IS3532 - Lecture 10 Legal Control of Computer Crime Information Management and Computer Security, 3,...
-
Upload
everett-rich -
Category
Documents
-
view
212 -
download
0
Transcript of IS3532 - Lecture 10 Legal Control of Computer Crime Information Management and Computer Security, 3,...
IS3532 - Lecture 10
Legal Control of Computer CrimeInformation Management and Computer
Security, 3, 2, 13-19, 1995
Introduction
Hacking and computer viruses - 2 of the
more fashionable activities under the
computer crime umbrella. In some countries they may not be
criminal acts due to the lack of legislation outlawing such activities.
This is particularly true in the Asia Pacific region.
Definitions No precise definition of computer crime,
but includes both criminal and antisocial activities, for example computer fraud, computer abuse and software piracy.
Computer Fraud - wilful misrepresentation with intent to gain
unlawfully or to cause others to lose.
Fraud - a means to another end
Computer Abuse - certain types of abusive misuse of
computer resources, viz. hacking (unauthorised use and access of computer resources), unauthorised modification of data, propagation of computer viruses,…
Abuse - an end in its own right Piracy -
unauthorised copying and distribution of proprietary software. - cf. Intellectual property law.
HK Govt Computer Crimes Ordinance established in April 1993.
New criminal offences involving use of computers
Unauthorised access/hacking ($20,000)
even just trying to log on. must be through telecommunications
(i.e. cannot be voice or retina activated) must be knowingly unauthorised, i.e. not
innocent/accidental if the accused does not “know” or
“believe” that the access is unauthorised, guilt is hard to prove
Tampering with Computers, Programs,
Data (10 years) causing a computer not to function normally altering or deleting any program or data held in any
form/medium adding any program/data to a computer or other
storage medium. Irrelevant whether or not the computer functions
better or worse as a result. Intention is a necessary condition here for
prosecution, i.e. not inadvertent or accidental modification
Defence?
Defence possible if accused believes s/he either had already been given permission to do the activities, or would have been given that permission if s/he asked for it and if the authorising person knew all the circumstances of the activities.
A genuine belief is enough, even if the belief seems unreasonable.
Other Aspects
Threatening to do an activity is illegal Possessing something with which to do
an illegal activity, e.g. possessing a virus-infected disk with the intent to copy data from the disk (even if the accused had no knowledge of the virus’ existence as this equates to recklessness).
Accessing a computer with the intent to commit further or subsequent crimes.
Even if the access is authorised, the intent to commit crimes is illegal. (5 years)
Trespassing with the intent to commit a crime with computers (14 years)
But trespass must be in a fixed and permanent structure, i.e. not a tent or portable toilet
A key problem in the IS security area is
that crimes are often not reported by management which fears losing its credibility with its customers and exposing internal IS security weaknesses.
Reporting and prosecution of such cases is essential if legal deterrents are to work. Such reporting should be incorporated into company policies, even if there is no legal obligation to make such reports.