From telecom@eecs.nwu.edu Sun Feb 25 16:34:48 1990
Received: from delta.eecs.nwu.edu by gaak.LCS.MIT.EDU via TCP with SMTP
	id AA05014; Sun, 25 Feb 90 16:34:41 EST
Resent-Message-Id: <9002252134.AA05014@gaak.LCS.MIT.EDU>
Received: from RUTGERS.EDU by delta.eecs.nwu.edu id aa25504; 25 Feb 90 13:12 CST
Received: from [128.112.129.117] by rutgers.edu (5.59/SMI4.0/RU1.3/3.05) 
	id AA27613; Sun, 25 Feb 90 14:15:20 EST
Received: from phoenix.Princeton.EDU by Princeton.EDU (5.58+++/2.29/mailrelay)
	id AA17856; Sun, 25 Feb 90 14:13:41 EST
Received: by phoenix.Princeton.EDU (5.61/1.98)
	id AA24734; Sun, 25 Feb 90 14:14:57 -0500
To: comp-dcom-telecom@rutgers.edu
Path: phoenix!athena!boomer
From: Don Alvarez <boomer@athena.princeton.edu>
Newsgroups: comp.dcom.telecom
Subject: Computer Fraud and Abuse Act
Summary: out of date but electronic copy of USC title 18 sec 1030
Message-Id: <14090@phoenix.Princeton.EDU>
Date: 25 Feb 90 19:14:55 GMT
Sender: news@phoenix.princeton.edu
Reply-To: Don Alvarez <boomer@athena.princeton.edu>
Organization: Princeton University
Lines: 217
Resent-Date:  Sun, 25 Feb 90 15:31:16 CST
Resent-From: telecom@eecs.nwu.edu
Resent-To: ptownson@gaak.LCS.MIT.EDU
Status: R


Here is a copy of a posting I made on the Computer Fraud and Abuse Act
(USC Title 18 Section 1030).  The posting was made while a set of ammendments
were still under consideration, and I don't have an updated copy of the
text.  Still, people might find this interesting, and I am submitting it
mainly to indicate that all you have to do is go to the library, ask
the reference librarian for a little help, and find out for yourself what
the laws are.  For homework, everyone should go to the library and read
The Electronic Communications Privacy Act (PL 99-508, HR 4952), which
I don't have an electronic copy of, but which is certainly of interest
to Telecom readers.

-don 

-----------------------Begin Included Message------------------------------

  Rep. Waly Herger (R-CA) has recently re-introduced the "Computer Virus
  Eradication Act" as an amendment to U. S. Code Title 18 Section 1030
  ("The Computer Fraud and Abuse Act of 1986").  RISKS readers may remember
  that the earlier form of the Virus Act (then designated HR 5061) was
  discussed here, and a number of the suggestions made here have been
  included in the revised bill (designated HR 55).

  The actual amendments proposed by the bill are fairly short, but
  I have attempted to include the complete text of title 18 section 1030
  (about 3 pages) for context and because that also may be of interest to
  readers.  Please note that the two clauses in section (a)(7) are joined
  by an "and."  Note that anything in mixed upper/lower case is existing
  U.S. federal law and has been for several years.

  ***** NOTE: this was hand typed and may contain errors for which   *****
  *****       no responsibility is assumed by either Don Alvarez or  *****
  *****       his employer.                                          *****

  ***** H.R. 55 consists of a series of amendments and deletions to  *****
  ***** the existing USC title 18 section 1030.  Proposed amendments *****
  ***** are in ALL CAPS proposed deletions are [enclosed in square   *****
  ***** brackets].  I have also flagged each change with several *'s *****

  ***** Text of USC title 18 section 1030 taken from Senate Report   *****
  ***** 99-432 "COMPUTER FRAUD AND ABUSE ACT OF 1986"                *****

	THE COMPUTER VIRUS ERADICATION ACT OF 1989

	101st Congress 1st Session
	H.R. 55

	To amend section 1030 of title 18, United States Code, to provide
	penalties for persons interfering with the operations of computers
	through the use of programs containing hidden commands that can
	cause harm, and for other purposes.

	In the House of Representatives January 3, 1989  Mr. Herger (for
	himself and 32 others) introduced the following bill; which was
	referred to the Committee on the Judiciary

TITLE 18: CRIMES AND CRIMINAL PROCEDURE

CHAPTER 47 -- FRAUD AND FALSE STATEMENTS

Sec. 1030. Fraud and related activity in connection with computers
(a) Whoever--
	(1) knowingly accesses a computer without authorization or exceeds
	authorized access, and by means of such conduct obtains information
	that has been determined by the United States Government pursuant
	to an Executive order or statute to require protection against
	unauthorized disclosure for reasons of national defense or foreign
	relations, or any restricted data as defined in paragraph r. of
	section 11 of the Atomic Energy Act of 1954, with the intent or
	reason to believe that such information so obtained is to be used
	to the injury of the United States, or to the advantage of any
	foreign nation;
	(2) intentionally access a computer without authorization or exceeds
	authorized access, and thereby obtains information contained in a
	financial record of a financial institution or of a card issuer as
	defined in section 1602(n) of title 15, or contained in a file
	of a consumer reporting agency on a consumer, as such terms are
	defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); or
	(3) intentionally, without authorization to access any computer of
	a department or agency of the United States, access such a computer
	of that department or agency that is exclusively for the use of the
	Government of the United States or, in the case of a computer not
	exclusively for such use, is used by or for the Government of the
	United States and such conduct affects the use of the Government's
	operation of such computer;
	(4) knowingly and with intent to defraud accesses a Federal interest
	computer without authorization, or exceeds authorized access, and by
	means of such conduct furthers the intended fraud and obtains anything
	of value, unless the object of the fraud and the thing obtained
	consists only of the use of the computer;
	(5) intentionally accesses a Federal interest computer without
	authorization, and by means of one or more instances of such conduct
	alters, damages, or destroys information in any such Federal interest
	computer, or prevents authorized use of any such computer or
	information, and thereby--
		(A) causes loss to one or more others of a value aggregating
		$1,000 or more during any one year period; or
		(B) modifies or impairs, or potentially modifies or impairs,
		the medical examination, medical diagnosis, medical treatment,
		or medical care of one or more individuals; [or]  ****
	(6) knowingly and with intent to defraud traffics (as defined in
	section 1029) in any password or similar information through which a
	computer may be accessed without authorization, if--
		(A) such trafficing affects interstate or foreign commerce; or
		(B) such computer is used by or for the Government of the
		United States; OR
****	(7) KNOWINGLY--
		(A) INSERTS INTO A PROGRAM FOR A COMPUTER, OR A COMPUTER
		ITSELF, INFORMATION OR COMMANDS, KNOWING OR HAVING REASON TO
		BELIEVE THAT SUCH INFORMATION OR COMMANDS MAY CAUSE LOSS,
		EXPENSE, OR RISK TO HEALTH OR WELFARE--
			(i) TO USERS OF SUCH COMPUTER OR A COMPUTER ON WHICH
			SUCH PROGRAM IS RUN, OR TO PERSONS WHO RELY ON
			INFORMATION PROCESSED ON SUCH COMPUTER; OR
			(ii) TO USERS OF ANY OTHER COMPUTER OR TO PERSONS
			WHO RELY ON INFORMATION PROCESSED ON ANY OTHER
			COMPUTER; AND
		(B) PROVIDES (WITH KNOWLEDGE OF THE EXISTENCE OF SUCH
		INFORMATION OR COMMANDS) SUCH PROGRAM OR SUCH COMPUTER TO A
		PERSON IN CIRCUMSTANCES IN WHICH SUCH PERSON DOES NOT KNOW
		OF THE INSERTION OR ITS EFFECTS;
	IF INSERTING OR PROVIDING SUCH INFORMATION OR COMMANDS AFFECTS, OR
	IS EFFECTED OR FURTHERED BY MEANS OF, INTERSTATE OR FOREIGN COMMERCE;
(b) Whoever attempts to commit an offense under subsection (a) of this
section shall be punished as provided in subsection (c) of this section.
(c) the punishment for an offense under subsection (a) or (b)(1) of this
section is--
	  (1)(A) a fine under this title or imprisonment for not more than ten
	years, or both, in the case of an offense under subsection (a)(1)
	OR (a)(7) of this section which does not occur after a conviction
	for another offense under such subsection, or an attempt to
	commit an offense punishable under this subparagraph; and
	  (B) a fine under this title or imprisonment for not more than twenty
	years, or both, in the case of an offense under subsection (a)(1)
	OR (a)(7) of this section which occurs after a conviction for
	another offense under such subsection, or an attempt to commit
	an offense punishable under this subparagraph; and
	  (2)(A) a fine under this title or imprisonment for not mere than
	one year, or both, in the case of an offense under subsection (a)(2),
	(a)(3) or (a)(6) of this section which does not occur after a
	conviction for another offense under such subsection, or an
	attempt to commit an offense punishable under this subparagraph; and
	  (B) a fine under this title or imprisonment for not more than ten
	years, or both, in the case of an offense under subsection (a)(2),
	(a)(3) or (a)(6) of this section which occurs after a conviction for
	another offense under such subsection, or an attempt to commit an
	offense punishable under this subparagraph; and
	  (3)(A) a fine under this title or imprisonment for not more than
	five years, or both, in the case of an offense under subsection
	(a)(4) or (a)(5) of this section which does not occur after a
	conviction for another offense under such subsection, or an attempt
	to commit an offense punishable under this subparagraph; and
	  (B) a fine under this title or imprisonment for not more than ten
	years, or both, in the case of an offense under subsection (a)(4) or
	(a)(5) of this section which occurs after a conviction for another
	offense under such subsection, or an attempt to commit an offense
	punishable under this subparagraph.
(d) The United States Secret Service shall, in addition to any other agency
    having such authority, have the authority to investigate offenses under
    this section.  Such authority of the United States Secret Service shall
    be exercised in accordance with an agreement which shall be entered into
    by the Secretary of the Treasury and the Attorney General.
(e) WHOEVER SUFFERS LOSS BY REASON OF A VIOLATION OF SUBSECTION (a)(7) MAY,
IN A CIVIL ACTION AGAINST THE VIOLATOR, OBTAIN APPROPRIATE RELIEF.  IN
A CIVIL ACTION UNDER THIS SUBSECTION, THE COURT MAY AWARD TO A
PREVAILING PARTY A REASONABLE ATTORNEY'S FEE AND OTHER LITIGATION EXPENSES.
(f) As used in this section--
	(1) the term "computer" means an electronic, magnetic, optical,
	electrochemical, or other high speed data processing device performing
	logical, arithmetic, or storage functions, and includes any data
	storage facility or communications facility directly related to or
	operating in conjuction with such device, but such term does not
	include an automated typewriter or typesetter, a portable hand held
	calculator, or other similar device;
	(2) the term "Federal interest computer" means a computer--
		(A) exclusively for the use of a financial institution or the
		United States Government, or, in the case of a computer not
		exclusively for such use, used by or for a financial
		institution or the United States Government and the conduct
		constituting the offense affects the use of the financial
		institution's operation or the Government's operation of such
		computer; or
		(B) which is one of two or more computers used in committing
		the offense, not all of which are located in the same State;
	(3) the term "State" includes the District of Columbia, the
	Commonwealth of Puerto Rico, and any other possession or territory
	of the United States;
	(4) the term "financial institution" means--
		(A) a bank with deposits insured by the Federal Deposit
		Insurance Corporation;
		(B) the Federal Reserve or a member of the Federal Reserve
		including any Federal Reserve Bank;
		(C) an institution with accounts insured by the Federal
		Savings and Loan Insurance Corporation;
		(D) a credit union with accounts insured by the National
		Credit Union Administration;
		(E) a member of the Federal home loan bank system and any
		home loan bank; and
		(F) any institution of the Farm Credit System under the Farm
		Credit Act of 1971;
		(G) a broker-dealer registered with the Securities and
		Exchange Commission pursuant to section 15 of the Securities
		Exchange Act of 1934; and
		(H) the Securities Investor Protection Corporation;
	(5) the term "financial record" means information derived from any
	record held by a financial institution pertaining to a customer's
	relationship with the financial institution;
	(6) the term "exceeds authorized access" means to access a computer
	with authorization and to use such access to obtain or alter
	information in the computer that the accesser is not entitled so
	to obtain or alter; and
	(7) the term "department of the United States" means the legislative
	or judicial branch of the Government or one of the executive
	departments enumerated in section 101 of title 5.
(g) This section does not prohibit any lawfully authorized investigative,
protective, or intelligence activity of a law enforcement agency of the
United States, a State, or a political subdivision of a State, or of an
intelligence agency of the United States.