You may have studied this book diligently and taken every reasonable step toward protecting your system, yet someone still abused it. Perhaps an ex-employee has broken in through an old account and has deleted some records. Perhaps someone from outside continues to try to break into your system despite warnings that they should stop. What recourse do you have through the courts? Furthermore, what are some of the particular dangers you may face from the legal system during the normal operation of your computer system? What happens if you are the target of legal action?
This chapter attempts to illuminate some of these issues. The material we present should be viewed as general advice, and not as legal opinion: for that, you should contact good legal counsel and have them advise you.
You have a variety of different recourses under the U.S. legal system for dealing with a break-in. A brief chapter such as this one cannot advise you on the subtle aspects of the law. Every situation is different. Furthermore, there are differences between state and Federal law, as well as different laws that apply to computer systems used for different purposes. Laws outside the U.S. vary considerably from jurisdiction to jurisdiction; we won't attempt to explain anything beyond the U.S. system.[1]
[1] An excellent discussion of legal issues in the U.S. can be found in Computer Crime: A Crimefighter's Handbook (O'Reilly & Associates. 1995), and we suggest you start there if you need more explanation than we provide in this chapter.
You should discuss your specific situation with a competent lawyer before pursuing any legal recourse. As there are difficulties and dangers associated with legal approaches, you should also be sure that you want to pursue this course of action before you go ahead.
In some cases, you may have no choice; you may be required to pursue legal means. For example:
If you want to file a claim against your insurance policy to receive money for damages resulting from a break-in, you may be required by your insurance company to pursue criminal or civil actions against the perpetrators.
If you are involved with classified data processing, you may be required by government regulations to report and investigate suspicious activity.
If you are aware of criminal activity and you do not report it (and especially if your computer is being used for that activity), you may be criminally liable as an accessory.
If your computer is being used for certain forms of unlawful or inappropriate activity and you do not take definitive action, you may be named as a defendant in a civil lawsuit seeking punitive damages for that activity.
If you are an executive and decide not to investigate and prosecute illegal activity, shareholders in your corporation can bring suit against you.
If you believe that your system is at risk, you should probably seek legal advice before a break-in actually occurs. By doing so, you will know ahead of time the course of action to take if an incident occurs.
To give you some starting points for discussion, this chapter provides an overview of the two primary legal approaches you can employ, and some of the features and difficulties that accompany each one.