Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 61

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act, commonly known as the Patriot Act, was signed into law in 2001 in response to the terrorist attacks that took place in the United States on September 11, 2001. The act was initially issued as a temporary measure, but most measures were reauthorized in 2006.

The Patriot Act amends many of the provisions within the CFAA and the ECPA with both new definitions of criminal offenses and new penalties for previously and newly defined computer crimes.

The Patriot Act attempts to strengthen provisions in the CFAA and ECPA to give law enforcement further authority to protect the United States against terrorist acts. The act has been heavily debated since its inception, with some of the act's provisions having been declared unconstitutional by various federal district courts. Of the act's remaining provisions, the following are particularly relevant to the CISSP exam and to you as a security professional:

 Section 202 — Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses: This section amends the CFAA to authorize investigators to obtain a wiretap for felony violations relating to computer fraud and abuse.

 Section 209 — Seizure of voicemail messages pursuant to warrants: This section authorizes investigators to seize voicemail messages with a search warrant. Prior to the Patriot Act, voicemail was only authorized for seizure with a harder-to-obtain wiretap order.

 Section 210 — Scope of subpoenas for records of electronic communications: This section updates previous law and grants access to additional information when filing a subpoena for electronic records.

 Section 212 — Emergency disclosure of electronic communications to protect life and limb: This section grants special provisions to allow a communications provider (like an ISP) to disclose customer information to law enforcement in emergency situations, such as imminent crime or terrorist attack. Prior to this amendment, communications providers may have been subject to civil liability suits for providing such information without the customer's consent.

 Section 214 — Pen register and trap and trace authority under FISA: A pen register is a device that shows the outgoing calls made from a phone, while a trap and trace device shows incoming numbers that called a phone; these capabilities are often consolidated into a single device called a pen/trap device. This section of the Patriot Act authorizes use of these devices nationwide (as opposed to an issuing court's jurisdiction) and broadens authority to include computer and internet-based communications.

 Section 217 — Interception of computer trespasser communications: This section amends previous law to allow communications providers and other organizations to allow law enforcement to intercept and monitor their systems. Prior to this amendment, companies were authorized to monitor their own systems, but were not permitted to allow law enforcement to assist in such monitoring.

 Section 220 — Nationwide service of search warrants for electronic evidence: This section authorizes nationwide jurisdiction for search warrants related to electronic evidence, such as email.

 Section 808 — Definition of federal crime of terrorism: The official definition of terrorism includes, among other things, “destruction of communication lines, stations, or systems.”

 Section 814 — Deterrence and prevention of cyberterrorism: This section strengthens penalties associated with violations in the CFAA, including doubling the maximum prison sentence from 10 to 20 years.

 Section 815 — Additional defense to civil actions relating to preserving records in response to government requests: This amendment absolves an organization from civil penalties associated with violations of the ECPA if the organization is responding to “a request of a governmental entity.”

 Section 816 — Development and support for cybersecurity forensic capabilities: This section requires the U.S. Attorney General to establish regional computer forensic laboratories to support forensic examinations on seized or intercepted computer evidence. Section 816 also requires these laboratories to provide forensic analysis training and education to federal, state, and local law enforcement personnel and prosecutors. This section also includes open-ended language authorizing these forensic labs “to carry out such other activities as the U.S. Attorney General considers appropriate.”