1 / 22

Legal Aspects of Computer System Security

Legal Aspects of Computer System Security. “Security - Protecting Our Resources”. Presentation Contents. Introduction Current Legislation Overview Data Protection Act 1998 Criminal Damage Act 1991 Criminal Evidence Act 1992 Sources, References and Disclaimer. Introduction.

erling
Download Presentation

Legal Aspects of Computer System Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Legal Aspects of Computer System Security “Security - Protecting Our Resources”

  2. Presentation Contents • Introduction • Current Legislation • Overview • Data Protection Act 1998 • Criminal Damage Act 1991 • Criminal Evidence Act 1992 • Sources, References and Disclaimer Legal Aspects of Computer System Security

  3. Introduction • IT rapidly integrating into society • International context - US and EU influences • IT law invades on “traditional” turf • Lack of clear definition - good or bad? • Specific and Regular crime Legal Aspects of Computer System Security

  4. Current Legislation - Overview • Data Protection Act 1998 • control personal information • regulate data processing • Criminal Damage Act 1991 • actual or threatened damage to property • unauthorised access to computers • possession with intent to damage property • Criminal Evidence Act 1992 • regulate admissibility of computerised records into evidence Legal Aspects of Computer System Security

  5. Data Protection Act 1998 • Background and Origin • Definitions and Provisions • Data Protection Crimes • The Data Protection Commissioner Legal Aspects of Computer System Security

  6. DPA - Origins • “designed to provide adequate safeguards to individuals against any abuse of their privacy arising from the automatic processing of personal data concerning them” • Based on principles of Strasbourg Convention Legal Aspects of Computer System Security

  7. DPA - Definitions • Personal Data: data relating to a living individual who can be identified either from the data or from the data in conjunction with other information in the possession of the data controller. • Data subject: person who is the subject of personal data. • Data Controller: person who controls contents and use of personal data. • Data Processing: automatic logical operations on data including extraction of constituent data. • Data: information in a form which can be processed. Legal Aspects of Computer System Security

  8. DPA - Provisions • Computerised files only • Personal Data only • Exceptions • security of the State • must be available by law/court order • kept by individual for family affairs/recreational purposes • required urgently to prevent injury or serious loss/damage • held or processed outside the State Legal Aspects of Computer System Security

  9. DPA - Provisions IIRequirements of a Data Controller • Information obtained and processed fairly/lawfully • Information is accurate and current • Kept for only 1 or more specified purposes • Not used or disclosed except for specified purpose • Relevant and limited to purpose • Not kept longer than required • Security against unauthorised access Legal Aspects of Computer System Security

  10. DPA - Provisions IIIRights of a Data Subject • Establish the existence of data • Access to data • Correct and/or erase data Legal Aspects of Computer System Security

  11. DPA - Crimes • Data processor knowingly disclosing personal information without consent of data controller. • Any person disclosing personal data to a third party without consent of the data controller. • “a data subject whose data has been attacked or copied by a hacker [may] take a civil action against the data controller. There is clearly a premium, therefore, on each data controller taking all reasonable care in relation to personal data (s)he holds.” Legal Aspects of Computer System Security

  12. Data Protection Commissioner • Enforcement Notice • Information Notice • Prohibition Notice • Prosecution • Prepare Codes of Practice • Produce Annual Report • International Assistance • Maintain Data Protection Register Legal Aspects of Computer System Security

  13. Criminal Damage Act 1991 • General Points • Offences under the Act • Interesting Provisions • Proof and Defences Legal Aspects of Computer System Security

  14. CDA - General Points • Defining criminal activity is difficult • Evidence is hard to produce • Legal counsel is invaluable • Legal notion of “property” extended to include data • No definition of “computer” • Computer areas are untested • Damage of data: add to, alter, corrupt, erase or move or any act that contributes to the above. Legal Aspects of Computer System Security

  15. CDA - OffencesDamage to Property • “a person who without lawful excuse damages any property…shall be guilty of an offence” • Accidental/coincidental damage • Recklessness • Damage must be intentional • Specifically outlaws • damage to property which endangers life • damage to property with intent to defraud • Data damaged within the State by persons outside Legal Aspects of Computer System Security

  16. CDA - Offences IIThreatening to Damage to Property • “a person who without lawful excuse make to another a threat intending that that other would fear it would be committed” • Inability to carry-out threat is not a defence Legal Aspects of Computer System Security

  17. CDA - Offences IIIPossession of Anything with intent to Damage Property • “a person who has anything is his custody or under his control intending without lawful excuse to use it…to damage property” • Intentionally broad • Intent to damage Legal Aspects of Computer System Security

  18. CDA - Offences IIIUnauthorised Access to Data • Computer specific • “any person who without lawful excuse operates a computer…with intent to access data…whether or not he access any data…shall be guilty of an offence” • Is all activity criminal? Legal Aspects of Computer System Security

  19. CDA - Interesting Provisions • Wide-ranging powers of arrest • Signs of lack Garda know-how • Compensation Order Legal Aspects of Computer System Security

  20. Criminal Evidence Act 1992 • Hearsay or Real Evidence • Record generated in the normal course of business, without intervention of humans provided machine is reliable. • Assumed to be working correctly - Good or bad? Legal Aspects of Computer System Security

  21. “Information Technology Law in Ireland” Denis Kelleher & Karen Murray. Butterworth Ireland, 1997. http://www.ncirl.ie/itlaw/ Government Publications Sales Office The Irish Times http://www.ireland.com/ The Journal of Information, Law and Technology (JILT) http://elj.warwick.ac.uk/jilt/ CERT http://www.cert.org/ Sources and Reference Legal Aspects of Computer System Security

  22. Inevitable Disclaimer I am not a lawyer! Although I believe this to be accurate don’t base a life or death decision on it! This does not necessarily represent UCD’s views. Legal Aspects of Computer System Security

More Related