1-9 the Legal Framework

7/29/2019 1-9 the Legal Framework

1/22

1.9 The Legal Framework

In this section you must be able to:

Describe the provisions of the Computer Misuse Act.

Describe the principles of softwarecopyright and licensing agreements.

Recall the nature, purpose and provisionsof the current data protection legislation rights, duties, exemptions, etc.


2/22

New Crimes Made Possible by ICT

New technology has created opportunities for crime: Software piracy (copying software illegally to sell)

Hacking (unauthorised access to computer systems)

Creation and distribution of viruses

Distributing pornographic and other obscenematerial

Fraudulent trading Credit card fraud

Terrorist activity and blackmail


3/22

Abuse of ICT

There are also opportunities for the abuse of ICT: Sending unsolicited e-mails (now an offence in some

countries)

Creating inappropriate or misleading web-sites

Registering a domain that might appear to belong tosomeone else cyber -squatting

Inappropriate use of ICT is not necessarily illegal.

Its important to distinguish between:

Unethical use of ICT i.e. morally questionable

Criminal activity i.e. an offence under the variouslaws covering use of ICT


4/22

Where do Laws Come From?

There are three sources of law: Case law i.e. judges rulings in court cases

Acts of Parliament e.g. Data Protection Act

European laws & directives e.g. VDU useLaws change for many reasons:

Social and political pressure e.g. dangerous dogs

Reaction to specific cases e.g. Gold & Shiffreen Combinations and clarifications of previous laws

To close loopholes e.g. making off and hacking


5/22

Laws Affecting ICT

There are various laws covering use of ICT Computer Misuse Act 1990

Data Protection Act 1984 & 1998

Copyright, Designs and Patents Act 1988

European VDU & health directive 1992

Plus, more general guidelines such as:

Health and Safety legislation

Offices, Shops and Railways Act 1963 Contract law shink-wrap agreement controversy!

Plus what about things such as professional advice given by acomputer?


6/22

Computer Misuse Act

In 1988 two teenagers hacked the Duke of Edinburghs e -mail account and changed amessage

They were taken to court, but hadnt actuallycommitted an offence (there was no theft andno fraud committed)

People also started getting worried aboutviruses, which had started to appear in 1986

In response, the government introduced theComputer Misuse Act in 1990


7/22

Computer Misuse Act

Under the CMA there are three offences: Unauthorised access to computer programs or

data

Unauthorised access with further criminal intent

Unauthorised modification of computer material(programs or data)

However

Unauthorised access can be difficult to detect

The first people to be prosecuted (in 1997) werecaught when boasting about their crime!


8/22

Computer Misuse Act

The CMA therefore protects us against: Hacking

Theft and Fraud

Logic Bombs

Denial of Service attacks

Viruses could commit offences at different levelsdepending on the payload:

Some display harmless messages

Some are deliberately malicious

Some are unintentionally dangerous


9/22

Other Measures to Prevent Misuse

Other steps can be taken to prevent misuse. JavaScript, for example, was created with

computer misuse in mind and was designed toprevent it being used to create viruses:

JavaScript cannot write directly to discs (other than cookies) and so cannot delete or changeany files

There is no direct access to memory or to other hardware


10/22

Copyright and Patent

Patents cover the ideas and concepts on whichproducts or services operate:

You can only patent software that performs atechnical function e.g. an encryption algorithm

You cant patent software that performs ahuman function, such as translating English toFrench

Copyright covers the implementation of theidea the actual words, images and soundsthat you use


11/22

Copyright, Designs and Patents Act

Under this act it is illegal to: Copy software

Run pirate d software

Transmit software over a telecommunications link

(thereby copying it) The act is enforced by FAST the Federation Against

S oftware Theft (also FACT for general copyright)

The enforcement is complicated by:

The confusion between copyright and patent Whether you can copyright a look and feel

Contracts such as licensing and acceptable useagreements


12/22

Using Computers to Combat Crime

Computers can also be used to solve crimes: The Police National Computer (PNC) now

allows forces across the country to shareinformation

Number-plate recognition can be used toidentify people committing motoring offences

Mobile phone records can be used to locatecriminals and victims of crime

Audit logs and records of e-mails and networktraffic could be used as evidence


13/22

Data Protection

We all have a right to privacy There might be a variety of reasons why youd

want to keep something private:

It might be possible to using the information for fraudulent purposes

The information might be of a sensitive nature,such as medical records

You might just not want people to know!

The Data Protection Act is to protect privacy


14/22

Data Protection ActThe Data Protection Act

Was introduced in 1984 and updated in 1998 to createa standard for data protection across Europe

Originally covered personal data that areautomatically processed but now covers somemanual records as well

Defines the terms data subject (the person aboutwhom data is held) and data controller (called datauser in the 1984 version)

Requires that all data controllers (and the nature of theprocessing they do) must be recorded on the publicregister of data controllers

Is overseen by the Information Commissioner


15/22

Data Protection Act Eight PrinciplesUnder the Data Protection Act, data must be

fairly and lawfully processed;

processed for limited purposes and not in any manner incompatible with those purposes;

adequate, relevant and not excessive;

accurate;

not kept for longer than is necessary;

processed in line with the data subject's rights;

secure;

not transferred to countries without adequate protection.


16/22

Processing Personal Data Personal data covers both facts and opinions about the

individual. It also includes information regarding theintentions of the data controller towards the individual.

Processing can only be carried out where: the individual has given his or her consent;

the processing is necessary for the performance of acontract with the individual;

the processing is required under a legal obligation;

the processing is necessary to protect the vital interests of the individual;

the processing is necessary to carry out public functions;

the processing is necessary in order to pursue thelegitimate interests of the data controller or third parties


17/22

Data Protection Act What Else?

It covers any information recorded as part of arelevant filing system i.e. information that isreadily accessible

Data controllers must take security measures tosafeguard personal data i.e. to preventunlawful processing or disclosure

There are certain exemptions from the DPA

Data subjects have rights that are defined inthe act


18/22

DPA The Rights of IndividualsIf data are held about you, you are entitled to be

given a description of the data told for what purposesthe data are processed

told the recipients or the classes of recipients to whom

the data may have been disclosed given a copy of the information with any unintelligible

terms explained

given any information available to the controller aboutthe source of the data

given an explanation as to how any automateddecisions taken about you have been made


19/22

DPA The Rights of IndividualsFurther rights include:

The right to access the data held within 40days and at a cost of no more than 10 for computer records and 50 for paper records

The right to rectify, block, erase or destroydetails that are inaccurate, or opinions based oninaccurate data

The right not to have your details used for directmarketing

The right to compensation for damage caused if the Data Protection Act is breached


20/22

Exemptions from the DPA

The Act does not apply to:

Payroll, pensions and accounts data

Names and addresses held for distributionpurposes

Personal, family, household of recreational use

Data can be disclosed to an agent of the

subject, or in response to a medical emergency Use of data in cases dealing with national

security, the prevention of crime, or thecollection of taxes & duty


21/22

Criminal Offences under the DPA

Notification offences where the datacontroller fails to notify the commissioner of processing or changes to processing

Procuring and selling offences disclosing,selling or obtaining data without authorisation

Enforced access offences e.g. you cantmake someone make an access request as acondition of employment

Other such as failure to respond to a requestor to breach an enforcement notice


22/22

Freedom of Information Act Covers all types of 'recorded' information held by public authorities

Covers personal and non-personal data

Public authorities include:

Government Departments

local authorities

NHS bodies

schools, colleges and universities

the Police

Parliament

The Post Office The National Gallery

The Parole Board

Plus lots, lots more!

Documents

1-9 the Legal Framework