Forensic and Investigative Accounting Chapter 1
Download
Report
Transcript Forensic and Investigative Accounting Chapter 1
Forensic and Investigative
Accounting
Chapter 15
Cybercrime Management:
Legal & Ethical Issues
Professor’s Note:
I have incorporated material from other sources
into this presentation to include ethical
issues.
Chapter 15
Forensic and Investigative Accounting
2
Culture Helps Determine Laws and
Ethical Standards
Chapter 15
Forensic and Investigative Accounting
3
Ethical Principles
• Golden rule: Do unto others as you
would have them do unto you
• Immanuel Kant’s categorical
imperative: If an action is not right for
everyone to take, then it is not right for
anyone
Chapter 15
Forensic and Investigative Accounting
4
Ethical Principles
• Descartes’ rule of change: If an action
cannot be taken repeatedly, then it is not
right to be taken at any time
• Utilitarian principle: Put values in rank
order and understand consequences of
various courses of action
Chapter 15
Forensic and Investigative Accounting
5
Ethical Principles
• Risk aversion principle: Take the
action that produces the least harm or
incurs the least cost
• Ethical “no free lunch” rule: All
tangible and intangible objects are owned
by creator who wants compensation for
the work
Chapter 15
Forensic and Investigative Accounting
6
Information Rights: Privacy and Freedom
in the Internet Age
• Privacy: Claim of individuals to be left
alone, free from surveillance or
interference from other individuals,
organizations, or the state
• Fair information practices: Set of
principles governing the collection and
use of information on the basis of U.S. and
European privacy laws
Chapter 15
Forensic and Investigative Accounting
7
U.S. Federal Privacy Laws
General Federal Privacy Laws
• Freedom of Information Act, 1968
• Privacy Act of 1974
• Electronic Communications Privacy Act of
1986
• Computer Matching and Privacy Protection
Act of 1988
• Computer Security Act of 1987
• Federal Managers Financial Integrity Act of
1982
Chapter 15
Forensic and Investigative Accounting
8
Communications with Children
Children’s Online Privacy Protection Act of
1998 (COPPA)
Provides restrictions on data collection that must
be followed by electronic commerce sites aimed
at children
Requires schools that receive federal funds to
install filtering software on computers
Chapter 15
Forensic and Investigative Accounting
9
Sanrio’s Approach to COPPA
Compliance
Chapter 15
Forensic and Investigative Accounting
10
Ethical Issues
Web businesses find ethical issues are
important to consider when making policy
decisions
Differences in cultures throughout the
world have resulted in different
expectations about privacy in electronic
commerce
Chapter 15
Forensic and Investigative Accounting
11
Ethical Issues (continued)
Principles for handling customer data
Chapter 15
Use data collected to provide improved customer
service
Do not share customer data with others outside
your company without the customer’s permission
Tell customers what data you are collecting and
what you are doing with it
Give customers the right to have you delete any of
the data you have collected about them
Forensic and Investigative Accounting
12
Chapter 15
Forensic and Investigative Accounting
13
Ethical Issues
Under what conditions should the privacy
of others be invaded?
What legitimaizes intruding into others’
lives through unobtrusive surveillance,
through market research, or by whatever
means?
Chapter 15
Forensic and Investigative Accounting
14
Ethical Issues
Do we have to inform people that we are
eavesdropping?
Do we have to inform people that we are
using credit history information for
employment screening purposes?
Chapter 15
Forensic and Investigative Accounting
15
Property Rights: Intellectual Property
Intellectual property: Intangible creations
protected by law
Trade secret: Intellectual work or product
belonging to business, not in public domain
Chapter 15
Forensic and Investigative Accounting
16
Property Rights: Intellectual Property
Copyright: Statutory grant protecting
intellectual property from getting copied for 28
years
Patents: Legal document granting the owner
an exclusive monopoly on the ideas behind
an invention for 20 years
Chapter 15
Forensic and Investigative Accounting
17
Jurisdiction on the Internet
Power, effects, legitimacy, and notice do not
translate well to the virtual world of electronic
commerce
Governments that want to enforce laws must
establish jurisdiction over business conduct
Contract
Chapter 15
Promise or set of promises between two or more
legal entities
Forensic and Investigative Accounting
18
Jurisdiction on the Internet
(continued)
Tort
Intentional or negligent action taken by a legal
entity that causes harm to another legal entity
Court has sufficient jurisdiction in a matter if it
has both subject matter jurisdiction and
personal jurisdiction
Chapter 15
Forensic and Investigative Accounting
19
Subject-matter Jurisdiction
Court’s authority to decide a type of dispute
Personal jurisdiction
Forum selection clause
Determined by the residence of the parties
States that a contract will be enforced according
to laws of a particular state
Long-arm statutes
Chapter 15
Create personal jurisdiction over nonresidents
who transact business in the state
Forensic and Investigative Accounting
20
Forum Selection Clause on the
Qpass Web Site
Chapter 15
Forensic and Investigative Accounting
21
Use and Protection of Intellectual
Property in Online Business
Intellectual property
Includes all products of the human mind
Products can be tangible or intangible
Intellectual property rights
Chapter 15
Include protections by governments through
Granting of copyrights and patents
Registration of trademarks and service marks
Forensic and Investigative Accounting
22
Web Site Content Issues
Fair use of a copyrighted work
Includes copying it for use in criticism,
comment, news reporting, teaching, or
research
Vicarious copyright infringement
Chapter 15
Entity becomes liable if
It is capable of supervising infringing activity
Obtains financial benefit from infringing activity
Forensic and Investigative Accounting
23
Domain Names, Cybersquatting, and
Name Stealing
Cybersquatting
Name changing
Registering a trademark domain name
Registering misspelled variations of well-known
domain names
Name stealing
Chapter 15
Ownership of a site’s assigned domain name is
changed to another site and owner
Forensic and Investigative Accounting
24
Domain Names, Cybersquatting,
and Name Stealing (continued)
U.S. Anticybersquatting Consumer Protection
Act (ACPA)
Protects trademarked names from being
registered as domain names by other parties
Parties found guilty of cybersquatting can be held
liable for damages of up to $100,000 per
trademark
Chapter 15
Forensic and Investigative Accounting
25
Protecting Intellectual Property
Online
Proposed solutions to problems in digital
copyright protection
Host name blocking
Packet filtering
Proxy servers
Chapter 15
Forensic and Investigative Accounting
26
Defamation
Defamatory statement
Product disparagement
Statement that is false and injures the reputation
of another person or company
If a defamatory statement injures the reputation of
a product or service instead of a person
Per se defamation
Chapter 15
Court deems some types of statements to be so
negative that injury is assumed
Forensic and Investigative Accounting
27
Deceptive Trade Practices
Federal Trade Commission
Regulates advertising in the United States
Publishes regulations and investigates claims of
false advertising
Provides policy statements
Policies cover specific areas such as
Chapter 15
Bait advertising
Consumer lending and leasing
Endorsements and testimonials
Forensic and Investigative Accounting
28
U.S. Federal Trade Commission
Advertising Guidance page
Chapter 15
Forensic and Investigative Accounting
29
Online Crime, Terrorism, and Warfare
Online crime
Obstacles faced by law enforcement
Jurisdiction
Difficulty applying laws written before the Internet
became prevalent to criminal actions
Online warfare and terrorism
Chapter 15
Sustained effort by a well-financed terrorist group
could slow down operation of major transactionprocessing centers
Forensic and Investigative Accounting
30
Introduction to Cybercrime
Most common complaints:
Chapter 15
Virus attacks—78%
Insider abuse of net access—59%
Laptop/mobile theft—49%
Unauthorized access to information—39%
System penetration—37%
Denial of service—17%
Theft of proprietary information—10%
Forensic and Investigative Accounting
31
Net Frauds
Net frauds ensnare unsuspecting Internet
users into giving up their resources to an
online criminal.
Phishing
Nigerian Letters
Pharming
valid URL redirects to the criminals' websites
Social
Chapter 15
engineering
Forensic and Investigative Accounting
32
Chapter 15
Forensic and Investigative Accounting
33
Intangible Assets
Information on the Internet and in computer
databases represents intangible assets
composed of bits and bytes.
The destruction of electronic representations
or the erasure of data without physically
damaging a tangible computer asset may not
be considered a crime.
Chapter 15
Forensic and Investigative Accounting
34
Intangible Assets
If data is accessed but not used for any
purpose, then no crime is committed.
Statutes may not provide for the recognition
of criminal trespass, a property crime, based
on a virtual presence (and no physical
presence).
Chapter 15
Forensic and Investigative Accounting
35
Cybercrime or Not?
Chapter 15
Spoofing
Use of bots
Chaffing
Steganography
Forensic and Investigative Accounting
36
International Law
Although 249 countries have IP domain
registrations, the countries with cybercrime
statutes are fewer.
Some countries have broad provisions for
computer crimes, some have limited
provisions, and still some had no provisions
at all.
Chapter 15
Forensic and Investigative Accounting
37
International Law
In 2001, the Council of Europe Convention on
Cybercrime issued a model law for its member
states including transactional cooperation
recommendations. The Council’s model law
has 48 sections for incorporation into national
laws on cybercrime.
Chapter 15
Forensic and Investigative Accounting
38
Federal Statutes Related to
Cybercrimes
18 U.S.C. 1029 Fraud and Related Activity in
Connection with Access
Devices
18 U.S.C. 1030 Fraud and Related Activity in
Connection with Computers
18 U.S.C. 2701 Unlawful Access to Stored
Communications
Chapter 15
Forensic and Investigative Accounting
39
USA Patriot Act of 2001
The USA Patriot Act has strengthened U.S.
cyber laws and expanded cybercrime
definitions.
Under the Act, an activity covered by the law
is considered a crime if it causes a loss
exceeding $5,000, impairment of medical
records, harm to a person, or threat to public
safety.
Chapter 15
Forensic and Investigative Accounting
40
USA Patriot Act of 2001
Amendments made by the Act make it
easier for an Internet service provider
(ISP) to make disclosures about unlawful
customer actions without the threat of civil
liability to the ISP.
Another revision made by the Act provides
that victims of hackers can request law
enforcement help in monitoring
trespassers on their computer systems.
Chapter 15
Forensic and Investigative Accounting
41
State Legislation
Many of the states have separately enacted
money laundering, identity theft, online
gambling, cyberstalking and other Internet
statutes in their codes.
Many statutes do not refer to “cybercrimes”
as they were originally enacted when there
was no Internet. Thus, legislative oversight in
the acts tends to focus on “computer crimes,”
“unlawful access,” or “property crimes.”
Chapter 15
Forensic and Investigative Accounting
42
Fighting Cybercrime
The following list describes the skill set needed
to fight cybercrime:
Ability to build an Internet audit trail
Skills needed to collect “usable” courtroom
electronic evidence
Ability to trace an unauthorized system user
(continued on next slide)
Chapter 15
Forensic and Investigative Accounting
43
Fighting Cybercrime
Knowledge base to use in recommending or
reviewing security policies
Knowledge of the most recent computer fraud
techniques
Basic understanding of the information that
can be collected from various computer logs
Ability to place a valuation on incurred losses
from attacks
(continued on next slide)
Chapter 15
Forensic and Investigative Accounting
44
Fighting Cybercrime
Technical familiarity with the Internet, web
servers, firewalls, attack methodologies,
security procedures, and penetration testing
Understanding of organizational and legal
protocols in incident handling to prevent
employee rights violations
An established relationship with law
enforcement agencies
Chapter 15
Forensic and Investigative Accounting
45
Chapter 15
Forensic and Investigative Accounting
46
Chapter 15
Forensic and Investigative Accounting
47
Chapter 15
Forensic and Investigative Accounting
48
Chapter 15
Forensic and Investigative Accounting
49
Chapter 15
Forensic and Investigative Accounting
50
Chapter 15
Forensic and Investigative Accounting
51
Chapter 15
Forensic and Investigative Accounting
52
Chapter 15
Forensic and Investigative Accounting
53
Chapter 15
Forensic and Investigative Accounting
54
Chapter 15
Forensic and Investigative Accounting
55
Chapter 15
Forensic and Investigative Accounting
56
Chapter 15
Forensic and Investigative Accounting
57
Filing Reports of Cybercrimes
An investigator should know where, besides
law enforcement, such crimes can be reported.
There are a number of websites that collect
information about events that may be
cybercrimes.
Chapter 15
Forensic and Investigative Accounting
58
Chapter 15
Forensic and Investigative Accounting
59
Chapter 15
Forensic and Investigative Accounting
60
Chapter 15
Forensic and Investigative Accounting
61
End Ch. 15
Resources Listed Below
http://www.ic3.gov/
http://www.nw3c.org/
http://www.fbi.gov/page2/jan06/ccctf012506.htm
http://www.wardial.net/
http://insecure.org/
http://www.fakemailz.com/
http://www.spammimic.com/
http://www.cotse.net
Chapter 15
Forensic and Investigative Accounting
62