Upload
raj-gupta
View
216
Download
0
Embed Size (px)
Citation preview
7/29/2019 1-9 the Legal Framework
1/22
1.9 The Legal Framework
In this section you must be able to:
Describe the provisions of the Computer Misuse Act.
Describe the principles of softwarecopyright and licensing agreements.
Recall the nature, purpose and provisionsof the current data protection legislation rights, duties, exemptions, etc.
7/29/2019 1-9 the Legal Framework
2/22
New Crimes Made Possible by ICT
New technology has created opportunities for crime: Software piracy (copying software illegally to sell)
Hacking (unauthorised access to computer systems)
Creation and distribution of viruses
Distributing pornographic and other obscenematerial
Fraudulent trading Credit card fraud
Terrorist activity and blackmail
7/29/2019 1-9 the Legal Framework
3/22
Abuse of ICT
There are also opportunities for the abuse of ICT: Sending unsolicited e-mails (now an offence in some
countries)
Creating inappropriate or misleading web-sites
Registering a domain that might appear to belong tosomeone else cyber -squatting
Inappropriate use of ICT is not necessarily illegal.
Its important to distinguish between:
Unethical use of ICT i.e. morally questionable
Criminal activity i.e. an offence under the variouslaws covering use of ICT
7/29/2019 1-9 the Legal Framework
4/22
Where do Laws Come From?
There are three sources of law: Case law i.e. judges rulings in court cases
Acts of Parliament e.g. Data Protection Act
European laws & directives e.g. VDU useLaws change for many reasons:
Social and political pressure e.g. dangerous dogs
Reaction to specific cases e.g. Gold & Shiffreen Combinations and clarifications of previous laws
To close loopholes e.g. making off and hacking
7/29/2019 1-9 the Legal Framework
5/22
Laws Affecting ICT
There are various laws covering use of ICT Computer Misuse Act 1990
Data Protection Act 1984 & 1998
Copyright, Designs and Patents Act 1988
European VDU & health directive 1992
Plus, more general guidelines such as:
Health and Safety legislation
Offices, Shops and Railways Act 1963 Contract law shink-wrap agreement controversy!
Plus what about things such as professional advice given by acomputer?
7/29/2019 1-9 the Legal Framework
6/22
Computer Misuse Act
In 1988 two teenagers hacked the Duke of Edinburghs e -mail account and changed amessage
They were taken to court, but hadnt actuallycommitted an offence (there was no theft andno fraud committed)
People also started getting worried aboutviruses, which had started to appear in 1986
In response, the government introduced theComputer Misuse Act in 1990
7/29/2019 1-9 the Legal Framework
7/22
Computer Misuse Act
Under the CMA there are three offences: Unauthorised access to computer programs or
data
Unauthorised access with further criminal intent
Unauthorised modification of computer material(programs or data)
However
Unauthorised access can be difficult to detect
The first people to be prosecuted (in 1997) werecaught when boasting about their crime!
7/29/2019 1-9 the Legal Framework
8/22
Computer Misuse Act
The CMA therefore protects us against: Hacking
Theft and Fraud
Logic Bombs
Denial of Service attacks
Viruses could commit offences at different levelsdepending on the payload:
Some display harmless messages
Some are deliberately malicious
Some are unintentionally dangerous
7/29/2019 1-9 the Legal Framework
9/22
Other Measures to Prevent Misuse
Other steps can be taken to prevent misuse. JavaScript, for example, was created with
computer misuse in mind and was designed toprevent it being used to create viruses:
JavaScript cannot write directly to discs (other than cookies) and so cannot delete or changeany files
There is no direct access to memory or to other hardware
7/29/2019 1-9 the Legal Framework
10/22
Copyright and Patent
Patents cover the ideas and concepts on whichproducts or services operate:
You can only patent software that performs atechnical function e.g. an encryption algorithm
You cant patent software that performs ahuman function, such as translating English toFrench
Copyright covers the implementation of theidea the actual words, images and soundsthat you use
7/29/2019 1-9 the Legal Framework
11/22
Copyright, Designs and Patents Act
Under this act it is illegal to: Copy software
Run pirate d software
Transmit software over a telecommunications link
(thereby copying it) The act is enforced by FAST the Federation Against
S oftware Theft (also FACT for general copyright)
The enforcement is complicated by:
The confusion between copyright and patent Whether you can copyright a look and feel
Contracts such as licensing and acceptable useagreements
7/29/2019 1-9 the Legal Framework
12/22
Using Computers to Combat Crime
Computers can also be used to solve crimes: The Police National Computer (PNC) now
allows forces across the country to shareinformation
Number-plate recognition can be used toidentify people committing motoring offences
Mobile phone records can be used to locatecriminals and victims of crime
Audit logs and records of e-mails and networktraffic could be used as evidence
7/29/2019 1-9 the Legal Framework
13/22
Data Protection
We all have a right to privacy There might be a variety of reasons why youd
want to keep something private:
It might be possible to using the information for fraudulent purposes
The information might be of a sensitive nature,such as medical records
You might just not want people to know!
The Data Protection Act is to protect privacy
7/29/2019 1-9 the Legal Framework
14/22
Data Protection ActThe Data Protection Act
Was introduced in 1984 and updated in 1998 to createa standard for data protection across Europe
Originally covered personal data that areautomatically processed but now covers somemanual records as well
Defines the terms data subject (the person aboutwhom data is held) and data controller (called datauser in the 1984 version)
Requires that all data controllers (and the nature of theprocessing they do) must be recorded on the publicregister of data controllers
Is overseen by the Information Commissioner
7/29/2019 1-9 the Legal Framework
15/22
Data Protection Act Eight PrinciplesUnder the Data Protection Act, data must be
fairly and lawfully processed;
processed for limited purposes and not in any manner incompatible with those purposes;
adequate, relevant and not excessive;
accurate;
not kept for longer than is necessary;
processed in line with the data subject's rights;
secure;
not transferred to countries without adequate protection.
7/29/2019 1-9 the Legal Framework
16/22
Processing Personal Data Personal data covers both facts and opinions about the
individual. It also includes information regarding theintentions of the data controller towards the individual.
Processing can only be carried out where: the individual has given his or her consent;
the processing is necessary for the performance of acontract with the individual;
the processing is required under a legal obligation;
the processing is necessary to protect the vital interests of the individual;
the processing is necessary to carry out public functions;
the processing is necessary in order to pursue thelegitimate interests of the data controller or third parties
7/29/2019 1-9 the Legal Framework
17/22
Data Protection Act What Else?
It covers any information recorded as part of arelevant filing system i.e. information that isreadily accessible
Data controllers must take security measures tosafeguard personal data i.e. to preventunlawful processing or disclosure
There are certain exemptions from the DPA
Data subjects have rights that are defined inthe act
7/29/2019 1-9 the Legal Framework
18/22
DPA The Rights of IndividualsIf data are held about you, you are entitled to be
given a description of the data told for what purposesthe data are processed
told the recipients or the classes of recipients to whom
the data may have been disclosed given a copy of the information with any unintelligible
terms explained
given any information available to the controller aboutthe source of the data
given an explanation as to how any automateddecisions taken about you have been made
7/29/2019 1-9 the Legal Framework
19/22
DPA The Rights of IndividualsFurther rights include:
The right to access the data held within 40days and at a cost of no more than 10 for computer records and 50 for paper records
The right to rectify, block, erase or destroydetails that are inaccurate, or opinions based oninaccurate data
The right not to have your details used for directmarketing
The right to compensation for damage caused if the Data Protection Act is breached
7/29/2019 1-9 the Legal Framework
20/22
Exemptions from the DPA
The Act does not apply to:
Payroll, pensions and accounts data
Names and addresses held for distributionpurposes
Personal, family, household of recreational use
Data can be disclosed to an agent of the
subject, or in response to a medical emergency Use of data in cases dealing with national
security, the prevention of crime, or thecollection of taxes & duty
7/29/2019 1-9 the Legal Framework
21/22
Criminal Offences under the DPA
Notification offences where the datacontroller fails to notify the commissioner of processing or changes to processing
Procuring and selling offences disclosing,selling or obtaining data without authorisation
Enforced access offences e.g. you cantmake someone make an access request as acondition of employment
Other such as failure to respond to a requestor to breach an enforcement notice
7/29/2019 1-9 the Legal Framework
22/22
Freedom of Information Act Covers all types of 'recorded' information held by public authorities
Covers personal and non-personal data
Public authorities include:
Government Departments
local authorities
NHS bodies
schools, colleges and universities
the Police
Parliament
The Post Office The National Gallery
The Parole Board
Plus lots, lots more!