Legal Issues in Computing

Fcfe77e621641f86f3b89e0991cb9554?s=47 Ammar
June 07, 2014

Legal Issues in Computing

These notes don't contain everything and are not a substitute for solid revision and a balanced diet. Contains information of the following topics:

- Privacy
- Ethics
- Hacking
- Data Protection
- Freedom of Expression
- Freedom of Information
- Intellectual Property

========================================================================
These slides may or may not contain factual information. I can not be held responsible if these notes cause you to fail exams, injure yourself, or destroy your marriage. Use with care.
========================================================================

Fcfe77e621641f86f3b89e0991cb9554?s=128

Ammar

June 07, 2014
Tweet

Transcript

  1. Legal and Professional Issues in Computing Revision for people who

    didn’t go to lectures all semester. 1
  2. Privacy 2

  3. Context We share and exchange an unprecedented amount of data

    There’s no clear division between private and public life 3
  4. Article 8 Human Rights “Everyone has the right to respect

    for his private and family life, his home and correspondence.” EXCEPTIONS: National / Public Security Economic well-being Prevention of crime or disorder Protection of health / morals / rights and freedoms 4
  5. Opt In Allows the sharing & gathering of information Opt

    Out Forbids the sharing & gathering of information 5
  6. Regulation of Investigatory Powers Act (RIPA) [2000] Home Secretary can

    order the interception of external communications An ISP can not ever tell anyone it has been served with an interception warrant. If it does it can face 5 years of jail time. 6
  7. Ethics 7 The science of duty or the branch of

    knowledge that deals with moral obligations
  8. Points of View Utilitarian Looks forward to the consequences of

    actions. “The greatest happiness for the greatest number” Deontological Looks back to value systems and stresses duties. “This is what the law says”
 “This is what the bible says” 8
  9. Ethics and the Law Law is the state taking responsibility

    for some ethical matters and enforcing the rules.
 Boundaries between ethics and law are often unclear. 9
  10. TORT Defamation Civil Law Criminal Law 10

  11. Hacking 11

  12. The Law Computer Crime Offences committed through the use of

    a computer Cyber Crime Offences committed
 against a computer 12 VS
  13. Council of Europe Convention & Cybercrime (2001) Covers: Substantive computer

    crimes
 Government access to comms and data
 Trans-border Illegal Access (Article 2)
 Illegal Interception (Article 3)
 Data Interference (Article 4)
 System Interference (Article 5)
 Misuse of devices (Article 6)
 Computer Forgery (Article 7)
 Computer Fraud (Article 8)
 Child Porn (Article 9)
 Copyright Infringement (Article 10) 13
  14. Computer Misuse Act (1990) Section 1: Unauthorised access to computer

    material - Simple hacking. - 2 years in prison and/or max fine. Section 2: As (1) + intent to commit further offences - Stealing info / using it for blackmail. - 5 year in prison and/ or unlimited fine. Section 3: As (1) + doing pretty mean things to people. - Distributing viruses. Deletion. Fraud. Etc. - Max 10 years in prison and/or fine. 14
  15. Computer Misuse Act (1990) Max punishments amended by the Police

    Justice Act (2006). The Fraud Act (2007) covers phishing / spoofing. If an individual copies stolen data, they are liable under Computer Misuse act and the DPA. 15
  16. Hacking Terms 101 Interception
 Gaining unauthorised access Interruption
 Making something

    unavailable or unusable Modification
 Unauthorised tampering Fabrication
 Unauthorised creation of fake data 16
  17. Hacking Terms 101 Virus
 Attaches itself to and infects user

    files. They can replicate. 
 Worms
 Independent malicious programs. Can spread by themselves. Trojan Horse
 Looks legit. Performs malicious operations secretly.
 Network Scanners
 Check for vulnerabilities in your own system. 17
  18. Hacking Terms 101 Confidentiality
 Access only to authorised people Integrity


    Modification only by authorised people Availability
 Available to authorised people 18
  19. Methods of Defence Encryption
 Symmetric. Asymmetric. Man in the Middle.

    Trusted CA.
 
 Transport Layer Security (Handshaking)
 Snooping. Spoofing. DNS Spoofing. ARP Spoofing. 19
  20. SYN Sends a flood of TCP packets. The server sends

    back a TCP/SYN-ACK response, and waits for the send to reply. These half-open connections saturate the number of available connections. 20 Ping Sends echo requests immediately after receiving a reply to the last. Only a (sudo) can do this. Only works if the attacker has > bandwidth than the victim. ICMP packets use in / out bandwidth.
  21. Email Spoofing The email senders address and header is altered

    to appear as though the email came from a different source. This works because SMTP doesn’t provide authentication. 21
  22. Smurf Attack A misconfigured device allows packets to be sent

    to all the hosts on a particular network, via the broadcast address. The device effectively acts as an amplifier. The attacker uses ICMP Echo packets (Ping Flood). 22
  23. Security Tools Firewalls Filters traffic between networks (Packet // NAT)

    Intrusion Detection Systems Scan the host and alert admin to suspicious activity 23
  24. Data Protection Act 24

  25. Articles 1-8 Fair and lawful usage. Used for limited, stated

    purposes. Adequate, relevant and non-excessive. Kept up to date. Not kept for too long. Processed in accordance with rights. Securely held. Not transferred out of EU w/o protection. 25
  26. Individual Rights Request (in writing) whether they are processing any

    personal data, including a description of the data and the reason it’s being processed. A copy of all the data may also be requested, as well as information on how it was collected. 26 A FEE may be charged 40 DAYS to reply to requests
  27. Exemptions 1. Staff Payroll (don’t have to notify ICO) 2.

    If disclosure of data about other people is involved 3. Credit Reference Agencies 4. Disproportionate effort required to make a copy 5. Repeated or unreasonable requests 6. Criminal Justice and Taxation 7. Domestic Purposes 27
  28. Information Commissioners Office Enforce DPA, FoI and Electronic Communication Regulations.

    Prosecute offenders Issues guidance and codes of practice 28
  29. Half Way Point Grab yourself a sandwich, you’re almost done!

    29
  30. Freedom of Expression 30 Everyone has the right to Freedom

    of Expression. This includes holding opinions and the sharing information and ideas without interference.
  31. Protection First Amendment of the US Constitution (1791) Universal Declaration

    of Human Rights (1948) Article 19 European Convention on Human Rights (1950) Article 10 Human Rights Act (1998) Article 10 31
  32. Constraints Obscene Publications Act (1959, 1964) Protection of Children Act

    (1978) Official Secrets Act (1989) Computer Misuse Act (1990) Criminal Justice & Public Order Act (1994) Defamation Act (2013) 32
  33. Defamation Act (2013) Aiming to ensure there is a balance

    between FoE and the right to defend ones self. Have to show serious harm before suing for defamation. Increased protection to hosts of user-gen content. Add defence: ‘Responsible publication on matter of public interest’ 33
  34. Workplace Monitoring 34

  35. Employers have the legal right to monitoring employees. If the

    monitoring is justified, no consent is needed. 35 “
  36. Pros
 Prevent productivity loss
 Reduce legal liability
 Protect assets
 Minimise

    -ve publicity
 36 
 Cons
 Undermines trust
 Measure quantity over quality
 Invasion of privacy
 No distinction between work / private life
  37. Employers Should… Only collect relevant information Provide employees with notice,

    as well as avenues for appeal. Verify information before using it in evaluations. Make the data available to employees, as well as provide financial compensation if privacy rights are violated. Have a maximum data retention time. 37
  38. ACAS Discipline Principles Informal Action should be prioritised Full investigation

    before action is taken. Employees should know of the complaint & have opportunity to defend. Employees should be given copies of evidence before a meeting. Employees have the right to be accompanied by union / friends. No employee can be dismissed for a first breach of discipline. Employee has the right to appeal. 38
  39. Gross Misconduct (Grounds for dismissal) Theft / Fraud Bullying Property

    damage Insubordination Discrimination Serious Negligence Breach of H&S Breach of Confidence Use of drugs / alcohol Porn @ Work 39
  40. Gross Misconduct Procedure 1. Suspended from work on full pay

    (for < 5 days). 2. Investigate the claims. 3. If the business is satisfied the claim is true, it can dismiss without notice. 4. An appeal can be made within 5 days. 40
  41. Freedom of Information 41

  42. 3 Codes of Practice 1. Responding to requests for information

    2. Records Management
 Public Records Act (1958), Public Records NI Act (1923) 3. Obligations of public authorities
 Environmental Information Regulations Act (2004) 42
  43. Public Authorities Covered 43 Central & Local Government Non-departmental public

    bodies NHS Bodies Schools, colleges and universities NI Assembly Emergency Services House of Commons / Lords National Assembly of Wales
  44. Role of the ICO 1. Enforce Compliance 2. Promote good

    practice 3. Approve / Advise on publication schemes 4. Advise the public of their rights 5. Report to parliament 44
  45. Making a Request 1. Ask in writing (includes fax /

    email) 2. Give your name and address 3. Describe the information you want 45 
 You don’t have to live in the UK, be a British Citizen, or say why you want the information
  46. Responding to a Request 1. Within 20 working days 2.

    Can charge a fee 3. Must tell the requester if the data is held 4. Must give a reason if data is refused 5. Must tell the application they have the right to complain 46
  47. Exemptions National Security Law Enforcement Commercial Interests Personal Data Public

    Interest Test 47
  48. Appeals 1. Via authorities own complaints procedure 2. Information Commissioner

    3. Cabinet Minister can obtain an executive override for the authority 48
  49. Intellectual Property 49

  50. Patent Invention Design Right Aesthetic look Trademark Distinguishable graphical sign

    Confidential Trade secrets Copyright Fixed expression of an idea 50
  51. Copyright This deals with the expression of an idea -

    but not the idea itself. The expression must be original and have required labour, skill, and judgement. 51 15Y databases 25Y typographical arrangement 50Y sound recordings 70Y literature, art, drama, software
  52. Copyright Restricts… Making and issuing copies Renting or lending copies

    Performing / Showing / Playing Adaption
 Exemptions: Libraries, Private use, Schools for education 52
  53. Preventing Copies DRM
 Encryption
 Watermarks
 Intentional Mistakes EXEMPTIONS: Back-ups
 De-compilation


    Correcting Errors 53
  54. Copyright Designs and Patents Act (1988) Copying is allowed if:

    It’s incidental
 It is for the lawful use of work
 It’s for the purpose of transmission
 Has no independent economic significance
 
 This excludes programs and databases 54
  55. Databases Copyright Expire 15y after last investment was made. Infringement

    occurs when data is extracted / reused. 55
  56. You’re Done! Now go and have a beer. 56