Legalities of ICT Chapter 7 Law and Legislation Introduction • When computers became popular activities took place that could be considered criminal. • However, despite proof of the activity it was hard to prosecute people as there was no law that said you couldn’t do it. • And then the 3 big laws were created in the UK: – Data Protection Act 1984 (updated in 1998) – Copyright, Design and Patents Act 1989 – Computer Misuse Act 1990 This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here. Data Protection Act • Gives rights to data subjects (i.e. people who have data stored about them on a computer) • Information is collected about people for a large number of things. • It is important that information is kept private and is only used for its intended purposes. • Organisations must register with the Data Protection Commissioner if they want to store information about people. They must explain the following: – – – – Who they are What data they want to collect What they will do with the data Say who will have access to the data Data Protection Act • The act was updated in 1998 to bring it up to data with European legislation and to include other security measures e.g. sending information over the internet. • It also follows 8 principles. – These can be found in room 9 on the display wall. 8 DPA Principles 1. Personal Data must be processed fairly and lawfully. 2. Personal data shall be obtained only for one or more specified and lawful purposes. 3. Personal data shall be adequate, relevant and not excessive. 4. Personal data shall be accurate and, where necessary, kept up-to-date. 5. Personal data shall not be kept for longer than is necessary. 6. Personal data shall be processed in accordance with the rights of the data subjects. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental lost. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection. Disadvantages of the DPA • It is argued that it is difficult to enforce. • How do we know if a company is registered to the Data Protection Commission? There are so many shops that could store information about us its hard to keep track of them all. • It is an extra expense for an organisation – someone has to be employed to make sure that the organisation isn’t breaking any laws. • The last principle is hard to enforce because its difficult to track if someone has accessed a web database from another country. • As a result conviction rates are low. – Either means companies are well behaved or… – They are breaking the law but we haven’t been able to prove it yet. SPAM • From August 2003 it became illegal to send unsolicited emails to people. – I.e. SPAM • People should only receive emails IF they accept to do so. • But how many people are paying attention to these laws…think about how many SPAM messages you get every day. • SPAM contributes the large proportion of internet traffic on the web…there is THAT much of it. Cookies • Cookies are used to keep track of activities on a webpage – E.g. will keep a track of what is in your shopping basket. • Some cookies have been designed to keep a track of your online activities. • These cookies then send information to marketing companies who sell the information to organisations. • Websites that use cookies should clearly notify that they are doing so. This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here. Computer Misuse Act • Specifically designed to control hackers and the illegal access to files. • Hackers used to be almost tolerated…like a cheeky child. Then people realised that it could pose a serious threat to data and national security. • The act does 3 things: – It is illegal to access files that you have no right to access. – It is illegal to access files for use for more serious crimes such as fraud and blackmail. – It is illegal to change any data that does not belong to you. • Includes planting viruses and deleting files. This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here. Copyright, Designs and Patents Act • Designed to prevent illegal copying of data. – People who create something (from music to art to text own intellectual rights to their work and own a copyright immediately) • It requires people to have to ask permission to use data that doesn’t belong to them. • The owner can: – – – – Give permission freely Give permission with conditions of use Give permission providing it is paid for Refuse permission European directives • There are European directives that are designed to protect people’s data when being sent and received across Europe. • It aims to resolve to problems with countries trying to impose their laws on other countries. • The directives are 95/45/EC (2000) and 97/66/EC. This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here. Regulation of Investigatory Powers Act • People and organisations have been able to ‘snoop’ and intercept communications between people for many years. • People used hold up stage coaches full of letters…but times have changed a little since then…technology is a little more advanced! • The problem was people used to abuse the technologies which allowed them to monitor communications. Regulation of Investigatory Powers Act • After a huge legal battle (Malone vs UK) it was decided that in order to monitor communications you need lawful authority. • To be lawful, ‘the interception has to be by or with the consent of a person carrying on a business, and using that business’s own telecommunications system. Regulation of Investigatory Powers Act • Basically, organisations are allowed to monitor communications: – In the interest of national security – To prevent or detect crimes – To prevent or detect unauthorised use of telecommunication systems – And more…(do a little research) • In some cases they can monitor but not record: – Received communications to see if they are personal or business. – Communications made to anonymous help lines. This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here. Electronics Communications Act • Being one of the leading countries dealing with E-Commerce, the British Government wanted to establish a legal framework which helped encourage the growth of Ecommerce which was based on trust. • The idea was that people could be sure of the origin and integrity of communications. • It also allowed for digital signatures to be accepted and held in the same regard as paper based signatures. Electronics Communications Act • The legislation is in two main parts: – Cryptography service providers • This allows the government to set up a register of approved cryptography suppliers. – Facilitation of electronic commerce, data storage • This recognises digital signatures, which are now admissible in law. Electronics Communications Act • So what is good about it? – Possible to sign contracts over the internet which are just as legally binding as paper based contracts. – E-commerce purchases are safer as a contract is legally backed up. • What is bad then? – Some contracts still need to be witnessed (buying a house for example). – There will always be a security risk – the first digital signature by a cabinet minister was hacked within 24 hours! This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here. Freedom of Information Act • This act allows people to find out any public information within the public authority. • All that is required is for you to send a request, detailing your name, address and the information you want, to the public authority that you think holds the information. • The public authority has 20 working days to comply with your request! Freedom of Information Act • One of the biggest benefits of this act is that information that was not previously made available is now available! • It now means that public authorities can not hide information from those who it concerns. • However, not all information has to be passed to you. Some information may be deemed exempt for different reasons (for example, security). • Also, a public authority can also deny the request if the cost of collating the information exceeds an appropriate limit. This presentation covers the following: Data Protection Act Computer Misuse Act Copyright, Designs and Patents Act Regulation of Investigatory Powers Act Electronic Communications Act Freedom of Information Act Click on a link to go to that section. The specification expects you to keep up to date with any changes that take place. Make sure you check the news regularly and government websites. You can also find more information by clicking here.