State of the Practice of Computer Security Incident Response Teams (CSIRTs)

Appendix D: Cyber Crime Law Resources

International Cyber Crime Laws

Council of Europe -- http://www.coe.int/

Council of Europe -- -- Legal Affairs -- -- Treaty Office -- -- http://conventions.coe.int/

Data Protection/Privacy

Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS¹⁵¹ no. 108) http://conventions.coe.int/treaty/en/whatyouwant.asp?nt=108
[Entry into force 1985-10-01]
Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows (ETS no. 181)
http://conventions.coe.int/treaty/en/whatyouwant.asp?nt=181

Cyber Crime
http://www.coe.int/t/e/legal_affairs/legal_co-operation/combating_economic_crime /cybercrime/

Convention on Cybercrime (ETS no. 185)
http://conventions.coe.int/treaty/en/whatyouwant.asp?nt=185

This Convention defines nine offenses in four categories:

Title 1 -- Offences against the confidentiality, integrity, and availability of computer data and systems

Article 2 -- Illegal access
Article 3 -- Illegal interception
Article 4 -- Data interference
Article 5 -- System interference
Article 6 -- Misuse of devices

Title 2 -- Computer-related offences

Article 7 -- Computer-related forgery
Article 8 -- Computer-related fraud

Title 3 -- Content-related offences

Article 9 -- Offences related to child pornography

Title 4 -- Offences related to infringements of copyright and related rights

Article 10 -- Offences related to infringements of copyright and related rights

Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems (ETS no. 189)

http://conventions.coe.int/treaty/en/whatyouwant.asp?nt=189

This Protocol expands the scope of the Convention on Cybercrime (ETS no. 185) to also criminalise acts of a racist and xenophobic nature committed through computer systems:

Article 3 -- Dissemination of racist and xenophobic material through computer systems
Article 4 -- Racist and xenophobic motivated threat
Article 5 -- Racist and xenophobic motivated insult
Article 6 -- Denial, gross minimisation, approval or justification of genocide or crimes against humanity

European Union -- http://europa.eu.int/

NOTE: It is useful to understand the "institutional triangle" of the European Union and how decision making and legislation work

The European Union at a glance -- http://europa.eu.int/abc-en.htm

Institutions of the European Union -- http://europa.eu.int/inst-en.htm

European Parliament (EP) -- http://www.europarl.eu.int/

626 members, elected by citizens shares with the Council the power to legislate exercises supervision over the Commission (approves nomination of Commissioners) and all institutions

Council of the European Union -- http://ue.eu.int/

one representative from each member state decision-making role

European Commission -- http://europa.eu.int/comm/

20 members, appointed by member states after approval by EP draft legislation and proposals to EP and Council responsible for implementing legislation adopted guardian of Treaties and ensures that Community law is applied represents the Union internationally and negotiates international agreements

EUR-Lex -- The portal to European Union Law
http://www.europa.eu.int/eur-lex/

EUR-Lex -- Legislation In Force
http://www.europa.eu.int/eur-lex/en/search/search_lif.html

Analytical structure/register index for 13.20.60 Information technology, telecommunications, and data processing http://europa.eu.int/eur-lex/en/lif/reg/en_register_132060.html

Directive 95/46/EC (http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_force=NO&an_doc=1995&nu_doc=46&type_doc=Directive) -- on the protection of individuals with regard to the processing of personal data and on the free movement of such data
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs>=25&domain=Legislation&coll=&in_force=NO&an_doc=1995&nu_doc=46&type_doc=Directive

Directive 97/66/EC -- concerning the processing of personal data and the protection of privacy in the telecommunications sector
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_force=NO&an_doc=1997&nu_doc=66& type_doc=Directive

(http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_force=NO&an_doc=1998&nu_doc=84&type_doc=Directive) Directive 98/84/EC -- on the legal protection of services based on, or consisting of, conditional access
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_force=NO&an_doc=1998& nu_doc=84&type_doc=Directive

Directive 2000/31/EC -- on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ("Directive on electronic commerce")
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_force=NO&an_doc=2000&nu_doc=31&type_doc=Directive

Decision No 276/1999/EC -- adopting a multiannual community action plan on promoting safer use of the Internet by combatting illegal and harmful content on global networks
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Legislation&coll=&in_force=NO&an_doc=1999&nu_doc=276&type_doc=Decision

Safer Internet Action Plan (IAP)
http://europa.eu.int/information_society/programmes/iap/index_en.htm
http://www.saferinternet.org/

IAP Action Lines include

creating a safer environment

creating a European network of hotlines
encouraging self-regulation and codes of conduct

developing filtering and rating systems

demonstrating the benefits of filtering and rating
facilitating international agreement on rating systems

encouraging awareness actions

preparing the ground for awareness actions
encouraging implementation of full-scale awareness actions

support actions

accessing legal implications
coordination with similar international initiatives
evaluating the impact of community measures

Information Society
http://europa.eu.int/information_society/index_en.htm
http://europa.eu.int/pol/infso/index_en.htm

EUR-Lex -- Official Journal
http://www.europa.eu.int/eur-lex/en/searchs/earch_oj.html

OJ 2000/C 124 -- The Prevention and Control of Organised Crime: A European Union Strategy for the beginning of the new Millennium
http://www.europa.eu.int/servlet/portail/RenderServlet?search=RefPub&lg=en&nb_docs=25&domain=Legislation&in_force=NO&year=2000&month=5&day=&coll=JOC&nu_jo=124

OJ 2002/C 203
http://www.europa.eu.int/servlet/portail/RenderServlet?search=RefPub&lg=en&nb_docs=25&domain=&in_force=NO&year=2002&month=8&day=27&coll=JOC&nu_jo=203&page=109

Communication COM/2002/0173 final -- CNS 2002/0086 -- Proposal for a Council Framework Decision on attacks against information systems
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Preparatory&in_force=NO&type_doc=COMfinal&an_doc=2002&nu_doc=173

EUR-Lex -- Documents of Public Interest
http://www.europa.eu.int/eur-lex/en/search/search_dpi.html

Communication COM/2000/0890 final -- Creating a Safer Information Society by Improving the Security of Information Infrastructures and Combating Computer-related Crime (eEurope 2002)
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Preparatory&in_force=NO&type_doc=COMfinal&an_doc=2000&nu_doc=890

Communication COM/2001/0298 final -- Network and Information Security: Proposal for A European Policy Approach
http://www.europa.eu.int/servlet/portail/RenderServlet?search=DocNumber&lg=en&nb_docs=25&domain=Preparatory&in_force=NO&type_doc=COMfinal&an_doc=2001&nu_doc=298

G8 -- G8 Information Centre http://www.g8.utoronto.ca/

The Birmingham Summit (1998)
"G8 and International Crime"
http://birmingham.g8summit.gov.uk/crime/

G8 Lyon Group -- links
http://www.g8.utoronto.ca/crime/
http://www.auswaertiges-amt.de/www/en/aussenpolitik/vn/lyon_group_html
http://www.g8j-i.ca/english/experts.html
http://www.usdoj.gov/criminal/cybercrime/G8experts.htm

United Nations -- http://www.un.org/

United Nations Office for Drugs and Crime (UNODC)
http://www.unodc.org/

UNODC Crime Programme
http://www.unodc.org/unodc/crime_cicp.html

United Nations Crime and Justice Information Network (UNCJIN)
http://www.unodc.org/unodc/en/uncjin.html
http://www.uncjin.org/ (previous site)

United Nations Convention Against Transnational Organized Crime
http://www.unodc.org/unodc/crime_cicp_convention.html

Organization of American States -- http://www.oas.org/

Cyber Crime
http://www.oas.org/juridico/english/cyber.htm

Resolutions of the General Assembly of the OAS Related to Cyber Crime
http://www.oas.org/juridico/english/cyber_reso.htm

Organisation for Economic Co-operation and Development (OECD) -- http://www.oecd.org/

Information Security and Privacy
http://www.oecd.org/sti/security-privacy

OECD Guidelines for the Security of Information Systems and Networks
http://www.oecd.org/dataoecd/59/0/1946946.pdf
http://www.oecd.org/dataoecd/27/6/2494779.pdf

United States Federal Laws

U.S. House of Representatives -- Office of the Law Revision Counsel
http://uscode.house.gov/

United States Code (U.S.C.) -- a consolidation and codification by subject matter of the general and permanent laws of the United States
Search the United States Code for a specific section at http://uscode.house.gov/usc.htm

U.S. Library of Congress -- THOMAS, Legislative Information on the Internet
http://thomas.loc.gov/
Bills, Public Laws, and other legislation

U.S. Department of Justice -- Computer Crime and Intellectual Property Section (CCIPS)
http://www.cybercrime.gov/

U.S. Department of Justice -- Federal Computer Intrusion Laws
http://www.cybercrime.gov/cclaws.html
Federal criminal code related to computer crime

Title 18 -- Crimes and Criminal Procedure

Chapter 47 -- Fraud and False Statements
18 U.S.C. § 1029* -- Fraud and related activity in connection with access devices
http://www.cybercrime.gov/usc1029.htm
18 U.S.C. § 1030* -- Fraud and related activity in connection with computers
http://www.cybercrime.gov/1030_new.html

Chapter 65 -- Malicious Mischief
18 U.S.C. § 1362* -- Communication lines, stations or systems
http://www.cybercrime.gov/usc1362.htm

Chapter 119 -- Wire and Electronic Communications Interception and Interception of Oral Communications
18 U.S.C. § 2511* -- Interception and disclosure of wire, oral, or electronic communications prohibited
http://www.cybercrime.gov/usc2511.htm
Chapter 121 -- Stored Wire and Electronic Communications and Transactional Records Access
18 U.S.C. § 2701* -- Unlawful access to stored communications
http://www.cybercrime.gov/usc2701.htm
18 U.S.C. § 2702* -- Disclosure of contents
http://www.cybercrime.gov/usc2702.htm
18 U.S.C. § 2703* -- Requirements for governmental access
http://www.cybercrime.gov/usc2703.htm

* (http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107.pdf) USA Patriot Act -- Public Law 107-56 (H.R. 3162)
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001
(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107.pdf) http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107.pdf
Amends 18 U.S.C. § 1029, 1030, 1362, 2511, 2702, 2703

U.S. Department of Justice -- Criminal Intellectual Property Laws
http://www.cybercrime.gov/iplaws.htm
Federal Statutes Protecting Intellectual Property Rights

Copyright Offenses

Title 17 -- Copyrights
Chapter 5 -- Copyright Infringement and Remedies
17 U.S.C. § 506 -- Criminal offenses
http://www.cybercrime.gov/17usc506.htm

Title 18 -- Crimes and Criminal Procedure
Chapter 113 -- Stolen Property
18 U.S.C. § 2318 -- Trafficking in counterfeit labels for phonorecords, copies of computer programs or computer program documentation or packaging, and copies of motion pictures or other audio visual works, and trafficking in counterfeit computer program documentation or packaging
http://www.cybercrime.gov/18usc2318.htm
18 U.S.C. § 2319 -- Criminal infringement of a copyright
http://www.cybercrime.gov/18usc2319.htm

Copyright Management Offenses -- Digital Millennium Copyright Act (DMCA)

Title 17 -- Copyrights
Chapter 12 -- Copyright Protection and Management Systems
17 U.S.C. § 1201 -- Circumvention of copyright protection systems
http://www.cybercrime.gov/17usc1201.htm
17 U.S.C. § 1202 -- Integrity of copyright management information
http://www.cybercrime.gov/17usc1202.htm
17 U.S.C. § 1203 -- Civil remedies
http://www.cybercrime.gov/17usc1203.htm
17 U.S.C. § 1204 -- Criminal offenses and penalties
http://www.cybercrime.gov/17usc1204.htm
17 U.S.C. § 1205 -- Savings clause
http://www.cybercrime.gov/17usc1205.htm

Bootlegging Offenses

Title 18 -- Crimes and Criminal Procedure
Chapter 113 -- Stolen Property
18 U.S.C. § 2319A -- Unauthorized fixation of and trafficking in sound recordings and music videos of live musical performances
http://www.cybercrime.gov/18usc2319A.htm

Trademark Offenses

Title 18 -- Crimes and Criminal Procedure
Chapter 113 -- Stolen Property
18 U.S.C. § 2320 -- Trafficking in counterfeit goods or services
http://www.cybercrime.gov/18usc2320.htm
Amended by Pub. L. 107-140, sec. 1, 116 Stat. 12.

Trade Secret Offenses

Title 18 -- Crimes and Criminal Procedure
Chapter 90 -- Protection of Trade Secrets
18 U.S.C. § 1831 -- Economic espionage
http://www.cybercrime.gov/18usc1831.htm
18 U.S.C. § 1832 -- Theft of trade secrets
http://www.cybercrime.gov/18usc1832.htm
18 U.S.C. § 1833 -- Exceptions to prohibitions
http://www.cybercrime.gov/18usc1833.htm
18 U.S.C. § 1834 -- Criminal forfeiture
http://www.cybercrime.gov/18usc1834.htm
18 U.S.C. § 1835 -- Orders to preserve confidentiality
http://www.cybercrime.gov/18usc1835.htm
18 U.S.C. § 1836 -- Civil proceedings to http://www.cybercrime.gov/18usc1836.htm
18 U.S.C. § 1837 -- Applicability to conduct outside the United States
http://www.cybercrime.gov/18usc1837.htm
18 U.S.C. § 1838 -- Construction with other laws
http://www.cybercrime.gov/18usc1838.htm
18 U.S.C. § 1839 -- Definitions
http://www.cybercrime.gov/18usc1839.htm

Offenses Relating to the Integrity of Intellectual Property Systems

Title 17 -- Copyrights
Chapter 5 -- Copyright Infringement and Remedies
17 U.S.C. § 506(c) -- Criminal offenses -- Fraudulent Copyright Notice
http://www.cybercrime.gov/17usc506_c-d.htm
17 U.S.C. § 506(d) -- Criminal offenses -- Fraudulent Removal of Copyright Notice
http://www.cybercrime.gov/17usc506_c-d.htm
17 U.S.C. § 506(e) -- Criminal offenses -- False Representation
http://www.cybercrime.gov/17usc506_e.htm

Title 18 -- Crimes and Criminal Procedure
Chapter 25 -- Counterfeiting and Forgery
18 U.S.C. § 497 -- Letters patent
http://www.cybercrime.gov/18usc497.htm

Title 35 -- Patents
Chapter 29 -- Remedies for Infringement of Patent, and Other Actions
35 U.S.C. § 292 -- False marking
http://www.cybercrime.gov/35usc292.htm

Offenses Relating to the Misuse of Dissemination Systems

Title 18 -- Crimes and Criminal Procedure
Chapter 41 -- Extortion and Threats
18 U.S.C. § 875 -- Interstate communications
Chapter 63 -- Mail Fraud
18 U.S.C. § 1341 -- Frauds and swindles
http://www.cybercrime.gov/18usc1341.htm
        Amended by Pub. L. 107-204, sec. 903(a), 116 Stat. 805.
         New note added by Pub. L. 107-204, sec. 901, 116 Stat. 804.
18 U.S.C. § 1343 -- Fraud by wire, radio, or television
http://www.cybercrime.gov/18usc1343.htm
         Amended by Pub. L. 107-204, sec. 903(b), 116 Stat. 805.
Chapter 119 -- Wire and Electronic Communications Interception and Interception of Oral Communications
18 U.S.C. § 2512 -- Manufacture, distribution, possession, and advertising of wire, oral, or electronic communication intercepting devices prohibited
http://www.cybercrime.gov/18usc2512.htm

Title 47 -- Telegraphs, Telephones, and Radiotelegraphs
Chapter 5 -- Wire or Radio Communication
47 U.S.C. § 553 -- Unauthorized reception of cable service
http://www.cybercrime.gov/47usc553.htm
47 U.S.C. § 605 -- Unauthorized publication or use of communications
http://www.cybercrime.gov/47usc605.htm

United States Constitution -- 4^th Amendment -- Unreasonable Search and Seizure

Title 5 -- Government Organization And Employees
Chapter 5 -- Administrative Procedure
5 U.S.C. § 552A -- Records maintained on individuals

Title 42 -- The Public Health And Welfare
Chapter 21a -- Privacy Protection
42 U.S.C. § 2000AA -- Searches and seizures by government officers and employees in connection with investigation or prosecution of criminal offenses

Presidential Decision Directive 63 (PDD 63) -- Critical Infrastructure Protection [1998]
White paper -- http://csrc.nist.gov/policies/paper598.pdf
Requires federal agencies to protect critical infrastructure, especially cyber-based systems; and creates four new organizations: NIPC, ISACs, NICA, and CIAO. Also assigns lead agencies for sector liaisons.

(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=104_cong_public_laws&docid=f:publ106.104.pdf) Public Law 104-106 -- National Defense Authorization Act for Fiscal Year 1996 [S. 1124]
Includes the Clinger Cohen Act (formerly known as the "Information Technology Management Reform Act of 1996") in Division E
Requires the head of each federal executive agency to ensure that information security policies, procedures, and practices are adequate.
(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=104_cong_public_laws&docid=f:publ106.104.pdf")

(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ102.106.pdf) Public Law 106-102 -- Gramm-Leach-Bliley Act [S. 900] 1999
(aka Financial Services Modernization Act)
Obliges financial institutions to protect the privacy of customers' nonpublic personal information and to implement safeguards; criminalizes fraudulent access to financial information.
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ102.106.pdf)
15 U.S.C. § 6801-6810 Disclosure of Nonpublic Personal Information
15 U.S.C. § 6821-6827 Fraudulent Access to Financial Information
See also http://www.ftc.gov/privacy/glbact/

(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ296.107.pdf) Public Law 107-296 -- Homeland Security Act of 2002 [H.R. 5005]
Includes FISMA in Title X -- Information Security
(superseded by P.L. 107-347 Title III)
(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ296.107.pdf)

http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf) Public Law 107-347 -- E-Government Act of 2002 [H.R. 2458]
Includes amended version of FISMA in Title III -- Information Security
(supersedes Title X in P.L. 107-296)
(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf)

Federal Information Security Management Act of 2002
Requires each federal government agency to implement programs and procedures for detecting, reporting, and responding to security incidents, consistent with published standards and guidelines

U.S. Department of Defense (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP)
http://iase.disa.mil/ditscap/
DoD Instruction 5200.40 -- Implements policy, assigns responsibilities, and prescribes procedures for certification and accreditation of information technology (information systems, networks, and sites) in the Department of Defense

U.S. Office of Management and Budget (OMB) -- http://www.whitehouse.gov/omb/
Circular No. A-130 (Revised) -- Management of Federal Information Resources http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html
Establishes policy for the management of Federal information resources

Executive Order 13231 -- Critical Infrastructure Protection in the Information Age
Authorizes protection program to secure information systems for critical infrastructure
(http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2001_register&docid=fr18oc01-139.pdf)

Federal Trade Commission
16 CFR Part 314 -- Standards for Safeguarding Customer Information
http://www.ftc.gov/os/2002/05/67fr36585.pdf
Implements sections of the Gramm-Leach-Bliley Act and "sets forth standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information." Financial institutions must implement an information security program.

FedCIRC -- Library -- Legislation
http://www.fedcirc.gov/library/legislation/

GSA Office of Electronic Government and Strategy -- http://www.estrategy.gov/
E-Government Laws, Regulations, and Policies
http://www.estrategy.gov/it_policy_documents.cfm

Key E-Government Related Laws -- http://www.estrategy.gov/elaws.cfm
All E-Government Related Laws Chronological By Congress --
http://www.estrategy.gov/lawscongress.cfm

GSA -- Policies, Guidelines, Regulations, and Best Practices
http://www.gsa.gov/Portal/policies.jsp

NIST -- CSRC -- Policies -- Federal Requirements
http://csrc.nist.gov/policies/

U.S. Department of Education -- Office of the Chief Information Officer -- Legislation and Guidelines
http://www.ed.gov/print/about/offices/list/ocio/legislation.html

American Institute of Certified Public Accountants (AICPA) --
Statement on Auditing Standards (SAS) No. 70, Service Organizations
Audit guide for reports on a service organization's controls, and for financial statements of entities that use service organizations
http://www.sas70.com/

United States State Laws

National Security Institute -- Computer Crime Laws by State
http://nsi.org/Library/Compsec/computerlaw/statelaws.html

SecurityFocus Online -- Library

Computer Crime
http://online.securityfocus.com/library/category/9

U.S. Laws
http://online.securityfocus.com/library/category/67

American Law Sources On-Line
http://www.lawsource.com/also/

Library of Congress -- State and Local Governments
http://lcweb.loc.gov/global/state/stategov.html

Law Enforcement Agencies/Organizations

Interpol -- http://www.interpol.int/

Europol -- http://www.europol.eu.int/

List of international law enforcement links --
http://www.europol.eu.int/index.asp?page=links

World Customs Organization -- http://www.wcoomd.org/

Officer.Com: Law Enforcement Resource Site http://search.officer.com/agencysearch/

International Police Association -- http://www.ipa-iac.org/

Australia
Australian Federal Police

Canada
Royal Canadian Mounted Police -- http://www.rcmp-grc.gc.ca/

United Kingdom
Metropolitan Police Service -- http://www.met.police.uk/
Internet Crime Forum -- http://www.internetcrimeforum.org.uk/

United States
U.S. Department of Homeland Security (DHS) -- http://www.dhs.gov/

U.S. Secret Service (USSS) -- http://www.secretservice.gov/
U.S. Bureau of Customs and Border Protection (CBP) -- http://www.cbp.gov/
National Infrastructure Protection Center (NIPC) -- http://www.nipc.gov/

U.S. Department of Justice (DOJ) -- http://www.usdoj.gov/

http://www.usdoj.gov/criminal/cybercrime/
http://www.cybercrime.gov/

Bureau of Alcohol, Tobacco, Firearms and Explosives -- http://www.atf.gov/
Federal Bureau of Investigations (FBI) -- http://www.fbi.gov/
Internet Fraud Complaint Center -- http://www.ifccfbi.gov/
Internal Revenue Service -- http://www.irs.gov/
Defense Criminal Investigative Service -- http://www.dodig.osd.mil/INV/DCIS/
U.S. Postal Inspection Service -- http://www.usps.com/postalinspectors/

Law Resources

Australasian Legal Information Institute -- http://www.austlii.edu.au/

Baker & McKenzie -- Global Information Security Law http://www.bmck.com/ecommerce/articles-s.htm

Cornell Law School -- Legal Information Institute -- http://www.law.cornell.edu/

Includes U.S. codes, court opinions, national and international laws

FindLaw -- http://www.findlaw.com

Internet Law Library (formerly the U.S. House of Representatives Internet Law Library)

The U.S. House of Representatives has discontinued hosting the library, but several other sites continue to carry it, including:
http://www.priweb.com/internetlawlib/
http://www.lawguru.com/ilawlib/
http://www.lectlaw.com/inll/
http://www.phillylawyer.com/1/1.HTM

LawResearch (Membership website) -- http://www.lawresearch.com/
Internet Law Library; International Law; United States Law

Organization of American States -- http://www.oas.org/
Cyber Crime Links -- http://www.oas.org/juridico/english/cyber_links_list.htm

U.S. Department of Justice -- Computer Crime and Intellectual Property Section (CCIPS)
http://www.cybercrime.gov/
http://www.usdoj.gov/criminal/cybercrime/

"How to Report Internet-Related Crime" -- http://www.cybercrime.gov/reporting.htm

U.S. Federal Regulations -- http://www.regulations.gov/

U.S. Government FIRSTGOV.gov -- http://www.firstgov.gov/
Citizen's Public Safety and Law -- http://www.firstgov.gov/Citizen/Topics/PublicSafety.shtml
Government-to-Government Public Safety and Law -- http://www.firstgov.gov/Government/State_Local/Safety.shtml
Businesses -- http://www.businesslaw.gov/

U.S. Government Printing Office -- National Archives and Records Administration

GPO Access -- http://www.gpoaccess.gov/
Code of Federal Regulations (CRF) -- http://www.gpoaccess.gov/cfr/
Public and Private Laws -- http://www.gpoaccess.gov/plaws/

U.S. House of Representatives -- Office of the Law Revision Counsel

U.S. Library of Congress

Global Legal Information Network -- http://www.loc.gov/law/glin/
THOMAS Legislative Information on the Internet -- http://thomas.loc.gov/

International Organization on Computer Evidence (IOCE) -- http://www.ioce.org/

"G8 Proposed Principles For The Procedures Relating To Digital Evidence" (2000)
http://www.ioce.org/G8_proposed_principles_for_forensic_evidence.html

U.S. Department of Justice -- Computer Crime and Intellectual Property Section (CCIPS)

http://www.cybercrime.gov/
http://www.usdoj.gov/criminal/cybercrime/
"Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations" (2002)
http://www.cybercrime.gov/searching.html#A
http://www.cybercrime.gov/s&smanual2002.htm
Office of Justice Programs -- National Institute of Justice
"Electronic Crime Scene Investigation: A Guide for First Responders" (2001)
http://www.ojp.usdoj.gov/nij/pubs-sum/187736.htm

U.S. Secret Service and International Association of Chiefs of Police

"Best Practices for Seizing Electronic Evidence" (2001)
http://www.secretservice.gov/electronic_evidence.shtml
http://www.theiacp.org/documents/index.cfm?fuseaction=
document&document_id=97

RFC 3227/BCP 55 -- "Guidelines for Evidence Collection and Archiving" (2002)
ftp://ftp.rfc-editor.org/in-notes/rfc3227.txt

SC Magazine August 2002
"Crime Issue" -- articles on computer forensics, collecting evidence, "The Judiciary and the Digital World"
http://www.scmagazine.com/scmagazine/2002_08/main.html

Standards Australia -- http://www.standards.com.au/
HB 171-2003: "Guidelines for the management of IT evidence" (2003)
http://www.standards.com.au/catalogue/script/Details.asp?DocN= AS342335504743
Earlier Draft: http://www.auscert.org.au/render.html?it=3117&cid=1920

¹⁵¹ European Treaty Series

© 2008 Carnegie Mellon University