COSC3360 12/2/1999 Major changes to 1986 Computer Fraud and Abuse Act 1. Name change: New name: The National Information Infrastructure Protection Act of 1996 2. "Protected Computers" replaced "Federal Interest Computers" which now include: a. a computer exclusively for the use of a financial institution or the United States Government, or in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government, or b. a computer which is used in interstate or foreign commerce or communications. 3. Provision of an additional offense: 1030(a)7 Protection against the interstate or international transmission of threats to cause damage to Protected Computer(s) with intent to extort any money or anything of value from any body or any organization. 4. Narrowing the definition of the offense of illegally obtaining national security information. 1030(a)1 It now requires: "willfully communicates, delivers, transmits, or caused to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it or willfully retains the same and fails to deliver it to the officer or an employee of the United States entitled to receive it." 5. Extension of protection from unauthorized information access. 1030(a)2 Now the protection is provided not just for the financial institutions' information But also for that from "Any United States Government department or agency and Also for that from any Protected computers if the conduct involved an interstate or Foreign communications. 6. Narrowing the definition of Defrauding Protected computers. 1030(a)4 Unauthorized use of a Protected computer must total at least $5,000 for a year.