We begin our discussion by reviewing the state of U.S. laws regarding the protection of information residing in information systems. International law and laws of different nations vary greatly, and this text is not prepared for the purposes of providing legal advice in any way. The discussion herein is primarily derived from an issue of the University of Pittsburgh Law Review [Ruymann86] in which several legal opinions and citations may be found, and some discussions with lawyers whose specialties lie in the field of intellectual property rights.
When dealing with legal issues in the US, we have been advised to view the law in terms of tactics, not as a contemptuous set of restrictions made by unknowing lawyers. The law is the law, and there is little to be gained by contempt for it. As a tactical problem, the law presents many interesting challenges.
In the US, there is a substantial difference between the concept of legal proof and that of scientific proof. In science, we make a set of assumptions, and demonstrate their validity by experiment and mathematical reasoning. In law, we make a set of rules, and leave it up to average citizens to decide on when they are being violated. Thus the legal issue of proof is decided by what average citizens think of the evidence presented to them. Remember that the average citizen does not hold a masters degree in engineering, and is not likely to understand mathematics. Thus tactics rather than fact win in court.
There are two types of U.S. laws involving the protection of information; intellectual property laws of patent, copyright, and trade secret; and information system content and use laws, including the freedom of information act and the privacy act. There are also civil cases which involve actions of one person against another, and criminal cases which involve actions by local, state, or federal government against people.
In the case of criminal law, statutes provide for the definitions of violations and the nature of punishment appropriate to each crime. In criminal cases, the government must plausibly establish an intent to commit a crime by providing a motive for that crime, an opportunity of the defendant to commit the crime, and a means by which the crime could have been committed by the defendant.
In the case of civil law, a suit involves three aspects. The first aspect is the establishment of a wrong done to one person (A) by another (B). Given that B had a duty to A, and that B breached that duty, a wrong can be established. The second aspect of a judgment involves the demonstration by A that the breach of duty by B caused damage to A. The third aspect of a judgment involves the establishment by A of a value for the damages caused to A by B. If the requirements of the law are met, and the jury decides in favor of the litigant, the defendant may be required to reimburse the litigant in the amount of the damages. If any of these three principles go the way of the defendant, the case is lost.