statutes, sections 53A to 182b, and 183.

Another important aspect of Internet criminal law that is currently being addressed is the issue of sentencing guidelines. Sentencing guidelines are issued by various jurisdictions and are used by judges in dealing with the post-trial punishment of defendants who have been found guilty. Among the aspects of sentencing guidelines is “sexual abuse or exploitation.”(For reference, look at the United States Sentencing Guidelines, Section 2G2.2[b][4].) The First Circuit Court, based in Boston, MA, felt that the transmission of child pornography over the Internet (in this case, AOL) did not constitute sexual abuse or exploitation under the guidelines. The case in question was United States v. Chapman, 60F.3d 894 (1st Cir. 1995).

In this case, according to the court, there was “considerable evidence” that the defendant used AOL to transmit child pornography on a number of occasions. The court concluded that these transmissions were not abuse or exploitation under the guidelines; therefore, these transmissions should not be considered a factor in deciding an appropriate sentence.

The Computer Fraud and Abuse Act of 1986 serves to protect computer systems, particularly federal computers. United States Code Section 1030 (a)(5)(A) states that its penalty provisions apply to “anyone who intentionally accesses a Federal interest computer without authorization, and by means of one or more instances of such conduct, alters, damages, or destroys information in any such Federal interest computer or prevents authorized use of any such computer or information ...” and thereby causes loss of $1,000 or more.

It is important to note that the term “Federal interest computer” broadens the scope of the law to more than just federal government computers. It would logically include contractors to the federal government and perhaps computers privately owned by U.S. federal government employees that are being used for the benefit of the federal government. It is also interesting to note that loss of use receives protection under the statute as well as damage or alteration.

The most well-known conviction under this statute, upheld on appeal, was the case of the Cornell graduate student, Robert Morris (son of the NSA cryptographer), who was convicted for releasing the “worm,” a computer virus that replicated itself over the Internet, causing multiple crashes. Among those computers affected were a significant number of “Federal interest computers.” The appeals court’s opinion may be read at United States v. Morris, 928 F.2d 504 (2d Cir.), certiorari denied by the Supreme Court in 502 U.S. 817 (1991).


Previous Table of Contents Next

Copyright © CRC Press LLC