Corporate Concerns

Companies are often reluctant to prosecute the hacker. Corporations fear embarrassment or ridicule. They are concerned about the loss of control of the situation when law enforcement get involved. At times, there are some barriers to communication and understanding between IT professionals and law enforcement. The former realize that there will be more disruption of operations with the collection of evidence and interviews with law enforcement and legal counsel.

Often companies are unsure of how the information gathered during the investigation which is needed for prosecution will be handled. They are concerned about the use of proprietary information in a public trial and whether the stolen information which is recovered can be kept confidential. There are concerns about counter- suits , legal embarrassment, and liability to the company and its officers.

Public Relations

Companies are very concerned with the public's reaction to the publicity of a security incident. There are concerns for sales, stock price, customer retention, and legal actions. Usually these concerns are greater than the reality of the situation.

A security incident can be used by a company to show that it is on top of the situation. It can illustrate that the company is doing everything possible to protect the customer's information, prevent fraud, and reduce computer crime. They can be seen working with law enforcement to bring the perpetrator to justice .

Impact on Operations

All responses to a security incident will impact the operation of the system. Additional backups may have to be made, and personnel will have to assist in the prosecution. Minimally, some personnel will be called as witnesses. It is likely that the prosecution will require the involvement of personnel who will assist in the investigation and trial by identifying the property and who will act as technical advisors. It is best to assign a specific person to be a liaison between the company and the police during the investigation. This will help limit the impact of the investigation on the day-to-day operation of the company. This person can help manage the scheduling of people for meetings with the police and the courts.

Many cases are never prosecuted because the business has evaluated the cost of prosecution including legal costs, operational disruption, and publicity and has decided it is not worth it, especially if the hacker is an employee whom the company can then discipline. However, you may not be able to recover the stolen information if you decide not to prosecute.

Law Enforcement

In the case where legal prosecution is desired or required, there will be extensive interaction with law enforcement. It is also prudent to have the organization's legal department or even outside legal counsel involved. The laws that cover intellectual property and computer crime are quite new and relatively untested. The interpretation of these laws are still being defined, so legal professionals are a necessity.

Management must evaluate and prioritize efforts to identify the individual or individuals who were responsible for the security incident (even though in most cases it is not possible to identify the actual individual) and determine the level and type of punishment to pursue , which may include disciplinary actions or legal remedies, either civil or criminal.

Releasing Proprietary Data

Investigators build their cases by collecting relevant items, by requesting their surrender, by search warrant , by summons, or by court order. However, not all collected items may be incorporated into an investigator 's case. These exempted items are known as privileged communications. Privileged communications may be oral, written, or electronic and their unique status is recognized by most jurisdictions. They are generally defined as communications between a lawyer and his/her client, and communications between a member of the clergy and a parishioner. There may be others, but these two are the most universally recognized. If privileged items are found to be part of a case, hearings are held, often resulting in their exclusion from the case.

Requirements to Report

What are your legal responsibilities if your site is aware of the activity and does not take steps to prevent it? Many countries have statutes that allow for a person to be prosecuted for having knowledge of a crime and for withholding this information from authorities. Actually, under the laws of the United States, it is a felony, a major crime, to have knowledge of a criminal act and fail to report it. Title 18 United States Code, Section 4 states that: "Whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years , or both." Many states and local jurisdictions have similar statutes requiring persons to report crimes to civil and military authorities. With this in mind, timely reporting of computer crimes is probably something most professionals will want to give serious consideration.