SUMMARY C841- Task-1 Running head: TECHFITE CASE STUDY LEGAL ANALYSIS C841: Legal Issues in Information Security.

SUMMARY C841- Task-1 Running head: TECHFITE CASE STUDY LEGAL ANALYSIS C841: Legal Issues in Information Security. TechFite Case Study Legal Analysis Upon suspicion of unethical and illegal activity, board of directors’ chairperson for TechFite John Jackson commissioned independent investigators to conduct a security audit of the IT and business practices of the Applications Division. At the conclusion of the investigation, several pieces of evidence pointing to wrongdoing on the part of some of the key personnel in the Applications Division were found. Specifically, damages of intellectual property rights against two potential clients of TechFite were found to have taken place as a result of malfeasance on the part of the Applications Division. This is a legal analysis of those findings and guidance for TechFite to use for corrective and perhaps legal action moving forward. A – Application of Law The principle laws relevant to this section of the analysis are Federal Statutes the Computer Fraud and Abuse Act (CFAA) and the Electronic Communications Privacy Act (ECPA). A1 – CFAA & ECPA The Computer Fraud and Abuse Act was passed and signed into law in 1986. The CFAA criminalizes certain types of damage against a “protected computer”. Under the statute, a protected computer qualifies as a computer used by the federal government, a computer used by a financial institution, and a computer used in interstate or foreign commerce. (Bailie, n.d.) Under the definition of a computer used in interstate or foreign commerce, the CFAA expands the definition of a protected computer to include the Internet because it is used to facilitate commerce between different states. The CFAA also prohibits the unauthorized trafficking of computer access information that allows people to access other computers without authorization as well as users that exceed the scope of their authorization level without granted permissions or maliciously so. The Electronic Communications Privacy Act protects the privacy of communications transfers via electronic means such as wire and radio but does not protect oral communications, paged communications, and more. It also protects communications held in electronic storage from unauthorized access. Like provisions in the CFAA, this extends to unauthorized privilege escalation with the intent to view, steal, or otherwise coopt documents and resources intended for another party. (“What is the Electronic Communications Privacy Act?,” n.d.) In the course of the TechFite investigation, it was discovered that the company conducts business via Internet and wire transfer with three possible “shell” companies and banks in This study source was downloaded by from CourseH on :40:48 GMT -06:00 TECHFITE CASE STUDY LEGAL ANALYSIS 3 different states violating the provisions set forth in the CFAA. These companies were found to be clients of TechFite on paper only and to be registered to the same entity in the state of Nevada. This entity is a man named Yu Lee that was found to be a personal acquaintance of Applications Division head Carl Jaspers. The CFAA and ECPA prohibit the unauthorized elevation of access rights to a protected computer. It was found within the TechFite Applications Division Business Intelligence Unit (BI) that computers were equipped with a sophisticated computer hacking tool called Metasploit. It was discovered that three engineers in the BI unit had been involved in the unauthorized scanning of other companies’ networks in search of IP addresses and penetration testing schemes. The second violation of both the CFAA and ECPA perpetrated was the escalation of privileges of suspected “dummy” accounts created at the direction of Carl Jaspers. These accounts were found to not have been employees of TechFite, very active via email containing evidence of malicious messaging, and used to exceed privilege levels to gain unauthorized access to sensitive material in other departments such as Human Resources and Finance. A2 - Three Laws that justify legal action Three laws that can be used in the justification of legal action are the Racketeering Influenced & Corrupt Organizations Law (RICO), the Wiretap Statutes of the Electronic Communications Privacy Act, and The Economic Espionage Act of 1996. A2a – Racketeering Influenced & Corrupt Organizations Law (RICO) RICO is a federal law designed to combat organized crime in the United States. It allows prosecution and civil penalties for racketeering activity performed as part of an ongoing criminal enterprise. (“Racketeer Influenced and Corrupt Organizations Act (RICO),” n.d.). RICO includes a long list of offenses including racketeering, money laundering, and embezzlement. These are the three aspects of RICO that apply to the TechFite case. Nearly the entire Applications Division at TechFite has been operating as a criminal organization with at least five individuals participating in illicit activities. Department head Jaspers may be involved in all three as a result of his connection to Yu Lee and his shell companies. A2b - Wiretap statutes, U.S. Code Vol.18, sec. 2510.