1. Technological resources required for a corporation’s survival and the development of a comprehensive business continuity plan should be established. > Draw a plan to mit

111

Chap ter 4 Laws, Reg u la tions, and Com pli ance

THE CISSP EXAM TOP ICS COV ERED IN THIS CHAP TER IN CLUDE:

Do main 1: Se cu rity and Risk Man age ment 1.3 De ter mine com pli ance re quire ments

1.3.1 Con trac tual, le gal, in dus try stan dards, and reg u la tory re quire ments

1.3.2 Pri vacy re quire ments

1.4 Un der stand le gal and reg u la tory is sues that per tain to in for ma tion se cu rity in a global con text

1.4.1 Cy ber crimes and data breaches

1.4.2 Li cens ing and in tel lec tual prop erty re quire ments

1.4.3 Im port/ex port con trols

1.4.4 Trans-bor der data flow

1.4.5 Pri vacy

The world of com pli ance is a le gal and reg u la tory jun gle for in for ma tion tech nol ogy (IT) and cy ber se cu rity pro fes sion als. Na tional, state, and lo cal gov ern ments have all passed over lap ping laws reg u lat ing dif fer ent com po nents of cy ber se cu rity in a patch work man ner. This leads to an in cred i bly con fus ing land scape for se cu rity pro fes sion als who must rec on cile the laws of mul ti ple ju ris dic tions. Things be come even more com pli cated for multi na tional com pa nies, which must nav i gate the vari a tions be tween in ter na tional law as well.

Law en force ment agen cies have tack led the is sue of cy ber crime with gusto in re cent years. The leg isla tive branches of gov ern ments around the world have at least at tempted to ad dress is sues of cy ber crime. Many law en force ment agen cies have full-time, well-trained com puter crime in ves ti ga tors with ad vanced se cu rity train ing. Those who don’t usu ally know where to turn when they re quire this sort of ex pe ri ence.

In this chap ter, we’ll cover the var i ous types of laws that deal with com puter se cu rity is sues. We’ll ex am ine the le gal is sues sur round ing com puter crime, pri vacy, in tel lec tual prop erty, and a num ber of other re lated top ics. We’ll also cover ba sic in ves tiga tive tech niques, in clud ing the pros and cons of call ing in as sis tance from law en force ment.

Cat e gories of Laws Three main cat e gories of laws play a role in our le gal sys tem. Each is used to cover a va ri ety of

cir cum stances, and the penal ties for vi o lat ing laws in the dif fer ent cat e gories vary widely. In the fol low ing sec tions, you’ll learn how crim i nal law, civil law, and ad min is tra tive law in ter act to form the com plex web of our jus tice sys tem.

Crim i nal Law

Crim i nal law forms the bedrock of the body of laws that pre serve the peace and keep our so ci ety safe. Many high-pro file court cases in volve mat ters of crim i nal law; these are the laws that the po lice and other law en force ment agen cies con cern them selves with. Crim i nal law con tains pro hi bi tions against acts such as mur der, as sault, rob bery, and ar son. Penal ties for vi o lat ing crim i nal statutes fall in a range that in cludes manda tory hours of com mu nity ser vice, mon e tary penal ties in the form of fines (small and large), and de pri va tion of civil lib er ties in the form of prison sen tences.

112

 Cops Are Smart!

A good friend of one of the au thors is a tech nol ogy crime in ves ti ga tor for the lo cal po lice de part ment. He of ten re ceives cases of com puter abuse in volv ing threat en ing emails and web site post ings.

Re cently, he shared a story about a bomb threat that had been emailed to a lo cal high school. The per pe tra tor sent a threat en ing note to the school prin ci pal declar ing that the bomb would ex plode at 1 p.m. and warn ing him to evac u ate the school. The au thor’s friend re ceived the alert at 11 a.m., leav ing him with only two hours to in ves ti gate the crime and ad vise the prin ci pal on the best course of ac tion.

He quickly be gan is su ing emer gency sub poe nas to In ter net ser vice providers and traced the email to a com puter in the school li brary. At 12:15 p.m., he con fronted the sus pect with sur veil lance tapes show ing him at the com puter in the li brary as well as au dit logs con clu sively prov ing that he had sent the email. The stu dent quickly ad mit ted that the threat was noth ing more than a ploy to get out of school a cou ple of hours early. His ex pla na tion? “I didn’t think there was any one around here who could trace stuff like that.”

He was wrong.

A num ber of crim i nal laws serve to pro tect so ci ety against com puter crime. In later sec tions of this chap ter, you’ll learn how some laws, such as the Com puter Fraud and Abuse Act, the Elec tronic Com mu ni ca tions Pri vacy Act, and the Iden tity Theft and As sump tion De ter rence Act (among oth ers), pro vide crim i nal penal ties for se ri ous cases of com puter crime. Tech ni cally savvy pros e cu tors teamed with con cerned law en force ment agen cies have dealt se ri ous blows to the “hack ing un der ground” by us ing the court sys tem to slap lengthy prison terms on of fend ers guilty of what used to be con sid ered harm less pranks.

In the United States, leg isla tive bod ies at all lev els of gov ern ment es tab lish crim i nal laws through elected rep re sen ta tives. At the fed eral level, both the House of Rep re sen ta tives and the Sen ate must pass crim i nal law bills by a ma jor ity vote (in most cases) in or der for the bill to be come law. Once passed, these laws then be come fed eral law and ap ply in all cases where the fed eral gov ern ment has ju ris dic tion (mainly cases that in volve in ter state com merce, cases that cross state bound aries, or cases that are of fenses against the fed eral gov ern ment it self). If fed eral ju ris dic tion does not ap ply, state au thor i ties han dle the case us ing laws passed in a sim i lar man ner by state leg is la tors.

All fed eral and state laws must com ply with the ul ti mate au thor ity that dic tates how the United States (U.S.) sys tem of gov ern ment works—the U.S. Con sti tu tion. All laws are sub ject to ju di cial re view by re gional courts with the right of ap peal all the way to the Supreme Court of the United States. If a court finds that a law is un con sti tu tional, it has the power to strike it down and ren der it in valid.

Keep in mind that crim i nal law is a se ri ous mat ter. If you find your self in volved—as a wit ness, de fen dant, or vic tim—in a mat ter where crim i nal au thor i ties be come in volved, you’d be well ad vised to seek ad vice from an at tor ney fa mil iar with the crim i nal jus tice sys tem and specif i cally with mat ters of com puter crime. It’s not wise to “go it alone” in such a com plex sys tem.

Civil Law Civil laws form the bulk of our body of laws. They are de signed to pro vide for an or derly so ci ety and gov ern

mat ters that are not crimes but that re quire an im par tial ar biter to set tle be tween in di vid u als and or ga ni za tions. Ex am ples of the types of mat ters that may be judged un der civil law in clude con tract dis putes, real es tate trans ac tions, em ploy ment mat ters, and es tate/pro bate pro ce dures. Civil laws also are used to cre ate the frame work of gov ern ment that the ex ec u tive branch uses to carry out its re spon si bil i ties. These laws pro vide bud gets for gov ern men tal ac tiv i ties and lay out the au thor ity granted to the ex ec u tive branch to cre ate ad min is tra tive laws (see the next sec tion).

Civil laws are en acted in the same man ner as crim i nal laws. They must pass through the leg isla tive process be fore en act ment and are sub ject to the same con sti tu tional pa ram e ters and ju di cial re view pro ce dures. At the fed eral level, both crim i nal and civil laws are em bod ied in the United States Code (USC).

The ma jor dif fer ence be tween civil laws and crim i nal laws is the way in which they are en forced. Usu ally, law en force ment au thor i ties do not be come in volved in mat ters of civil law be yond tak ing ac tion nec es sary to re store or der. In a crim i nal pros e cu tion, the gov ern ment, through law en force ment in ves ti ga tors and pros e cu tors, brings ac tion against a per son ac cused of a crime. In civil mat ters, it is in cum bent upon the per son who thinks they have been wronged to ob tain le gal coun sel and file a civil law suit against the per son they think is re spon si ble for their griev ance. The gov ern ment (un less it is the plain tiff or de fen dant) does not take sides in the dis pute or ar gue one po si tion or the other. The only role of the gov ern ment in civil mat ters is to pro vide the judges, ju ries, and court fa cil i ties used to hear civil cases and to play an ad min is tra tive role in man ag ing the ju di cial sys tem in ac cor dance with the law.

113

As with crim i nal law, it is best to ob tain le gal as sis tance if you think you need to file a civil law suit or if some one files a civil law suit against you. Al though civil law does not im pose the threat of im pris on ment, the los ing party may face se vere fi nan cial penal ties. You don’t need to look any fur ther than the nightly news for ex am ples—mul ti mil lion-dol lar cases against to bacco com pa nies, ma jor cor po ra tions, and wealthy in di vid u als are filed ev ery day.

Ad min is tra tive Law The ex ec u tive branch of our gov ern ment charges nu mer ous agen cies with wide-rang ing re spon si bil i ties to

en sure that gov ern ment func tions ef fec tively. It is the duty of these agen cies to abide by and en force the crim i nal and civil laws en acted by the leg isla tive branch. How ever, as can be eas ily imag ined, crim i nal and civil law can’t pos si bly lay out rules and pro ce dures that should be fol lowed in ev ery pos si ble sit u a tion. There fore, ex ec u tive branch agen cies have some lee way to en act ad min is tra tive law, in the form of poli cies, pro ce dures, and reg u la tions that gov ern the daily op er a tions of the agency. Ad min is tra tive law cov ers top ics as mun dane as the pro ce dures to be used within a fed eral agency to ob tain a desk tele phone to more sub stan tial is sues such as the im mi gra tion poli cies that will be used to en force the laws passed by Con gress. Ad min is tra tive law is pub lished in the Code of Fed eral Reg u la tions, of ten re ferred to as the CFR.

Al though ad min is tra tive law does not re quire an act of the leg isla tive branch to gain the force of law, it must com ply with all ex ist ing civil and crim i nal laws. Gov ern ment agen cies may not im ple ment reg u la tions that di rectly con tra dict ex ist ing laws passed by the leg is la ture. Fur ther more, ad min is tra tive laws (and the ac tions of gov ern ment agen cies) must also com ply with the U.S. Con sti tu tion and are sub ject to ju di cial re view.

To un der stand com pli ance re quire ments and pro ce dures, it is nec es sary to be fully versed in the com plex i ties of the law. From ad min is tra tive law to civil law to crim i nal law (and, in some coun tries, even re li gious law), nav i gat ing the reg u la tory en vi ron ment is a daunt ing task. The CISSP exam fo cuses on the gen er al i ties of law, reg u la tions, in ves ti ga tions, and com pli ance as they af fect or ga ni za tional se cu rity ef forts. How ever, it is your re spon si bil ity to seek out pro fes sional help (i.e., an at tor ney) to guide and sup port you in your ef forts to main tain le gal and legally sup port able se cu rity.

Laws Through out these sec tions, we’ll ex am ine a num ber of laws that re late to in for ma tion tech nol ogy. By

ne ces sity, this dis cus sion is U.S.-cen tric, as is the ma te rial cov ered by the CISSP exam. We’ll look briefly at sev eral high-pro file non-U.S. laws, such as the Eu ro pean Union’s Gen eral Data Pro tec tion Reg u la tion (GDPR). How ever, if you op er ate in an en vi ron ment that in volves for eign ju ris dic tions, you should re tain lo cal le gal coun sel to guide you through the sys tem.

Ev ery in for ma tion se cu rity pro fes sional should have a ba sic un der stand ing of the law as it

re lates to in for ma tion tech nol ogy. How ever, the most im por tant les son to be learned is know ing when it’s nec es sary to call in an at tor ney. If you think you’re in a le gal “gray area,” it’s best to seek pro fes sional ad vice.

Com puter Crime The first com puter se cu rity is sues ad dressed by leg is la tors were those in volv ing com puter crime. Early

com puter crime pros e cu tions were at tempted un der tra di tional crim i nal law, and many were dis missed be cause judges thought that ap ply ing tra di tional law to this mod ern type of crime was too far a stretch. Leg is la tors re sponded by pass ing spe cific statutes that de fined com puter crime and laid out spe cific penal ties for var i ous crimes. In the fol low ing sec tions, we’ll cover sev eral of those statutes.

The U.S. laws dis cussed in this chap ter are fed eral laws. But keep in mind that al most ev ery

state in the union has also en acted some form of leg is la tion re gard ing com puter se cu rity is sues. Be cause of the global reach of the in ter net, most com puter crimes cross state lines and, there fore, fall un der fed eral ju ris dic tion and are pros e cuted in the fed eral court sys tem. How ever, in some cir cum stances, state laws can be more re stric tive than fed eral laws and im pose harsher penal ties.

Com puter Fraud and Abuse Act

The Com puter Fraud and Abuse Act (CFAA) was the first ma jor piece of cy ber crime-spe cific leg is la tion in the United States. Con gress had ear lier en acted com puter crime law as part of the Com pre hen sive Crime Con trol Act (CCCA) of 1984, but CFAA was care fully writ ten to ex clu sively cover com puter crimes that crossed

114

state bound aries to avoid in fring ing on states’ rights and tread ing on thin con sti tu tional ice. The ma jor pro vi sions of the orig i nal CCCA made it a crime to per form the fol low ing:

Ac cess clas si fied in for ma tion or fi nan cial in for ma tion in a fed eral sys tem with out au tho riza tion or in ex cess of au tho rized priv i leges

Ac cess a com puter used ex clu sively by the fed eral gov ern ment with out au tho riza tion

Use a fed eral com puter to per pe trate a fraud (un less the only ob ject of the fraud was to gain use of the com puter it self)

Cause ma li cious dam age to a fed eral com puter sys tem in ex cess of $1,000

Mod ify med i cal records in a com puter when do ing so im pairs or may im pair the ex am i na tion, di ag no sis, treat ment, or med i cal care of an in di vid ual

Traf fic in com puter pass words if the traf fick ing af fects in ter state com merce or in volves a fed eral com puter sys tem

When Con gress passed the CFAA, it raised the thresh old of dam age from $1,000 to $5,000 but also dra mat i cally al tered the scope of the reg u la tion. In stead of merely cov er ing fed eral com put ers that pro cessed sen si tive in for ma tion, the act was changed to cover all “fed eral in ter est” com put ers. This widened the cov er age of the act to in clude the fol low ing:

Any com puter used ex clu sively by the U.S. gov ern ment

Any com puter used ex clu sively by a fi nan cial in sti tu tion

Any com puter used by the gov ern ment or a fi nan cial in sti tu tion when the of fense im pedes the abil ity of the gov ern ment or in sti tu tion to use that sys tem

Any com bi na tion of com put ers used to com mit an of fense when they are not all lo cated in the same state

When pre par ing for the CISSP exam, be sure you’re able to briefly de scribe the pur pose of

each law dis cussed in this chap ter.

CFAA Amend ments

In 1994, Con gress rec og nized that the face of com puter se cu rity had dras ti cally changed since the CFAA was last amended in 1986 and made a num ber of sweep ing changes to the act. Col lec tively, these changes are re ferred to as the Com puter Abuse Amend ments Act of 1994 and in cluded the fol low ing pro vi sions:

Out lawed the cre ation of any type of ma li cious code that might cause dam age to a com puter sys tem

Mod i fied the CFAA to cover any com puter used in in ter state com merce rather than just “fed eral in ter est” com puter sys tems

Al lowed for the im pris on ment of of fend ers, re gard less of whether they ac tu ally in tended to cause dam age

Pro vided le gal au thor ity for the vic tims of com puter crime to pur sue civil ac tion to gain in junc tive re lief and com pen sa tion for dam ages

Since the ini tial CFAA amend ments in 1994, Con gress passed ad di tional amend ments in 1996, 2001, 2002, and 2008 as part of other cy ber crime leg is la tion. We’ll dis cuss those as they come up in this chap ter.

While CFAA may be used to pros e cute a va ri ety of com puter crimes, it is also crit i cized by many in the se cu rity and pri vacy com mu nity as an over broad law. Un der some in ter pre ta tions, CFAA crim i nal izes the vi o la tion of a web site’s terms of ser vice. This law was used to pros e cute MIT stu dent Aaron Schwartz for down load ing a large num ber of aca demic re search pa pers from a data base ac ces si ble on the MIT net work. Schwartz com mit ted sui cide in 2013 and in spired the draft ing of a CFAA amend ment that would have ex cluded the vi o la tion of web site terms of ser vice from CFAA. That bill, dubbed Aaron’s Law, never reached a vote on the floor of Con gress.

Fed eral Sen tenc ing Guide lines

The Fed eral Sen tenc ing Guide lines re leased in 1991 pro vided pun ish ment guide lines to help fed eral judges in ter pret com puter crime laws. Three ma jor pro vi sions of these guide lines have had a last ing im pact on the in for ma tion se cu rity com mu nity.

115

The guide lines for mal ized the pru dent man rule, which re quires se nior ex ec u tives to take per sonal re spon si bil ity for en sur ing the due care that or di nary, pru dent in di vid u als would ex er cise in the same sit u a tion. This rule, de vel oped in the realm of fis cal re spon si bil ity, now ap plies to in for ma tion se cu rity as well.

The guide lines al lowed or ga ni za tions and ex ec u tives to min i mize pun ish ment for in frac tions by demon strat ing that they used due dili gence in the con duct of their in for ma tion se cu rity du ties.

The guide lines out lined three bur dens of proof for neg li gence. First, the per son ac cused of neg li gence must have a legally rec og nized obli ga tion. Sec ond, the per son must have failed to com ply with rec og nized stan dards. Fi nally, there must be a causal re la tion ship be tween the act of neg li gence and sub se quent dam ages.

Na tional In for ma tion In fra struc ture Pro tec tion Act of 1996

In 1996, Con gress passed yet an other set of amend ments to the Com puter Fraud and Abuse Act de signed to fur ther ex tend the pro tec tion it pro vides. The Na tional In for ma tion In fra struc ture Pro tec tion Act in cluded the fol low ing main new ar eas of cov er age:

Broad ens CFAA to cover com puter sys tems used in in ter na tional com merce in ad di tion to sys tems used in in ter state com merce

Ex tends sim i lar pro tec tions to por tions of the na tional in fra struc ture other than com put ing sys tems, such as rail roads, gas pipe lines, elec tric power grids, and telecom mu ni ca tions cir cuits

Treats any in ten tional or reck less act that causes dam age to crit i cal por tions of the na tional in fra struc ture as a felony

Fed eral In for ma tion Se cu rity Man age ment Act

The Fed eral In for ma tion Se cu rity Man age ment Act (FISMA), passed in 2002, re quires that fed eral agen cies im ple ment an in for ma tion se cu rity pro gram that cov ers the agency’s op er a tions. FISMA also re quires that gov ern ment agen cies in clude the ac tiv i ties of con trac tors in their se cu rity man age ment pro grams. FISMA re pealed and re placed two ear lier laws: the Com puter Se cu rity Act of 1987 and the Gov ern ment In for ma tion Se cu rity Re form Act of 2000.

The Na tional In sti tute of Stan dards and Tech nol ogy (NIST), re spon si ble for de vel op ing the FISMA im ple men ta tion guide lines, out lines the fol low ing el e ments of an ef fec tive in for ma tion se cu rity pro gram:

Pe ri odic as sess ments of risk, in clud ing the mag ni tude of harm that could re sult from the unau tho rized ac cess, use, dis clo sure, dis rup tion, mod i fi ca tion, or de struc tion of in for ma tion and in for ma tion sys tems that sup port the op er a tions and as sets of the or ga ni za tion

Poli cies and pro ce dures that are based on risk as sess ments, cost-ef fec tively re duc ing in for ma tion se cu rity risks to an ac cept able level and en sur ing that in for ma tion se cu rity is ad dressed through out the life cy cle of each or ga ni za tional in for ma tion sys tem

Sub or di nate plans for pro vid ing ad e quate in for ma tion se cu rity for net works, fa cil i ties, in for ma tion sys tems, or groups of in for ma tion sys tems, as ap pro pri ate

Se cu rity aware ness train ing to in form per son nel (in clud ing con trac tors and other users of in for ma tion sys tems that sup port the op er a tions and as sets of the or ga ni za tion) of the in for ma tion se cu rity risks as so ci ated with their ac tiv i ties and their re spon si bil i ties in com ply ing with or ga ni za tional poli cies and pro ce dures de signed to re duce these risks

Pe ri odic test ing and eval u a tion of the ef fec tive ness of in for ma tion se cu rity poli cies, pro ce dures, prac tices, and se cu rity con trols to be per formed with a fre quency de pend ing on risk, but no less than an nu ally

A process for plan ning, im ple ment ing, eval u at ing, and doc u ment ing re me dial ac tions to ad dress any de fi cien cies in the in for ma tion se cu rity poli cies, pro ce dures, and prac tices of the or ga ni za tion

Pro ce dures for de tect ing, re port ing, and re spond ing to se cu rity in ci dents

Plans and pro ce dures to en sure con ti nu ity of op er a tions for in for ma tion sys tems that sup port the op er a tions and as sets of the or ga ni za tion

FISMA places a sig nif i cant bur den on fed eral agen cies and gov ern ment con trac tors, who must de velop and main tain sub stan tial doc u men ta tion of their FISMA com pli ance ac tiv i ties.

Fed eral Cy ber se cu rity Laws of 2014

In 2014, Pres i dent Barack Obama signed a se ries of bills into law that mod ern ized the fed eral gov ern ment’s ap proach to cy ber se cu rity is sues.

116

The first of these was the con fus ingly named Fed eral In for ma tion Sys tems Mod ern iza tion Act (also bear ing the acro nym FISMA). The 2014 FISMA mod i fied the rules of the 2002 FISMA by cen tral iz ing fed eral cy ber se cu rity re spon si bil ity with the De part ment of Home land Se cu rity. There are two ex cep tions to this cen tral iza tion: de fense-re lated cy ber se cu rity is sues re main the re spon si bil ity of the Sec re tary of De fense, while the Di rec tor of Na tional In tel li gence bears re spon si bil ity for in tel li gence-re lated is sues.

Sec ond, Con gress passed the Cy ber se cu rity En hance ment Act, which charges the NIST with re spon si bil ity for co or di nat ing na tion wide work on vol un tary cy ber se cu rity stan dards. NIST pro duces the 800 se ries of Spe cial Pub li ca tions re lated to com puter se cu rity in the fed eral gov ern ment. These are use ful for all se cu rity prac ti tion ers and are avail able for free on line at http://csrc.nist.gov/pub li ca tions/Pub sSPs.html.

The fol low ing are com monly used NIST stan dards:

NIST SP 800-53: Se cu rity and Pri vacy Con trols for Fed eral In for ma tion Sys tems and Or ga ni za tions. This stan dard is re quired for use in fed eral com put ing sys tems and is also com monly used as an in dus try cy ber se cu rity bench mark.

NIST SP 800-171: Pro tect ing Con trolled Un clas si fied In for ma tion in Non fed eral In for ma tion Sys tems and Or ga ni za tions. Com pli ance with this stan dard’s se cu rity con trols (which are quite sim i lar to those found in NIST 800-53) is of ten in cluded as a con trac tual re quire ment by gov ern ment agen cies. Fed eral con trac tors must of ten com ply with NIST SP 800-171.

The NIST Cy ber se cu rity Frame work (CSF) is a set of stan dards de signed to serve as a vol un tary risk- based frame work for se cur ing in for ma tion and sys tems.

The third law from this wave of new re quire ments was the Na tional Cy ber se cu rity Pro tec tion Act. This law charged the De part ment of Home land Se cu rity with es tab lish ing a na tional cy ber se cu rity and com mu ni ca tions in te gra tion cen ter. The role of this cen ter is to serve as the in ter face be tween fed eral agen cies and civil ian or ga ni za tions for shar ing cy ber se cu rity risks, in ci dents, anal y sis, and warn ings.

In tel lec tual Prop erty Amer ica’s role in the global econ omy is shift ing away from a man u fac turer of goods and to ward a provider

of ser vices. This trend also shows it self in many of the world’s large in dus tri al ized na tions. With this shift to ward pro vid ing ser vices, in tel lec tual prop erty takes on an in creas ingly im por tant role in many firms. In deed, it is ar guable that the most valu able as sets of many large multi na tional com pa nies are sim ply the brand names that we’ve all come to rec og nize. Com pany names such as Dell, Proc ter & Gam ble, and Merck bring in stant cred i bil ity to any prod uct. Pub lish ing com pa nies, movie pro duc ers, and artists de pend on their cre ative out put to earn their liveli hood. Many prod ucts de pend on se cret recipes or pro duc tion tech niques— take the leg endary se cret for mula for Coca-Cola or KFC’s se cret blend of herbs and spices, for ex am ple.

These in tan gi ble as sets are col lec tively re ferred to as in tel lec tual prop erty, and a whole host of laws ex ist to pro tect the rights of their own ers. Af ter all, it sim ply wouldn’t be fair if a mu sic store bought only one copy of each artist’s CD and burned copies for all of its cus tomers—that would de prive the artist of the ben e fits of their la bor. In the fol low ing sec tions, we’ll ex plore the laws sur round ing the four ma jor types of in tel lec tual prop erty—copy rights, trade marks, patents, and trade se crets. We’ll also dis cuss how these con cepts specif i cally con cern in for ma tion se cu rity pro fes sion als. Many coun tries pro tect (or fail to pro tect) these rights in dif fer ent ways, but the ba sic con cepts ring true through out the world.

Some coun tries are no to ri ous for vi o lat ing in tel lec tual prop erty rights. The most no table

ex am ple is China. China is world renowned for its bla tant dis re gard of copy right and patent law. If you’re plan ning to do busi ness in this re gion of the world, you should def i nitely con sult with an at tor ney who spe cial izes in this area.

Copy right and the Dig i tal Mil len nium Copy right Act

Copy right law guar an tees the cre ators of “orig i nal works of au thor ship” pro tec tion against the unau tho rized du pli ca tion of their work. Eight broad cat e gories of works qual ify for copy right pro tec tion.

Lit er ary works

Mu si cal works

Dra matic works

Pan tomimes and chore o graphic works

Pic to rial, graph i cal, and sculp tural works

Mo tion pic tures and other au dio vi sual works

117

Sound record ings

Ar chi tec tural works

There is prece dent for copy right ing com puter soft ware—it’s done un der the scope of lit er ary works. How ever, it’s im por tant to note that copy right law pro tects only the ex pres sion in her ent in com puter soft ware —that is, the ac tual source code. It does not pro tect the ideas or process be hind the soft ware. There has also been some ques tion over whether copy rights can be ex tended to cover the “look and feel” of a soft ware pack age’s graph i cal user in ter face. Court de ci sions have gone in both di rec tions on this mat ter; if you will be in volved in this type of is sue, you should con sult a qual i fied in tel lec tual prop erty at tor ney to de ter mine the cur rent state of leg is la tion and case law.

There is a for mal pro ce dure to ob tain a copy right that in volves send ing copies of the pro tected work along with an ap pro pri ate reg is tra tion fee to the U.S. Copy right Of fice. For more in for ma tion on this process, visit the of fice’s web site at www.copy right.gov. How ever, it is im por tant to note that of fi cially reg is ter ing a copy right is not a pre req ui site for copy right en force ment. In deed, the law states that the cre ator of a work has an au to matic copy right from the in stant the work is cre ated. If you can prove in court that you were the cre ator of a work (per haps by pub lish ing it), you will be pro tected un der copy right law. Of fi cial reg is tra tion merely pro vides the gov ern ment’s ac knowl edg ment that they re ceived your work on a spe cific date.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.