Book Read Free

Advanced Criminal Investigations and Intelligence Operations

Page 47

by Unknown


  agency having such authority, have the authority to investigate

  offenses under this section.

  (2) The Federal Bureau of Investigation shall have primary author-

  ity to investigate offenses under subsection (a)(1) for any cases

  involving espionage, foreign counterintelligence, information

  protected against unauthorized disclosure for reasons of national

  defense or foreign relations, or Restricted Data (as that term is

  defined in section 11y of the Atomic Energy Act of 1954 (42

  U.S.C. 2014 (y)), except for offenses affecting the duties of the U.S.

  Secret Service pursuant to section 3056 (a) of this title.

  (3) Such authority shall be exercised in accordance with an agree-

  ment which shall be entered into by the Secretary of the Treasury

  and the Attorney General.

  Appendix B: Computer Crime and Privacy Laws

  347

  (e) As used in this section—

  (1) the term “computer” means an electronic, magnetic, optical,

  electrochemical, or other high speed data processing device per-

  forming logical, arithmetic, or storage functions, and includes

  any data storage facility or communications facility directly

  related to or operating in conjunction with such device, but such

  term does not include an automated typewriter or typesetter, a

  portable hand held calculator, or other similar device;

  (2) the term “protected computer” means a computer

  (A) exclusively for the use of a financial institution or the

  United States Government, or, in the case of a computer not

  exclusively for such use, used by or for a financial institu-

  tion or the United States Government and the conduct con-

  stituting the offense affects that use by or for the financial

  institution or the Government; or

  (B) which is used in or affecting interstate or foreign commerce

  or communication, including a computer located outside

  the United States that is used in a manner that affects

  interstate or foreign commerce or communication of the

  United States;

  (3) the term “State” includes the District of Columbia, the

  Commonwealth of Puerto Rico, and any other commonwealth,

  possession or territory of the United States;

  (4) the term “financial institution” means—

  (A) an institution, with deposits insured by the Federal Deposit

  Insurance Corporation;

  (B) the Federal Reserve or a member of the Federal Reserve

  including any Federal Reserve Bank;

  (C) a credit union with accounts insured by the National Credit

  Union Administration;

  (D) a member of the Federal home loan bank system and any

  home loan bank;

  (E) any institution of the Farm Credit System under the Farm

  Credit Act of 1971;

  (F) a broker-dealer registered with the Securities and Exchange

  Commission pursuant to section 15 of the Securities

  Exchange Act of 1934;

  (G) the Securities Investor Protection Corporation;

  (H) a branch or agency of a foreign bank (as such terms are

  defined in paragraphs (1) and (3) of section 1(b) of the

  International Banking Act of 1978); and

  (I) an organization operating under section 25 or section 25(a)

  of the Federal Reserve Act;

  348

  Appendix B: Computer Crime and Privacy Laws

  (5) the term “financial record” means information derived from

  any record held by a financial institution pertaining to a cus-

  tomer’s relationship with the financial institution;

  (6) the term “exceeds authorized access” means to access a com-

  puter with authorization and to use such access to obtain or

  alter information in the computer that the accesser is not enti-

  tled so to obtain or alter;

  (7) the term “department of the United States” means the legisla-

  tive or judicial branch of the Government or one of the execu-

  tive departments enumerated in section 101 of title 5;

  (8) the term “damage” means any impairment to the integrity or

  availability of data, a program, a system, or information;

  (9) the term “government entity” includes the Government of the

  United States, any State or political subdivision of the United

  States, any foreign country, and any state, province, municipal-

  ity, or other political subdivision of a foreign country;

  (10) the term “conviction” shall include a conviction under the law

  of any State for a crime punishable by imprisonment for more

  than 1 year, an element of which is unauthorized access, or

  exceeding authorized access, to a computer;

  (11) the term “loss” means any reasonable cost to any victim, includ-

  ing the cost of responding to an offense, conducting a damage

  assessment, and restoring the data, program, system, or infor-

  mation to its condition prior to the offense, and any revenue

  lost, cost incurred, or other consequential damages incurred

  because of interruption of service; and

  (12) the term “person” means any individual, firm, corporation,

  educational institution, financial institution, governmental

  entity, or legal or other entity.

  (f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the

  United States, a State, or a political subdivision of a State, or of an

  intelligence agency of the United States.

  (g) Any person who suffers damage or loss by reason of a violation of

  this section may maintain a civil action against the violator to obtain

  compensatory damages and injunctive relief or other equitable relief.

  A civil action for a violation of this section may be brought only if

  the conduct involves 1 of the factors set forth in subclauses (I), (II),

  (III), (IV), or (V) of subsection (c)(4)(A)(i). Damages for a violation

  involving only conduct described in subsection (c)(4)(A)(i)(I) are

  limited to economic damages. No action may be brought under this

  subsection unless such action is begun within 2 years of the date of

  Appendix B: Computer Crime and Privacy Laws

  349

  the act complained of or the date of the discovery of the damage.

  No action may be brought under this subsection for the negligent

  design or manufacture of computer hardware, computer software,

  or firmware.

  (h) The Attorney General and the Secretary of the Treasury shall report

  to the Congress annually, during the first 3 years following the date

  of the enactment of this subsection, concerning investigations and

  prosecutions under subsection (a)(5).

  (i)

  (1) The court, in imposing sentence on any person convicted of a

  violation of this section, or convicted of conspiracy to violate this

  section, shall order, in addition to any other sentence imposed

  and irrespective of any provision of State law, that such person

  forfeit to the United States

  (A) such person’s interest in any personal property that was

  used or intended to be used to commit or to facilitate the

  commission of such violation; and

  (B) any property, real or personal, constituting or derive
d from,

  any proceeds that such person obtained, directly or indirectly,

  as a result of such violation.

  (2) The criminal forfeiture of property under this subsection, any

  seizure and disposition thereof, and any judicial proceeding in

  relation thereto, shall be governed by the provisions of section 413

  of the Comprehensive Drug Abuse Prevention and Control Act

  of 1970 (21 U.S.C. 853), except subsection (d) of that section.

  (j) For purposes of subsection (i), the following shall be subject to forfeiture to the United States and no property right shall exist in them:

  (1) Any personal property used or intended to be used to commit or

  to facilitate the commission of any violation of this section, or a

  conspiracy to violate this section.

  (2) Any property, real or personal, which constitutes or is derived

  from proceeds traceable to any violation of this section, or a

  conspiracy to violate this section.

  Children’s Online Privacy Act (15 U.S.C. §§ 6501–6506)

  Chapter 91: Children’s Online Privacy Protection

  • § 6501. Definitions

  • § 6502. Regulation of Unfair and Deceptive Acts and Practices in

  Connection with Collection and Use of Personal Information from

  and about Children on the Internet

  350

  Appendix B: Computer Crime and Privacy Laws

  • § 6503. Safe Harbors

  • § 6504. Actions by States

  • § 6505. Administration and Applicability

  • § 6506. Review

  § 6501. Definitions

  In this chapter:

  (1) Child

  The term “child” means an individual under the age of 13.

  (2) Operator

  The term “operator”—

  (A) means any person who operates a website located on the

  Internet or an online service and who collects or maintains per-

  sonal information from or about the users of or visitors to such

  website or online service, or on whose behalf such information

  is collected or maintained, where such website or online ser-

  vice is operated for commercial purposes, including any person

  offering products or services for sale through that website or

  online service, involving commerce—

  (i) among the several States or with 1 or more foreign nations;

  (ii) in any territory of the United States or in the District of

  Columbia, or between any such territory and—

  (I) another such territory; or

  (II) any State or foreign nation; or

  (iii) between the District of Columbia and any State, territory,

  or foreign nation; but

  (B) does not include any nonprofit entity that would otherwise be

  exempt from coverage under section 45 of this title.

  (3) Commission

  The term “Commission” means the Federal Trade Commission.

  (4) Disclosure

  The term “disclosure” means, with respect to personal

  information—

  (A) the release of personal information collected from a child in

  identifiable form by an operator for any purpose, except where

  such information is provided to a person other than the opera-

  tor who provides support for the internal operations of the web-

  site and does not disclose or use that information for any other

  purpose; and

  (B) making personal information collected from a child by a web-

  site or online service directed to children or with actual knowl-

  edge that such information was collected from a child, publicly

  Appendix B: Computer Crime and Privacy Laws

  351

  available in identifiable form, by any means including by a

  public posting, through the Internet, or through—

  (i) a home page of a website;

  (ii) a pen pal service;

  (iii) an electronic mail service;

  (iv) a message board; or

  (v) a chat room.

  (5) Federal agency

  The term “Federal agency” means an agency, as that term is defined

  in section 551 (1) of title 5.

  (6)

  Internet

  The term “Internet” means collectively the myriad of computer and

  telecommunications facilities, including equipment and operat-

  ing software, which comprise the interconnected world-wide net-

  work of networks that employ the Transmission Control Protocol/

  Internet Protocol, or any predecessor or successor protocols to such

  protocol, to communicate information of all kinds by wire or radio.

  (7)

  Parent

  The term “parent” includes a legal guardian.

  (8)

  Personal information

  The term “personal information” means individually identifiable

  information about an individual collected online, including—

  (A) a first and last name;

  (B) a home or other physical address including street name and

  name of a city or town;

  (C) an e-mail address;

  (D) a telephone number;

  (E) a Social Security number;

  (F) any other identifier that the Commission determines per-

  mits the physical or online contacting of a specific indivi-

  dual; or

  (G) information concerning the child or the parents of that child

  that the website collects online from the child and combines

  with an identifier described in this paragraph.

  (9) Verifiable parental consent

  The term “verifiable parental consent” means any reasonable effort

  (taking into consideration available technology), including a request

  for authorization for future collection, use, and disclosure described

  in the notice, to ensure that a parent of a child receives notice of the

  operator’s personal information collection, use, and disclosure prac-

  tices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information

  before that information is collected from that child.

  352

  Appendix B: Computer Crime and Privacy Laws

  (10) Website or online service directed to children

  (A) In general

  The term “website or online service directed to children”

  means—

  (i) a commercial website or online service that is targeted to

  children; or

  (ii) that portion of a commercial website or online service that

  is targeted to children.

  (B) Limitation

  A commercial website or online service, or a portion of a

  commercial website or online service, shall not be deemed

  directed to children solely for referring or linking to a com-

  mercial website or online service directed to children by using

  information location tools, including a directory, index, ref-

  erence, pointer, or hypertext link.

  (11) Person

  The term “person” means any individual, partnership, corporation,

  trust, estate, cooperative, association, or other entity.

  (12) Online contact information

  The term “online contact information” means an e-mail address or

  another substantially similar identifier that permits direct contact

  with a person online.

  § 6502. Regulation of Unfair and Deceptive Acts and

  Practices in Connection with Collection and
Use of Personal

  Information from and about Children on the Internet

  (a) Acts prohibited

  (1) In general

  It is unlawful for an operator of a website or online service

  directed to children, or any operator that has actual knowl-

  edge that it is collecting personal information from a child,

  to collect personal information from a child in a manner that

  violates the regulations prescribed under subsection (b) of this

  section.

  (2) Disclosure to parent protected

  Notwithstanding paragraph (1), neither an operator of such a

  website or online service nor the operator’s agent shall be held

  to be liable under any Federal or State law for any disclosure

  made in good faith and following reasonable procedures in

  responding to a request for disclosure of personal information

  under subsection (b)(1)(B)(iii) of this section to the parent of

  a child.

  Appendix B: Computer Crime and Privacy Laws

  353

  (b) Regulations

  (1)

  In general

  Not later than 1 year after October 21, 1998, the Commission

  shall promulgate under section 553 of title 5 regulations that—

  (A) require the operator of any website or online service directed

  to children that collects personal information from children

  or the operator of a website or online service that has actual

  knowledge that it is collecting personal information from

  a child—

  (i) to provide notice on the website of what information is

  collected from children by the operator, how the opera-

  tor uses such information, and the operator’s disclosure

  practices for such information; and

  (ii) to obtain verifiable parental consent for the collec-

  tion, use, or disclosure of personal information from

  children;

  (B) require the operator to provide, upon request of a parent

  under this subparagraph whose child has provided personal

  information to that website or online service, upon proper

  identification of that parent, to such parent—

  (i) a description of the specific types of personal information

 

‹ Prev