Legal Aspects of Computer System Security “Security - Protecting Our Resources”
-
Upload
wendy-randall -
Category
Documents
-
view
217 -
download
1
Transcript of Legal Aspects of Computer System Security “Security - Protecting Our Resources”
![Page 1: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/1.jpg)
Legal Aspects of Computer System Security
“Security - Protecting Our Resources”
![Page 2: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/2.jpg)
Legal Aspects of Computer System Security
Presentation Contents
• Introduction• Current Legislation
– Overview– Data Protection Act 1998– Criminal Damage Act 1991– Criminal Evidence Act 1992
• Sources, References and Disclaimer
![Page 3: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/3.jpg)
Legal Aspects of Computer System Security
Introduction
• IT rapidly integrating into society
• International context - US and EU influences
• IT law invades on “traditional” turf
• Lack of clear definition - good or bad?
• Specific and Regular crime
![Page 4: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/4.jpg)
Legal Aspects of Computer System Security
Current Legislation - Overview
• Data Protection Act 1998– control personal information
– regulate data processing
• Criminal Damage Act 1991– actual or threatened damage to property
– unauthorised access to computers
– possession with intent to damage property
• Criminal Evidence Act 1992– regulate admissibility of computerised records into
evidence
![Page 5: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/5.jpg)
Legal Aspects of Computer System Security
Data Protection Act 1998
• Background and Origin
• Definitions and Provisions
• Data Protection Crimes
• The Data Protection Commissioner
![Page 6: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/6.jpg)
Legal Aspects of Computer System Security
DPA - Origins
• “designed to provide adequate safeguards to individuals against any abuse of their privacy arising from the automatic processing of personal data concerning them”
• Based on principles of Strasbourg Convention
![Page 7: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/7.jpg)
Legal Aspects of Computer System Security
DPA - Definitions
• Personal Data: data relating to a living individual who
can be identified either from the data or from the data in
conjunction with other information in the possession of the
data controller.
• Data subject: person who is the subject of personal data.
• Data Controller: person who controls contents and use
of personal data.
• Data Processing: automatic logical operations on data
including extraction of constituent data.
• Data: information in a form which can be processed.
![Page 8: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/8.jpg)
Legal Aspects of Computer System Security
DPA - Provisions
• Computerised files only
• Personal Data only
• Exceptions– security of the State
– must be available by law/court order
– kept by individual for family affairs/recreational purposes
– required urgently to prevent injury or serious
loss/damage
– held or processed outside the State
![Page 9: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/9.jpg)
Legal Aspects of Computer System Security
DPA - Provisions IIRequirements of a Data Controller
• Information obtained and processed fairly/lawfully
• Information is accurate and current
• Kept for only 1 or more specified purposes
• Not used or disclosed except for specified purpose
• Relevant and limited to purpose
• Not kept longer than required
• Security against unauthorised access
![Page 10: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/10.jpg)
Legal Aspects of Computer System Security
DPA - Provisions IIIRights of a Data Subject
• Establish the existence of data
• Access to data
• Correct and/or erase data
![Page 11: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/11.jpg)
Legal Aspects of Computer System Security
DPA - Crimes
• Data processor knowingly disclosing personal
information without consent of data controller.
• Any person disclosing personal data to a third
party without consent of the data controller.
• “a data subject whose data has been attacked or
copied by a hacker [may] take a civil action against the
data controller. There is clearly a premium, therefore,
on each data controller taking all reasonable care in
relation to personal data (s)he holds.”
![Page 12: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/12.jpg)
Legal Aspects of Computer System Security
Data Protection Commissioner
• Enforcement Notice
• Information Notice
• Prohibition Notice
• Prosecution
• Prepare Codes of Practice
• Produce Annual Report
• International Assistance
• Maintain Data Protection Register
![Page 13: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/13.jpg)
Legal Aspects of Computer System Security
Criminal Damage Act 1991
• General Points
• Offences under the Act
• Interesting Provisions
• Proof and Defences
![Page 14: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/14.jpg)
Legal Aspects of Computer System Security
CDA - General Points
• Defining criminal activity is difficult
• Evidence is hard to produce
• Legal counsel is invaluable
• Legal notion of “property” extended to include data
• No definition of “computer”
• Computer areas are untested
• Damage of data: add to, alter, corrupt, erase or move or any act that contributes to the above.
![Page 15: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/15.jpg)
Legal Aspects of Computer System Security
CDA - OffencesDamage to Property
• “a person who without lawful excuse damages any property…shall be guilty of an offence”
• Accidental/coincidental damage
• Recklessness
• Damage must be intentional
• Specifically outlaws– damage to property which endangers life
– damage to property with intent to defraud
• Data damaged within the State by persons outside
![Page 16: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/16.jpg)
Legal Aspects of Computer System Security
CDA - Offences IIThreatening to Damage to Property
• “a person who without lawful excuse make to another a threat intending that that other would fear it would be committed”
• Inability to carry-out threat is not a defence
![Page 17: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/17.jpg)
Legal Aspects of Computer System Security
CDA - Offences IIIPossession of Anything with intent to Damage
Property
• “a person who has anything is his custody or under his control intending without lawful excuse to use it…to damage property”
• Intentionally broad
• Intent to damage
![Page 18: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/18.jpg)
Legal Aspects of Computer System Security
CDA - Offences IIIUnauthorised Access to Data
• Computer specific
• “any person who without lawful excuse operates a computer…with intent to access data…whether or not he access any data…shall be guilty of an offence”
• Is all activity criminal?
![Page 19: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/19.jpg)
Legal Aspects of Computer System Security
CDA - Interesting Provisions
• Wide-ranging powers of arrest
• Signs of lack Garda know-how
• Compensation Order
![Page 20: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/20.jpg)
Legal Aspects of Computer System Security
Criminal Evidence Act 1992
• Hearsay or Real Evidence
• Record generated in the normal course of business, without intervention of humans provided machine is reliable.
• Assumed to be working correctly - Good or bad?
![Page 21: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/21.jpg)
Legal Aspects of Computer System Security
Sources and Reference
• “Information Technology Law in Ireland”
Denis Kelleher & Karen Murray.
Butterworth Ireland, 1997.http://www.ncirl.ie/itlaw/
• Government Publications Sales Office
• The Irish Timeshttp://www.ireland.com/
• The Journal of Information, Law and Technology (JILT)
http://elj.warwick.ac.uk/jilt/
• CERThttp://www.cert.org/
![Page 22: Legal Aspects of Computer System Security “Security - Protecting Our Resources”](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649ddf5503460f94ad8736/html5/thumbnails/22.jpg)
Legal Aspects of Computer System Security
Inevitable Disclaimer
I am not a lawyer!
Although I believe thisto be accurate don’tbase a life or deathdecision on it!
This does not necessarily
represent UCD’s views.