National Information Infrastructure Protection Act
   HOME

TheInfoList



OR:

The National Information Infrastructure Protection Act (; ) was Title II of the
Economic Espionage Act of 1996 The Economic Espionage Act of 1996 () was a 6 title Act of Congress dealing with a wide range of issues, including not only industrial espionage (''e.g.'', the theft or misappropriation of a trade secret and the National Information Infrastructure ...
, as an amendment to the
Computer Fraud and Abuse Act The Computer Fraud and Abuse Act of 1986 (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (), which had been included in the Comprehensive Crime Control Act of 1984. The law pr ...
.


The Act

The Act was enacted in 1996 as an amendment to the
Computer Fraud and Abuse Act The Computer Fraud and Abuse Act of 1986 (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (), which had been included in the Comprehensive Crime Control Act of 1984. The law pr ...
. It modifies the earlier Code. The text is included in its entirety below. § 1030. Fraud and Related Activity in Connection with Computers (a) Whoever (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the
United States Government The federal government of the United States (U.S. federal government or U.S. government) is the national government of the United States, a federal republic located primarily in North America, composed of 50 states, a city within a fede ...
pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the
Atomic Energy Act of 1954 The Atomic Energy Act of 1954, 42 U.S.C. §§ 2011-2021, 2022-2286i, 2296a-2297h-13, is a United States federal law that covers for the development, regulation, and disposal of nuclear materials and facilities in the United States. It was an ame ...
, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it; (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains– (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602(n) of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the
Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 ''et seq'', is U.S. Federal Government legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It ...
(15 U.S.C. 1681 et seq.); (B) information from any department or agency of the United States; or (C) information from any protected computer if the conduct involved an interstate or foreign communication; (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States; (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the
fraud In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compens ...
and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any one-year period; (5) (A) (i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and (B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)– (i) loss to one or more persons during any one year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting one or more other protected computers) aggregating at least $5,000 in value; (ii) the modification or impairment, or potential modification or impairment, of the
medical examination In a physical examination, medical examination, or clinical examination, a medical practitioner examines a patient for any possible medical signs or symptoms of a medical condition. It generally consists of a series of questions about the patient ...
, diagnosis, treatment, or care of one or more individuals; (iii)
physical injury An injury is any physiological damage to living tissue caused by immediate physical stress. An injury can occur intentionally or unintentionally and may be caused by blunt trauma, penetrating trauma, burning, toxic exposure, asphyxiation, or o ...
to any person; (iv) a threat to public health or safety; or (v) damage affecting a
computer system A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These progr ...
used by or for a government entity in furtherance of the administration of
justice Justice, in its broadest sense, is the principle that people receive that which they deserve, with the interpretation of what then constitutes "deserving" being impacted upon by numerous fields, with many differing viewpoints and perspective ...
,
national defense National security, or national defence, is the security and defence of a sovereign state, including its citizens, economy, and institutions, which is regarded as a duty of government. Originally conceived as protection against military attac ...
, or
national security National security, or national defence, is the security and defence of a sovereign state, including its citizens, economy, and institutions, which is regarded as a duty of government. Originally conceived as protection against military atta ...
; (6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if (A) such trafficking affects interstate or foreign commerce; or (B) such computer is used by or for the Government of the United States; (7) with intent to extort from any person, any money or other thing of value, transmits in interstate or foreign commerce any communication containing any threat to cause damage to a protected computer; shall be punished as provided in subsection (c) of this section. (b) Whoever attempts to commit an offense under subsection (a) of this section shall be punished as provided in subsection (c) of this section. (c) The punishment for an offense under subsection (a) or (b) of this section is – (1) (A) a
fine Fine may refer to: Characters * Sylvia Fine (''The Nanny''), Fran's mother on ''The Nanny'' * Officer Fine, a character in ''Tales from the Crypt'', played by Vincent Spano Legal terms * Fine (penalty), money to be paid as punishment for an offe ...
under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an
offense Offense or offence may refer to: Common meanings * Offense or crime, a violation of penal law * An insult, or negative feeling in response to a perceived insult * An attack, a proactive offensive engagement * Sin, an act that violates a known m ...
punishable under this subparagraph; and (B) a fine under this title or
imprisonment Imprisonment is the restraint of a person's liberty, for any cause whatsoever, whether by authority of the government, or by a person acting without such authority. In the latter case it is "false imprisonment". Imprisonment does not necessari ...
for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (2) (A) except as provided in subparagraph (B), a fine under this title or imprisonment for not more than one year, or both, in the case of an offense under subsection (a)(2), (a)(3), (a)(5)(A)(iii), or (a)(6) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; (B) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(2)or an attempt to commit an offense punishable under this subparagraph, if- (i) the offense was committed for purposes of commercial advantage or private financial gain; (ii) the offense was committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State; or (iii) the value of the information obtained exceeds $5,000; (C) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (3) (A) a fine under this title or imprisonment for not more than five years, or both, in the case of an offense under subsection (a)(4), or (a)(7) of this section which does not occur after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (B) a fine under this title or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(4), (a)(5)(A)(iii) or (a)(7) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph; and (4) (A) a fine under this title, imprisonment for not more than 10 years, or both, in the case of an offense under subsection (a)(5)(A)(i), or an attempt to commit an offense punishable under that subsection; (B) a fine under this title, imprisonment for not more than 5 years, or both, in the case of an offense under subsection (a)(5)(A)(ii), or an attempt to commit an offense punishable under that subsection; (C) a fine under this title, imprisonment for not more than 20 years, or both, in the case of an offense under subsection (a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to commit an offense punishable under either subsection, that occurs after a conviction for another offense under this section. (d)(1) The
United States Secret Service The United States Secret Service (USSS or Secret Service) is a federal law enforcement agency under the Department of Homeland Security charged with conducting criminal investigations and protecting U.S. political leaders, their families, and ...
shall, in addition to any other agency having such authority, have the authority to investigate offenses under this section. (2) The
Federal Bureau of Investigation The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, ...
shall have primary authority to investigate offenses under subsection (a)(1) for any cases involving
espionage Espionage, spying, or intelligence gathering is the act of obtaining secret or confidential information (intelligence) from non-disclosed sources or divulging of the same without the permission of the holder of the information for a tangibl ...
, foreign
counterintelligence Counterintelligence is an activity aimed at protecting an agency's intelligence program from an opposition's intelligence service. It includes gathering information and conducting activities to prevent espionage, sabotage, assassinations or ot ...
, information protected against unauthorized disclosure for reasons of national defense or foreign relations, or Restricted Data (as that term is defined in section 11y of the Atomic Energy Act of 1954 (42 U.S.C. 2014(y))), except for offenses affecting the duties of the United States Secret Service pursuant to section 3056(a) of this title. (3) Such authority shall be exercised in accordance with an agreement which shall be entered into by the Secretary of the Treasury and the Attorney General. (e) As used in this section (1) the term "
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
" means an electronic, magnetic, optical, electrochemical, or other high speed
data processing Data processing is the collection and manipulation of digital data to produce meaningful information. Data processing is a form of ''information processing'', which is the modification (processing) of information in any manner detectable by an ...
device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated
typewriter A typewriter is a mechanical or electromechanical machine for typing characters. Typically, a typewriter has an array of keys, and each one causes a different single character to be produced on paper by striking an inked ribbon selectivel ...
or
typesetter Typesetting is the composition of text by means of arranging physical ''type'' (or ''sort'') in mechanical systems or ''glyphs'' in digital systems representing ''characters'' (letters and other symbols).Dictionary.com Unabridged. Random Ho ...
, a portable hand held
calculator An electronic calculator is typically a portable electronic device used to perform calculations, ranging from basic arithmetic to complex mathematics. The first solid-state electronic calculator was created in the early 1960s. Pocket-sized ...
, or other similar device; (2) the term "protected computer" means a computer (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or (B) which is used in interstate or foreign commerce or communications, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States; (3) the term "State" includes the
District of Columbia ) , image_skyline = , image_caption = Clockwise from top left: the Washington Monument and Lincoln Memorial on the National Mall, United States Capitol, Logan Circle, Jefferson Memorial, White House, Adams Morgan, ...
, the
Commonwealth A commonwealth is a traditional English term for a political community founded for the common good. Historically, it has been synonymous with "republic". The noun "commonwealth", meaning "public welfare, general good or advantage", dates from the ...
of
Puerto Rico Puerto Rico (; abbreviated PR; tnq, Boriken, ''Borinquen''), officially the Commonwealth of Puerto Rico ( es, link=yes, Estado Libre Asociado de Puerto Rico, lit=Free Associated State of Puerto Rico), is a Caribbean island and Unincorporated ...
, and any other commonwealth, possession or territory of the United States; (4) the term "financial institution" means (A) an institution with deposits insured by the
Federal Deposit Insurance Corporation The Federal Deposit Insurance Corporation (FDIC) is one of two agencies that supply deposit insurance to depositors in American depository institutions, the other being the National Credit Union Administration, which regulates and insures cred ...
; (B) the Federal Reserve or a member of the Federal Reserve including any
Federal Reserve Bank A Federal Reserve Bank is a regional bank of the Federal Reserve System, the central banking system of the United States. There are twelve in total, one for each of the twelve Federal Reserve Districts that were created by the Federal Reserve A ...
; (C) a credit union with accounts insured by the
National Credit Union Administration The National Credit Union Administration (NCUA) is a government-backed insurer of credit unions in the United States, one of two agencies that provide deposit insurance to depositors in U.S. depository institutions, the other being the Federa ...
; (D) a member of the Federal home loan bank system and any home loan bank; (E) any institution of the
Farm Credit System The Farm Credit System (FCS) in the United States is a nationwide network of borrower-owned lending institutions and specialized service organizations. The Farm Credit System provides more than $304 billion in loans, leases, and related services t ...
under the
Farm Credit Act of 1971 The Farm Credit Act of 1971 () recodified all previous acts governing the Farm Credit System (FCS), a cooperatively owned government-sponsored enterprise (GSE) that provides credit primarily to farmers and ranchers. Background The legislation wa ...
; (F) a brokerdealer registered with the Securities and Exchange Commission pursuant to section 15 of the
Securities Exchange Act of 1934 The Securities Exchange Act of 1934 (also called the Exchange Act, '34 Act, or 1934 Act) (, codified at et seq.) is a law governing the secondary trading of securities (stocks, bonds, and debentures) in the United States of America. A landma ...
; (G) the
Securities Investor Protection Corporation The Securities Investor Protection Corporation (SIPC ) is a federally mandated, non-profit, member-funded, United States corporation created under the Securities Investor Protection Act (SIPA) of 1970 that mandates membership of most US-registere ...
; (H) a branch or agency of a foreign bank (as such terms are defined in paragraphs (1) and (3) of section 1(b) of the
International Banking Act of 1978 The Creating International Banking Act of 1978 was a legislative act that brought all American branches of foreign banks and agencies under the jurisdiction of US banking regulations. It granted FDIC The Federal Deposit Insurance Corporation ...
); and (I) an organization operating under section 25 or section 25(a) of the
Federal Reserve Act The Federal Reserve Act was passed by the 63rd United States Congress and signed into law by President Woodrow Wilson on December 23, 1913. The law created the Federal Reserve System, the central banking system of the United States. The Panic ...
. (5) the term "financial record" means information derived from any record held by a financial institution pertaining to a customer's relationship with the financial institution; (6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter; (7) the term "department of the United States" means the legislative or judicial branch of the Government or one of the executive departments enumerated in section 101 of title 5; (8) the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information; (9) the term 'government entity' includes the Government of the United States, any State or political subdivision of the United States, any foreign country, and any
state State may refer to: Arts, entertainment, and media Literature * ''State Magazine'', a monthly magazine published by the U.S. Department of State * ''The State'' (newspaper), a daily newspaper in Columbia, South Carolina, United States * ''Our S ...
,
province A province is almost always an administrative division within a country or sovereign state, state. The term derives from the ancient Roman ''Roman province, provincia'', which was the major territorial and administrative unit of the Roman Empire ...
,
municipality A municipality is usually a single administrative division having corporate status and powers of self-government or jurisdiction as granted by national and regional laws to which it is subordinate. The term ''municipality'' may also mean the go ...
, or other political subdivision of a foreign country. (10) the term 'conviction' shall include a conviction under the law of any State for a crime punishable by imprisonment for more than one year, an element of which is unauthorized access, or exceeding authorized access, to a computer; (11) the term 'loss' includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service; and (12) the term 'person' means any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity. (f) This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States. (g) Any person who suffers damage or loss by reason of a violation of the section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A
civil action - A lawsuit is a proceeding by a party or parties against another in the civil court of law. The archaic term "suit in law" is found in only a small number of laws still in effect today. The term "lawsuit" is used in reference to a civil actio ...
for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in clause (i), (ii), (iii), (iv), or (v) of subsection (a)(5)(B). Damages for a violation involving only conduct described in subsection (a)(5)(B)(i) are limited to economic damages. No action may be brought under this subsection unless such action is begun within two years of the date of the act complained of or the date of the discovery of the damage. No action may be brought under this subsection for the negligent design or manufacture of computer hardware, computer software, or firmware. (h) The Attorney General and the
Secretary of the Treasury The United States secretary of the treasury is the head of the United States Department of the Treasury, and is the chief financial officer of the federal government of the United States. The secretary of the treasury serves as the principal a ...
shall report to the Congress annually, during the first three years following the date of the enactment of this subsection, concerning investigations and prosecutions under section 1030(a)(5) of title 18, United States Code. Section 814(e) Amendment of sentencing guidelines relating to certain
computer fraud Computer fraud is a cybercrime and the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, ...
and abuse.– Pursuant to its authority under section 994(p) of title 28, United States Code, the United States Sentencing Commission shall amend the Federal sentencing guidelines to ensure that any individual convicted of a violation of section 1030 of title 18, United States Code, can be subjected to appropriate penalties, without regard to any mandatory minimum term of imprisonment.


References

{{Reflist Acts of the 104th United States Congress United States federal commerce legislation United States federal computing legislation Information technology audit