Skip to main content

Types of Law

Type of Law Description Key Takeaway
Criminal Law Contains prohibitions against actions like murder, assault, and robbery. Can lead to jail/prison.
Civil Law Addresses contractual disputes, real estate transactions, employment, estate, and probate. Often involves fights over money.
Administrative Law Defines standards of performance and conduct for industries, organizations, and government agencies. E.g., FDA regulations on drug safety.

Concepts

Intellectual Property (IP) and Licensing

  • Trademarks:
    • Cover words, slogans, and logos identifying companies and products/services. E.g., Coca-Cola or IBM.
    • Purpose: Avoid marketplace confusion.
  • Patents:
    • Protect IP rights of inventors.
    • Requirements: Must be new, useful, not obvious.
    • Considerations:
      • Limited protection.
      • Disclosure of technology is required.
      • Not all patented technologies are marketed.

        warning E.g., Apple patents hinting at future products.

  • Trade Secrets:
    • Critical IP that should remain undisclosed.
    • Bypasses the limitations of copyrights and patents.

Licensing

  • Types:
    1. Contractual: Agreements written into a contract between a vendor and customer.
    2. Shrink-wrap: Old-school licensing with physical software purchases.
    3. Click-through: Common online agreements where users accept terms by clicking a button.
    4. Cloud Services: Advanced click-through, where terms are often hidden or require extra clicks. danger Often, full details are not immediately visible.

Length of Protections

  • Trademarks:
    • Last for 10 years.
    • Can potentially last indefinitely but must be renewed every decade.

Types of Intellectual Property Protections

Patents

  • Duration:
    • Typically granted for 20 years from the date of application.
  • Examples:
    • Vapes: Patented 20 years ago, became popular after patent expiry.
    • Pharma: Vyvanse/Lisdexamphetamine.
  • Duration:
    • Lasts for the lifetime of the author plus an additional 70 years.
  • Notable Influences:
    • Lobbying by corporations, such as Disney, to continually extend the duration.

Trade Secrets

  • Duration:
    • Indefinite.
  • Definition:
    • Intellectual property critical to a business that must not be disclosed.

Types of Law and Regulations

Name

Description

 Category Criminal

US - Computer Fraud and Abuse Act (CFAA)

The first major piece of US cybercrime-specific legislation. Main focus is on on federal systems. Made it a crime to:

  • Access classified or financial information in a federal system without authorization.
  • Use a federal computer to perpetrate a fraud.
  • Cause malicious damage to a computer system exceeding $1,000.
  • Modify medical records in a computer, impairing treatment.
 Digital Yes

USA - Federal Information Security Management Act (FISMA)

An act focused on formalizing infosec operations for the federal government.

  • Mandatory for federal agencies to have formal infosec operations.
  • Requires government agencies to include activities of contractors in their security management programs.
  • FISMA repealed and replaced
    • Computer Security Act of 1987.
    • Government Information Security Reform Act of 2000.
  • NIST (National Institute of Standards and Technology) is tasked with developing the FISMA implementation guidelines.
 Digital No

US - Digital Millennium Copyright Act (DMCA)

Covers literary, musical, and dramatic acts.

  • Precedent for copyrighting computer software as it can fall under "literary work".
  • Protects only the expression inherent in the software (actual source code).
  • Ownership defaults to the creator of a work.
    • Exception: "Works for hire". i.e., the work belongs to you unless you've been hired to make it for someone else.
  • Protection Duration: Typically lasts 70 years, but it can vary. 
  • The 1st major revision included CD/DVD copy protections which introduced Digital Rights Management (DRM) – controversial at the time.
 Digital Yes
US Federal Sentencing Guidelines

Provides punishment guidelines to assist federal judges in interpreting computer crime laws. Formalized the "prudent man" rule, emphasizing due care.

Burdens of Proof for Negligence include:

  • Legal Obligation: The accused must have a legally recognized obligation.
    • E.g., Senior executives are responsible for ensuring due care.
  • Failure to Comply: The accused must have failed to comply with recognized standards.
  • Causal Relationship: There must be a direct link between the negligence act and the resulting damages.
 Digital Guideline

US Identity Theft and Assumption Deterrence Act of 1998

Makes identity theft a crime against the person whose identity was stolen.

 


 Digital Yes, up to a 15-year prison term and/or a $250,000 fine.
Economic Espionage Act of 1996

Economic Espionage: The theft or misappropriation of a trade secret with the intent or knowledge that the offense will benefit a foreign government, foreign instrumentality, or foreign agent.

  • Made the theft of proprietary economic information an act of espionage.
  • Expanded the legal definition of theft beyond just physical constraints.
 Business Yes
Privacy Act of 1974 Limits federal government agencies from disclosing private information without the affected individual's prior written consent. Privacy Yes
US - Electronic Communications Privacy Act (EPCA) of 1986 Criminalizes the invasion of electronic privacy of individuals. Digital, Privacy EPCA
US - Comm Assistance for Law Enforcement Act (CALEA) of 1994
  • Amended EPCA.
  • Permits wiretaps for law enforcement with the appropriate court order, independent of the technology.
 Privacy No
US - Health Insurance Portability and Accountability Act (HIPAA)
  • Sets privacy and security regulations.
  • Enforces security measures for hospitals, physicians, and insurance companies.
 Health  Yes
US - Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)
  • Updates HIPAA's privacy and security requirements.
  • Extends obligations to organizations that handle PHI for a HIPAA-covered entity.
 Digital, Health Yes
US - Children's Online Privacy Protection Act (COPAA) Sets requirements for websites targeting children or collecting information from them. Privacy Sometimes
US - Gramm-Leach-Bliley Act (GLBA)

Focus on Services, banks, lenders, and insurance. Limitations include services and the data sharing among them.

 Business Yes
US - Sarbanes-Oxley Act (SOX) of 2002

Enacted in response to a number of major corporate and accounting scandals, including those affecting Enron, Tyco International, and WorldCom. The law's primary intent is to protect investors from fraudulent financial reporting by corporations.

 Business Yes
Family Educational Rights and Privacy Act (FERPA)

Provides privacy rights to students over 18 and the parents of minor students.

 Privacy No
USA PATRIOT Act of 2001
  • Expands law enforcement and intelligence agencies' powers.
  • Broadens wiretapping authorizations from one at to a time to a blanket request. 
  • Enacted shortly after 9/11 attacks in 2001.
 Privacy
PCI DSS (Payment Card Industry Data Security Standard)

Ensures the security of card transactions. Created in 2004 by major credit card companies. Objectives include: 

  1. Maintain a secure transaction network.
  2. Protect stored cardholder data.
  3. Shield systems from malicious hackers.
  4. Safeguard cardholder data both physically and digitally.
  5. Continuously monitor and regularly test networks.
  6. Uphold a formal information security policy.
 Finance Not a law; standards implemented by the banks. 
European Union Privacy Law 1998

Directive that established privacy measures for protecting personal data processed by information systems. Served as the precursor to EU privacy law. Non-European Organizations need to determine the applicability of these rules when operating or dealing with European data.

 Privacy
USEU: Privacy Shield

An agreement between the EU and US detailing specific requirements for processing personal information.  Compliant businesses get safe harbor from potential prosecution or legal consequences. Requirements include: 

  • Informing individuals about data processing activities.
  • Providing means for dispute resolution.
  • Cooperating with the Department of Commerce and the Federal Trade Commission.
  • Certifying businesses that adhere to these regulations.
 Privacy
EU - GDPR (General Data Protection Regulation)

Creation of unified data protection entities in each EU member state. Applicable to organizations collecting data from EU residents or those processing such information on behalf of another entity.

  • Obligates companies to notify authorities of significant data breaches within 72 hours.
  • Individuals have the right to access their personal data.
  • Allows individuals to transfer personal data between service providers upon their request.
  • Lets individuals demand companies to delete their information if it is no longer necessary.
 Privacy No

Exporting even low-grade encryption technology outside the US was initially very restrictive. Now, there are specific categories for retail and mass-market security software. Firms can submit products for review to obtain export approval from the commerce department. Some encryption export controls still restrict certain encryption technologies from being exported outside the US.

US - International Traffic in Arms Regulations (ITAR)

 

  • Regulates the export of items specifically designated as military and defense items.
  • Department of Commerce's Bureau of Industry and Security.

  • Historical Context

  • Key Point

 Governing Regultaion
US - Export Administration Regulations (EAR)
  • Regulates a broad set of items designed for commercial use that could have military applications.
  • Governs the export of sensitive hardware and software products internationally.
 Governing Regulation

 

Back to top