Thursday, October 22, 2009

LEC 10:: Legal and Ethical Issues in Computer Security

Introduction
Legal and Ethical
Categories of law
Differences between
legal and Ethic
Ethics concept in Information Security
Protecting programs and Data
Information and Law


Objectives of Understanding Legal Section
Therefore, there are three motivations for studying the legal section
to know what protection the law provides for computers and data;

to appreciate laws that protect the rights of others with respect to computers, programs, and data; and

to understand existing laws as a basis for recommending new laws to protect computers, data, and people.
::->There are three common used ways to provide protections by laws:
@Copyright
Copyright gives the author/programmer exclusive right to make copies of the expression and sell them to the public. That is, only the author can sell copies of the author’s book (except, of course, for booksellers or others working as the agents of the author).
Copyrights for Computer Works
The algorithm is the idea, and the statements of the programming language are the expression of the idea.

Therefore, protection is allowed for the program statements themselves, but not for the design: copying the code intact is prohibited, but reimplementing the algorithm is permitted.

Examples of Copyrights
A second problem with the copyright protection for computer works is the requirement that the work be published.

A program may be published by distributing copies of its object code, for example on a disk. However, if the source code is not distributed, it has not been published.

An alleged infringer cannot have violated a copyright on source code if the source code was never published.

A copyright controls the right to copy and distribute; it is not clear that allowing distributed access is a form of distribution in distributed system.

@Patent
Patents are unlike copyrights in that they protect inventions, not works of the mind.
The distinction between patents and copyrights is that patents were intended to apply to the results of science, technology, and engineering, whereas copyrights were meant to cover works in the arts, literature, and written scholarship.
The patents law excludes newly discovered laws of nature … [and] mental processes.
Computer Objects
The patent has not encouraged patents of computer software.
For a long time, computer programs were seen as the representation of an algorithm was a fact of nature, which is not subject to patent.
There was a case on a request to patent a process for converting decimal numbers into binary. The Supreme Court rejected the claim, saying it seemed to attempt to patent an abstract idea, in short, an algorithm. But the underlying algorithm is precisely what most software developers would like to protect.

@Trade Secret
A trade secret is information that gives one company a competitive edge over others. For example, the formula for a soft drink is a trade secret, as is a mailing list of customers, or information about a product due to be announced in a few months.

The distinguishing characteristic of a trade secret is that it must always be kept secret. The owner must take precautions to protect the secret, such as storing it in a safe, encrypting it in a computer file, or making employees sign a statement that they will not disclose the secret.
Trade secret protection applies very well to computer software.

The underlying algorithm of a computer program is novel, but its novelty depends on nobody else’s knowing it.

Trade secret protection allows distribution of the result of a secret (the executable program) while still keeping the program design hidden.
Trade secret protection does not cover copying a product (specifically a computer program), so that it cannot protect against a pirate who sells copies of someone else’s program without permission.

However, trade secret protection makes it illegal to steal a secret algorithm and use it in another product.


Why Computer Crime is Hard to Define?
Understanding
*Neither courts, lawyers, police agents, nor jurors necessarily understand computers.

Fingerprints
*Polices and courts for years depended on tangible evidence, such as fingerprints. But with many computer crimes there simply are no fingerprints, no physical clues.
Form of Assets
*We know what cash is, or diamonds, or even negotiable securities. But are 20 invisible magnetic spots really equivalent to a million dollars?

Juveniles
*Many computer crimes involve juveniles. Society understands immaturity and can treat even very serious crimes by juveniles as being done with less understanding than when the same crime is committed by an adult.

Type of Crimes Committed
Telecommunications Fraud
*It is defined as avoiding paying telephone charges by misrepresentation as a legitimate user.

Embezzlement
*It involves using the computer to steal or divert funds illegally.

Hacking
*It denotes a compulsive programmer or user who explores, tests, and pushes computers and communications system to their limits - often illegal activities.

Automatic Teller Machine Fraud
*It involves using an ATM machine for a fraudulent activity - faking deposits, erasing withdrawals, diverting funds from another person’s account through stolen PIN numbers.

Records Tampering
*It involves the alteration, loss, or destruction of computerised records.

Acts of Disgruntled Employees
*They often use a computer for revenge against their employer.

Child Pornography and Abuse
*They are illegal or inappropriate arts of a sexual nature committed with a minor or child, such as photographing or videotaping.

Drug Crimes
*Drug dealers use computers to communicate anonymously with each other and to keep records of drug deals.

Organised Crime
*For all kinds of crime, the computer system may be used as their tools.


Summary

Firstly, the legal mechanisms of copyright, patent, and trade secret were presented as means to protect the secrecy of computer hardware, software and data.

However, these mechanisms were designed before the invention of computer, so their applicability to computing needs is somewhat limited.

Meanwhile, program protection is especially desired, and software companies are pressing the courts to extend the interpretation of these means of protection to include computers.

Secondly, relationship between employers and employees, in the context of writers of software. Well-established laws and precedents control the acceptable access an employee has to software written for a company

Thirdly, some difficulties of in prosecuting computer crime. In general, the courts have not yet granted computers, software, and data appropriate status considering value of assets and seriousness of crime. The legal system is moving cautiously in its acceptance of computers.

What are Ethics?
Society relies on ethics or morals to prescribe generally accepted standards of proper behaviour.

An ethic is an objectively defined standard of right and wrong within a group of individuals.

These ethics may influence by religious believe. Therefore, through choices, each person defines a personal set of ethical practices.

A set of ethical principles is called and ethical system.

Differences of The Law and Ethics
Firstly, laws apply to every one, even you do not agree with the laws. However, you are forced to respect and obey the laws.

Secondly, there is a regular process through the courts for determining which law supersedes which if two laws conflict.

Thirdly, the laws and the courts identify certain actions as right and others as wrong. From a legal standpoint, anything that is not illegal is right.

Finally, laws can be enforced, and there are ways to rectify wrongs done by unlawful behaviour.

Contrast of Law Versus Ethics

0 comments: