U.S. Supreme Court case

1. What is the name of the landmark U.S. Supreme Court case that established the expectation of privacy test under the Fourth Amendment?

2. Which statutes aimed at fighting child pornography have federal courts upheld as constitutional?

3. What does the federal wiretap act provide?

4. What are the four types of invasion of privacy?

5. What is the difference between negligent infliction of emotional distress and intentional infliction of emotional distress?

6. What are the possible economic torts available to individuals and companies for injuries sustained in the online environment?

7. What are the potential remedies available in Internet tort cases?

8. What types of speech are not protected under the First Amendment?

9. What are the elements in a defamation action?

10. What protection does Section 230 of the Communications Decency Act provide?
11. Compare and contrast business disparagement with defamation.

12. Why are state constitutions important when it comes to privacy rights?

13. What does the Privacy Act of 1974 provide?

14. What are the purposes of the federal Freedom of Information Act (FOIA)?

15. What is the purpose of the Gramm-Leach-Bliley Act?

16. How does the Red Flag Rule under FACTA help prevent identity theft?

17. What is the purpose of the Commercial Privacy Bill of Rights Act of 2011?

18. Describe the role of the Federal Trade Commission with online advertising.

19. What is data mining? Describe the privacy issues associated with data mining.

20. To what extent can an employer monitor an employee’s text messages on an employer-owned phone or pager?

21. What are the arguments in favor and against self-regulation with online privacy?

22. Explain the difference between subject matter jurisdiction, personal jurisdiction, and in rem jurisdiction.

23. What is the substantial nexus test?

24. What are the three general categories of computer-related crimes?

25. What are the basic requirements for a valid contract entered into via the Internet?

Part II – Multiple Choice – Each Answer is worth 1 point.
You need not type out the question or answer – Simply list the question number and your chosen answer

1. A computer virus falls under which general category of computer-related crimes?
a. crimes in which a computer is the subject of a crime
b. crimes in which a computer is the object of a crime
c. crimes in which a computer is the instrument of a crime
d. all of the above

2. A phishing scheme to commit identity theft falls under which general category of computer-related crimes?
a. crimes in which a computer is the subject of a crime
b. crimes in which a computer is the object of a crime
c. crimes in which a computer is the instrument of a crime
d. all of the above

3. Theft of a company’s mainframe computer falls under which general category of computer-related crimes?
a. crimes in which a computer is the subject of a crime
b. crimes in which a computer is the object of a crime
c. crimes in which a computer is the instrument of a crime
d. all of the above

4. What is the term that refers to the physical aspect of the criminal activity that generally
includes a voluntary act that causes social harm?
a. actus reus
b. mens rea
c. intent
d. all of the above

5. What is the name of the main federal law that makes it a felony to gain unauthorized access to computer systems?
a. Computer Fraud and Abuse Act
b. Communications Decency Act
c. CAN-SPAM Act
d. Digital Millennium Copyright Act

 
6. What is the name of the federal law directed at unsolicited bulk commercial e-mail?
a. Computer Fraud and Abuse Act
b. Communications Decency Act
c. CAN-SPAM Act
d. Digital Millennium Copyright Act

7. The Undertaking Spam, Spyware, and Fraud with Enforcers
Beyond Borders Act of 2006 (SAFE WEB Act) strengthens the ability of which federal agency to enforce the CAN-SPAM Act outside of U.S. borders?
a. U.S. Department of State
b. U.S. Department of Justice
c. Federal Trade Commission
d. U.S. Department of Homeland Security

8. The fruit-of-the-poisonous-tree doctrine that stems from the exclusionary rule is based on which provision under the United States Constitution?
a. First Amendment
b. Fourth Amendment
c. Fifth Amendment
d. Eighth Amendment

9. Congress has authority to enact criminal statutes aimed at cybercrimes involving the Internet. under which provision under the United States Constitution?
a. Commerce Clause
b. Necessary and Proper Clause
c. Supremacy Clause
d. Fourth Amendment

10. Which of the following is reason why some computer crimes are not prosecuted?
a. jurisdictional challenges
b. lack of sharing of information among agencies
c. companies may not want to report offenses that could lead to negative publicity
d. all of the above
11. How many states have expressly adopted a right to privacy in their state constitutions?
a. 5
b. 10
c. 15
d. 20

12. Which of the following is NOT one of the amendments that were used a basis for the U.S. Supreme Court recognizing a constitutional right to privacy in Griswold v. Connecticut, 381 U.S. 479, 484 (1965)?
a. First Amendment
b. Fourth Amendment
c. Fifth Amendment
d. Eighth Amendment

13. Which federal privacy law provides for the protection of consumer financial information held by banks, securities firms, insurance companies, and other financial institutions?
a. Gramm-Leach-Bliley Act
b. Fair Credit Reporting Act
c. Health Insurance Portability and Accountability Act
d. Video Privacy Protection Act

14. Which federal privacy law established national credit reporting standards in an effort to ensure accuracy and confidentiality in connection with credit reports?
a. Gramm-Leach-Bliley Act
b. Fair Credit Reporting Act
c. Health Insurance Portability and Accountability Act
d. Video Privacy Protection Act

15. Which federal privacy law protects the confidentiality of health information as it is transmitted through and collected by electronic portals?
a. Gramm-Leach-Bliley Act
b. Fair Credit Reporting Act
c. Health Insurance Portability and Accountability Act
d. Video Privacy Protection Act

16. The Fair and Accurate Credit Transaction Act amended which federal privacy law?
a. Gramm-Leach-Bliley Act
b. Fair Credit Reporting Act
c. Health Insurance Portability and Accountability Act
d. Video Privacy Protection Act

17. Which of the following is NOT an exemption under the federal Freedom of Information Act?
a. trade secrets
b. medical files where the disclosure would constitute a clearly unwarranted invasion of personal privacy
c. records compiled for law enforcement purposes where disclosure could reasonably be expected to endanger the life or physical safety of any individual
d. agency budget records

18. Which is the main federal agency responsible for enforcing the Gramm-Leach-Bliley Act?
a. Federal Trade Commission
b. U.S. Department of Justice
c. U.S. Department of Homeland Security
d. Federal Bureau of Investigation

19. Improperly accessing medical records in an electronic database of celebrities is a violation of which federal privacy law?
a. Privacy Act
b. Fair Credit Reporting Act
c. Health Insurance Portability and Accountability Act
d. Video Privacy Protection Act

20. Congress enacted the Privacy Act of 1974 as the first national privacy protection statute after which political scandal?
a. Teapot Dome Scandal
b. Watergate Affair
c. Iran-Contra Affair
d. Pentagon Papers

21. The Direct Marketing Association (DMA)’s online privacy principles and information practice guidance is an example of what type of regulatory framework?
a. self-regulation
b. co-regulation
c. negotiated rulemaking
d. government regulation

22. What type of regulatory framework is the predominant approach today when it comes to online privacy?
a. self-regulation
b. co-regulation
c. negotiated rulemaking
d. government regulation

23. What type of regulatory framework uses an advisory committee to consider and discuss issues for the purpose of reaching a consensus in the development of a proposed rule?
a. self-regulation
b. co-regulation
c. negotiated rulemaking
d. government regulation

24. What type of regulatory framework is used when government and industry share responsibility in setting goals, developing rules, and enforcing standards?
a. self-regulation
b. co-regulation
c. negotiated rulemaking
d. government regulation

25. In IMS Health, Inc. v. Sorrell, 131 S. Ct. 2653 (2011), the U.S. Supreme Court held that Vermont’s Prescription Confidentiality Law which prohibited certain data mining of health information was unconstitutional based on which constitutional provision or amendment?
a. First Amendment
b. Commerce Clause
c. Fourth Amendment
d. Fifth Amendment

26. Which federal agency is generally responsible for investigating unfair and deceptive acts or practices with Internet advertising?
a. Federal Bureau of Investigation
b. Federal Trade Commission
c. Consumer Product Safety Commission
d. U.S. Department of Commerce

27. Which federal agency is generally responsible for investigating unfair and deceptive acts or practices with Internet advertising?
a. Federal Bureau of Investigation
b. Federal Trade Commission
c. Consumer Product Safety Commission
d. U.S. Department of Commerce

28. Which of the following is a requirement under the CAN-SPAM Act and the FTC’s Compliance Guide for Business?
a. the message must include the sender’s valid physical postal address
b. the message must contain less than 250 words
c. no images can be included in the message
d. to opt-out of e-mail solicitation, a company may ask for the recipient’s Social Security Number

29. Which of the following is an aspect of the Commercial Privacy Bill of Rights Act of 2011 (S. 799, 112th Congress)?
a. regulate websites such as Google and Facebook that collect information about
their users
b. impose new rules on companies that gather personal data
c. make it harder for websites to target individuals through personally identifiable information and create profiles about them
d. all of the above

30. What is the name for the practice of sending a fraudulent electronic communication that appears to be a genuine message from a legitimate entity or business for the purpose of inducing the recipient to disclose sensitive personal information?
a. click fraud
b. spam
c. phishing
d. adware

Part III –
Limit each answer to no more than 150 words.

Assume facts similar to those that occurred in the Estonian cyber incident of 2007, except that the targets of the DoS, DDoS and other attacks were all instrumentalities of the State of Ohio, The Ohio State University (including the Ohio State University Medical Center) and the Old Fort Banking Company, a bank located in Ohio having branches in Bettsville, Clyde, Findlay, Fremont, Old Fort, and Tiffin, OH. The attacks all appear to have originated from within Canada, by individuals who claim to have attended the University of Michigan and were offended at the erection of a new statue honoring the great and honorable Woody Hayes. The citizenship and specific identity of the perpetrators has not yet been determined.

26. – 10 points What federal or state laws would have been violated? What actions may state or federal law enforcement officials take, and what issues will need to be addressed?

27. – 5 points What would be the key issues under international law implicated by the fact that these attacks originated from within Canada?

28. – 5 Points Briefly assess this situation according to the Schmitt Analysis discussed in class. Would you consider this an “attack” justifying the use of force in response? Why or why not?