Ethical hackers should be mindful of the web of laws that relates to the deployment and use of malware. Over the years, malware has been subjected to increasing legal attention as the technology has evolved from being harmless to much more malicious and expansive in its abilities. The creation and use of malware have led to the enactment of some very strict laws; many countries have passed or modified laws to deter the use of malware. In the United States, the laws that have been enacted include the following:
The Computer Fraud and Abuse Act This law was originally passed to address federal computer-related offenses and the cracking of computer systems. The act applies to cases that involve federal interests, or situations involving federal government computers or those of financial institutions. Additionally, the law covers computer crime that crosses state lines or jurisdictions.
The Patriot Act This act expanded on the powers already included in the Computer Fraud and Abuse Act. The law provides penalties of up to 10 years for a first offense and 20 years for a second offense. It assesses damages to multiple systems over the course of a year to determine if such damages are more than $5,000 total.
CAN-SPAM Act This law was designed to thwart the spread of spam: mass-mailed messages that harass or irritate the recipient into purchasing products or services.