Cyber Security Laws: Area Of Jurisdiction And Ways Of Enforcement

As this technology age has grown exponentially over the past two decades there has been a rise in the dependence of it. In as much as the human population has benefitted in tremendous ways with the emergence of newer technologies like; web applications, autonomous drones, mobile applications, industrial automations, machine learning applications among others it would be quite ignorant of us to clearly avoid talking about the immense dangers that it has brought to us as a byproduct. Most of these applications mentioned above have in one way or another been linked with each other, either of the same kind or of a different one.

The emergence of hackers has been on the rise over the years. Mainly the black-hat hackers: these are people with the ability to penetrate information systems with the aim of causing damage to the main consumers of the information. An example would be a famously known, Mafia Boy, in the year 2000 who took down Yahoo, which at the time was a very popular mail client as well as search engine, with a denial of service attack which took down their servers all from a first-generation Pentium computer. A survey done in the year 2017, a whopping 73% of black hat hackers said that traditional perimeter security firewall and antiviruses are all but obsolete in the current generation. This appears very alarming, which it is, that most of normal technology devices consumers usually depend on these for their day to day “protection (as it would seem)”.

The Scale of the Cyber Threat

The schematics above are simply a wake-up call to the many consumers of technology out there, to put things into a much greater perspective. The United States government spends an approximate 19 billion dollars every year on cyber security but still warns that cyber-attacks continue to rapidly increase every year and with recommendation from the National Institute of Standards and Technology, popularly known as NIST, that continuous and real-time monitoring of devices should always occur. There are three main threats that are usually countered by cyber-security; one, cybercrime: – it includes single or colluded acts targeting systems for financial gain or to simply cause disruption. Secondly, cyber-attack which often involves politically motivated information gathering and three cyber-terrors which are intended to undermine electronic systems to cause panic or fear.

Bearing all these in mind, cybersecurity laws were made to provide protection and counter ever growing cyberattacks. Many organization operate entirely online, therefore they need laws that will relate to their daily operations. There are fines that have been put in place if cybersecurity laws are not followed.

What Does the Law Have to Say?

Cyber-security law in the United States is the most robust on the entire planet and surprisingly enough it is one of their most major concerns as a country. Cyber security laws and regulations tend to cover the most common matters that arise from cyber threats: these are mainly criminal activity that may arise from such activity, several applicable laws in the various sectors, matters such as corporate governance, insurance matters, and jurisdiction of the law enforcers in this case the police. In the previous century the laws regarding cyber security did not have much weight as the type of cybercrime being committed was also not as degrading. They were as serious as just piracy. Piracy is when one could copy your work and pose as their own. The laws at the time were nearly as good as copyright protection and just about that.

With the emergence of more serious crimes over the years, ranging from deployment of ransomware to actual treason by some culprits have been called for serious action to be taken. Such is what has led to increased legislative action against such behavior. Fines as huge as five million dollars and jail terms as long as ten years have been put in place to curb such activities. As an information security analyst, myself, I would call to reckon that with institution of such penalties for the cyber-crimes it may still not be enough bearing in mind the amount of damage that can be caused by such felons.

Before 2015, the federal government of the United States was always in the dark about the several attempts on data breach in private institutions on American soil. All this changed in the year 2015, after numerous attempts, the Congress passed a legislation to allow for companies in the U.S to voluntarily share information about cyber threats with the federal government and with each other without any form of sensitive data leaks that are not prescribed by the law. This would later mean that there was now an easier way to allow for the government to research on the possible ways to mitigate such behavior. It also implied that the companies involved would now have to provide measures by themselves through which information about their customers is kept under lock and key.

What Has Been the Scene Before?

We have found ourselves in a world that has seen internet crimes grow on a rampant scale. This, however, has made it quite difficult to prosecute cyber criminals; why though?

• Area of jurisdiction. Perhaps, one of the reasons inhibiting the exercising of cyber security laws in the past were jurisdiction. Many a time, the person committing the crime is usually outside the country or maybe at the very least outside the legal jurisdiction of the court. It is not easy at all to successfully prosecute a cybercriminal in your area of jurisdiction, let alone one that is outside. This is why the United States has really dived into the international stage to establish allies in the cyber-world.
• Many cybercrimes go unreported. A vast majority of cybercrimes usually slip under the radar mainly because the affected ones normally do not report the situations they undergo. For this simple reason there is inadequate statistics and even evidence is hard to come by; all these being very key in aid of successful prosecution.
• Evidence collection is often quite difficult. It would be easy to think that evidence collected would be enough to prosecute a cyber-criminal in court. Lest we think about it, would the evidence even stand in a court of law? Bulletproof evidence is quite hard to come by. Thinking of things like IP addresses, a defense attorney would ask whether or not IP addresses can be faked. Such are the kind of things that cause evidence collection and usage quite difficult in the first place.
• Maybe just too witty? Cyber-criminals have been on the wits end for quite a while now. One will actually call you, to warn you of cyber-threats that may be exposed to you, with the aim of committing a cyber-crime against you. A story I read somewhere of a guy being asked to download a specific antivirus because he had been faced by a very deadly virus. Little did he know that the alleged “Antivirus” he was being asked to install was a way of getting him to download a worm which infected his desktop computer.

What Sorts of Activities Are Criminalized by Law?

Cyber-security laws and regulations affect the crimes in the various sectors that they are committed in. The sectors include federal law or county law. The various activities criminalized by the different laws regarding cyber-security are:

• Computer hacking
• Economic espionage
• Corporate espionage
• Identity theft
• Breaking into computer systems, accessing unauthorized data, modifying or deleting the data
• Stealing confidential information
• Unauthorized publication or use of communications
• Criminal infringement of copyright
• Spreading of fake news
• Sexual exploitation of children
• Defacing internet websites: and
• Flooding websites with increased volumes of irrelevant internet traffic to make websites unavailable to the actual users who are supposed to be viewing them.

These are just icing to the cake, many more numerous crimes committed over the internet have also been criminalized by the various categories of the law.

Ways in Which Cyber-Security Laws Is Enforced

The United States generally tackles cybersecurity through sector-specific installments, general regulation and private sector involvement. At the national level, federal level, a good number of institutions impose cyber security standards through a variety of enforcement mechanisms. The Gramm-Leach-Billey Act also commonly known as the Financial Services Modernization Act of 1999, is a federal law that requires financial institutions to explain how they share and protect their customer’s private data. Several states have also implemented financial or health sector cybersecurity requirements. Perhaps most notably, the New York Department of Financial Services (NYDFS) has issued cybersecurity requirements for financial services companies licensed under New York law.

The Federal Trade Commission referred to as FTC is the primary federal consumer protection agency responsible for enforcing the FTC Act’s prohibition on ‘unfair and deceptive acts or practices’. Using this authority, the FTC frequently enforces minimum security requirements with respect to entities collecting, maintaining or storing consumer’s personal information. In the year 2015 in the month of June, the FTC issued ‘Start with Security’ guidance, which appropriately identifies the FTC’s lessons learned from over 50 data security enforcement actions brought by the FTC since 2001. This guidance advises companies to incorporate a series of 10 lessons learned, ranging from authentication controls to network segmentations. In mid-2018, a federal appellate court vacated an FTC order issued against a company for allegedly ‘unreasonable’ security practices in violation of the FTC Act.

The court held that the FTC’s order had failed to direct the company to cease committing any specific unfair acts or practices and instead imposed only the general requirement that it maintain a ‘comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers’. Although the court avoided the broader issue of whether the alleged security failings constituted ‘unfair’ business practices under the FTC Act, the decision raised questions about parts of the FTC’s prior data security consent orders and may cause the FTC to shift its approach for future data security enforcement actions.

Talking of matters criminal, there exists the Computer Fraud and Abuse Act out-laws intrusions into or interference with the security of a government computer network or other computers connected to the internet. Several federal surveillance laws prohibit the unauthorized taping of electronic communications which will allow for the limiting of a variety of cybersecurity activities. Another act, The WireTap Act prohibits the intentional interception, use or disclosure of wire, oral or accessing without legitimate federal action.

Aside from all the regulatory standards provided by the state or by the different counties, many companies are subject to voluntary standards or are sometimes necessitated by contracts to follow cyber-law requirements. A very popular app, Facebook, has recently been on the spotlight before the Congress where the Chief Executive Officer; Mark Zuckerberg had to answer on accusations of customer data sale. The executive went on ahead to say that they do not sell customer data to anyone, he even went on to say they do not scrutinize the data for any malicious use just for internal company forensics. The data they use for forensics and analysis does not contain any private or sensitive information.

Sadly though, there fails to exist credible laws that cut across on the international stage. A world wide resolute for this menace lacks. Despite the inclusion of individual countries having their independent cyber law there needs to exist an international standard. One that is enforced by the various international bodies mainly the United Nations. Other bodies can also exercise the same on a regional level, an example is the European Union or even the Commonwealth organization. These bodies can increase the war on such activities and sanction for a much safer cyber world.

You and Cyber Security Law

Without even going deep, safety starts with you. There is a satirical saying in the cyber-world regarding security; No one can be totally safe from cyber threats, if you must buy a computer then don’t switch it on. Needless to stay, before you reach the point of having the state secure you ensure you have done the following:

• Installed the latest operating system updates on your computer
• Installed a quality antivirus software on your computer
• Make sure you browse through websites that are well secure (avoid pornographic sites)
• Report any attempts of cybercrime to your ISP, county government or any law enforcing institutions

While being aggravated by cyber-crime is what most people experience, a bunch of them do get into trouble with the law unknowingly. Acts of piracy are very common on the internet nowadays and can land you in deep trouble with the law. Downloading torrents from the illegal websites can lead to severe punishment under federal law. Ensure you are as abiding as you need to be.

Conclusion

The law has been established well enough as opposed to previous years to adequately shield you from unnecessary attacks as you browse the internet freely. This is provided you also take care of your safety on the networks your computer or device is connected to.