Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Cybersecurity Law
Buch von Jeff Kosseff
Sprache: Englisch

122,95 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
CYBERSECURITY LAW

Learn to protect your clients with this definitive guide to cybersecurity law in this fully-updated third edition

Cybersecurity is an essential facet of modern society, and as a result, the application of security measures that ensure the confidentiality, integrity, and availability of data is crucial. Cybersecurity can be used to protect assets of all kinds, including data, desktops, servers, buildings, and most importantly, humans. Understanding the ins and outs of the legal rules governing this important field is vital for any lawyer or other professionals looking to protect these interests.

The thoroughly revised and updated Cybersecurity Law offers an authoritative guide to the key statutes, regulations, and court rulings that pertain to cybersecurity, reflecting the latest legal developments on the subject. This comprehensive text deals with all aspects of cybersecurity law, from data security and enforcement actions to anti-hacking laws, from surveillance and privacy laws to national and international cybersecurity law. New material in this latest edition includes many expanded sections, such as the addition of more recent FTC data security consent decrees, including Zoom, SkyMed, and InfoTrax.

Readers of the third edition of Cybersecurity Law will also find:
* An all-new chapter focused on laws related to ransomware and the latest attacks that compromise the availability of data and systems
* New and updated sections on new data security laws in New York and Alabama, President Biden's cybersecurity executive order, the Supreme Court's first opinion interpreting the Computer Fraud and Abuse Act, American Bar Association guidance on law firm cybersecurity, Internet of Things cybersecurity laws and guidance, the Cybersecurity Maturity Model Certification, the NIST Privacy Framework, and more
* New cases that feature the latest findings in the constantly evolving cybersecurity law space
* An article by the author of this textbook, assessing the major gaps in U.S. cybersecurity law
* A companion website for instructors that features expanded case studies, discussion questions by chapter, and exam questions by chapter

Cybersecurity Law is an ideal textbook for undergraduate and graduate level courses in cybersecurity, cyber operations, management-oriented information technology (IT), and computer science. It is also a useful reference for IT professionals, government personnel, business managers, auditors, cybersecurity insurance agents, and academics in these fields, as well as academic and corporate libraries that support these professions.
CYBERSECURITY LAW

Learn to protect your clients with this definitive guide to cybersecurity law in this fully-updated third edition

Cybersecurity is an essential facet of modern society, and as a result, the application of security measures that ensure the confidentiality, integrity, and availability of data is crucial. Cybersecurity can be used to protect assets of all kinds, including data, desktops, servers, buildings, and most importantly, humans. Understanding the ins and outs of the legal rules governing this important field is vital for any lawyer or other professionals looking to protect these interests.

The thoroughly revised and updated Cybersecurity Law offers an authoritative guide to the key statutes, regulations, and court rulings that pertain to cybersecurity, reflecting the latest legal developments on the subject. This comprehensive text deals with all aspects of cybersecurity law, from data security and enforcement actions to anti-hacking laws, from surveillance and privacy laws to national and international cybersecurity law. New material in this latest edition includes many expanded sections, such as the addition of more recent FTC data security consent decrees, including Zoom, SkyMed, and InfoTrax.

Readers of the third edition of Cybersecurity Law will also find:
* An all-new chapter focused on laws related to ransomware and the latest attacks that compromise the availability of data and systems
* New and updated sections on new data security laws in New York and Alabama, President Biden's cybersecurity executive order, the Supreme Court's first opinion interpreting the Computer Fraud and Abuse Act, American Bar Association guidance on law firm cybersecurity, Internet of Things cybersecurity laws and guidance, the Cybersecurity Maturity Model Certification, the NIST Privacy Framework, and more
* New cases that feature the latest findings in the constantly evolving cybersecurity law space
* An article by the author of this textbook, assessing the major gaps in U.S. cybersecurity law
* A companion website for instructors that features expanded case studies, discussion questions by chapter, and exam questions by chapter

Cybersecurity Law is an ideal textbook for undergraduate and graduate level courses in cybersecurity, cyber operations, management-oriented information technology (IT), and computer science. It is also a useful reference for IT professionals, government personnel, business managers, auditors, cybersecurity insurance agents, and academics in these fields, as well as academic and corporate libraries that support these professions.
Über den Autor

Jeff Kosseff, JD, MPP, is Associate Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He frequently speaks and writes about cybersecurity and was a journalist covering technology and politics at The Oregonian, a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

Inhaltsverzeichnis

About the Author xvii

Acknowledgment and Disclaimers xix

Foreword to the Third Edition (2022) xxi

Foreword to the Second Edition (2019) xxiii

Introduction to First Edition xxvii

About the Companion Website xxxv

1 Data Security Laws and Enforcement Actions 1

1.1 FTC Data Security 2

1.1.1 Overview of Section 5 of the FTC Act 2

1.1.2 Wyndham: Does the FTC Have Authority to Regulate Data Security Under Section 5 of the FTC Act? 6

1.1.3 LabMD: What Constitutes "Unfair" Data Security? 10

1.1.4 FTC June 2015 Guidance on Data Security, and 2017 Updates 13

1.1.5 FTC Data Security Expectations and the NIST Cybersecurity Framework 18

1.1.6 Lessons from FTC Cybersecurity Complaints 18

1.1.6.1 Failure to Secure Highly Sensitive Information 19

1.1.6.1.1 Use Industry-standard Encryption for Sensitive Data 20

1.1.6.1.2 Routine Audits and Penetration Testing Are Expected 20

1.1.6.1.3 Health-related Data Requires Especially Strong Safeguards 21

1.1.6.1.4 Data Security Protection Extends to Paper Documents 23

1.1.6.1.5 Business-to-business Providers Also Are Accountable to the FTC for Security of Sensitive Data 25

1.1.6.1.6 Companies Are Responsible for the Data Security Practices of Their Contractors 27

1.1.6.1.7 Make Sure that Every Employee Receives Regular Data Security Training for Processing Sensitive Data 28

1.1.6.1.8 Privacy Matters, Even in Data Security 28

1.1.6.1.9 Limit the Sensitive Information Provided to Third Parties 29

1.1.6.1.10 Children's Data Requires Special Protection 29

1.1.6.2 Failure to Secure Payment Card Information 30

1.1.6.2.1 Adhere to Security Claims about Payment Card Data 30

1.1.6.2.2 Always Encrypt Payment Card Data 31

1.1.6.2.3 Payment Card Data Should Be Encrypted Both in Storage and at Rest 31

1.1.6.2.4 In-store Purchases Pose Significant Cybersecurity Risks 32

1.1.6.2.5 Minimize Duration of Storage of Payment Card Data 34

1.1.6.2.6 Monitor Systems and Networks for Unauthorized Software 35

1.1.6.2.7 Apps Should Never Override Default App Store Security Settings 35

1.1.6.3 Failure to Adhere to Security Claims 36

1.1.6.3.1 Companies Must Address Commonly Known Security Vulnerabilities 36

1.1.6.3.2 Ensure That Security Controls Are Sufficient to Abide by Promises About Security and Privacy 37

1.1.6.3.3 Omissions about Key Security Flaws Also Can Be Misleading 40

1.1.6.3.4 Companies Must Abide by Promises for Security-related Consent Choices 40

1.1.6.3.5 Companies That Promise Security Must Ensure Adequate Authentication Procedures 41

1.1.6.3.6 Adhere to Promises About Encryption 42

1.1.6.3.7 Promises About Security Extend to Vendors' Practices 43

1.1.6.3.8 Companies Cannot Hide Vulnerable Software in Products 43

1.1.7 FTC Internet of Things Security Guidance 43

1.2 State Data Breach Notification Laws 46

1.2.1 When Consumer Notifications Are Required 47

1.2.1.1 Definition of Personal Information 48

1.2.1.2 Encrypted Data 49

1.2.1.3 Risk of Harm 49

1.2.1.4 Safe Harbors and Exceptions to Notice Requirement 49

1.2.2 Notice to Individuals 50

1.2.2.1 Timing of Notice 50

1.2.2.2 Form of Notice 50

1.2.2.3 Content of Notice 51

1.2.3 Notice to Regulators and Consumer Reporting Agencies 51

1.2.4 Penalties for Violating State Breach Notification Laws 52

1.3 State Data Security Laws 52

1.3.1 Oregon 54

1.3.2 Rhode Island 55

1.3.3 Nevada 56

1.3.4 Massachusetts 57

1.3.5 Ohio 59

1.3.6 Alabama 60

1.3.7 New York 61

1.4 State Data Disposal Laws 61

2 Cybersecurity Litigation 63

2.1 Article III Standing 64

2.1.1 Applicable Supreme Court Rulings on Standing 66

2.1.2 Lower Court Rulings on Standing in Data Breach Cases 71

2.1.2.1 Injury-in-fact 71

2.1.2.1.1 Broad View of Injury-in-fact 71

2.1.2.1.2 Narrow View of Injury-in-fact 76

2.1.2.1.3 Attempts at Finding a Middle Ground for Injury-in-fact 81

2.1.2.2 Fairly Traceable 82

2.1.2.3 Redressability 83

2.2 Common Causes of Action Arising from Data Breaches 84

2.2.1 Negligence 84

2.2.1.1 Legal Duty and Breach of Duty 85

2.2.1.2 Cognizable Injury 87

2.2.1.3 Causation 90

2.2.2 Negligent Misrepresentation or Omission 92

2.2.3 Breach of Contract 95

2.2.4 Breach of Implied Warranty 101

2.2.5 Invasion of Privacy 105

2.2.6 Unjust Enrichment 107

2.2.7 State Consumer Protection Laws 109

2.3 Class Action Certification in Data Breach Litigation 112

2.4 Insurance Coverage for Data Breaches 120

2.5 Protecting Cybersecurity Work Product and Communications from Discovery 124

2.5.1 Attorney-client Privilege 126

2.5.2 Work Product Doctrine 129

2.5.3 Nontestifying Expert Privilege 131

2.5.4 Genesco v. Visa 132

2.5.5 In re Experian Data Breach Litigation 135

2.5.6 In re Premera 136

2.5.7 In re United Shore Financial Services 138

2.5.8 In re Dominion Dental Services USA, Inc. Data Breach Litigation 138

2.5.9 In re Capital One Consumer Data Security Breach Litigation 140

3 Cybersecurity Requirements for Specific Industries 141

3.1 Financial Institutions: GLBA Safeguards Rule 142

3.1.1 Interagency Guidelines 142

3.1.2 SEC's Regulation S-P 144

3.1.3 FTC Safeguards Rule 146

3.2 New York Department of Financial Services Cybersecurity Regulations 149

3.3 Financial Institutions and Creditors: Red Flags Rule 151

3.3.1 Financial Institutions or Creditors 155

3.3.2 Covered Accounts 156

3.3.3 Requirements for a Red Flags Identity Theft Prevention Program 157

3.4 Companies that Use Payment and Debit Cards: PCI DSS 157

3.5 IoT Cybersecurity Laws 160

3.6 Health Providers: HIPAA Security Rule 161

3.7 Electric Transmission: FERC Critical Infrastructure Protection Reliability Standards 167

3.7.1 CIP-003-6: Cybersecurity- Security Management Controls 167

3.7.2 CIP-004-6: Personnel and Training 168

3.7.3 CIP-006-6: Physical Security of Cyber Systems 168

3.7.4 CIP-007-6: Systems Security Management 168

3.7.5 CIP-009-6: Recovery Plans for Cyber Systems 169

3.7.6 CIP-010-2: Configuration Change Management and Vulnerability Assessments 169

3.7.7 CIP-011-2: Information Protection 170

3.8 NRC Cybersecurity Regulations 170

3.9 State Insurance Cybersecurity Laws 171

4 Cybersecurity and Corporate Governance 175

4.1 SEC Cybersecurity Expectations for Publicly Traded Companies 176

4.1.1 10-K Disclosures: Risk Factors 178

4.1.2 10-K Disclosures: Management's Discussion and Analysis of Financial Condition and Results of Operations (MD&A) 179

4.1.3 10-K Disclosures: Description of Business 180

4.1.4 10-K Disclosures: Legal Proceedings 180

4.1.5 10-K Disclosures: Financial Statements 181

4.1.6 10K Disclosures: Board Oversight of Cybersecurity 181

4.1.7 Disclosing Data Breaches to Investors 182

4.1.8 Yahoo! Data Breach 185

4.1.9 Cybersecurity and Insider Trading 185

4.2 Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches 186

4.3 CFIUS and Cybersecurity 189

4.4 Law Firms and Cybersecurity 191

5 Antihacking Laws 193

5.1 Computer Fraud and Abuse Act 194

5.1.1 Origins of the CFAA 194

5.1.2 Access Without Authorization and Exceeding Authorized Access 195

5.1.2.1 Narrow View of "Exceeds Authorized Access" and "Without Authorization" 198

5.1.2.2 Broader View of "Exceeds Authorized Access" and "Without Authorization" 203

5.1.2.3 Finding Some Clarity: Van Buren v. United States 205

5.1.3 The Seven Sections of the CFAA 208

5.1.3.1 CFAA Section (a)(1): Hacking to Commit Espionage 209

5.1.3.2 CFAA Section (a)(2): Hacking to Obtain Information 210

5.1.3.3 CFAA Section (a)(3): Hacking a Federal Government Computer 214

5.1.3.4 CFAA Section (a)(4): Hacking to Commit Fraud 216

5.1.3.5 CFAA Section (a)(5): Hacking to Damage a Computer 218

5.1.3.5.1 CFAA Section (a)(5)(A): Knowing Transmission that Intentionally Damages a Computer Without Authorization 219

5.1.3.5.2 CFAA Section (a)(5)(B): Intentional Access Without Authorization that Recklessly Causes Damage 222

5.1.3.5.3 CFAA Section (a)(5)(C): Intentional Access Without Authorization that Causes Damage and Loss 223

5.1.3.5.4 CFAA Section (a)(5): Requirements for Felony and Misdemeanor Cases 224

5.1.3.6 CFAA Section (a)(6): Trafficking in Passwords 226

5.1.3.7 CFAA Section (a)(7): Threatening to Damage or Obtain Information from a Computer 228

5.1.4 Civil Actions Under the CFAA 231

5.1.5 Criticisms of the CFAA 235

5.1.6 CFAA and Coordinated Vulnerability Disclosure Programs 237

5.2 State Computer Hacking Laws 240

5.3 Section 1201 of the Digital Millennium Copyright Act 243

5.3.1 Origins of Section 1201 of the DMCA 244

5.3.2 Three Key Provisions of Section 1201 of the DMCA 245

5.3.2.1 DMCA Section 1201(a)(1) 245

5.3.2.2 DMCA Section 1201(a)(2) 250

5.3.2.2.1 Narrow Interpretation of Section (a)(2): Chamberlain Group v. Skylink Technologies 251

5.3.2.2.2 Broad Interpretation of Section (a)(2): MDY Industries, LLC v. Blizzard Entertainment 254

5.3.2.3 DMCA Section 1201(b)(1) 258

5.3.3 Section 1201 Penalties 261

5.3.4 Section 1201 Exemptions 262

5.3.5 The First Amendment and...

Details
Erscheinungsjahr: 2022
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Buch
Inhalt: 880 S.
ISBN-13: 9781119822165
ISBN-10: 1119822165
Sprache: Englisch
Herstellernummer: 1W119822160
Einband: Gebunden
Autor: Kosseff, Jeff
Hersteller: John Wiley & Sons Inc
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 159 x 238 x 53 mm
Von/Mit: Jeff Kosseff
Erscheinungsdatum: 04.11.2022
Gewicht: 1,368 kg
Artikel-ID: 121257119
Über den Autor

Jeff Kosseff, JD, MPP, is Associate Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He frequently speaks and writes about cybersecurity and was a journalist covering technology and politics at The Oregonian, a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

Inhaltsverzeichnis

About the Author xvii

Acknowledgment and Disclaimers xix

Foreword to the Third Edition (2022) xxi

Foreword to the Second Edition (2019) xxiii

Introduction to First Edition xxvii

About the Companion Website xxxv

1 Data Security Laws and Enforcement Actions 1

1.1 FTC Data Security 2

1.1.1 Overview of Section 5 of the FTC Act 2

1.1.2 Wyndham: Does the FTC Have Authority to Regulate Data Security Under Section 5 of the FTC Act? 6

1.1.3 LabMD: What Constitutes "Unfair" Data Security? 10

1.1.4 FTC June 2015 Guidance on Data Security, and 2017 Updates 13

1.1.5 FTC Data Security Expectations and the NIST Cybersecurity Framework 18

1.1.6 Lessons from FTC Cybersecurity Complaints 18

1.1.6.1 Failure to Secure Highly Sensitive Information 19

1.1.6.1.1 Use Industry-standard Encryption for Sensitive Data 20

1.1.6.1.2 Routine Audits and Penetration Testing Are Expected 20

1.1.6.1.3 Health-related Data Requires Especially Strong Safeguards 21

1.1.6.1.4 Data Security Protection Extends to Paper Documents 23

1.1.6.1.5 Business-to-business Providers Also Are Accountable to the FTC for Security of Sensitive Data 25

1.1.6.1.6 Companies Are Responsible for the Data Security Practices of Their Contractors 27

1.1.6.1.7 Make Sure that Every Employee Receives Regular Data Security Training for Processing Sensitive Data 28

1.1.6.1.8 Privacy Matters, Even in Data Security 28

1.1.6.1.9 Limit the Sensitive Information Provided to Third Parties 29

1.1.6.1.10 Children's Data Requires Special Protection 29

1.1.6.2 Failure to Secure Payment Card Information 30

1.1.6.2.1 Adhere to Security Claims about Payment Card Data 30

1.1.6.2.2 Always Encrypt Payment Card Data 31

1.1.6.2.3 Payment Card Data Should Be Encrypted Both in Storage and at Rest 31

1.1.6.2.4 In-store Purchases Pose Significant Cybersecurity Risks 32

1.1.6.2.5 Minimize Duration of Storage of Payment Card Data 34

1.1.6.2.6 Monitor Systems and Networks for Unauthorized Software 35

1.1.6.2.7 Apps Should Never Override Default App Store Security Settings 35

1.1.6.3 Failure to Adhere to Security Claims 36

1.1.6.3.1 Companies Must Address Commonly Known Security Vulnerabilities 36

1.1.6.3.2 Ensure That Security Controls Are Sufficient to Abide by Promises About Security and Privacy 37

1.1.6.3.3 Omissions about Key Security Flaws Also Can Be Misleading 40

1.1.6.3.4 Companies Must Abide by Promises for Security-related Consent Choices 40

1.1.6.3.5 Companies That Promise Security Must Ensure Adequate Authentication Procedures 41

1.1.6.3.6 Adhere to Promises About Encryption 42

1.1.6.3.7 Promises About Security Extend to Vendors' Practices 43

1.1.6.3.8 Companies Cannot Hide Vulnerable Software in Products 43

1.1.7 FTC Internet of Things Security Guidance 43

1.2 State Data Breach Notification Laws 46

1.2.1 When Consumer Notifications Are Required 47

1.2.1.1 Definition of Personal Information 48

1.2.1.2 Encrypted Data 49

1.2.1.3 Risk of Harm 49

1.2.1.4 Safe Harbors and Exceptions to Notice Requirement 49

1.2.2 Notice to Individuals 50

1.2.2.1 Timing of Notice 50

1.2.2.2 Form of Notice 50

1.2.2.3 Content of Notice 51

1.2.3 Notice to Regulators and Consumer Reporting Agencies 51

1.2.4 Penalties for Violating State Breach Notification Laws 52

1.3 State Data Security Laws 52

1.3.1 Oregon 54

1.3.2 Rhode Island 55

1.3.3 Nevada 56

1.3.4 Massachusetts 57

1.3.5 Ohio 59

1.3.6 Alabama 60

1.3.7 New York 61

1.4 State Data Disposal Laws 61

2 Cybersecurity Litigation 63

2.1 Article III Standing 64

2.1.1 Applicable Supreme Court Rulings on Standing 66

2.1.2 Lower Court Rulings on Standing in Data Breach Cases 71

2.1.2.1 Injury-in-fact 71

2.1.2.1.1 Broad View of Injury-in-fact 71

2.1.2.1.2 Narrow View of Injury-in-fact 76

2.1.2.1.3 Attempts at Finding a Middle Ground for Injury-in-fact 81

2.1.2.2 Fairly Traceable 82

2.1.2.3 Redressability 83

2.2 Common Causes of Action Arising from Data Breaches 84

2.2.1 Negligence 84

2.2.1.1 Legal Duty and Breach of Duty 85

2.2.1.2 Cognizable Injury 87

2.2.1.3 Causation 90

2.2.2 Negligent Misrepresentation or Omission 92

2.2.3 Breach of Contract 95

2.2.4 Breach of Implied Warranty 101

2.2.5 Invasion of Privacy 105

2.2.6 Unjust Enrichment 107

2.2.7 State Consumer Protection Laws 109

2.3 Class Action Certification in Data Breach Litigation 112

2.4 Insurance Coverage for Data Breaches 120

2.5 Protecting Cybersecurity Work Product and Communications from Discovery 124

2.5.1 Attorney-client Privilege 126

2.5.2 Work Product Doctrine 129

2.5.3 Nontestifying Expert Privilege 131

2.5.4 Genesco v. Visa 132

2.5.5 In re Experian Data Breach Litigation 135

2.5.6 In re Premera 136

2.5.7 In re United Shore Financial Services 138

2.5.8 In re Dominion Dental Services USA, Inc. Data Breach Litigation 138

2.5.9 In re Capital One Consumer Data Security Breach Litigation 140

3 Cybersecurity Requirements for Specific Industries 141

3.1 Financial Institutions: GLBA Safeguards Rule 142

3.1.1 Interagency Guidelines 142

3.1.2 SEC's Regulation S-P 144

3.1.3 FTC Safeguards Rule 146

3.2 New York Department of Financial Services Cybersecurity Regulations 149

3.3 Financial Institutions and Creditors: Red Flags Rule 151

3.3.1 Financial Institutions or Creditors 155

3.3.2 Covered Accounts 156

3.3.3 Requirements for a Red Flags Identity Theft Prevention Program 157

3.4 Companies that Use Payment and Debit Cards: PCI DSS 157

3.5 IoT Cybersecurity Laws 160

3.6 Health Providers: HIPAA Security Rule 161

3.7 Electric Transmission: FERC Critical Infrastructure Protection Reliability Standards 167

3.7.1 CIP-003-6: Cybersecurity- Security Management Controls 167

3.7.2 CIP-004-6: Personnel and Training 168

3.7.3 CIP-006-6: Physical Security of Cyber Systems 168

3.7.4 CIP-007-6: Systems Security Management 168

3.7.5 CIP-009-6: Recovery Plans for Cyber Systems 169

3.7.6 CIP-010-2: Configuration Change Management and Vulnerability Assessments 169

3.7.7 CIP-011-2: Information Protection 170

3.8 NRC Cybersecurity Regulations 170

3.9 State Insurance Cybersecurity Laws 171

4 Cybersecurity and Corporate Governance 175

4.1 SEC Cybersecurity Expectations for Publicly Traded Companies 176

4.1.1 10-K Disclosures: Risk Factors 178

4.1.2 10-K Disclosures: Management's Discussion and Analysis of Financial Condition and Results of Operations (MD&A) 179

4.1.3 10-K Disclosures: Description of Business 180

4.1.4 10-K Disclosures: Legal Proceedings 180

4.1.5 10-K Disclosures: Financial Statements 181

4.1.6 10K Disclosures: Board Oversight of Cybersecurity 181

4.1.7 Disclosing Data Breaches to Investors 182

4.1.8 Yahoo! Data Breach 185

4.1.9 Cybersecurity and Insider Trading 185

4.2 Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches 186

4.3 CFIUS and Cybersecurity 189

4.4 Law Firms and Cybersecurity 191

5 Antihacking Laws 193

5.1 Computer Fraud and Abuse Act 194

5.1.1 Origins of the CFAA 194

5.1.2 Access Without Authorization and Exceeding Authorized Access 195

5.1.2.1 Narrow View of "Exceeds Authorized Access" and "Without Authorization" 198

5.1.2.2 Broader View of "Exceeds Authorized Access" and "Without Authorization" 203

5.1.2.3 Finding Some Clarity: Van Buren v. United States 205

5.1.3 The Seven Sections of the CFAA 208

5.1.3.1 CFAA Section (a)(1): Hacking to Commit Espionage 209

5.1.3.2 CFAA Section (a)(2): Hacking to Obtain Information 210

5.1.3.3 CFAA Section (a)(3): Hacking a Federal Government Computer 214

5.1.3.4 CFAA Section (a)(4): Hacking to Commit Fraud 216

5.1.3.5 CFAA Section (a)(5): Hacking to Damage a Computer 218

5.1.3.5.1 CFAA Section (a)(5)(A): Knowing Transmission that Intentionally Damages a Computer Without Authorization 219

5.1.3.5.2 CFAA Section (a)(5)(B): Intentional Access Without Authorization that Recklessly Causes Damage 222

5.1.3.5.3 CFAA Section (a)(5)(C): Intentional Access Without Authorization that Causes Damage and Loss 223

5.1.3.5.4 CFAA Section (a)(5): Requirements for Felony and Misdemeanor Cases 224

5.1.3.6 CFAA Section (a)(6): Trafficking in Passwords 226

5.1.3.7 CFAA Section (a)(7): Threatening to Damage or Obtain Information from a Computer 228

5.1.4 Civil Actions Under the CFAA 231

5.1.5 Criticisms of the CFAA 235

5.1.6 CFAA and Coordinated Vulnerability Disclosure Programs 237

5.2 State Computer Hacking Laws 240

5.3 Section 1201 of the Digital Millennium Copyright Act 243

5.3.1 Origins of Section 1201 of the DMCA 244

5.3.2 Three Key Provisions of Section 1201 of the DMCA 245

5.3.2.1 DMCA Section 1201(a)(1) 245

5.3.2.2 DMCA Section 1201(a)(2) 250

5.3.2.2.1 Narrow Interpretation of Section (a)(2): Chamberlain Group v. Skylink Technologies 251

5.3.2.2.2 Broad Interpretation of Section (a)(2): MDY Industries, LLC v. Blizzard Entertainment 254

5.3.2.3 DMCA Section 1201(b)(1) 258

5.3.3 Section 1201 Penalties 261

5.3.4 Section 1201 Exemptions 262

5.3.5 The First Amendment and...

Details
Erscheinungsjahr: 2022
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Buch
Inhalt: 880 S.
ISBN-13: 9781119822165
ISBN-10: 1119822165
Sprache: Englisch
Herstellernummer: 1W119822160
Einband: Gebunden
Autor: Kosseff, Jeff
Hersteller: John Wiley & Sons Inc
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 159 x 238 x 53 mm
Von/Mit: Jeff Kosseff
Erscheinungsdatum: 04.11.2022
Gewicht: 1,368 kg
Artikel-ID: 121257119
Sicherheitshinweis