ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index

Abrams v. United States, 476 American Arbitration Association (adr.org), 39 Access: American Bar Association Task Force, 98 codes, 842 American Civil Liberties Union (ACLU): Digital Divide and, 524–525 ACLU v. Miller, 468 privacy and, 412 Ashcroft v. ACLU, 15, 59, 448 wireless attacks and, 753 challenges to Patriot Act and DHS Accessdata’s Password Recovery Toolkit (PRTK), 370 surveillance/investigation techniques, 165, Access Device Fraud Act (1984), 42 166 Access point (AP), 751, 779 defined, 556, Accountability, 414–415 Reno v. ACLU, 13, 14, 58, 59, 265, 447, 641 Account misuse detection, 712 American Express, 29, 30 ACLU. See American Civil Liberties Union (ACLU) American Guarantee & Liability Insurance Co. v. Ingram ACPA. See Anticybersquatting Consumer Protection Micro, Inc., 32 Act of 1999 (ACPA) American Law Institute (ALI), 325 ADA (American Dental Association), 556 American Libraries Association v. Pataki, 266, 348 Adapters, 505, 510 American Library Association v. United States, 63 Adaptive literacy, 518 American Management Association (AMA), 419, 421 Adbusters group, 307–308 American Mobile Satellite (AMSAT), 734 Address translation services, 504 American National Standards Institute (ANSI) Adjudication. See Criminal justice system X12N, 541–542, 555, 558 Ad networks, 426–427, 432 American Society for Crime Lab Directors/Lab ADRs. See Alternative dispute resolution techniques Accreditation Board (ASCLD/LAB), 377 (ADRs) Americans with Disabilities Act (1990), 801–802 Advanced Encryption Standard (AES), 365, 581 America Online (AOL): Affirmative defense, defined, 121 America Online, Inc. v. Does, 268, 272 Afghanistan, 150 America Online, Inc. v. Hawke, 254, 268, 272 Afternapster.com, 71 America Online, Inc. v. LCGM, Inc., 223 Age. See Demographic groups and anonymity on, 12 Internet/technologyhttp://www.pbookshop.com use AOL versus CN Productions, 270 Age Discrimination in Employment Act (1967), 801 domination of, 44 Air Force’s Office of Special Investigations (AFOSI), employee e-mail and, 796 119 Geoff v. AOL, Inc., 19 Air traffic blackout, 129 spamming and spammers, 252, 267–268, 270, 276, Alappat, In re, 658 284 ALCOA case, 632 Ameritrade, 836 Al-Hussayen (UnitedCOPYRIGHTED States of America vs. Sami Omar A&M MATERIAL Music, 232 Al-Hussayen), 141 Amnesty International, 611 Al-Jazeera, 149 A&M Records v. Napster, 6, 71 AllAdvantage.com, 428 Amsan LLC v. Prophet 21 Inc., 25 Alta Vista Technology, 69 Analog, defined, 779 Alternative dispute resolution techniques (ADRs), Anonymity/identity on Internet, 457–478 38–39, 44 anonymous domain registrant, 473–477 Altus Net, 773 contrarians, 475–477 Amazon.com: court rulings, 466–468 Associate program, 40 determining identity on the Internet, 460–462 denial of service attacks, 26 Internet anonymity and the law, 468–469 one-click, patent, 12, 494, 658–659 mechanics of, 459–460 participants, 490, 614 overview/introduction, 457–458, 477

851 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

852 Index

Anonymity/identity on Internet (Continued ) Authentication: remailers, 478 authorization and, 716 reverence for anonymity in U.S. political tradition, defined, 510, 587 465–466 electronic transactions security and, 843 secure socket layer (SSL), 463, 478, 739 services, 503 socks server, 478 Authenticity: subpoenas seeking identity of anonymous speakers, certificates of, 652 471–473 defined, 322 technical solutions, 462–464 Automated transactions, 327 terms defined, 477–478 Availability: wartime, anonymity during, 469–470 defined, 587 Anonymizers, 464, 705 disruption of, 727 (see also Denial of service (DoS) Anonymous DSL (digital subscriber line), 464, 477 attacks) Anonymous surfing site, defined, 477 efficient/effective operation and, 834 ANSI X12N, 541–542, 555, 558 e-government security, 568–573 Anticybersquatting Consumer Protection Act of classes of attacks (physical/logical), 572 1999 (ACPA), 8–9, 45 denial of service concerns, 570 Antiglobalization/anticapitalism movements, 315 fault-related availability concerns, 568–569 APEC (Asia Pacific Economic Council), 669, 681, individual or informally organized hackers, 686–688 570–571 APOP (authenticated post office protocol), 771, intrinsic availability concerns, 569–570 779 logical attacks, 572–573 Apparent identity, 459 nonstate organizations, 571–572 Apple, 7, 232, 301, 302 physical attacks, 572 Applied Info. Mgmt. Co. v. Icart, 345 sources of denial of service attacks, 570 Appropriation, tort of, 411 state-sponsored attacks, 572 Arizona’s Roosevelt Dam, 132, 133 e-government security mechanisms/techniques Arms Export Control Act (1978), 650 for, 578–579 Arpanet, 249 information assurance and, 748 ASCII, 392 wireless information warfare and, 727–732 ASEAN (Association of South East Asian Nations), 669, 681, 682–683, 686 Backdoors, 753, 770 ASEANAPOL, 686 Backups files, 220–221, 838 Ashcroft v. ACLU, 15, 59, 448 Bailye, John, 474 Ashcroft v. Free Speech Coalition, 116 Ballmer Steve, 310–311 Asia, 11, 193, 605, 639, 607, 820 Bally v. Faber, 16 cybersquatting, 11 Baltimore Technologies, 331–332 lack of civil society structures, 605 Bandwidth, communications, 724 Asian Productivity Organization, 530 Banks/financial institutions: Asia Pacific Economic Council (APEC), 669 computer security, 487 Assent/consent, defined, 352 Financial Services Modernization Act of 1999 Association for Interactive Marketing (AIM), 263 (Gramm-Leach-Bliley Act), 13, 412, 432, Association of American Physicians and Surgeons 483 (AAPS), 556 http://www.pbookshop.comprivacy of records, 412 Association of Metropolitan Water Agencies terrorism and, 236–237 (AMWA), 168 Barbie Liberation Organisation, 309 Asymmetric: Barlow, John Perry, 628 defined, 587 Barnesandnoble.com, 659 response, 150, 172 Barron’s Online, 36 warfare, 731–732, 779 Bateman v. Mnemonics, Inc., 229 Asynchronous transfer mode (ATM), 779 BBB Online Privacy Program, 78–79, 429 Atari Games Corp. v. Nintendo of America, Inc., 229 BEA Systems, 491, 509 ATM (asynchronous transfer mode), 779 Behavioral methods, information leak detection, ATM withdrawal, sequence diagram, 492 711 Atomic Tangerine, 193 BellSouth, 246 AT&T, 253, 529 Bench trial, defined, 121 Attack(s). See Wireless information warfare (WIW) Berube v. Fashion Centre Ltd., 799 Attack/defense scenario (A/D), 779 BestCrypt, 364 Attacker identification, 772 BGP. See Border gateway protocol (BGP) Attractors, 597, 598, 622 Bidder’s Edge, 41, 213 At-will employment, 798, 814–816, 824–825 Bill of rights. See Constitution of United States Australia, 36, 133, 188, 273, 529, 599, 606, 634, Biometric security measures, 607, 838, 839 653, 686–688, 820 Bird v. Parsons, 266 Authenticated post office protocol (APOP), 771, 779 Black-box testing, 379 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 853

Black lists, 248, 285 Canada: Blakey v. Continental Airlines, 26, 800 anonymity of juveniles, 26 Blocking programs, 450–452 antispam legislation, 280 Blogs/bulletin boards, 169, 705, 720 Canadian Human Rights Act, 61 Blue Cross & Blue Shield of Michigan, 799 Convention on Cyber-Crime treaty, 190, 673 Boeing, 529, 810 copyright law, 66 Bombing, Oklahoma City, 105, 572 Criminal Code, 185 “Bomb shelter” legislation (UCITA; Uniform democratic deficit, 608 Computer Information Transactions Act), fraudulent wrongful function of computer system, 324, 327, 345, 346–347, 349, 352 82 Bonito Boats, Inc. v. Thunder Craft Boats, Inc., 342 free speech, 55 Booher, Charles, 245 Group of 8, 681 Border gateway protocol (BGP), 148–150, 172 hate speech, 61 Bots/cyberbots, 223–224, 285, 731 Personal Information Protection and Electronic Bounce, 285 Documents Act, 14 Boureguard, In re, 658 privacy, 14, 73, 820 Bowers, Harold, 341 Royal Canadian Mounted Police, Tech Crime Bowers v. Baystate Technologies, Inc., 229, 230, 340, Unit, 188 341, 343 voting rights, 85 Boy Scouts, 410 Canexus.com, 72 BPP (business owner’s package policy), 32 CAN-SPAM Act. See Spam, federal CAN-SPAM Briggs v. Am. Air Filter Co., 217 Act (Controlling the Assault of Non-Solicited Broadband, 520–521, 530–531 Pornography and Marketing Act of 2003) Broker-dealer operations, 27 Cantrell v. Forest City Publishing Co., 411 Brower v. Gateway 2000, Inc., 24 Carbon Defense League, 308 Browser privacy issues, 422 Carnivore, 165, 166, 418, 470, 647, 648 Browsewrap agreements, 334–337 CART (Computer Analysis and Response Team), Browsewrap license, 352 FBI, 393 Brussels Convention, 635 Caruso, J. T., 136 Buckley v. American Constitutional Law Foundation, Caspi v. Microsoft Network, 338 467, 468 Cato, 465 Buffer overflows, 755 CAUCE. See Coalition Against Unsolicited Bunner, Andrew, 16 Commercial E-mail (CAUCE) Burger King, 7, 8 Caveat emptor, 347–348 Business(es): CCIPS (Computer Crime and Intellectual Property corporate spying (see Corporate spying) Section), 187 corporate use of personal information, 77–78 CDA. See Communications Decency Act of 1996 cyberterrorism and, 158–161, 169–170 (CDA) employee privacy policies, 420–421 CDMA. See Code division multiple access (CDMA) global e-government and, 609 Cells, 736 government, compulsory/voluntary cooperation Cellular digital packet data (CDPD), 739, 779 with, 237–238 Cellular phones, 500, 779 privacy issues for, 419–421 Censorship, 437–453 terrorism and financialhttp://www.pbookshop.com institutions, 236–237 circumstantial, 438 USA PATRIOT ACT, and government spying, content filtering, 453 and, 236–238 defining, 438–439, 453 virus/worm attacks, estimates, 183 First Amendment and, 439–441 wiretap laws and, 418–419 government, 447–450 Business-to-business (B2B), 320 harmful forms of speech, 441–443 “By any means,” 635 hate speech, 453 overview/introduction, 14–17, 437–438, C4IR (command, control, communications, 452–453 computers, intelligence, and recognition), “points of control” and, 445–447 724, 780 pornography, 453 Cable News Network, L.P. v. GoSMS.com, Inc., 633 private, 450–452 Caffrey, Aaron, 118–119 proxy server, 453 Cairo v. Crossmedia Services, 23 security and, 445–447 Cajunnet, 253 spam and, 453 (see also Spam) Cajun spammer. See Scelson, Ronald tools of the censors, 443–444 Calder v. Jones, 35, 632, 633 Centers for Medicare and Medicaid Services (CMS), California, 16, 17, 30, 35, 116–117, 258, 269, 270, 556 349, 431, 634, 806, 807 Central Intelligence Agency (CIA), 187 Callback modems, 838–839 Certificate of authenticity, 652 Caller ID blocking, 482 Certificate revocation lists (CRLs), 580 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

854 Index

Certification and accreditation, e-government, Collin, Barry C., 129–130, 133, 134, 148, 159 585–586 Colorado, 467 Certification program, I-ACERT security, 158 Colorado Regional Computer Forensic Laboratory, Certification service, 503 398 CFAA. See Computer Fraud and Abuse Act of 1986 Columbia Insurance Inc. v. Seescandy.com, 473 (CFAA) Columbia University’s question-and-answer site, 448 CGL (commercial general liability) insurance Comb v. PayPal, Inc., 340 policies, 31–33 Comity, 689, 691 Challenge response mechanism, 767 Commerce Department (DOC), 650 Chaos Computer Club, 301 Commercial off-the-shelf (COTS), 579–580, 725, Chechen resistance, 612 780 Chief Privacy Officers (CPOs), 428–429 Common law: Child/children: defined, 239 free speech, 56–59 fiduciary duty, 211–213 pornography, 56–59, 116 privacy, 410–411 privacy, 412–413 proprietary rights and trade secrets, 210–211 Child Online Protection Act of 1998 (COPA), 15, remedies and approaches, 209–216 59, 447–448, 641 terms of use, 214–216 Children’s Internet Protection Act of 2000 (CIPA), torts: 15, 63, 448, 641 appropriation, 411 Children’s Online Privacy Protection Act of 1998 disclosure, 411 (COPPA), 13, 412–413, 430–431, 432 false light, 411 Children’s Partnership, 519 intrusion, 411 China, 10, 186, 279–280, 443, 445, 449, 525, 527, trespass, 213–214 651 Commons, tragedy of the, 602 CHIP (Computer Hacking and Intellectual Common Sense (Paine), 465 Property), 187 Communications Assistance for Law Enforcement Choice, privacy and, 412 Act (CALEA), 469 Choice of evils defense, 109 Communications bandwidth and data-flow rates, CI (counterintelligence), 780 724 CIA (confidentiality, integrity, availability), 748–749 Communications Decency Act of 1996 (CDA), 13, Circumstantial censorship, 438 14, 45, 58–59, 447, 641 Cisco, 529, 775 Communications-Electronics Security Group, UK, CISG (UN Contracts for the International Sale of 599 Goods), 36 Communications equipment, information leakage Citizens without borders, 613–614 and, 704 Civil justice system versus criminal justice system, Communications security (COMSEC), 749, 780 96–97 Communist Manifesto, 313 Civil Rights Act (1964), 801 Community, defined, 498, 510 Civil Society gatherings, 612 Community technology centers (CTCs), 528–529, Clarke, Richard, 132, 134, 151, 152, 159, 170, 171 531 Clean rooms: Compact Flash, 540 leakage prevention, 714 Compaq, 69 reverse engineering, 341 http://www.pbookshop.comCompartment diffusion, 698 “Click” contracts, 18–19 Complex adaptive systems, 597, 621, 622 ClickNSettle.com, 39 Comprehensive security system. See Security system, Click-throughs, 273 guidelines for comprehensive Clickwrap agreements, 24, 45, 47, 334–337, 352 COMPUSEC, 749 Clinger-Cohen Act, 584 CompuServe: Clinton administration/Bill Clinton, 138, 187, 448, anonymity and, 12 514, 519, 628, 650 Blakey v. Cont’l Airlines, Inc. and, 800 Clipper Chip, 651 CompuServe, Inc. v. Patterson, 338 Clustering and network load balancing, 775 CompuServe v. Cyber Promotions, Inc., 265, 268, 452 CMS (Centers for Medicare and Medicaid Services), German subsidiary, 445 556 Computer Analysis and Response Team (CART), CMS (Content Management Server), 774 FBI, 393 CNN, 26, 40, 152, 153, 158, 251 Computer crime, defining scope of, 671–672 Coalition Against Unsolicited Commercial E-mail Computer Crime and Fraud Act, 82 (CAUCE), 252 Computer Emergency Response Team (CERT), Code, 444, 453 843–844 Code division multiple access (CDMA), 739, 780 Computer forensics: Code Red worm, 33 defined, 825 Code walk-through, 401 monitoring of employees and, 811–812 Collection limitation, 413 Computer Fraud and Abuse Act of 1986 (CFAA), Colleges/universities, cyberterrorism and, 168–169 187, 215, 221–225, 230, 239 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 855

Computer security, 81–84 Content Management Server (CMS), 774 COMPUSEC, 780 Continental Airlines, 26, 800 guidelines (see Security system, guidelines for Contract(s), 319–353 comprehensive) assent/consent, 352 legal protection of, 82 best practice for online contracts, 349–351 moral legitimacy of rights of, 82–83 browsewrap license, 352 threats, defined, 199 clickwrap license, 352 Computer software/hardware manufacturer computer information products, as “good” versus liabilities, 24–25 “license,” 344–345 Computer virus. See Viruses/worms/malware consumer protection online, 347–349 COMSEC, 749, 780 caveat emptor, 347–348 Con artists, 461 choice of law, 348–349 Condor, The (Mitnick), 100, 145 data sharing permissions and, 500–502 Conferences, cyberterrorism and, 167–168 data structure as, 501, 502 Confidentiality: defined, 239, 352, 510, 825 CIA factors, 780 enforceability of online contracts, 334–340 cryptographic mechanisms, 582–583 characterizing shrink-, click-, and browsewrap database design, 583 agreements, 334 defensive information operations, 749 contracts voidable for unconscionability, defined, 587, 780 339–340 disability and medical issues, 801–802 manifesting assent to clickwrap and browsewrap e-government and, 576–578 agreements, 334–337 electronic transactions security, 842 notice of unusual or onerous terms, 337–338 employee records, and e-mail policy, 821 legal concerns, employee e-mail policies, 798–799 impacts on operations, 577–578 legal framework for electronic contracting, impacts or consequences of unauthorized 324–333 (see also Electronic/digital signatures) exposure, 577 automated transactions, 327 legal issues, 578 consumer consent, 328–329 loss of confidence in institutions and service electronic signatures, 330–333 delivery mechanisms, 577 formation and validation of electronic contracts, mechanisms and techniques, 581–582 325–326 versus privacy, 576–577 notice and consent requirements, 328 protocol and operating system mechanisms, 582 record accessibility requirements, 332–333 threats to, 577 record retention requirements, 333 Configuration management, 755–756 signature requirements, 329–330 Connectivity, Digital Divide and, 524 UN model law on electronic commerce, 324 Consequentialism, defined, 91 U.S. laws covering electronic transactions, Console cowboys, 304 324–325 Constitution of United States: when is an electronic record sent or received?, 1st Amendment, 16, 37, 55, 61, 73, 252, 409, 410, 326–327 439–441, 448, 466, 471, 473, 476, 477 maintaining security of electronic transactions, 4th Amendment, 111, 409 322–323 5th Amendment, 104–105, 409 party authentication and message integrity, 6th Amendment, 102,http://www.pbookshop.com 103, 105, 119 322–323 14th Amendment, 409 problems concerning authenticity and integrity e-mail/Internet use policies, and restrictions based of electronic documents, 322 on, 807 model clauses, 646–647 Full Faith and Credit Clause, 637 overview/introduction, 18–19, 319–322, 351–352 privacy and, 408–410 sale of goods law, and digital information Supremacy Clause, 342 transactions, 344–347 Consumer(s): software use, 340–344 digital id and, 494–495 terms defined, 352–353 online contracts and, 347–349 validity, 352 privacy and, 421–427 warranties, 345–347 ad networks, 426–427 XNS’s digital identity infrastructure and privacy browsers, 422 and, 501 cookies, 424–425 Convention on Cyber-Crime, 676–680 IP addresses and browser data, 423–424 computer-related offenses, 677–678 Web bugs, 425–426 content-related offenses, 678–679 Consumer Sentinel site, 17 copyright infringement, 679 Content: Council of Europe, defined, 122 ability to create, demographic statistics, 519, 520 countries signing, 121, 190 attacks, 746 defined, 199 filtering, 453 jurisdiction, 679 offenses related to, 678–679 procedural powers, 679–680 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

856 Index

Convergence of physical/virtual worlds, 144–145 Coupland, Douglas (Microserfs), 299, 302, 303 Cookies, 77–78, 91, 424–425, 432 Covered entities (CE), 539 COPA. See Child Online Protection Act of 1998 Covered writing. See Steganography (COPA) Covering tracks (wireless attacks), 753 COPPA. See Children’s Online Privacy Protection Covisint cyberventure, 44 Act of 1998 (COPPA) CPA Web Trust, 429 Copyright law: Crack, 371 definitions, 91, 116, 352, 825 Crackers, 26–27, 298 employee e-mail/Internet use policies and, 810 Cracking passwords, 368–371 fair use exception, 4, 7, 22, 46, 66, 229–230, Crawlers, 40–41 340–344, 353, 826 Creative Commons project, 613 illicit copying over Internet, 70–71 Credential sharing, information leakage and, infringement, and global law enforcement, 679 705–706 musicians, and mass-copy technology, 4 Credit card theft/fraud, 29, 169, 182 online contracts and, 340–344 Credit ratings, identity theft, 486 overview/introduction, 5–7 Credit reports, 412 reverse engineering and, 340–344 Cressey, Roger, 131 willingness of online users to infringe, 68 Criminal activity: Cordless phones, 736, 780 Internet/computer-related (see Cybercrime) Corinthian Pharmaceutical Systems v. Lederle Labs, 327 preventing employees from engaging in, 809–810 Corinthians (Brazilian soccer team), 10 Criminal justice system, 95–123. See also Evidence, Corporate sector. See Business(es) digital; Jurisdiction Corporate spying, 205–240 adjudication, 103–105 common law, defined, 239 versus civil justice system, 96–97 common law remedies and approaches, 209–216 copyright law, 116 Computer Fraud and Abuse Act (CFAA), 221–225 cybercrime and, 115–121 contract, defined, 239 defense attorney role, 102–103 Digital Millennium Copyright Act of 1998 defenses, 105–110, 117–119 (DMCA), 227–233 (see also Digital affirmative, 105, 106 Millennium Copyright Act of 1998 failure of proof, 105–106 (DMCA)) hack back, 110–111 circumventing technology measures, 227–228 evidentiary issues, 111–113 (see also Evidence, defined, 239 digital) exceptions to prohibitions on technology federal cybercrime law, 115–116 circumvention, 229–231 institutional structure, 97–114 fair use and reverse engineering, 229–230 overlapping laws, 97 impact of recent RIAA and other litigation, overview/introduction, 95–96, 121 231–233 prosecutor role, 98–102 Economic Espionage Act of 1996, 225–227 sentencing, 113–114 Electronic Communications Privacy Act (ECPA), state cybercrime law, 116–117 240 state/federal systems, 114–115 fiduciary duty, 211–213, 240 terms defined, 121–123 government spying and businesses, 236–238 Crispi v. The Microsoft Network, 19 individuals and, 233–236 http://www.pbookshop.comCritical Art Ensemble (CAE), 303 multinationals, 226–227 Critical Infrastructure Protection Project (CIP), overview/introduction, 205–208, 238–239 168 PATRIOT Act (see USA PATRIOT Act (Uniting CRLs (certificate revocation lists), 580 and Strengthening America by Providing Crossmedia Services (CMS) forum, 23 Appropriate Tools Required to Intercept and Cross-site scripting (XSS), 762, 763, 774, 780–781 Obstruct Terrorism)) Cryptanalysis, 781 series of questions and a hypothetical, 208–209 Cryptographic attacks, 747–748 Stored Communications Act (SCA), 219–221 Cryptographic mechanisms, 580–581 terms defined, 239–240 Cryptography, 587, 778, 781 terms of use, 214–216, 240 CTC Program (Computer and Telecommunication trade secrets/proprietary rights, 210–211, Coordinator), 187 225–226, 240 CTCs. See Community technology centers (CTCs) trespass, 213–214, 240 Cuba, 443 Wiretap Act, 216–219 Cultural diversity, 519 Corruption of integrity, 728 Culture jamming, 307–309, 315 Costa Rica, 525 Customs Service, 191 COTS (commercial off-the-shelf), 579–580, 725, Cyberbots/bots, 223–224, 285, 731 780 Cyber Citizen Partnership, 188 Council of Europe (CoE), 122. See also Convention Cybercop units, defined, 199 on Cyber-Crime Cybercourt systems, 44–45 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 857

Cybercrime: government, 161–167 credit card theft/fraud, 29, 169, 182 higher education institutions, 168–169 cyberfraud, 17–18 information technology professionals, 156–158 defined, 172, 199 institutions, organizations, and conferences, overview/introduction, 41–43, 182–184 167–168 types of, 183 small business and individuals, 169–170 U.S. criminal justice system and (see Criminal defining, 91, 135–144, 172 justice system) communication in terrorism, 141 Cyberlaw, 3–48 definitions in use, 136–138 censorship, 14–17 extended definitions, 138–140 clash of laws, 33–38 (see also Jurisdiction) five-level operational model, 141–144 “click” contracts, 18–19 support for conventional terrorism, 140 cybercrime, 41–43 examples of, 129–131, 139 cyberfraud, 17–18 how it occurs, 144–152 defamation, 12–13 convergence of physical and virtual worlds, defined, 45 144–145 dispute resolution, 38–39 vulnerabilities, 145–146 e-commerce law, 18–23 overview/introduction, 127–128 e-signatures, taxation, and spam, 19–21 predictions about, 170–171 information security legal liabilities, 23–31 risks, three categories, 131 insurance law, 31–33 sponsors and support, 152–155 intellectual property, 5–12 (see also Intellectual statistics about, 143, 147, 163 property) threatsversusacts,138 copyright law, 5–7 tools of, 146–148 domain names and trademark law, 7–11 warnings about, 131–135 patent, 11–12 worldwide perspective, 154–155 laws of linking, 39–41 overview/introduction, 3–4, 43–45 Dallas Regional Computer Forensic Lab, 397, 398, privacy concerns, 13–14 400 terms defined, 45–48 Daniels v. Worldcom Corp., 800 “terms of use” provisions, 21–22 Danish Newspaper Publishers Association v. validity, 22–23 Newsbooster.com, 41 Cyberlaw, global aspects, 627–660 Darknet, 453 data protection, 660 DARPA, 843 electronic signatures, 649–654, 660 (see also Databases, and intellectual property issues, 656–657 Electronic/digital signatures) Data encryption. See Encryption encryption, 649–654, 660 Data mining, 283, 285 intellectual property, 654–659 Data obfuscation, 360 databases, 656–657 Data Processors International (DPI), 30 ISP liability for third-party copyright Data protection, defined, 660 infringement, 655–656 Data quality, privacy issues of, 413 software patents, 657–659 Data recovery, 394, 401 international Safe Harbor principles, 660 Data Recovery Agent (DRA), 366 jurisdiction, 630–638http://www.pbookshop.comData reduction, 395, 401 overview/introduction, 627–629, 659–660 Daubert v. Merrell Dow Pharmaceuticals, Inc., 112, 377, privacy, 638–649, 660 381 terms defined, 660 DCC (Dental Content Committee), 555 Cybermetrics, 165 DDoS. See Distributed denial of service (DDoS) CyberPatrol, 444, 450 attacks Cyberpirates, 8, 45–46 DeCSS, 16, 444 Cybersettle, 12, 39 Deep linking, 39–40 CyberSLAPPs, 166 Defamation, 12–13, 46 Cybersmuggling Center, 191 Defense(s), in criminal justice system, 105–110, Cyberspace: 117–119 defined, 172, 660 affirmative, 105, 117–119 term origin, 304 choice of evils, 106 warfare, 152 defense of others, 106, 108 Cybersquatting, 8, 45, 660 defense of property, 106, 108 Cyberstalking, 117, 122 duress, 106 Cyberterrorism, 127–173 failure of proof, 105–106 acts, 129–131 insanity, 106 controlling, 155–170 self-defense, 106 business and industry, 158–161 Trojan horse defense, 118 general strategies, 156 Defense attorneys, 102–103 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

858 Index

Defense-in-depth principle, 778 Digital identity. See Identity, digital Defense Satellite Communications System (DSCS), Digital Millennium Copyright Act of 1998 734 (DMCA), 5–7, 46, 104, 185, 227–233, 239, Defensive information operations, 748–749, 766–767 343–344, 444, 654–655, 656, 810 de Guzman, Onel, 120–121 Digital Pearl Harbor exercise, 132, 133–134, 140, Dell, 26 164 Demilitarized zone (DMZ), 769 Digital rights management (DRM), 602–603, 613, Democracy, principles for electronic, 621 714–716 Democratic deficit, 622 Digital signatures. See Electronic/digital signatures Demographic groups and Internet/technology use, Digital tokens, 462, 463 515, 516, 517, 520, 521, 523 Digital world/virtual world/cyberspace, defined, 172 Dendrite International Inc. v. John Doe no. 3, 474–475 Dilution of trademark, 8–9 Denial of service (DoS) attacks: Direct exploitation of leakage channels, 699 cost to victims of, 26 Direct/internal penetration attacks, 746 defined, 172, 781 Direct key attack, 768 distributed denial of service (DDoS) attacks, 26, Direct mail, 255 29, 46, 148–150, 156, 170 Direct Marketing Association (DMA), 261, 263, 264, e-government concerns, 570 277 preventing, 156 Directory services, 504 wireless attacks, 753 Disabled persons: Dental Content Committee (DCC), 555 definition, 825 Deontologism, 74, 75, 91 Digital Divide and, 519–520, 522 DES. See Digital Encryption Standard (DES) employee e-mail/Internet use policies and, Deutsche Bank, 27 801–802 DHS. See Homeland Security, Department of (DHS) Disaster(s): Diamond v. Diehr, 657 potential computer and network disasters, 835 Dick, Ronald, 140 preparing for, 847–849 Digital, defined, 781 recovery, 850 Digital Divide, 513–531, 606–609, 622 steps to take when disaster strikes, 849 ability to create content, 519, 520 Disclaimer, defined, 825 access outside of homes, 517 Disclosure, tort of, 411 broadband access, 520–521, 530–531 Discover card, 30 Community Technology Centers (CTCs), 531 Discrimination/harassment issues, 800–801, 814 complex solutions, 527–530 Dispute resolution, 9–11, 38–39, 44 connectivity, 517 Disruption of availability, 727 defined: Distributed denial of service (DDoS) attacks, 26, 29, new definitions, 518–521 46, 148–150, 156, 170. See also Denial of original definition, 514–515 service (DoS) attacks simple, 622 DMCA. See Digital Millennium Copyright Act of disabilities and, 519–520 1998 (DMCA) Federal Communications Commission (FCC), 531 DMZ (demilitarized zone), 769 General Educational Development (GED), 531 DNA testing, 483 importance of closing, 526–527 DNS (domain name system) hacking/poisoning, international, 522–526, 607,http://www.pbookshop.com 669 148–150 access, 524–525 Document retention policies, 821 connectivity, 524 Documents, identity, 496–498 deterrents to global e-governance, 606–609 Doe v. 2themart.com Inc., 471, 472, 473 policy, 525 Doe v. Ashcroft, 470 quantitative national differences, 525 Domain names: UN Technology and Communications Index, anonymous domain registrants, 473–477 523–524 Anticybersquatting Consumer Protection Act of literacy, 518 1999 (ACPA), 8–9, 45 overview/introduction, 513–514, 530 cybersquatting, 8, 660 “problem among many,” 517–518 defined, 91 “problem solved,” 515–518 dispute resolution process, ICANN’s, 9–11 recent data, 521–522 legal weapon trade-offs, 11 relevance, 518–519 Uniform Domain-Name Dispute-Resolution S-curve pattern of diffusion, 516 Policy (UDRP), 9 statistics/demographics, 515, 516, 517, 520, 521, DNS (domain name system) poisoning, 148–150 523 intellectual property and, 69–70 Digital Encryption Standard (DES), 362, 365 market in buying/selling of, 8 Digital Equipment Corporation (DEC), 249 trademark law and, 7–11 Digital evidence. See Evidence, digital Do Not Call list, 482 Digital footprints, 689 DoS. See Denial of service (DoS) attacks ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 859

Double-blind bid (Cybersettle.com), 39 legal and administrative, 616–617 DoubleClick, Inc. Privacy Litigation, In re, 221 transport, 619–620 Double jeopardy, 122 non-government actors and government Douglass v. Hustler Magazine, 411 information, 609–614 Dow Jones, 36, 634 citizens without borders, 613–614 Dow Jones v. Gutnick, 36 corporate sector, 609 DRM. See Digital rights management (DRM) overview/introduction, 591–593, 620–622 DSCS (Defense Satellite Communications System), responsiveness, monitoring, and adaptation of 734 global information, 603–604 Dual criminality, defined, 691 taxation and representation, 600 Due process, 265–266, 409 E-Government Act of 2002, 564 Duplicate digital evidence, 401 E-government security issues/measures, 567–578 Duress defense, 107 availability, 568–573 DVDCAA v. Bunner, 16–17 classes of attacks (physical/logical), 572 Dyk, Anthony, 341 denial of service concerns, 570 fault-related availability concerns, 568–569 Eagle Investment Systems, Corp. v. Tamm, 219 individual or informally organized hackers, EAL-4, 579, 580 570–571 Earthlink, 284 intrinsic availability concerns, 569–570 eBay, 7, 26, 41, 213, 237, 494, 614 logical attacks, 572–573 eBay, Inc. v. Bidder’s Edge, Inc., 41, 213 nonstate organizations, 571–572 ECCM algorithms. See Electronic physical attacks, 572 counter-countermeasures (ECCM) sources of denial of service attacks, 570 E-commerce law, overview, 18–23 state-sponsored attacks, 572 Economic Espionage Act of 1996 (EEA), 184, 185, availability, security mechanisms and techniques 225–227, 239 for, 578–579 ECPA (Electronic Communications Privacy Act of confidentiality and privacy, 576–578 1986), 216, 416, 417, 418, 419, 432 distinguishing confidentiality and privacy issues, E-Data Corporation, 12 576–577 Education. See Demographic groups and impacts on operations, 577–578 Internet/technology use impacts or consequences of unauthorized Edward Felten, et al. v. Recording Industry Association of exposure, 577 America, Inc., et al., 228 legal issues, 578 EF Cultural Travel v. Zefer Corporation, 223–224 loss of confidence in institutions and service Effects, jurisdiction based on, 35–36, 633–634 delivery mechanisms, 577 EFS (Encrypted Files System), Microsoft, 365, vulnerabilities/threats, 577 366 confidentiality and privacy, E-government: mechanisms/techniques for, 581–582 definitions, 563–565 cryptographic mechanisms, 582–583 general, 564 database design, 583 U.S. government-specific, 564–565 protocol and operating system mechanisms, interactive processing, 566–567 582 overview/introduction, 563, 586–587 integrity, 573–576 program types, examples,http://www.pbookshop.com 565–567 connection, 575 publishing, 565–566 data content, 573–574 service delivery, 567 error-based integrity faults, 574 terms defined, 587–588 intentional modification of data, 574–575 transaction processing, 567 nonrepudiation issues, 575–576 E-government, global, 591–622 integrity, mechanisms/techniques for, 579 consistency and coordination of global cryptographic mechanisms, 580–581 information, 604–606 protocol-based and operating system-based, defined, 622 579–580 deterrents to, 606–609 security measures, implementation and evolution of, 593–598 management, 583–586 current dimensions and limitations, 594–596 certification and accreditation, 585–586 localized accountabilities, 596 interdependency of measures/mechanisms, 583 problems of scale for information accuracy and policies, procedures, and infrastructures, security, 596–598 584–585 technology and the state, 593–594 program requirements, 584 global information commons, 600–603 EHR (electronic health record). See Medical records high-risk areas of global information, 615–620 EIRP (effective/equivalent isotrophic radiated economic and financial, 615–616 power), 734, 736, 781 environmental, 617–618 Eldredge v. Ashcroft, 6 health, 618–619 Electrical blackouts, 129 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

860 Index

Electric grid, 129, 135 disability and medical confidentiality issues, Electromagnetic compatibility (EMC), 742, 781 801–802 Electronic channels, information leakage and, 698, discrimination and harassment issues, 800–801 703–706 federal labor law issues, 807–808 communications equipment, 704 fiduciary duty, 211–213 credential sharing, 705–706 Internet use by (see Employer e-mail/Internet use indirect inferential disclosure, 704 policies) malware, 706 liabilities, security-related, 25–26 messaging systems, 703–704 privacy of, 420–421, 803, 804–807 phishing, 706 public sector, 817 remote control, anonymizers, and tunneled rights, 798–808 protocols, 705 union-represented, 816 social networking and contact management sites, Employer e-mail/Internet use policies, 789–826 704–705 anticipating new technologies, 797–798 Web, 704 blurring of workplace boundaries, 795–797 Web publishing, blogs, and bulletin boards, 705 business use versus personal use, 794–795 wireless networking, 705 communicating policy to employees, 822–823 Electronic Civil Disobedience, 304 complying with laws protecting employee rights, Electronic Commerce Directive, 654 798–808 Electronic Communications Privacy Act of 1986 constitutional restrictions, 807 (ECPA), 112, 237–238, 240, 804–806 contract law concerns, 798–799 Electronic contract, 352. See also Contract(s) disability and medical confidentiality issues, Electronic counter-countermeasures (ECCM), 743, 801–802 781 discrimination and harassment issues, 800–801 Electronic/digital signatures: Electronic Communications Privacy Act defined, 330–331, 353, 478, 587 (ECPA), 804–806 digital signature algorithm (DSA), 581 federal labor law issues, 807–808 digital signature standard (DSS), 581 privacy tort concerns, 803 encryption algorithms, 581, 582–583 state workplace privacy statutes, 806–807 encryption keys, private/public, 361, 463 coordinating with other policies, 821–822 methods of “signing” an electronic record, 331 drafting, 792–794 overview/introduction, 19–21 employment status, special issues related to, public key cryptography, 331–332 814–817 requirements, online contracts, 329–330 at-will employees, 814–816 technical overview, 651–652 public sector employees, 817 Electronic Disturbance Theater (EDT), 306 union-represented employees, 816 Electronic footprint, 640 enforcing, 823 Electronic Freedom Foundation, 469–470 multinational employers, 817–821 Electronic Frontier Foundation, 304 overview/introduction, 789–791, 823–824 Electronic Privacy Information Center, 648 preventing criminal activity, 809–810 Electronic Signatures in Global and National downloading copyrighted material without Commerce Act of 2000 (E-SIGN), 19, permission, 810 324–334, 348, 502, 653–654, 660 unlawful access to child pornography, 809–810 consumer consent provisions,http://www.pbookshop.com 328–329 protecting trade secrets and other proprietary defined, 660 information, 808–809 UETA and, 327, 328, 330, 331, 332, 333, 334 purpose and function of, 791–794 Electronics security (ELSEC), 749, 782 reserving right to conduct electronic monitoring, Electronic trackers, 841 811–812 Electronic transaction securities, 842–843 reserving right to discipline employees under the Electronic warfare, 733, 782. See also Information policy, 813–814 warfare (IW); Wireless information warfare responding to government requests for electronic (WIW) information, 812–813 Electronic workplace monitoring, 811–812, 825 scope of, 794–798 Eli Lilly and Company, 431 terms defined, 824–826 ELSEC, 749, 782 EMSEC, 749, 782 E-mail. See Employer e-mail/Internet use policies Encoding conversions, 506 Emanations security (EMSEC), 749, 782 Encryption, 360–371, 842 Emergency response team, 843–844 algorithms, symmetric/asymmetric (public key), Emory University School of Medicine, defamation 361 case, 12–13 breaking (recovering passwords), 368–371 Employees: asking suspects, 368–369 at-will, 814–816 automated tools, 369–370 constitutional restrictions, 807 breaking other accounts, 370–371 contract law concerns, 798–799 brute force attack, 370 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 861

commercial and freeware tools, 371 free speech, 38, 55, 57, 86 dictionary attacks, 369–370 hate speech, 61 passwords on disk, 370 jurisdiction, fundamental principles, 634–636 rule-based attacks, 369 legal protection, 82 social engineering, 368–369 patents, 658, 659 code, and censorship, 444 pornography, 57 defined, 91, 587, 660 privacy, 74, 414–415, 421, 639, 643–644, determining whether files are encrypted, 366 817–819, 825 Digital Encryption Standard (DES), 362, 365 spam, 262 electronic signatures and, 649–654 Evidence, digital, 357–402 exportation regulation; United States law and challenges to law enforcement, 359–360 international treaties, 650–651 data obfuscation (encryption and steganography), file system-level, 364–365 360 individual files, 362–363 defined, 401 keys: digital forensics and, 358–376 defined, 463, 478 duplicate, 401 private key, 587 encryption, 360–371 private key infrastructure (PKI), 650 forensic countermeasures, 384–392 public key algorithms/systems, 332, 361, 580, file wiping, 385–386 587, 650–653, 773 trace evidence in RAM, 386–388 public key infrastructures (PKI), 332, 580, trace evidence in the swap and hibernation files, 650–653, 773 388–389 overview/introduction, 842 trace evidence in unallocated space, 389–392 programs, and public policy, 80–81 law enforcement view of future of, 400–401 regulatory models, 652–654 overview/introduction, 357–358 what information can be encrypted, 362 steganography, 371–376 Windows encrypted file system, 365–366 terms defined, 401–402 End point behavior control, 716–717 validation of digital forensic tools, 377–384 End-point monitoring, 710 volume/diversity of, 393–399 End use license agreement (EULA), 341 consequences for law enforcement, 394–395 Engineering, reverse, 210, 229–231, 340–344 explosion of diverse digital media, 398–399 Enterprise application integration, 504–508 solutions for data reduction, 395–397 Enterprise/digital rights management (DRM), using technology to cope, 397–398 602–603, 613, 714–716 Evidentiary issues, criminal justice system, 112–113 Enumeration (wireless attacks), 753 E-voting, 84–90 Environmental information, 595, 617–618 accuracy of technologies, 86–87 Environment discovery, leak detection, 713 discriminatory effects on poor, 88–89 Equipment destruction, laws against, 117 ethical arguments, for/against, 86–90 E-Rate program, 517 legal protection of voting, 85–86 Eritrea, 525 moral legitimacy of, 86 Errors and omissions (E&O), 32 security concerns, 89–90 Escalating privilege, 753 turnout, effects on voter, 87–88 E-SIGN. See Electronic Signatures in Global and unreliability of existing technologies, 89 National Commercehttp://www.pbookshop.com Act of 2000 (E-SIGN) Expedia, 494 ESPN, 10 Experian, 255 Ethics, 297–299, 315, 745 Exploitation, 728–729, 782 Etoy campaign, 307 Extensible markup language (XML), 491, 503, 506 EuroCAUCE, 279 Extensible name service. See XNS (extensible name Europe/European Union, 38, 158, 185–186, 189, service) 193, 332, 612, 669, 682 Extensible resource identifier. See XRI (extensible computer security/legal protection, 82 resource identifier) Convention for the Protection of Human Rights, External open source intelligence, 708–709 442 Extradition, 691 Copyright Directive, 654, 656 Extreme detection with human inspection, 711 criminal offence adopted, 154 cyber-crime convention, 195, 197 Fair and Accurate Credit Transaction Act, 489 database, 41 Fair Credit Reporting Act (FCRA), 412 Data Directive, 483, 484 Fair information principles, 413, 642 Data Protection Act, 14 Fair use, 4, 7, 22, 66 Electronic Commerce Directive, 636 defined, 46, 353, 826 Electronic Signature Directive, 330–331 reverse engineering and, 229–230, 340–344 employers, issues for, 817–818 False light, tort of, 411 Europol, 192–194, 683–684 False negatives, 285 Europol Drugs Unit (EDU), 193–194 False positives, 246, 285 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

862 Index

Falwell, Jerry, 10 Foreign Intelligence Surveillance Act of 1978 (FISA), Family and medical leave, 801, 826 416, 417–419, 432 Farey-Jones (Theofel v. Farey-Jones), 220–221 Foreign workplace laws, 819–821 Fault-tolerant systems, 834–835 Forensic countermeasures, 384–392 Federal Bureau of Investigation (FBI): file wiping, 385–386 Carnivore, 165, 166, 418, 470, 647, 648 trace evidence in RAM, 386–388 cases, number of, 394–395 trace evidence in the swap and hibernation files, on digital evidence, 393 388–389 “fbiinformant,” 12–13 trace evidence in unallocated space, 389–392 hacking of sensitive information, 30 Forensic evidence. See Evidence, digital Infraguard program, 670 Forensic image, defined, 401 National Infrastructure Protection Center, 187 Forest v. Verizon Communications Inc., 338 PATRIOT Act, 167 Forward line of own troops (FLOT), 782 published list of top 20 security threats, 168 Fractal patterns, 597, 620, 622 spoofing, 255 Frame capture, 768 technology and, 398 Framework for Global Electronic Commerce, 628 Federal Communications Commission (FCC), 531 Framing, 39–40 Federal Depository Library Program, 526 Frampton v. Central Indiana Gas Co., 814 Federal Express Corp. v. Dutschmann, 799 France: Federal Family and Medical Leave Act of 1993, 801 French language, 38 Federal Information Security Management Act of G8, 681 2002 (FISMA), 161, 584 Nazi memorabilia decision (Yahoo! v. La Ligue Federalist Papers, 465 Contre Le Racisme et L’Antisemitisme), 37, Federal Trade Act, 431 42-631, 636–368 Federal Trade Commission (FTC): penal code, 185–186 cyberfraud, 17–18 Franklin, Ben, 465 privacy, 427, 429–431 Fraser v. Nationwide Mut. Ins. Co., 221 spam, 247, 252, 255, 259, 261, 262, 265, 269, Fraud, 17–18. See also Cybercrime 271, 272, 275, 278 Freedom of Information Act, 648 Federal Trademark Dilution Act (FTDA), 8–9 Freenet, 308 Federation (feature), 495, 510 Free software, defined, 315 Feist Publications v. Rural Telephone Service Co., 343, Free Software Foundation, 310 657 Free speech, 54–65 Felsenstein, Lee, 300 filtering devices, 62–63 Felten, Edward, 228 First Amendment, 16, 55, 73, 409, 410, 448, 466, Ferber Court, 116 471, 473, 476, 477 Ferguson v. Friendfinders, 267 hate speech online, 60–64 Fiduciary duty, 211–213, 240 Internet issues, 56–65 Fifth Amendment. See Constitution of United States legal protection of, 55 File descriptor attacks, 755 moral legitimacy of right to, 55–56 File transfer protocol (FTP), 70, 91, 758 search engines, 63–65 File wiping, 385–386 spam, 61–62 Filters/filtering devices, 62–63, 91 utilitarian justifications, 55–56 Financial Services Modernizationhttp://www.pbookshop.com Act of 1999 web pornography and children, 56–59 (Gramm-Leach-Bliley Act), 13, 412, 432, 483 Fringe activity, Internet, 142 Firewalls, 146, 445–446, 487, 582, 765–766, 838 FTDA. See Federal Trademark Dilution Act (FTDA) defined, 453, 782, 839–840 FTP (file transfer protocol), 70, 91 First Amendment rights. See Constitution of United Full Faith and Credit Clause of United States States Constitution, 637 First effects, 730 Functional literacy, 518 First-party cookie, 425 Fundamentalist Web sites, 612 FISA (Foreign Intelligence Surveillance Act of 1978), 416, 417–419, 432 G8, 119–120, 122, 190, 681–682, 687 Fischer v. Mt. Olive Lutheran Church, 806 Gallagher, Frank, 139 Flooding attacks, 573 Game theory, 135, 137 Flood Net, 306, 307 Garner v. Loomis Armored, Inc., 814 Floppy disks, epitaph for, 398 Garrity v. John Hancock Mutual Life Insurance Co., 235, Florida, presidential election (2002), 86 803 Florida’s Security of Communications Act, 806 Gatekeeper argument, 477 Flowers.com, 255 Gates, Bill, 245, 283–284, 285. See also Microsoft Food and Drug Administration (FDA), 44 Gender. See Demographic groups and Footprinting (wireless attacks), 753 Internet/technology use Footprints, digital, 689 General Agreement on Information Privacy (GAIP), Ford Motor Co. v. Lane, 16 649 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 863

General Agreement on Tariffs and Trade, 655 GPG (GNU Privacy Guard), 362, 366, 367, 368 General Educational Development (GED), 531 GPS positioning devices, 725 General Motors, 820 Graham v. Oppenheimer, 13 GeoCities, Yahoo!, 430 Gramm-Leach-Bliley Act (GLBA), 13, 412, 432, 483 Geoff v. AOL, Inc., 19 Granhold v. Heald, 43 Geographic proximity, 596 Graphical user interface (GUI), 172 Germany, 55, 60–61, 186, 191, 442, 681 Graphics or art department, and security task force, GIF, clear, 425 832 Ginsberg v. U.S., 442 Greece, 186 GLB/GLBA. See Gramm-Leach-Bliley Act (GLBA) Greenberg v. National Geographic Society, 6 Global community services, 498, 510 Greenpeace, 611 Global information commons, defined, 622 Grid infrastructure, aging, 129, 135 Global information infrastructure (GII), 445 Griggs-Ryan v. Smith in footnote, 217 Global issues: Griswold v. Connecticut, 73, 234 building global legal order, 188–190 Grokster, 6 e-governance (see E-government, global) Group of Eight (G8), 119–120, 122, 190, 681–682, foreign workplace laws, 819–821 687 globalization, 622 Grynberg v. Agri Tech, 24 high-risk areas of global information, 615–620 Guess! Jeans, Inc., 431 economic and financial, 615–616 Gus’ Catering, Inc. v. Menusoft Systems, 29 environmental, 617–618 Gutnick, Joseph, 36, 634 health, 618–619 legal and administrative, 616–617 Hack back defense, 110–111 transport, 619–620 Hacker(s)/hacking: international Digital Divide, 522–526 cracking versus, 84 international Safe Harbor principles, 660 cyberterrorism and, 153 law enforcement (see Law enforcement, global) defined, 91, 122, 172, 315 privacy laws, 413–415 generations/categories, 298–299 transnational policing and cybercrime, 190–194, game hackers, 298 199, 672–676 hackers/crackers, 298 Global Reporting Initiative (GRI), 610–611 hacktivists, 299 Global system for mobile (GSM) communications, hardware hackers, 298 782 microserfs, 296, 299, 300–304, 315 Global Telemedia International Inc. v. Doe1, 472 open source/free software hackers, 299 Global warming, 608 true hackers, 298 GNU Privacy Guard, 362, 366, 367, 368 hijacked computers, 256, 285 Gnutella, 439 “homeless hacker,” 103 Gohel, M. J., 153 overview/introduction, 26–27 Goldman Sachs, 27 simple versus aggravated, 116 Goods versus license, computer information products spamming and, 248 as, 344–347 success of, 17, 134–135 Goodyear, 8 tools, 146–147 Google, 63, 451, 490 Hacker ethic, defined, 315 Gordon, Thomas, 465 http://www.pbookshop.comHacktivism, 295–316 Gore, Al, 514 “all that is solid melts into the air,” 313–314 Government. See also E-government antiglobalization/anticapitalism movements, 315 censorship, 447–450 categories of Internet usage and, 142 compulsory and voluntary cooperation between culture jamming, 307–309, 315 business and, 237–238 defined, 84, 91, 315 cyberterrorism and, 161–167 Etoy campaign, 307 coordination, 162–164 examples, 307–309 introspection and protection, 161–162 founding ethics, 297–299, 315 legal and privacy concerns, 166–167 free software, 309–313, 315 surveillance and investigation, 164–165 microserfdom, 300–304, 315 employers’s responding to requests for electronic open source movement, 309–313, 316 information, 812–813 overview/introduction, 295–296, 314–315 records, privacy issues, 412 precision targeted satire, 309 wiretapping/spying, 236–238, 410 (see also USA RTMark, 309 PATRIOT Act (Uniting and Strengthening source code, 316 America by Providing Appropriate Tools tactical media, 304–307 Required to Intercept and Obstruct terms defined, 315–316 Terrorism)) virtual sit-in, 304–307, 316 Government Paperwork Elimination Act (GPEA), Yes Men, The, 309 564 Hague Conference on Private International Law, 38 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

864 Index

Halifax Summit, 681 Host-based intrusion detection system (h-IDS), Hamidi, Kourosh, 269 763–765 Handover, defined, 782 Host identity, 503, 510 Hanson v. Denckla, 632 Hostile work environment, 826 Hardware, defined, 172 Hosting service, 503 Hardware/software groups, on security task force, Hotmail, 222, 494 832 Human behavior detection, 713 Harmful forms of speech, 441–443 Human channels, leakage of information and, 698, Harassment issues, 800–801, 814 706–708 Harvard.net, 8 misdirection of communications, 707 Hashes, 374–375, 395, 396, 402, 581, 771 personal relationships, 707 Hate speech, 60–64, 453 social engineering, 707 Haves/have-nots, 514. See also Digital Divide use of communications technology in public Hawaiian Airlines (Konop v. Hawaiian Airlines, Inc.), places, 706–707 217, 218, 219, 804 use of public facilities, 707–708 Hawke, Davis Wolfgang, 268 word of mouth, 706 Health and Human Services (HHS), 536, 556, Human inspection, extreme detection with, 711 558 Human Rights Watch, 611 Health information: Hunter, Richard (World without Secrets), 167 privacy and (see Medical records) Hussein, Saddam, 151, 152 vulnerability of, 618–619 Hustler (Douglass v. Hustler Magazine), 411 Health Insurance Portability and Accountability Act Hypertext transfer protocol (HTTP), 497 (HIPAA): Hypertextual (term’s first appearance), 300 defined, 432, 782 opt-in/out-out, 14 “I accept" button, 331, 334, 338 privacy legislation, 14, 74 I-ACERT security certification program, 158 privacy of medical records, 74 IBM, 301, 491, 509 provisions, 536, 538, 539, 541, 543, 545, 546, Identification badges, 841 547, 555, 751, 802 Identity, digital, 481–511 standardization of data formats, 483 consumers and, 494–495 Health insurance records, 412 data sharing permissions and contracts, 500–502 Health Level Seven (HL7), 541, 555 defined, 481–482, 510 Heckel, 267 enterprise application integration and, 504–508 Hegelian view, 67 future of, 509–510 Hennessy, John, 169 illustrated, 492–494 Hep-C Alert, 557 overview/introduction, 481 HEW, 411–412 players, 508–509 Hewlett-Packard, 491 privacy and, 482–485 Hibernation files, 388–389 services, 502–504 Higher education institutions, and cyberterrorism, Web services and, 490–491 168–169 Identity documents, 496–498, 510 Hiibel v. Sixth Judicial Circuit Court of Nevada, 468 Identity ID, defined, 497, 510 Hijacked computers, 256, 285 Identity linking, 498–500, 510 Hill v. Gateway 2000, Inc., 338http://www.pbookshop.comIdentity name, defined, 511 HinduUnity.org, 449 Identity server, 496, 511 HIPAA. See Health Insurance Portability and Identity service provider, 496, 511 Accountability Act (HIPAA) Identity theft, 485–490 HLB Technology, 343 commonsense things to protect yourself, Hoffman, Abbie, 301 487–488 “Hole in the wall" experiment, New Delhi, 528 Identity Web, 495–496, 511 Holistic approach, 160 IIHI (Individually Identifiable Health Information), Holmes, Oliver Wendell, 476 538, 558 Homebrew Computer Club, 300 I Lan Systems v. Netscout Service Level Corp., 24, 338 Homeland Security, Department of (DHS), 132, Illich, Ivan (Tools for Conviviality), 300 164, 167, 172, 198, 484 “I Love You" virus, 26, 170, 837 Homeland Security Act (2002), 30 IMAP (Internet message access protocol), 771, Homeless hacker, 103 772 Homo economicus, 302 Incident response, 775–776 Honduras, 191 Indemnity provisions, 22 Hospital as example of wireless information warfare India, 188, 528, 639, 651 in practice: Indirect exploitation of leakage channels, 699 attack, 756–763 Indirect/external sensor attacks, 746 defense, 763–777 Indirect inferential disclosure, information leakage vulnerabilities, 749–756 and, 704 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 865

Individual(s): laptops and corporate PDAs, 703 competing interests, business versus, 233–234 media, 700–701 corporate spying and, 233–236 office equipment, 700 cyberterrorism and, 169–170 voice and video communications, 701 international privacy law, and individual protection and prevention, 714–718 participation, 414 authentication and authorization, 716 Indonesia, 191 clean rooms, 714 Information, four types needed by end point behavior control, 716–717 governments/citizens, 595 enterprise/digital rights management (DRM), Information aggression, domains of, 726, 727, 728 714–716 Information-based warfare (IBW)/Information Internet and communications access blocking, operations (IO), defined, 782 717 Information corruption, 733 keeping clear of bad people, 718 Information leakage, 695–720 pervasive surveillance, education, and training, correction, 718–719 718 detection, 708–713 portable secure environments, 717–718 account misuse detection, 712 scope of illegitimate use of legitimate authority in behavioral methods, 711 the context of leakage, 697–698 data driven, 711 Information literacy, 518 end-point monitoring, 710 Information privacy, 73–81 environment discovery, 713 corporate use of personal information, 77–78 external open source intelligence, 708–709 encryption programs and public policy, 80–81 extreme detection with human inspection, 711 Internet issues, 77–81 human behavior detection, 713 legal protection of, 73–74 ingress/egress monitoring, 709–710 moral legitimacy of rights of, 74–75 internal intelligence detection, 709 public and private information, 75–76 messaging and communications analysis, 709 state databases, 79–80 network and system anomaly detection, 713 Information security (INFOSEC), 749, 782 physical inspection, 713 Information security legal liabilities, 23–31 policy- or lexicon-derived methods, 711 computer software and hardware manufacturers, retention monitoring, 710 24–25 statistical methods, 711 employee security-related liabilities, 25–26 web log analysis, 712 hackers, crackers, and viruses, 26–27 direct/indirect exploitation of channels, 699 victims, 28–31 electronic channels, 698, 703–706 Information Sharing and Analysis Center (ISAC), communications equipment, 704 158, 172–173 credential sharing, 705–706 Information Technology Management Reform Act indirect inferential disclosure, 704 of 1996, 584 malware, 706 Information technology professionals, cyberterrorism messaging systems, 703–704 and, 156–158 phishing, 706 Information warfare (IW), 783. See also Electronic remote control, anonymizers, and tunneled warfare; Wireless information warfare (WIW) protocols, 705 Infraguard program, FBI’s, 670 social networkinghttp://www.pbookshop.com and contact management Infrastructure, 129, 135, 187, 584–585 sites, 704–705 Ingress/egress monitoring, 709–710 Web, 704 In re Alappat, 658 Web publishing, blogs, and bulletin boards, 705 In re Boureguard, 658 wireless networking, 705 In re DoubleClick, Inc. Privacy Litigation, 221 human channels, 698, 706–708 In re Intuit Privacy Litigation footnote, 222 misdirection of communications, 707 In re Pharmatrak, Inc., 218, 805 personal relationships, 707 In re Toys R Us, Inc. Privacy Litigation, 221 social engineering, 707 Instant messaging, 797 use of communications technology in public Institutions/organizations/conferences, places, 706–707 cyberterrorism and, 167–168 use of public facilities, 707–708 Insurance law, 27, 31–33 word of mouth, 706 Integrated Capital Associates (ICA), 220 overview/introduction, 695–697, 698–699, Integrity: 719–720 accuracy and, 834 physical channels, 698, 699–703 connection, 575 cell phones, cameras, music players, and PDAs, corruption of, 728 701–702 cryptographic mechanisms, 580–581 classic spy equipment, 702 data content, 573–574 disposal of media and equipment, 702–703 defined, 587 emanations, 702 e-government and, 573–576 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

866 Index

Integrity (Continued ) Interoperability, 230 error-based integrity faults, 574 with legacy systems, 742–743 intentional modification of data, 574–575 Interpol (International Criminal Police nonrepudiation issues, 575–576 Organization), 119–120, 122, 192–194, 393, protocol-based and operating system-based 684, 685–686 mechanisms, 579–580 Introduction service, 504 wireless information warfare and, 727–732 Intrusion, tort of, 411 Intel, 118 Intrusion detection system (IDS), 762, 763, 769, Intel v. Hamidi, 214, 269, 446 778, 783, 838–840 Intellectual property: Intuit Privacy Litigation, In re footnote, 222 copyright law, 5–7, 66, 655–656 Investment fraud, 17–18 crime involving, 99, 122 Iran, 153 databases, 656–657 Iraq, 152, 153 defined, 46, 91, 122 Israel, 651 global cyberlaw, 654–659 I-Sys Inc. v. Softwares Inc., 335 Internet issues, 69–72 Italy, 191, 681 domain names, 69–70 ITU (International Telecommunications Union), 610 illicit copying, 70–71 plagiarism, 71–72 Jamming, culture, 307–309, 315 ISP liability for third-party infringement, Jamming of communications, 741 655–656 Japan, 38, 158, 186, 190, 465, 673, 681 legal protection of, 65–66 Jefferson, Thomas, 465 moral legitimacy of rights of, 66–69 Jeopardy, double, 104–105 Hegelian view, 67 Joe job, 487 Lockean view, 66 John Doe complaints, 7, 12 utilitarian argument, 67–68 John Doe spammers, 265 overview/introduction, 5–12 Johnson, David, 475 patent law, 65 John the Ripper, 371 software, 657–659 Joint application design (JAD), 833 trademark law, 65 Joint Chiefs of Staff (JCS), 725 Web sites resources, 65 Joint Commission on Accreditation of Healthcare Intentional threats: Organizations (JCAHO), 556 defined, 850 Jones, Shirley (Calder v. Jones), 35, 632, 633 identification of, 836–838 JPhide, 376 table of popular ones, 837 Jurisdiction: Interactive processing, 566–567, 587 clash of laws, 33–38 Intercept, defined, 217 CoE’s Cybercrime Convention on, 679 Internal/external threats and vulnerability, 836 defined, 47 Internal intelligence detection, 709 effects test, 35–36, 633–634 Internal Revenue Service (IRS), 398, 526 global aspects of cyberlaw, 194–196, 630–638 International issues. See Global issues classic U.S. jurisdiction principles, 632–633 International Security, Trust, and Privacy Alliance difficulties of harmonizing approaches, 194–196 (ISTPA), 501 enforcement jurisdiction and the Yahoo! case, International Shoe Company v.http://www.pbookshop.com Washington State, 34 636–638 Internet: fundamental jurisdictional principles under communications access blocking and, 717 international law, 630–632 defined, 353 fundamental principles of jurisdiction under terrorism, and categories of usage, 142 European law, 634–636 Internet control message protocol (ICMP), 573 overview, 630 Internet Corporation for Assigned Names and to prescribe, 631 Numbers (ICANN), 9–11, 16, 38, 46, 336, Jury trial, 104, 122 601, 629 Justice department, 30, 187, 188, 258, 463 Internet Engineering Task Force (IETF), 601 Justice system. See Criminal justice system Internet Explorer, 422 Justification defense (self-defense), 107 Internet Fraud Complaint Center, 689 Internet message access protocol (IMAC), 783 Kansas, voting problem in, 89 InternetNeutral, 39 Kassebaum-Kennedy Bill. See Health Insurance Internet Protocol (IP) address, 144, 158, 173, Portability and Accountability Act (HIPAA) 423–424, 432, 446 KaZaA, 232, 439 Internet service providers (IPS): Kelleher v. City of Reading, 817 censorship and, 451 Kennan, George, 466 liability for third-party copyright infringement, Kennedy-Kassebaum Bill. See Health Insurance 655–656 Portability and Accountability Act (HIPAA) Internet Tax Freedom Act (1998), 19–20 Kentucky Fried Computers, 301 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 867

Kerchoffs’ principle, 748 overview/introduction, 667–670 Kernel flaws, 755 United Nations convention against transnational Kerr, Orrin, 166–167 organized crime, 674–675 Kewanee Oil Co. v. Bicron Corp., 210, 342 Law merchant, 353 Key IDs, 767 Lawrence v. Texas, 235 King, Martin Luther, Jr., 256 Leaks. See Information leakage Konop v. Hawaiian Airlines, Inc., 217, 218, 219, 804 Least privilege concept, 546 Korea, 280 Lederle Labs, 327 Kraft Foods, 253 Legacy systems, 742–743 Kushner, Harvey, 154 Legal and administrative information, vulnerability KVM (shared keyboard, video, mouse), 135 of, 616–617 Kyoto Agreement, 604 Legal department, and security task force, 832 Legal protection: L0phtCrack, 371 free speech, 55 Labor laws, federal, 807–808 information privacy, 73–74 Labovitz, Craig, 149 intellectual property, 65–66 Lamo, Adrian, 103 voting, 85–86 Larkin, Dan, 255 Legal systems, defined, 199 Law. See Cyberlaw; Cyberlaw, global aspects Legal weapon trade-offs, 11 Law enforcement, cybercrime and, 181–199, Lessig, Laurence, 248, 282, 283, 443–444, 448 667–691 Letter rogatory process, 120 balancing order and liberty, 194–197 Levine, Noah, 476 balancing privacy and, 416–419 Lex mercatoria, 321 building global legal order to protect computer Liabilities, legal: security, 188–190 commercial general liability (CGL) insurance burdenshifting approach, 196 policies, 31–33 Convention on Cyber-Crime, defined, 199 computer software/hardware manufacturer, 24–25 coordination of law and law enforcement, 194–196 disclaimers of, 21–22 cybercop units, 199 employees, 25–26 cybercrimes, 199 information security, 23–31 definitions, 199 Internet service providers, third-party copyright digital evidence (see Evidence, digital) infringement, 655–656 establishing computer security through national Liberty, balance of order and, 194–197 laws, 184–186 Liberty Alliance, 494, 495, 496, 502, 503, 508, 511 information arms race, 485 Liberty Principle, 56 legal systems, 199 Library of Congress, 393 national laws concerning computer security, Libya, 153 186–188 License, defined, 353 overview, 41-43, 181–184, 197–199 Line-sight radios, 783 recruitment/training of computer specialists, 196 Linking: spam, interest in, 255 bypassing home pages, 40 technology, policing, 196–197 identity, 498–500, 510 Law enforcement, global, 667–691 laws of, 39–41 cooperation, global/regional,http://www.pbookshop.com 680–690 Linux, 67, 311, 385, 388, 391–392, 659, 752 APEC, 686–688 List treaty, 691 ASEAN, 682–683 Literacy, types of, 518 European Union and Europol, 683–684 Local access portion, 497 G8 Senior Experts Group on Transnational Localized accountabilities, e-government, 596 organized crime, 681–682 Lockean view, 66 Interpol (International Criminal Police Logical attacks, 572–573 Organization), 685–686 Long-arm statutes, 47 OECD, 684–685 Lorenz attractor, 597, 598 Council of Europe Cybercrime Convention, Los Alamos Lab, New Mexico, 544 676–680 Louisiana License Act, 342 computer-related offenses, 677–678 Love Bug virus/worm, 120, 121, 183 content-related offenses, 678–679 LovSan virus, 27 copyright infringement, 679 Low probability of detection (LPD), 741, 783 jurisdiction, 679 Lucker Manufacturing v. Home Insurance Co., 32 procedural powers, 679–680 Lyon Group, 682, 683 criminality and computer crime, 670–672 international policing, 190–194, 672–676 Maastricht, Treaty of (1992), 193, 683 cross-border law enforcement, 199 MAC. See Media access control (MAC) role of Interpol and Europol, 192–194 Madison, James, 465 variations, 191–192 Mafiaboy, 26, 27 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

868 Index

Magic Lantern, FBI’s, 166, 418 threats, 558 Mail transfer agent (MTA), 770–771, 783 U.S. national regulations, 554–555, 558 (see also Malicious code introduction, defense against, Health Insurance Portability and 770–772 Accountability Act (HIPAA)) Malicious Crypto Virology, 770 value of health data in an information society, 537 Malware. See Viruses/worms/malware Merten, Stefan, 312 M. A. Mortenson Co., Inc. v. Timberline Software Corp., Messaging and communications analysis, 709–711 24, 25, 338, 346 behavioral methods, 711 Maquiladoras, 314 data driven, 711 Maran, Murasoli, 530 end-point monitoring, 710 Marino, Dan, 10 extreme detection with human inspection, 711 Market Development Corp. v. Falme-Glo Ltd., 326 ingress/egress monitoring, 709–710 Marxism, 313, 314–315 policy- or lexicon-derived methods, 711 Massachusetts drivers license renewal, 526 retention monitoring, 710 Massachusetts Water Resource Authority (MWRA), statistical methods, 711 159–160 Messaging systems, information leakage and, MasterCard, 29, 30 703–704 McCain, John, 275 Metadata, 402 McDonald’s, 8 Metadirectory products, 509 McIntyre, Margaret, 466–467 Mexico, 185, 673 McIntyre v. Ohio Elections Commission, 466–469, 475, MGM Studios v. Grokster, 6 476, 477 Miami Electronic Crimes Task Force, 98 McLaren v. Microsoft Corporation, 799, 803 Miami Herald Publishing Co. v. Tornillo, 467 MD5 hash, 374, 396, 402, 771 Michigan, cybercourt in, 44 Media access control (MAC), 397, 751, 758, 767, Micro CDs, 540 769, 783 Microserfs, 296, 299, 300–304, 315 Mediations, 39 Microsoft: Medical Privacy Coalition, 557 anonymity and, 12 Medical records, 535–558 Balmer on “free software," 310–311 ANSI X12N, 541–542, 555, 558 Caspi v. Microsoft Network, 338 covered entities (CEs), 557 community groups and Digital Divide, 529 diversity of health data, 536 Crispi v. The Microsoft Network, 19 electronic health record (EHR), 537, 557 EFS (Encrypted Files System), 365, 366 pros/cons, 539 on free software, 311 structure and functions, 538–539 headquarters’ atmosphere, 302 electronic health record (EHR) security concerns, McLaren v. Microsoft Corporation, 803 543–546 “mindshare," 312 access, 543–544 Network, 494 external threats, 544–546 Palladium, 508 identifying threats, 544 Passport, 494, 495, 508, 511 internal threats, 545 patches, 157 electronic health record (EHR) security solutions, patent applications for Internet applications, 12 546–554 recognition of need for improving security, 690 patients, 554 http://www.pbookshop.comSmartScreen, 254 service providers, 553–554 spam: step-by-step, 547–553 Anti-Spam Coalition, 270 virtual policy notebook, 547 filtering spam for Gates, 245 employee policies, and confidentiality, 801–802 John Doe lawsuits, 265 grassroots privacy groups, 556–557 spoofing, 255 Health Level Seven (HL7), 542–543, 558 Trustworthy Computing initiative, 508 Individually Identifiable Health Information Windows, Messenger Service, 270 (IIHI), 558 Windows 9x (no longer supporting), 254 oversight bodies, 555–556 Word, temp files, and trace evidence, 390–391 overview/introduction, 535–537 X-Box, 308 paper record, pros/cons, 537–538 Middle East, 612 paradox of health data, 536–537 Military: patient advocacy groups, 557 revolution in military affairs (RMA), 151 patient health record, 558 system requirements unique to, 741–742 portable health record (PHR), 537, 540–541, 558 Mill, John Stuart, 55–56 privacy and, 412 Miller v. California, 440 regulations, policies, and organizations, 554–557 MIMEsweeper, 451 standards bodies, 541–543 Mindshare, 312 standards organizations, 541–543, 555 Minimalist legislative approach, 652 terms defined, 557–558 Miranda, 96 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 869

Mirror disks, 835 NCPDP (National Council for Prescription Drug Mitnick, Kevin, 100, 145 Programs), 555 Mixmaster, 464 Negotiation, defined, 511 Mobility: Nelson, Ted (Computer Lib/Dream Machines), 300 classifications, 735–736 NET Act. See No Electronic Theft Act of 1997 defined, 783 (NET) Mobile IP, 733 Netegrity, 509 Moldavia, 11 Netiquette, 47 Monitoring, workplace, 811–812, 825 Netscape, 422 Moral legitimacy: Network (movie), 245 of e-voting, 86 Network architecture classifications, 734–735 of free speech rights, 55–56 Network attached storage devices (NAS), 397 of information privacy rights, 74–75 Network load balancing, clustering and, 775 of intellectual property rights, 66–72 Network and system anomaly detection, 713 Morgan Stanley, 27 NetZero, 464 Morpheus, 232 New Delhi, 528 Mortenson Co., Inc. v. Timberline Software Corp., 24, Newsbooster.com, 41 25, 338, 346 Newsletters, e-mail, 260 Moseley v. Secret Catalogue, 9 New York, 330 Motion Picture Industry Association of America, 231 New York Times: Moulton v. VC3, 282 employees fired for trading dirty jokes email Mozena, John, 252 system, 420 MP3 files, 70, 91 hacking incidents, 83, 103 MTA. See Mail transfer agent (MTA) New York Times v. Tasini, 6 Mueller, Robert, 165 New York v. Ferber, 116 Muick v. Glenayre Electronics, 236 New Zealand, 639, 820 Multinational employers, special issues for, 817–821 Nichols, Terry, 105 Muris, Timothy, 260, 271 Nigerian scams, 461 Music files, sharing, 439 9/11: Mutual legal assistance (MLA), 120, 121, 673, 676, defined, 172 680, 683, 684, 691 era following, 33, 129, 131, 154–155, 165, 170, Mutual legal assistance treaties (MLATs), 120, 691 198–199, 482 MyDoom worm, 670 Nintendo, 229 NIST (National Institute of Standards), 555 N2H2 Internet Filtering, 450 No Electronic Theft Act of 1997 (NET), 6, 47, 184, NAACP, 466 185 Napster, 4, 6, 7, 70–71 Non-government actors and government National Bellas Hess v. State of Illinois, 20 information, 609–614 National Coalition for Patient Rights, 557 citizens without borders, 613–614 National Council of Commissioners on Uniform corporate sector, 609 State Laws (NCCUSL), 324 Nonrepudiation: National Cybercrime Training Partnership (NCTP), defined, 587 188 e-government issues, 575–576 National Cyber Securityhttp://www.pbookshop.com Alliance (NCSA), 156 of origin, 843 National Enquirer case, 633 of receipt, 843 National Geographic Society, 6 North Dakota Medical Association, 557 National Institute for Standards and Technology Norvag worm, 670 (NIST) Computer Forensics Tool Testing Notice: (CFTT), 378 and consent requirements, online contracts, 328 National Labor Relations Act of 1935 (NLRA), 804, privacy and, 411 807–808 Novell, 509 National Labor Relations Board (NLRB), 816 NTIA. See National Telecommunications and National Science Foundation (NSF) grants, 169 Information Administration (NTIA) National Security Letter (NSL), 470 NUBC (National Uniform Billing Committee), 555 National Stolen Property Act, 184 NUCC (National Uniform Claims Committee), 555 National Telecommunications and Information Nuremberg Files case, 15, 60 Administration (NTIA), 514, 515, 517, 519, 522, 526 OAS. See Organization of American States (OAS) A Nation Online, 515, 517 OASIS (Organization for the Advancement of Falling through the Net, 514, 515 Structured Information Standards), 496, 508 National White Collar Crime Center (NW3C), 188 Oblix, 509 Nazi memorabilia decision (Yahoo! v. La Ligue Contre Obscenity, 440 Le Racisme et L’Antisemitisme), 37, 42-631, Occupational literacy, 518 636–368 O’Connor v. Ortega, 817 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

870 Index

Oddworldz.com, 80 Patents, 11–12, 65, 91 OECD. See Organization for Economic Cooperation PATH variable, 774 and Development (OECD) Patient Rights Clearinghouse, 557 Office of management and Budget (OMB), 564, 584 PATRIOT Act. See USA PATRIOT Act (Uniting Office of Technology Assessment (OTA), 576 and Strengthening America by Providing Ohio, 266 Appropriate Tools Required to Intercept and McIntyre v. Ohio Elections Commission, 466–469, Obstruct Terrorism) 475, 476, 477 Pavlovich v. Superior Court, 35–36 Ohralik v. Ohio State, 440 PayPal, 237, 255, 340 Oklahoma City bombing, 105, 572 Peer-to-peer (P2P), 91, 320 Olmstead v. United States, 409 Perishability, 741–742 Omnibus Crime Control and Safe Streets Act of Perry, William, 169 1968 (Wiretap Act), 216–219 Persistent cookies, 425, 433 One bite approach, 257, 260, 285 Personal identification number (PIN), 331, 652, 701 1-by-1 pixels, 425 Petite policy, 115 One to One Future, The (Peppers and Rogers), 249 PGP. See Pretty Good Privacy (PGP) Online, defined, 353 Pharmatrak, Inc., In re, 218, 805 Onsale, 12 Philippines legal system, 120–121 Openness, privacy and, 414 Phishing, 255, 256, 285, 486, 545, 706 Open Net Initiative, 449–450 PHR. See Portable health record (PHR) Open relays, 285 Physical attacks, 572 Open source movement, 67, 296, 310, 316 Physical channels, information leakage and, 698, Operation Slam Spam, 264 699–703 Opt in/out, 14, 47, 285 cell phones, cameras, music players, and PDAs, Oregon, 118 701–702 Organization of American States (OAS), 669, 681 classic spy equipment, 702 Organization for Economic Cooperation and disposal of media and equipment, 702–703 Development (OECD): emanations, 702 Bribery Working Group, 684 good, old-fashioned ways, 700 consumer protection guidelines, 347 laptops and corporate PDAs, 703 defined, 432 media, 700–701 democracy, principles for electronic, 621 office equipment, 700 e-government, 594 voice and video communications, 701 Financial Action Task Force (FATF), 685 Physical evidence, defined, 402 global law enforcement, 669, 684–685, 687 Physical inspection, 713 history of regulation of illegitimate conduct in Physical security measures, 840–841 cyberspace, 189, 190 Physical world/analog world, defined, 173 principles, 427, 428, 621 Pilfering, information, 753, 769–770 privacy, 413, 414, 432, 642–643 PIN. See Personal identification number (PIN) statistics on access, 524–525 Ping flooding, 150 Organizations: Pink contracts, 253, 254, 285 cyberterrorism and, 167–168 PKI. See Public key infrastructures (PKI) First Amendment, and discrimination, 410 Plagiarism, 71–72 Original data evidence, defined,http://www.pbookshop.com 402 Planned Parenthood v. American Coalition of Life Orwell, George (1984), 301 Activists, 15 OSI layer implementation, 738, 739 Plea bargain, defined, 122 Over-the-air (OTA), 738, 739, 783–784 Poindexter, John, 418 Points of control, 445–447 PACER (Public Access to Court Electronic Records) Policing. See Law enforcement, cybercrime and system, 44 Policy(ies): Pacifica decision (“Seven Dirty Words"), 476 DigitalDivideand,525 Packet radio networks, 784 e-government, and procedures and infrastructures, Pagers, 784 584–585 Paine, Thomas, 465 policy- or lexicon-derived methods, information Palladium, 508 leakage detection, 711 Palm, 253 Political groups embracing violence, 612 Panavision v. Toeppen, 9, 69, 633–634 Pollitt, Mark, 137 Paperwork Reduction Act of 1995, 584 Pollstar v. Gigmania Ltd., 335 Pasquinelli, Matteo, 312, 314 POP, 772 Passive Web sites, 35 POP-before-relay, 771 Passport, Microsoft, 494, 495, 508, 511 Pop-up advertisements, 61 Password(s): Pornography: defined, 842 children and, 56–59 guidelines for improving effectiveness of, 843 Communications Decency Act of 1996 (CDA), recovering, 368–371 13, 14, 45, 58–59, 447, 640–641 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 871

cultural differences, 446 policy fundamentals, 427–431 defined, 453 principles of fair information practices: e-mail/Internet use policy and, 809–810 accountability, 414–415 forms of speech, 441 collection limitation, 413 free speech, 56–59 data quality, 413 Internet services providers and, 451 individual participation, 414 search engines and, 451 openness, 414 Portable health record (PHR), 537, 540–541, 558 purpose specification, 413 Portable secure environments, 717–718 security safeguards, 413 Port of Houston, denial of service attack, 118 use limitation, 413 Post office protocol (POP), defined, 784 tort concerns, 803 Power supply, uninterruptible (UPS), 835 trustmarks, 429 Precedence, 741–742, 784 workplace issues, 419–421 Preponderance of the evidence, defined, 122 e-mail policies, 803, 806–807, 821 Pretty Good Privacy (PGP), 331–332, 362, 366, 367, employee privacy policies, 420–421 368 state workplace statutes, 806–807 Preview window, 285 Private censorship, 450–452 Price competition, international, 44 Private key, 587 Priceline.com, 12 Private key infrastructure (PKI), 650 Prima facie evidence, defined, 47 Privilege: Privacy, 407–433 escalating, 753 banking records, 412 least privilege concept, 546 Chief Privacy Officers (CPOs), 428–429 Proactive measures, 546 children’s, 412–413 Probable cause, 410 common law, 410–411 ProCD, Inc. v. Zeidenberg, 24, 216, 335, 338, 343 constitutional, 408–410 Procedural powers, 679–680 consumer Internet privacy, 421–427 Prohibition, 43 credit reports, 412 PROLOK, 341–342 cultures of nations and, 195 Prosecutor role, justice system, 98–102 czars, 642 Prosser, William, 410 definitions, 408, 433, 587, 660 Proximity-release door openers, 841 digital id and, 482–485 Proxy computers, 260 electronic surveillance and, 234–236 Proxy servers, 446, 453 Federal Trade Commission (FTC), 429–431 Pseudonyms, 465–466 government and cyberterrorism, 164–167 PSINet, 253 government records, 412 “Public, the" (as a term), 226 information (see Information privacy) Public access pathways, 762–763, 773–775 international issues, 638–649 Public information, versus private information, cross-border data flow, 415–416 75–76 EU Privacy Directive, explained, 643–644 Public key algorithms/systems, 332, 361, 580, 587, laws, 413–415, 638–649 650–653, 773 model contract clauses, 646–647 Public key infrastructures (PKI), 332, 580, 650–653, Safe Harbor compliance, explained, 644–646 773 technological responseshttp://www.pbookshop.com to privacy protection, Public sector: 647–649 e-mail/Internet use policies, 817 threats to privacy, posed by Internet, 639–641 reform, 595 view of privacy, 642–643 Publishing: law(s): e-government and, 565–566, 587 basics, 408–411 identity, 503, 511 international, 413–416, 638–649 Pure cyberterrorism, 138 state workplace statutes, 806–807 Purposeful availment, 265 U.S., 412–413 Purpose specification, privacy and, 413 law enforcement, balancing privacy and, 416–419 business issues under wiretap laws, 418–419 Quaid Software, Ltd., 230, 341–342 ECPA (Electronic Communications Privacy Act Quality of service (QoS), 784 of 1986), 216, 416, 417, 418, 419, 432 Quantitative national differences, 525 FISA (Foreign Intelligence Surveillance Act of Quantum computing, 580 1978), 416, 417–419, 432 Quicksilver, 464, 470 legal tenets, 411 access, 412 Race. See Demographic groups and choice, 412 Internet/technology use notice, 411 Race conditions, vulnerability category, 755 security, 412 Rachels, James, 74–75 medical and health insurance records, 412 Radicati, Sara, 278 overview/introduction, 13–14, 407–408, 431–432 Radio frequency identification devices (RFID), 784 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

872 Index

Radio networks, packet, 784 Rosenfeld v. Zemeck, 329 Radios, line-sight, 783 Rosh, Mark, 166 Radio technology, software defined, 778 Rosser, Kevin, 154 RADIUS/LEAP, 769 Royal Canadian Mounted Police, 188 RAID (redundant arrays of independent disks), 835 RSA Security, 331–332, 773 Ralsky, Alan, 252 RSN (robust security network), 769 RAM, trace evidence in, 386–388 RTMark, 309 RAMKEY program, 341 Rumsfeld, Donald, 170 Raptor, 766 Russia, 150, 191, 681 Rasmussen, Michael, 158 RAT backdoors, 770 Safeguards, basic security, 833–835 Rawls, John, 56 Safe Harbor, 5, 7, 415–416, 433, 639, 644–646 Raymond, Eric, 310 SafeSearch, Google, 451 RC4, defined, 784 Sale of goods law, 344–347 RCFL (Regional Computer Forensic Laboratory), Salomon Smith Barney, 27 Dallas, 397 Salvation Army, 16 Real/Networks, Inc. v. Streambox, Inc., 228 SAN (storage attached network) solution, 397–398 Realspace, 196 SANs (storage area networks), 400 Reasonable doubt standard, 122 SANS (SysAdmin, Audit, Network, Security) Recording Industry Association of America (RIAA), Institute, 157, 168 71, 228, 231, 232, 424 Satellite, wireless systems with communication via, Record(s): 734–735 accessibility requirements, online contracts, Satellite earth terminals, 784 332–333 Saudi Arabia, 442, 443, 449 employee, 821 SCA. See Stored Communications Act (SCA) health (see Medical records) SCADA systems, 134, 135, 144, 157, 159, 173 retention requirements, online contracts, 333 Scanning, 753 Red Cross, 611 Scelson, Ronald, 244, 252, 253, 254, 256, 275–276 RedDot Solution’s Content Management Server, Schmidt, Howard, 136 774 Schumer, Charles, 275 Redundant arrays of independent disks (RAID), 835 Schwenn v. Anheuser-Busch, Inc., 800 Refund policy, 21 Scientific Working Group for Digital Evidence Register.com, Inc. v. Verio, Inc., 23, 214–215, 222, 336, (SWGDE), 378 337 Scurry County, Texas, voting problem in, 89 Registration, domain name, 7–8 Seal of approval programs, 429 Regression testing, 402 Search engines, 63–65, 451 Reidenberg, Joel, 649 Search/seizure, 197 Relevance, Digital Divide and, 518–519 Search warrant, federal, 98 Remailer/remailer software, 478 Secret key, 588 Remote control, information leakage and, 705 Secret system, 834 Reno v. ACLU, 13, 14, 58, 59, 265, 447, 641 Secure Digital Cards, 540 Reputation service, 504 Secure Digital Music Initiative Foundation (SDMIF), Res ipsa loquitur, doctrine of, 28 228 Resistance to jamming, 741 http://www.pbookshop.comSecure set identifier (SSID), 784 Retention monitoring, 710 Secure socket layer (SSL), 463, 478, 739 Reverse engineering, 210, 229–231, 340–344 Securities and Exchange Commission (SEC), 17, 27 RIAA. See Recording Industry Association of Security: America (RIAA) computer, 81–84 Ridge, Tom, 132, 135 legal protection of, 82 RIPE, 612 moral legitimacy of rights of, 82–83 RMA (revolution in military affairs) and asymmetric employee liabilities related to, 25–26 response, 150–151 of information, defined, 784 Roberts, Alasdair, 605 privacy and, 412, 413 Roberts, Julia, 10 as a term, 81–82 Robotic Vision Systems v. Cybo Systems, Inc., 21 Security system, guidelines for comprehensive, Robots, 40–41. See also Bots/cyberbots 831–850 Roe v. Wade, 73, 235 comprehensive security plan, 844–847, 850 ROI of identity solutions, 505–506 disasters, preparing for/recovery, 847–849, 850 Room, clean: identification of basic security safeguards, 833–835 leakage prevention, 714 identification of computer emergency response reverse engineering, 341 team services, 843–844 Room shielding, 841 identification of general security threats, 835–836 Roosevelt Dam, 132, 133 internal/external threats and vulnerability, 836 Root server, 69 potential computer and network disasters, 835 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 873

identification of security measures and Smurf attacks, 573 enforcements, 838–843 Smyth v. Pillsbury Co., 235, 796 backups, 838 Social engineering, 545, 691, 756, 784 biometric security measures, 838, 839 Social networking and contact management sites, callback modems, 838–839 information leakage and, 704–705 electronic rackers, 841 Society for Human Resource Management firewalls, 838, 839–840 (SHRM), 419 identification badges, 841 Socks servers, 464, 478 intrusion detection systems (IDS), 838–839, 840 Soft Effects test, 634 physical security measures, 840–841 Software: proximity-release door openers, 841 access codes, 842 room shielding, 841 contractual restrictions on use of, 340–344 smart cards, 841 copyright preemption, fair use, and reverse software security measures, 842 engineering, 340–344 token, 841 data encryption, 842 (see also Encryption) intentional threats, 836–838, 850 defined, 173 overview/introduction, 831–832, 849 electronic transaction securities, 842–843 terms defined, 849–850 passwords, 842, 843 unintentional threats, 850 patents, 657–659 Security task force, 832–833, 850 security measures, 842 SeeBeyond, 509 terminal resource security, 842 Seescandy test, 473, 474 Software defined radio technology, 778 SegaEnterprisesLtd.v.Accolade,Inc.,229 SOMTC (Senior Officials Meeting on Transnational Self-defense, 107 Crime), 683 Self-help response to cybercrime, 110 Sonny Bono Copyright Term Extension Act (1999), Self-insured, 33 6–7 Sentencing, criminal justice system, 113–114, 122 Sony, 255 Service delivery, 567, 588 Sophos mail server, 770 Service mark, 47 Soto, Orlando, 274 Service set identifier (SSID), 758 Source code, 316 Session cookies, 425, 433 South Africa, 190, 651, 673 Session server, 503 South America, 820 Session service, 503 Soviet Union, former, 11 Session token, 503 Spacey, Kevin, 10 SettleOnline, 39 Spam, 243–286 “Seven Dirty Words" (Pacifica decision), 476 Anti-Spam Coalition, 270 Sex.com, 57 antispammers, 254 Sex discrimination/harassment, 800–803, 814 balanced viewpoint, 247–248 Sexually explicit content, 445. See also Pornography censorship and, 441, 446 SHA-1 hash, 402 closed loop marketing, 249–250 Shattuck v. Klotzbach, 331 costs of, 245–247, 442–443 ShetlandTimesv.ShetlandNews(Scotland), 40 crime and, 255–264 Shrink-wrap agreements, versus clickwrap, 24, 47, defining, 91, 271–275, 442, 453 334–337 http://www.pbookshop.comcommonly used definitions, 271–273 Shurgard Storage Centers, Inc. v. Safeguard Self Storage, permissive definitions, 273–275 Inc., 223 restrictive definitions, 273 Siebel, 474 effect of legislative counterattack, 275–277 Signatures. See Electronic/digital signatures antispammer perspective, 276 Silicon Investor, 472 business perspective, 276–277 SIM (subscriber identification module), 784 government perspective, 275 Simple object access protocol (SOAP), 491 spammer perspective, 275–276 Singapore, 445, 449 states’ perspective, 277 Single click patents, 12, 494, 658–659 enforcement and prosecution, 264–275 Single sign-on (SSO), 494, 495 federal CAN-SPAM Act (Controlling the Assault Slammer worm, 33, 150, 157 of Non-Solicited Pornography and SLAPPs (strategic lawsuits against public Marketing Act of 2003), 20, 62, 248, participation), 166 258–263, 264–271, 276, 285, 482 Smart cards, 462, 463, 841 Commerce Clause in U.S. Constitution, SmartFilter, 450 266–268 Smart Media, 540 do-not-spam lists, 261–262 S/MIME (Secure Multipart Internet Mail First Amendment, 264–265 Extension), 720 implementation questions, 260–261 Smith v. Hooey, 105 jurisdiction and due process, 265–266 SMTP authentication, 770 list restrictions, 262–263 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

874 Index

Spam (Continued ) file recovery, 375 other prosecutions, 269–271 manual methods of determining content, 376 provisions, 259–260 Stegdetect, 376 state legislation and, 264–271 Stella D’Oro Biscuits, 10 Trespass and Nuisance claims, 268–269 Steven Jackson Games, Inc. v. United States Secret Service, first law school course on, 248 218 free speech and, 61–62 Sting, 10 global perspective, 277–281 Storage Attached Network solution (SAN), European legislation, 278–279 397–398 growing international action, 279–281 Stored Communications Act (SCA), 216, 219–221 movement offshore, 277–278 backup files, 220–221 industry self-regulation, 263–264 temporarily stored communications, 221 “junk mail," 244–245 Stranger danger, 107 legal counterattack, 256–258 Strict Effects test, 634 “no Spam in Heaven" marketing, 251–252 Student plagiarism, 71–72 origin of term, 249 Subpoenas seeking identity of anonymous speakers, overview/introduction, 19–21, 243–248, 281–285 471–473 reasons for, 249–252 Subscriber identification module (SIM), 784 spammers, 250–255, 459 Suck.com Web sites, 16 “spam" versus “SPAM," 248 Sudan, 153 state and local legislation, 257–258 Sui generis protection, 657 terms defined, 285–286 Sun Microsystems, 491, 509 war on spam, 256–257 Sunstein, Cass, 476 Specht v. Netscape Communications Corp., 23, 337, 344 Supremacy Clause of the U.S. Constitution, 342 Spectorsoft.com, 80 Surveillance/investigation, 164–167. See also USA Spheres of authority, 609 PATRIOT Act (Uniting and Strengthening Spiders, 40–41 America by Providing Appropriate Tools Spinello, Richard, 57, 61, 77, 80 Required to Intercept and Obstruct Spitzer, Eliot, 270 Terrorism) Sponsors, cyberterrorism, 152–155 Swallow factories, 314 Spoofing, 255, 286, 459, 573, 769 Swap files, trace evidence in, 388–389 Sportinggoods.com, 69 SWIFT (Society for Worldwide Interbank Financial Springfield Hydroelectric Company v. Copp, 29 Telecommunication), 615 Springsteen, Bruce, 10 Symbolic links, 755 SpyBuddy, 169 Symmetric, defined, 588 SpyCop, 169 Symmetric ciphers, 361 Spy-patrol.com, 80 Spy software, 80 Tactical media, 305 SQL Slammer, 157 Tactics, 745 SquareTrade.com, 39 Talley v. California, 466 SSL. See Secure socket layer (SSL) Target, defined, 785 SSO. See Single sign-on (SSO) Targets of evaluation (TOE), 785 Stallman, Richard, 67, 299, 310 Target wireless operations, 751–752 Stalking, 117, 122 http://www.pbookshop.comTask force, security, 832–833, 850 State(s), U.S.: Taxation, 19–21, 600 cybercrime law, 116–117 Taxonomy, defined, 785 databases, and information privacy, 79–80 TBG Insurance Services Corp. v. Superior Court, relationship between state and federal criminal 235–236 justice systems, 114–115 TDEA (triple data encryption algorithm), 581, 583 UCITA (bomb shelter legislation), 347 Technical solutions, cyberterrorism, 146 workplace privacy statutes, 806–807 Technological American Party (TAP), 301 State Farm Mutual Auto. Ins. Co. v. Bockhorst, 327 Technological literacy, 518 State of Washington v. Heckel, 267, 272 Technological responses to privacy protection, Stateside Associates, 557 647–649 State-sponsored attacks, 572 Technology and the state, 593–594 State Street Bank v. Signature Financial Group, 12, 658 Telstra (Australian telecom company), 10 State v. Schwartz, 118 Tempest, 702 Statistical methods, leak detection, 711 Temporal attacks, 746 Statute of Frauds, 323, 329 Te o m a , 6 4 Statutes, Web sites for obtaining, 65 Terminal resource security, 842 Stealing versus copying files, 118 Term-paper-time.com, 72 Steganography, 371–376 Terms, unusual/onerous, 337–338 coping with, 375–376 Terms of Use provisions, 21–22, 24, 47, 214–216, demonstration, 372–375 240 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 875

Terrorism: Trade secrets: computer/Internet systems and (see defined/explained, 210–211, 225–226, 240, 826 Cyberterrorism) e-mail and Internet use policy, and protection of, financial institutions and, 236–237 808–809 9/11, defined, 172 Trade Secrets Act (TSA), 225 post-9/11 world, 33, 129, 131, 154–155, 165, Tragedy of the commons, 602 170, 198–199, 482 Transaction processing, 567, 588 Terrorism Information Awareness (TIA), 166 Transfer control protocols (TCPs), 144 Tethered mobility, 785 Transmission control protocol (TCP), 173, 573 Thailand, 191 Transmission security (TRANSEC), 749, 785 Theofel v. Farey-Jones, 220–221 Transparency International, 606, 611 Third-party cookies, 425, 433 Transport information, high risk of, 619–620 Thompson, Loren, 151 Treaties: Threats: Convention on Cyber-Crime, 676–680 acts versus, 138 computer-related offenses, 677–678 to confidentiality, 577 content-related offenses, 678–679 defined, 199, 558 copyright infringement, 679 exaggerated, 133–135 Council of Europe, defined, 122 external, 544–546, 836 countries signing, 121, 190 general security, 835–836 defined, 199 identifying, 544, 835–836 jurisdiction, 679 intentional, 836–838, 850 procedural powers, 679–680 internal, 545, 836 encryption exportation regulation; United States to privacy, posed by Internet, 639–641 law and international treaties, 650–651 traditional (three areas), 736 enforcement, 605 unintentional, 850 first international treaty on criminal offenses TIBCO, 509 committed against or with help of computer Tiberino v. Spokane County, 817 networks, 155 Ticketmaster case, 335, 336 mutual legal assistance (MLA), 120, 121, 673, 676, Tien, Lee, 477 680, 683, 684, 691 Time division multiple access (TDMA), 785 nations opting out of, 605 Time Warner, 40, 44 Trenchard, John, 465 TISM (Trust Information Sharing Network for Trespass, 213–214, 240 Critical Infrastructure Protection), 599 Trial by jury or trial by judge, 103–105 TOC (transnational organized crime) convention, Triple bottom line, 622 675, 676 TRIPs (Trade-Related Aspects of Intellectual Toeppen, 9, 69, 633–634 Property Rights), 189, 655 To ke n : Tripwire, 764 session, 503 Trojans/Trojan horses, 118–119, 445, 756, 759, transmission device, 841 785 Tools, cyberterrorism, 146–148 Trust domain, 511 Tort(s), 48, 826 Trust-E, 78–79 appropriation, 411 TRUSTe, 428, 429 disclosure, 411 http://www.pbookshop.comTrusted agents, attack via, 760–762, 772 false light, 411 Trusted third party, 653 intrusion, 411 Trustmarks, 429, 433 Total Information Awareness, 418 Trust services, 503, 511 Total News, framing case against, 40 Tumbleweed Communications, 12 Toussaint v. Blue Cross & Blue Shield of Michigan, 799 Tunneled protocols, information leakage and, 705 Toysmart.com, 431 Turkey, 631 Toys R Us, Inc. Privacy Litigation, In re, 221 Turkle, Sherry, 458 Trace evidence: Turner, Ted, 10 in RAM, 386–388 24/7, defined, 172 in swap and hibernation files, 388–389 2themart, 472 in unallocated space, 389–392 Trackers, electronic, 841 UBE (unsolicited bulk e-mail), 272, 286 Trademark(s): UCBE (unsolicited commercial bulk e-mail), 272, defined, 48, 91 286 dilution of, 8–9 UCITA. See Uniform Computer Information as domain names, and cybersquatting, 4 (see also Transactions Act (UCITA) Cybersquatting; Domain names) UEMS (unsolicited electronic mail solicitations), infringement, 40 272 law, 65 UETA. See Uniform Electronic Transactions Act Trademark Counterfeit Act (1984), 42 (UETA) ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

876 Index

Unallocated space: congressional review of, 164, 283, 416–417 defined, 402 corporate spying and, 206, 217, 219, 236–238 trace evidence in, 389–392 criticism/challenges to, 164–165, 166, 484 Unconscionability, doctrine of, 321, 339–340 defined, 240 UNICODE/ASCII, 380, 381, 382, 383, 392, 506 difficulty of using/onerous mechanisms of, 401 Uniform Commercial Code (UCC), Article 2, 324 Electronic Communications Privacy Act (ECPA) Uniform Computer Information Transactions Act and, 237–238, 812–813 (UCITA), 324, 327, 345, 346–347, 349, 352 Foreign Intelligence Surveillance Act (FISA) and, Uniform Domain-Name Dispute-Resolution Policy 416–417, 418–419, 649 (UDRP), 9 hacktivism and, 305 Uniform Electronic Transactions Act (UETA), 324, post-9/11 passage of, 164, 198, 470, 484, 648 326, 348 privacy and, 639, 648 Uniform resource identifiers (URIs), 497 provisions, 42–43, 164–165, 167, 198, 217, 470, Unintentional threats, 850 648–649 Uninterruptible power supply (UPS), 835 Web site for obtaining text of, 74 Union-represented employees, 816 USA Today, 40 United Kingdom, 119, 185, 278, 483, 599, 681 U.S. Bancorp Piper Jaffray, 27 United Nations: USB Key Chain Drives, 540 censorship standards, 443 U.S. Copyright Felony Act, 185 Commission on International Trade Law U.S. Copyright Office, defined, 48 (UNCITRAL) Model Law on Electronic Use limitation, privacy and, 413 Commerce, 324, 325, 349, 654 User datagram protocol (UDP), 573, 577 Conference on Trade and Development U.S. Financial Services Modernization Act, 75 (UNCTAD), 522, 525 U.S. laws covering electronic transactions, 324–325 Contracts for the International Sale of Goods U.S. Patent and Trademark Office (PTO), defined, (CISG), 36 48 Convention against Transnational Organized USPS (U.S. Postal Service), 255 Crime (TOC) Convention, 668, 674–675 U.S. Rehabilitation Act, 519–520 cybercrime (1990), addressing in, 189 U.S. v. Eisenberg, 323 cyberterrorism, 154–155 U.S. v. Grande, 323 Digital Divide, 522, 523–524 U.S. v. Hicks, 101 General Assembly Resolution, 687 U.S. Visitor and Immigrant Status Indicator Office of Drug Control and Crime Prevention Technology (US-VISIT), 165 (UNDCP), 669, 683 U.S. v. Middleton, 223 spam and, 246, 280–281 U.S. v. $734,578.82 in U.S. Currency, 42 statistical indexes, 523–524, 594 U.S. v. Simmons, 815 Universal Declaration of Human Rights, 413 Utilitarianism, 55–56, 67–68, 91 United States et al. v. American Library Association, 15 United States of America v. Sami Omar Al-Hussayen, 141 Validation of digital forensic tools, 377–384 United States v. Aluminum Company of America Validity, 22–23, 24 (ALCOA), 632 Value chain, IT system design, 614 United States v. American Library Association, 63 Vatis, Michael, 130 United States v. Councilman, 218 Vault Corp. v. Quaid Software, Ltd., 230, 341–342 United States v. Czubinski, 106http://www.pbookshop.comVerio case, 23, 214–215, 222, 336, 337 United States v. Hsu in footnote on 226, 226, 227 VeriSign, 331–332 United States v. Lange, 226 Verizon, 232, 270, 338, 424 United States v. Slanina, 236 Victim(s): United States v. Yang, 227 liability and, 28–31 Universal City Studios, Inc. v. Corley, 104 sentencing and, 113 Universal City Studios, Inc. v. Reimerdes, 40, 228 victim impact statement, 123 Universal Description, Discovery, and Integration Vigilante action, 110–111, 614 (UDDI), 491 Violence: Universal Health Care Action Network, 557 political groups embracing, 612 UNIX, 169, 363, 388, 389, 390 terrorism (see Cyberterrorism) five types of, 752 workplace, and e-mail/Internet use policies, Unsolicited bulk e-mail (UBE), 785 821–822 Unsolicited commercial e-mail (UCE), 257 Viral marketing, 260 URI. See Uniform resource identifiers (URIs) Virtual force, versus physical force, 107 Uruguay Round Agreement, 189, 655 Virtual identities, 458 USA PATRIOT Act (Uniting and Strengthening Virtual identity document, 500 America by Providing Appropriate Tools Virtual local area network (VLAN), 752, 759, 760, Required to Intercept and Obstruct 763, 774, 776–777, 785 Terrorism): Virtual private network (VPN), 769, 773, 785 acronym defined, 42, 164, 198, 206, 240 Virtual sit-ins, 306, 316 businesses, and government spying, 236–238 Virtual world/digital world/cyberspace, defined, 172 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

Index 877

Viruses/worms/malware: Wikipedia, 67 defined/explained, 122, 445, 785, 836 Windows: indications of infection, 838 encrypted file system, 365–366 information leakage and, 706 swap/hibernation files, 388 overview/introduction, 26–27 WIPO. See World Intellectual Property Organization security, censorship, and points of control, 445, (WIPO) 446 Wired equivalency privacy, 785 state laws, 116–117 Wired equivalency protocol, 757 untenable assumptions of identity, and, 459 Wireless encryption protocol, 752, 767, 769 worm versus virus, 445 Wireless information warfare (WIW), 723–786 Visa, 29, 30 defensive information operations (information VLAN. See Virtual local area network (VLAN) assurance), 748–749 Voice over Internet Protocol (VoIP), 469 defined, 725–726, 785 VOMIT (Voice over Misconfigured Internet offensive malevolent acts, 744–748 Telephony), 701, 720 content attacks, 746 Voting: cryptographic attacks, 747–748 electronic (see E-voting) direct, or internal, penetration attacks, 746 information for, 595 effect, 745 rights, 85 ethics and legality, 745 VPN. See Virtual private network (VPN) functions, 744–745 Vulnerabilities, 145–146, 577, 616–619, 749–756, indirect, or external, sensor attacks, 746 836 invasiveness, 745 motive, 745 W.32.Bugbear virus, 157, 159 tactics, 745 W3C, 491 taxonomy of attack operations, 745–747 Walker, Jay, 659 techniques, 745 Walker Digital, 659 temporal attacks, 746 Wall Street Journal Web site, 634 overview/introduction, 723–725, 777–779 Wal-Mart, 10, 309, 506 secure communications and system design, Waltz, Edward, 725 743–744 WareZ, 100, 720 terms defined, 779–786 Warfare, 151. See also Electronic warfare; Information unique aspects of, 736–743 warfare (IW) military-unique system requirements, Warrant(s), 410 741–742 Warranties, 345–347 performance measures and key design trade-offs, Wartime, anonymity during, 469–470 740–741 Washington Post Co., et al. v. Total News, 40 traditional threats, three areas, 736 Washington state, 34, 62, 267, 270, 272, 431 why is wireless security different, 737–740 Wassenaar Agreement, 651 Wireless information warfare (WIW) in practice, Watchtower Bible and Trust Society v. Village of Stratton, 749–777 467–468 example attack, remote attack on wireless network Weather, 597 (VLAN hopping), 756–763 Web, information leakage and, 704 attack via public access pathways, 762–763 Web-beacons, 425 http://www.pbookshop.comattack via trusted agents, 760–762 Web browsers, and privacy, 422 diagram, 757 Web bugs, 425–426, 433 example defenses, 763–777 Web-cams, 411 attacker identification, 772 Web log analysis, 712 against attack via public access pathways, Web publishing, information leakage and, 705 773–775 Websense Enterprise, 450 from attack via trusted agents, 772 Web services, 490–491, 511 firewall, 765–766 Web sites: host-based intrusion detection system (h-IDS), defacements, 308 763–765 estimates of number of, 63 incident response, 775–776 WEP, 752, 757, 758, 767, 769, 778, 785 against information pilfering, 769–770 wired equivalency privacy, 785 against malicious code introduction, 770–772 wired equivalency protocol, 757 against remote doctor offices, 772–773 wireless encryption protocol, 752, 767, 769 against VLAN hopping, 776–777 Wesley Coll. v. Pitts, 218 for wireless networks, 766–767 West, Darell, 520 example vulnerabilities of a suburban hospital, Whistle-blowing, 824 749–756 White House Web site, 70, 139 security measures for the hospital, 750–751 White list, 286 target wireless operations, 751–752 WHOIS database, 214, 336 VLAN operations and servers, 752 Wifi Protected Access (WPA), 752, 778, 785 wireless attacks, 753–756 ind JWBK226/Bidgoli July 10, 2008 13:36 Char Count=

878 Index

Wireless information warfare (WIW) taxonomies, World-Wide Volkswagen Corp. v. Woodson, 632 726–733 World Wide Web (a.k.a. Web), defined, 173 classification by World Wrestling Federation, 10 confidentiality/integrity/availability (CIA), Worm versus virus, 445. See also 727–732 Viruses/worms/malware corruption, 728 WPA. See Wifi Protected Access (WPA) detection, 730 WPISP (OECD Working Party on Information disruption, 727 Security and Privacy), 599 exploitation, 728–729 Wrongful discharge, 814 response, 730 WSDL (web services description language), 491, classification by domain of information aggression, 503 727, 728 WSIS (World Summit for the Information Society), classification by exploitation and attack/defense, 601, 612, 621 732–733 WTO. See World Trade Organization (WTO) deception, 733 electronic warfare, 733 X12N, ANSI, 541–542, 555, 558 information corruption, 733 Xanadu, 300 security, 733 XML (extensible markup language), 491, 503, relationship to asymmetric warfare, 731–732 506 Wireless local area network (WLAN), 786 XML Schema, 503 Wireless modems, 786 XNS (extensible name service), 494, 495, 496, 497, Wireless networks: 498, 499, 501, 502, 504, 510 information leakage and, 705 XNS Negotiation Service, 501 taxonomies of, 733–736 XNSORG, 494, 508 mobility classifications, 735–736 XRI (extensible resource identifier), 496, 497, 498, network architecture classifications, 734–735 510 Wireless security implementation, 786 XRI data interchange (XDI), 496, 502, 511 Wireless services, interrelationships among (diagram), XSS (cross-site scripting), 762, 763, 774, 780–781 730 Wireless technology, employee use of, 798 Yahoo!: Wiretap Act (Omnibus Crime Control and Safe anonymity and, 12 Streets Act of 1968), 216–219 China, 449 Wiretapping, government, 410. See also USA denial of service attacks, 26, 836 PATRIOT Act (Uniting and Strengthening domain name disputes, ICANN’s resolution America by Providing Appropriate Tools process, 10 Required to Intercept and Obstruct domination of, 44 Terrorism) GeoCities, 430 Wizards of OS, 312 Nazi memorabilia decision (Yahoo! v. La Ligue WLAN, 750, 751, 778 Contre Le Racisme et L’Antisemitisme), 37, Woolley v. Hoffmann-La Roche, Inc., 799 42-631, 636–368 Work for hire, 213 spam and, 284 Workplace boundaries, blurring of, 795–797 Yes Men, The, 309 Workplace laws, foreign, 819–821 Youth International Party Line, 301 Workplace monitoring, electronic,http://www.pbookshop.com 811–812, 825 Workplace policies. See Employer e-mail/Internet ZD.net, 836 use policies Zefer Corporation, 223–224 World Bank, 594–595 Zeidenberg (ProCD, Inc. v. Zeidenberg), 24, 216, 335, WorldCom, 276, 800 338, 343 World Intellectual Property Organization (WIPO), Zenger, John Peter, 465 5, 10, 48, 604, 654–657 Ziff Davis, 30 World Trade Organization (WTO), 155, 604, 649, Zippo sliding-scale standard (Zippo Manufacturing Co. 654, 655 v. Zippo Dot Com, Inc.), 34–36, 632–633 Worldwide perspective, cyberterrorism, 154–155. See Zombie computers, 255, 256, 286 also Cyberterrorism ZoneLabs personal firewall, 546