01 - Legalities of ICT

advertisement
Legalities of ICT
Chapter 7
Law and Legislation Introduction
• When computers became popular activities took
place that could be considered criminal.
• However, despite proof of the activity it was hard to
prosecute people as there was no law that said you
couldn’t do it.
• And then the 3 big laws were created in the UK:
– Data Protection Act 1984 (updated in 1998)
– Copyright, Design and Patents Act 1989
– Computer Misuse Act 1990
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Data Protection Act
• Gives rights to data subjects (i.e. people who have data stored about them
on a computer)
• Information is collected about people for a large number of things.
• It is important that information is kept private and is only used for its
intended purposes.
• Organisations must register with the Data Protection Commissioner if
they want to store information about people. They must explain the
following:
–
–
–
–
Who they are
What data they want to collect
What they will do with the data
Say who will have access to the data
Data Protection Act
• The act was updated in 1998 to bring it up to
data with European legislation and to include
other security measures e.g. sending
information over the internet.
• It also follows 8 principles.
– These can be found in room 9 on the display wall.
8 DPA Principles
1.
Personal Data must be processed fairly and lawfully.
2.
Personal data shall be obtained only for one or more specified and lawful purposes.
3.
Personal data shall be adequate, relevant and not excessive.
4.
Personal data shall be accurate and, where necessary, kept up-to-date.
5.
Personal data shall not be kept for longer than is necessary.
6.
Personal data shall be processed in accordance with the rights of the data subjects.
7.
Appropriate technical and organisational measures shall be taken against unauthorised or
unlawful processing of personal data and against accidental lost.
8.
Personal data shall not be transferred to a country or territory outside the European
Economic Area, unless that country or territory ensures an adequate level of protection.
Disadvantages of the DPA
• It is argued that it is difficult to enforce.
• How do we know if a company is registered to the Data Protection
Commission? There are so many shops that could store information
about us its hard to keep track of them all.
• It is an extra expense for an organisation – someone has to be employed
to make sure that the organisation isn’t breaking any laws.
• The last principle is hard to enforce because its difficult to track if
someone has accessed a web database from another country.
• As a result conviction rates are low.
– Either means companies are well behaved or…
– They are breaking the law but we haven’t been able to prove it yet.
SPAM
• From August 2003 it became illegal to send unsolicited emails
to people.
– I.e. SPAM
• People should only receive emails IF they accept to do so.
• But how many people are paying attention to these
laws…think about how many SPAM messages you get every
day.
• SPAM contributes the large proportion of internet traffic on
the web…there is THAT much of it.
Cookies
• Cookies are used to keep track of activities on a webpage
– E.g. will keep a track of what is in your shopping basket.
• Some cookies have been designed to keep a track of your
online activities.
• These cookies then send information to marketing companies
who sell the information to organisations.
• Websites that use cookies should clearly notify that they are
doing so.
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Computer Misuse Act
• Specifically designed to control hackers and the illegal access
to files.
• Hackers used to be almost tolerated…like a cheeky child.
Then people realised that it could pose a serious threat to
data and national security.
• The act does 3 things:
– It is illegal to access files that you have no right to access.
– It is illegal to access files for use for more serious crimes such as fraud
and blackmail.
– It is illegal to change any data that does not belong to you.
• Includes planting viruses and deleting files.
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Copyright, Designs and Patents Act
• Designed to prevent illegal copying of data.
– People who create something (from music to art to text own
intellectual rights to their work and own a copyright immediately)
• It requires people to have to ask permission to use data that
doesn’t belong to them.
• The owner can:
–
–
–
–
Give permission freely
Give permission with conditions of use
Give permission providing it is paid for
Refuse permission
European directives
• There are European directives that are
designed to protect people’s data when being
sent and received across Europe.
• It aims to resolve to problems with countries
trying to impose their laws on other countries.
• The directives are 95/45/EC (2000) and
97/66/EC.
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Regulation of Investigatory Powers Act
• People and organisations have been able to ‘snoop’
and intercept communications between people for
many years.
• People used hold up stage coaches full of
letters…but times have changed a little since
then…technology is a little more advanced!
• The problem was people used to abuse the
technologies which allowed them to monitor
communications.
Regulation of Investigatory Powers Act
• After a huge legal battle (Malone vs UK) it was
decided that in order to monitor
communications you need lawful authority.
• To be lawful, ‘the interception has to be by or
with the consent of a person carrying on a
business, and using that business’s own
telecommunications system.
Regulation of Investigatory Powers Act
• Basically, organisations are allowed to monitor
communications:
– In the interest of national security
– To prevent or detect crimes
– To prevent or detect unauthorised use of
telecommunication systems
– And more…(do a little research)
• In some cases they can monitor but not record:
– Received communications to see if they are personal or
business.
– Communications made to anonymous help lines.
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Electronics Communications Act
• Being one of the leading countries dealing with E-Commerce,
the British Government wanted to establish a legal
framework which helped encourage the growth of Ecommerce which was based on trust.
• The idea was that people could be sure of the origin and
integrity of communications.
• It also allowed for digital signatures to be accepted and held
in the same regard as paper based signatures.
Electronics Communications Act
• The legislation is in two main parts:
– Cryptography service providers
• This allows the government to set up a register of
approved cryptography suppliers.
– Facilitation of electronic commerce, data storage
• This recognises digital signatures, which are now
admissible in law.
Electronics Communications Act
• So what is good about it?
– Possible to sign contracts over the internet which are
just as legally binding as paper based contracts.
– E-commerce purchases are safer as a contract is
legally backed up.
• What is bad then?
– Some contracts still need to be witnessed (buying a
house for example).
– There will always be a security risk – the first digital
signature by a cabinet minister was hacked within 24
hours!
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Freedom of Information Act
• This act allows people to find out any public
information within the public authority.
• All that is required is for you to send a request,
detailing your name, address and the information
you want, to the public authority that you think
holds the information.
• The public authority has 20 working days to
comply with your request!
Freedom of Information Act
• One of the biggest benefits of this act is that information
that was not previously made available is now available!
• It now means that public authorities can not hide
information from those who it concerns.
• However, not all information has to be passed to you.
Some information may be deemed exempt for different
reasons (for example, security).
• Also, a public authority can also deny the request if the
cost of collating the information exceeds an appropriate
limit.
This presentation covers the following:
Data Protection Act
Computer Misuse Act
Copyright, Designs and
Patents Act
Regulation of
Investigatory Powers
Act
Electronic
Communications Act
Freedom of
Information Act
Click on a link to go to that section.
The specification expects you to keep up to date with any changes that take place. Make sure you
check the news regularly and government websites.
You can also find more information by clicking here.
Download