Legal and Ethical Aspects Related to Data and Networks Security.
The Security problem in Data Transfer:-
1Fifty years ago few people had access to a computer system or network, thus securing them was a relatively easy matter. Fifty years ago, companies did not conduct business across the Internet. Online booking and shopping were only dreams in science fictions stories. Today however, millions of people perform online transactions everyday. There many ways to attack computer and networks to take advantage of what has made shopping, banking , transformation of messages, investments and leisure pursuits a simple matter of dragging and clicking for many people. Thus, the laws and ethics are important aspects in data and network security.
The legal system has adapted quite well to computer technology by reusing some old forms of legal protection (copyrights and patents) and creating laws where no adequate one existed (malicious access). Still the courts are not a perfect form of protection for computer, for two reasons, first court tends to be reactive instead of proactive. That is, we have to wait for regression to occur and then adjudicative it, rather than try to prevent it in first place. Second fixing a problem through the courts can be time consuming and more expensive. The latter characteristic prevents all but the wealthy from addressing most wealthy.
On other hand, 1ethics has not had to change , because ethic is more situational and personal than the law, for example the privacy of personal information becoming important part of computer network security and although technically this issue is just an aspect of confidentiality ,practically it has a long history in both law and ethics. Law and security are related in several ways. First international, national, state, city laws affect privacy, secrecy. These statutes often apply to the rights of individuals to keep personal matters private. Second law regulates the use of development, and ownership of data and programs. Patents, copy rights, and trade secrets are legal devices to protect the right of developers and owners of the information and data.
However he law does not always provide an adequate control, when computer systems are concerned the law slowly evolving because the issues are similar to but to the same as those are property rights.
Cryptography and Law
3Cyber-Crime :- Criminal activities or attacks in which computer and computer networks are tool , target, or place of criminal activity. Cybercrime categorize based on computer roles such as target, storage device and communication tool.
3Computers as targets: To get the information from the computer system or control the computer system without the authorization or payment or alter the interfaces or data in the particular system with use of server.
Computers as storage devices: Computers can be used to further unlawful activity by using a computer or a computer device as a passive storage medium. For example, the computer can be used to store stolen password lists, credit card details and proprietary corporate information.
Computers as communications tools: Many of the crimes falling within this category are simply traditional crimes that are committed online. Examples include the illegal sale of prescription drugs, controlled substances, alcohol, and guns; fraud; gambling; and child pornography.
3Other than these crimes there are more specific crimes in computer networks.
Illegal access: The access to the whole or any part of a computer system without right.
Illegal interception: The interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data.
Data interference: The damaging, deletion, deterioration, alteration or suppression of computer data without right.
System interference: The serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.
Computer-related forgery: The input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible.
Crime related to child pornography: Producing child pornography or distribution through a computer system and making available or distributing or transmitting child pornography through a computer system
3 The relative lack of success in bringing cyber-criminals to justice has led to an increase in their numbers, boldness, and the global scale of their operations. It is difficult to profile cybercriminals in the way that is often done with other types of repeat offenders.
The success of cybercriminals and the relative lack of success of law enforcement, influence the behavior of cybercrime victims. As with law enforcement, many organizations that may be the target of attack have not invested sufficiently in technical, physical, and human-factor resources to prevent attacks.
2The law is used regulate people for their own good and for the greater good of society. Cryptography also regulated activity, but the issues are little less clear-out in part because there is little open discussion of the object.
Some Example laws which are forced on cryptography
1) Control use of cryptography: Closely related to restrictions on content are restrictions on the use of cryptography imposed on users in certain countries. For examples, 2 In China, state council order 273 requires foreign organizations or individuals to apply permission to use encryption in China. Pakistan requires that all encryption hardware and software be inspected and approved by the Pakistan telecommunication authority.
2) Cryptography and Free speech: 2 Cryptography involve not just products, it involves ideas too, Although governments effectively control the flow of products across borders, controlling the floe ideas either head or on the internet, is also impossible.
3) Cryptography and Escrow: Although laws enable governments to read encrypted communications. 2 In 1996, US government offered to relax the export restriction for so called escrowed encryption, in which the government would able to obtain the encryption key for any encrypted communication.
3 The victory in use of law enforcement depends much more on technical skills of the people. Management needs to understand the criminal investigation process, the inputs that investigators need, and the ways in which the victim can contribute positively to the investigation.
3 There are three main types of intellectual property for which legal protection is available.
1) Copy rights: Copyright law protects the tangible or fixed expression of an idea, not the idea itself. Copy right properties exists when proposed work is original and creator has put original idea in concrete form and the copyright owner has these exclusive rights, protected against infringement such as reproduction right ,modification right ,distribution right , public?performance right ,public?display right.
2) Patents: A patent for an invention is the grant of a property right to the inventor. There are 3 types in patents:- utility (any new and useful process, machine, article of manufacture, or composition of matter), design (new, original, and ornamental design for an article of manufacture),plant( discovers and asexually reproduces any distinct and new variety of plant).
3) Trade-Marks: A trademark is a word, name, symbol or expression which used to identify the products or services in trade uniquely from others.. Trade mark rights used to prevent others from using a confusingly similar mark, but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark.
3Intellectual Property Relevant to Network and Computer Security
A number of forms of intellectual property are relevant in the context of network and computer security.
Software programs: software programs are protected by using copyright, perhaps patent .
Digital content: audio / video / media / web protected by copy right
Algorithms: algorithms may be able to protect by patenting
3Privacy Law and Regulation
An issue with considerable overlap with computer security is that of privacy. Concerns about the extent to which personal privacy has been and may be compromised have led to a variety of legal and technical approaches to reinforcing privacy rights.
A number of international organizations and national governments have introduced laws and regulations intended to protect individual privacy.
European Union Data Protection Directive was adopted in 1998 to ensure member states protect fundamental privacy rights when processing personal info and prevent member states from restricting the free flow of personal info within EU organized around principles of notice, consent, consistency, access, security, onward transfer and enforcement.
US Privacy Law have Privacy Act of 1974 which permits individuals to determine records kept, forbid records being used for other purposes ,obtain access to records ,ensures agencies properly collect, maintain, and use personal info and creates a private right of action for individuals.
Cryptography and Ethics
3There are many potential misuses and abuses of information and electronic communication that create privacy and security problems. Ethics refers to a system of moral principles that relates to the benefits and harms of particular actions
2 An ethic an objectively defined standard of right and wrong. Ethical standards are often idealistic principles because they focus on one objective. Even though religious group and professional organization promote certain standards of ethical behavior, ultimately each person is responsible for deciding what do in a specific situation.
Ethical issues related to computer and info systems
3Computers have become the primary repository of both personal information and negotiable assets, such as bank records, securities records, and other financial information.
• Repositories and processors of information: Unauthorized use of otherwise unused computer services or of information stored in computers raises questions of appropriateness or fairness.
• Producers of new forms and types of assets: For example, computer programs are entirely new types of assets, possibly not subject to the same concepts of ownership as other assets.
• Instruments of acts: To what degree must computer services and users of computers, data, and programs be responsible for the integrity and appropriateness of computer output?
• Symbols of intimidation and deception: The images of computers as thinking machines, absolute truth producers, infallible, subject to blame, and as anthropomorphic replacements of humans who err should be carefully considered.
Examining a case for Ethical issues in cryptography.
2 How can issue of ethical choice in computer security can be approached
1) Understand the situation:- Learn the facts of the situation. Ask Questions of interpretation and clarification. Attempt to find out whether any relevant forces have not been considered.
2) Know several theories of ethical reasoning:- To make an ethical choice , you have to know how those choices can be justified.
3) List the ethical principles involved:- What different philosophies could be applied in this case? Do any of these include others.
4) Determine which principles outweigh others:- This subjective evaluation. It often involves extending a principle to logical conclusion or determining cases in which are principle clearly supersedes another.
Too often people judge a situation on in complete information, a practice that leads to judgments based on prejudice, suspicion or misinformation 2.
1 Wm.Arthur Conclin, Gregory B.White, Chuck Cothren, Dwayne Williams, Roger L.Davis,
Principles of Computer Security (Security+ and beyond)(International Edition)
Information Assurance & Security Series
2 Charles P.Pfleeger,Shari Lawrence Pfleeger, Deven W.Shah ,Security in Computing
(4th Edition ) Forward by Willis H.Ware
3 William Stalling ,Cryptography and Network Security (5th Edition)
online: Available: https://wanguolin.github.io/assets/cryptography_and_network_security