Disloyal Computer Use and the Computer Fraud and Abuse Act: Narrowing the Scope

Congress drafted the Computer Fraud and Abuse Act (CFAA) to protect government interest computers from malicious attacks by hackers. As computer use has expanded in the years since its enactment, the CFAA has similarly expanded to cover a number of computer-related activities. This iBrief discusses the extension of the CFAA into the employer/employee context, suggests that this goes beyond the Act\u27s express purpose, compares the different approaches taken by the circuit courts in applying the CFAA to disloyal computer use by employees, and argues that the more recent approach taken by the Ninth Circuit provides a better model for determining if and when the CFAA should apply to employees

Pluralistic Ignorance in the Personal Use of the Internet and System Monitoring

Previous research suggests that computer security countermeasures would be effective in preventing computer abuse in organizations. However, computer abuse problems still persist despite these efforts. This study proposes a new model of computer abuse that explains a causal link between abusive behavior and a psychological state toward this behavior, drawn on the theory of pluralistic ignorance. Pluralistic ignorance is a form of erroneous social interference that is both an immediate cause and a consequence of literal inconsistency between private attitudes and public behavior. Under pluralistic ignorance, mistakenly perceived social norms overwhelm personal attitudes and subsequently lead to overt behavior contrary to an actor’s attitude. This new model contributes to the theoretical body of knowledge on computer abuse by providing a new angle for approaching the problem. In addition, it suggests to practitioners that social solutions should be considered, along with technical countermeasures, to reduce the pervasive computer abuse problems

Computer Abuse: The Emerging Crime and the Need for Legislation

Advancements in computerization and the growing use of computers in business, government, education, and the private sector has resulted in the expanding potential for criminal infiltration. The problems of computer crime are in great part attributable to the shortcomings of our criminal laws, which were written long before there was knowledge of computer crimes. Moreover, there is a reluctance of our legal establishments to adapt to the new technology\u27s potential harm. This Note urges that new federal legislation be passed as a means to counteract future computer crimes

AN INVESTIGATION INTO THE USE AND USEFULNESS OF SECURITY SO TWARE IN DETECTING COMPUTER ABUSE

Computer security remains an important issue in the management of organizational information systems. Losses resulting from computer abuse and errors are substantial, and IS managers continue to cite security and control as a key management issue. With continued expansion of clistributed data processing and storage, the need to both prevent and detect violations also increases. This latter aspect, detection of computer abuse incidents, is the focus of this study. This empirical study examines the prevalence and sophistication of security software system installations across the United States. Using a victimization survey of 528 randomly-selected DPMA members, the study examines discovered incidents of computer abuse in organizations and attempts to identify relationships between comprehensive (i.e., sophisticated) security software and successful discovery of abuse. More comprehensive security software was found to be associated with greater ability to identify perpetrators of abuse and to discover more serious computer abuse incidents. Larger organizations used both a greater number and more sophisticated security software systems than smaller organizations. Wholesale/retail trade organizations used less comprehensive software than average, while manufacturing organizations and public utilities used more comprehensive software. Surprisingly, no relationships were found between the maturity of an organization\u27s security function and the number and/or sophistication of security software systems utilized

Study protocol: a randomized controlled trial of a computer-based depression and substance abuse intervention for people attending residential substance abuse treatment

Background: A large proportion of people attending residential alcohol and other substance abuse treatment have a co-occurring mental illness. Empirical evidence suggests that it is important to treat both the substance abuse problem and co-occurring mental illness concurrently and in an integrated fashion. However, the majority of residential alcohol and other substance abuse services do not address mental illness in a systematic way. It is likely that computer delivered interventions could improve the ability of substance abuse services to address co-occurring mental illness. This protocol describes a study in which we will assess the effectiveness of adding a computer delivered depression and substance abuse intervention for people who are attending residential alcohol and other substance abuse treatment. Methods/Design. Participants will be recruited from residential rehabilitation programs operated by the Australian Salvation Army. All participants who satisfy the diagnostic criteria for an alcohol or other substance dependence disorder will be asked to participate in the study. After completion of a baseline assessment, participants will be randomly assigned to either a computer delivered substance abuse and depression intervention (treatment condition) or to a computer-delivered typing tutorial (active control condition). All participants will continue to complete The Salvation Army residential program, a predominantly 12-step based treatment facility. Randomisation will be stratified by gender (Male, Female), length of time the participant has been in the program at the commencement of the study (4 weeks or less, 4 weeks or more), and use of anti-depressant medication (currently prescribed medication, not prescribed medication). Participants in both conditions will complete computer sessions twice per week, over a five-week period. Research staff blind to treatment allocation will complete the assessments at baseline, and then 3, 6, 9, and 12 months post intervention. Participants will also complete weekly self-report measures during the treatment period. Discussion. This study will provide comprehensive data on the effect of introducing a computer delivered, cognitive behavioral therapy based co-morbidity treatment program within a residential substance abuse setting. If shown to be effective, this intervention can be disseminated within other residential substance abuse programs. Trial registration. Australia and New Zealand Clinical Trials Register (ANZCTR): ACTRN12611000618954

Legal Problems of Computer Abuse

Computer abuse consists of incidents caused by intentional acts from which a perpetrator realized or could have realized a gain and/or a victim suffered or could have suffered a loss. In this Article, Susan Hubbell Nycum discusses a wide variety of criminal acts relating to computers and notes that, because of the unique nature of the computer itself, these acts do not fit within traditional criminal classifications. Reform at both the state and federal levels is necessary if the law is to provide adequate protection for computer hardware and software users. The accelerating, almost uncontrolled increase in computer use affects the court system as well. The material presented herein is based on a multi-year study supported in part by the National Science Foundation. The study now includes an analysis of over 500 reported incidents of computer abuse

Coddling Spies: Why the Law Doesn’t Adequately Address Computer Spyware

Consumers and businesses have attempted to use the common law of torts as well as federal statutes like the Computer Fraud and Abuse Act, the Stored Wire and Electronic Communications and Transactional Records Act, and the Wiretap Act to address the expanding problem of spyware. Spyware, which consists of software applications inserted into another\u27s computer to report a user\u27s activity to an outsider, is as innocuous as tracking purchases or as sinister as stealing trade secrets or an individual\u27s identity. Existing law does not address spyware adequately because authorization language, buried in click-through boilerplate, renders much of current law useless. Congress must act to make spyware companies disclose their intentions with conspicuous and clearly-stated warnings