0:00
Welcome to Lesson 36.
In the previous lesson we asked ourselves about going after cyber criminals and
learned that it is a booming industry because very few are caught.
It is not easy to trace the evidence from the crime scene to the criminal.
In this lesson,
we'll look at another aspect of this problem related to cyber surveillance.
We start as before with the 1984 Counterfeit Access Device and
Computer Fraud Act which makes it illegal to access a computer without permission
from the owner.
Of course we understand this to mean that it is a crime to attempt to access
somebody's personal computer or intercept internet traffic coming and going from it.
This law does not apply however to workplace computers.
The 1986 Electronic Communications Privacy Act
gives employers the right to monitor the usage of their own property.
While local legislation varies, in general, it is legal for
a company to monitor workplace computers, laptops and cell phones.
This law applies only to company property.
Personal devices remain off limits.
1:07
Companies maybe motivated by the desire to monitor employee performance, or to
prevent them from engaging in activities that might get the company sued.
Either way, lawyers suggest developing a clear and reasonable monitoring policy,
limiting monitoring to work related activities and
notifying employees that their work is subject to monitoring.
What about government surveillance?
In 2013, Edward Snowden leaked information about the PRISM
domestic surveillance program.
PRISM was authorized by the 2007 Protect America Act under the Bush administration
and was extended for five more years in 2012, under the Obama administration.
Congress put an end to the program in 2015,
however, after it was leaked by Snowden.
PRISM was used to collect targeted Internet communications,
in which at least one of the parties was outside the United States.
As interpreted by the courts, the fourth amendment prevents surveillance of US
citizens, unless a warrant is issued citing probable cause.
Such warrants may be obtained through special courts
established by the 1978 Foreign Intelligence Surveillance Act.
In 2008, FISA was amended to allow US intelligence agencies to conduct
surveillance of US citizens, for up to a week without obtaining a warrant.
PRISM used this authority to collect qualifying Internet communications.
Collection was done by the FBI on the behalf of the National Security Agency.
2:49
NSA would identify surveillance targets and
send them to the FBI data intercept technology unit.
The FBI intern would forward the list to Internet service providers,
together with a subpoena demanding to turn over the data.
Corporate executives of several companies identified in the late documents,
said they had no knowledge of PRISM and
denied handing over such information to the government.
Such denials may be expected because the FISA amendment act forbids companies
from disclosing, having received such an order, let alone acting upon it.
Despite corporate denials and the fact Congress closed the program in 2015,
allegations that Yahoo had cooperated with NSA surveillance programs
threatened to overturn a $4.8 billion sale to Verizon in 2016.
The point of this cautionary tale is that cybersecurity presents
dangers from both sides.
Both from the good guys as well as the bad guys.
Still it is important to remember the following.
1, the 1986 Electronic Communications Privacy Act allows
employers to monitor company computers, laptops, and cell phones.
2, legal experts suggest companies develop clear monitoring policies,
limit monitoring to work related activities and
notifying employees that they are subject to monitoring.
3, the Fourth Amendment prohibits
surveillance of US citizens without a warrant indicating probable cause.
4, the 1978 Foreign Intelligence Surveillance Act
establishes a court system for seeking surveillance warrants.
5, the PRISM program took advantage of a 2008
FISA amendment that allowed surveillance for up to a week without a warrant.
And 6, following the Edward Snowden leaks in 2013,
Congress shutdown the PRISM program in 2015.
Please join me next time.
We take a closer look at how the US military is preparing to protect
national cyberspace.
Cheers.
Richard WhiteAssistant Research Professor
