Cyber Security Enhancement Act of 2002 – CSEA Several years ago, Congress determined that the legal system still allowed for too much leeway for certain types of computer crimes and that some activities not labeled “illegal” needed to be. In July 2002, the House of Representatives voted to put stricter laws in place, and to dub this new collection of laws the Cyber Security Enhancement Act (CSEA) of 2002. The CSEA made a number of changes to federal law involving computer crimes.
This act stipulates that attacker who carries out certain computer crimes may not get a life sentence in jail. If an attacker carries out a crime that could result in another bodily harm or possible death, or a threat to public health or safety, the attacker could face life in prison. This does not necessarily mean that someone has to throw a server at another person’s head, but since almost everything today is run by some type of technology, personal harm or death could result from what would otherwise be a run of-the-mill hacking attack. For example, if an attacker were to compromise embedded computer chips that monitor hospital patients, cause fire trucks to report to wrong addresses, make all of the traffic lights change to green, or reconfigure airline controller software, the consequences could be catastrophic and under the CSEA result In the attacker spending the rest of her days in jail.
Note: – In 2013, a newer version of the Cyber Security Enhancement Act passed the House and is still on the docket for the Senate to take action, at the time of this writing. Its purpose includes funding for cyber security development, research, and technical standards.
The CSEA was also developed to supplement the Patriot Act, which increased the US government’s capabilities and power to monitor communications. One way in which this is done is that the CSEA allows service providers to report suspicious behavior without risking customer litigation. Before this act was put into place, service providers were in a sticky situation when it came to reporting possible criminal activities or when trying to work with the law enforcement. If a lay enforcement agent requested information on a provider’s customer and the provider gave it to them without the customer’s knowledge or permission, the service provider gave it to them without customer’s knowledge or permission, the service provider could, in certain circumstances, be sued by the customer for unauthorized release of private information. Now service providers can report suspicious activities and work with the law enforcement without having to tell the customer. This and other provisions of the Patriot Act have certainly gotten many civil rights monitors up in arms.
It is up to you which side of the fight you chose to play on-but remember that computer crimes are not treated as lightly as they were in past. Trying out a new tool or pressing start on an old tool may get you into a place you never intended—Jail.
So as your mother told you—be good, and may the Force be with you.