ENCYCLOPEDIA OF Espionage, Intelligence, and Security Volume ...

Computer Fraud and Abuse Act of 1986Computer and ElectronicData DestructionComputers are often the repository of an astoundingamount of information. Even in a stand-alone computerthat is not linked to the Internet, millions of conventionalpages of text and images can be stored in the hard driveand on peripherals, such as a floppy disk or on a compactdisk (CD).For sensitive operations, the security of computerdata must be ensured. This is particularly true when datais erased. The convention version of data removal involvesthe deletion of a file, by the movement of the file toa “garbage can” (i.e., the “Recycling Bin” in the variousWindows operating systems). This form of deletion instructsthe computer to use the slice of hard or floppy diskspace for something else. Eventually, the file will be overwritten.But, until that occurs, the information is recoverable.The true cleaning of a hard or floppy disk involvesoverwriting the actual data. Computer data is recorded asa series of 0s and 1s. Irrevocable erasure of data can beachieved by rewriting the relevant sector of a drive with0’s. Others advocate for a hexadecimal pattern (i.e.,110000001) followed by a “second pass”, which overwritesthe hexadecimal pattern as 00111110. In this way,every unit of information has been changed at least once.True cleaning of a CD is also possible. The data layerthat was previously “burned” onto the CDs surface can beremoved and ground into fine powder. The originalpolycarbonate disk that remains contains no trace of theoriginal data. The CD, which is rendered unusable, can beconventionally disposed of.Destruction can also be a brute force physical process.For example, a hard drive can be physically damagedso that it cannot be read, even if installed into anothercomputer. Floppy disks can be cut apart. Thus, whileinformation may still reside on the drive, that informationis essentially destroyed. Disks and CDs can even bemelted down.A number of vendors offer data destruction servicesto those having concerns about the sensitivity and vulnerabilityof their data. Government agencies usually havein-house staff and facilities, so that sensitive informationdoes not pass into unauthorized hands, even during thedestruction process.❚ FURTHER READING:BOOKS:Bosworth, Seymour and Michael E. Kabay. ComputerSecurity Handbook. New York: John Wiley & Sons,2002.Eoghan, Casey. Digital Evidence and Computer Crime.New York: Academic Press, 2000.Encyclopedia of Espionage, Intelligence, and SecurityKruse, Warren G., II., and Jay G. Heiser. Computer Forensics:Incident Response Essentials.Boston: Addison WesleyProfessional, 2001.SEE ALSOComputer VirusElectronic Communication Intercepts, Legal IssuesInformation SecurityComputer Fraud and AbuseAct of 1986❚ ADRIENNE WILMOTH LERNERThe United States Computer Fraud and Abuse Act of 1986served to define criminal fraud and abuse for computercrimes on the federal level. The act specified a misdemeanorcrime for the trafficking and misuse of passwords,and two felony offenses for unauthorized access to federalinformation systems and private computers deemed tohave a “federal interest.” The act removed several legalambiguities that surrounded computer information theft,such as the lack of specific legislation mentioning computersand the slightness of legal precedence in such cases.Computer data systems of varying sorts had beenused by the United States government since the 1960s. Inthe early 1980s, the first computers for business and homeuse were available in the marketplace. This expanse of thecomputer-owning and software-literate population forcedthe government to begin finding ways to protect data,either through encryption or protective barrier mechanismsaround certain files. With the advent of intranetsand computer-to-computer communication through telephonelines, hacking, or the breaking into other computersystems, became more commonplace. In 1981, a computer-savvy24-year-old named Ian Murphy hacked into severalgovernment systems, including the White Houseswitchboard. Murphy used the switchboard to order variousproducts before turning his attention to cracking thecodes protecting sensitive military files. Murphy was arrested,but prosecutors did not have the legal recourse totry him for computer crimes, as no such laws existed.Murphy was eventually convicted of theft and knowinglyreceiving stolen goods.By 1982, Congress began collecting data on computercrime, and gathering testimony from computer fraud victims.Most of the victims were major corporations who didnot want their security breeches and vulnerability to becomepublic knowledge. Not only was it easy for randomhackers to crack a system, but also corporations couldhack into the data systems of rival companies, engaging incorporate espionage. After five years, Congress introducedthe Computer Fraud and Abuse Act of 1986. The bill255