Cumulus Cloud Computing Services, Inc, suffers a security breach in its computer network. Before the company discovers the breach, the perpetrator obtains a large amount of confidential data, including corporate financial records, marketing plans, and

other sensitive information. Has a crime been committed? If so, what are its elements? What steps might Cumulus take to ensure that going forward only authorized users access the data on its computers? Whose efforts-those of the federal government or Cumulus-are more important in securing the company's computer infrastructure, and why?

The breach of Cumulus's computer network and the subsequent theft of data constitute a crime under the federal Counterfeit Access Device and Computer Fraud and Abuse Act.
Precautions that Cumulus might take to safeguard its computer system in the future could start with tighter, more encrypted security, including the employment of a cyberspace security firm. These experts could help Cumulus devise a more elaborate, ever-changing security system that might include passwords and codes for its customers. They could also install protective programs, such as firewalls and antivirus software, to limit outside access. They could further assist Cumulus by constantly updating this technology to thwart the criminal attempts of outsiders who are updating theirs. The most successful protective measure is to encrypt the data. Of course, an encryption system must be updated as regularly as the systems of those who would break it.

The voluntary efforts of Cumulus and other private companies are the most important factor in securing those firms' computer infrastructure. The federal government has little choice but to rely on those efforts because the government has limited regulatory authority over the Internet.