Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

The Legal Framework - Computing and ICT in a Nutshell

advertisement 
1.9 The Legal Framework
In this section you must be able to:
• Describe the provisions of the Computer
Misuse Act.
• Describe the principles of software
copyright and licensing agreements.
• Recall the nature, purpose and provisions
of the current data protection legislation –
rights, duties, exemptions, etc.
New Crimes Made Possible by ICT
New technology has created opportunities for crime:
• Software piracy (copying software illegally to sell)
• Hacking (unauthorised access to computer
systems)
• Creation and distribution of viruses
• Distributing pornographic and other obscene
material
• Fraudulent trading
• Credit card fraud
• Terrorist activity and blackmail
Abuse of ICT
There are also opportunities for the abuse of ICT:
• Sending unsolicited e-mails (now an offence in some
countries)
• Creating inappropriate or misleading web-sites
• Registering a domain that might appear to belong to
someone else – “cyber-squatting”
Inappropriate use of ICT is not necessarily illegal.
It’s important to distinguish between:
• Unethical use of ICT – i.e. morally questionable
• Criminal activity – i.e. an offence under the various
laws covering use of ICT
Where do Laws Come From?
There are three sources of law:
• Case law – i.e. judges’ rulings in court cases
• Acts of Parliament – e.g. Data Protection Act
• European laws & directives – e.g. VDU use
Laws change for many reasons:
• Social and political pressure – e.g. dangerous dogs
• Reaction to specific cases – e.g. Gold & Shiffreen
• Combinations and clarifications of previous laws
• To close loopholes – e.g. “making off” and hacking
Laws Affecting ICT
There are various laws covering use of ICT
• Computer Misuse Act 1990
• Data Protection Act 1984 & 1998
• Copyright, Designs and Patents Act 1988
• European VDU & health directive 1992
Plus, more general guidelines such as:
• Health and Safety legislation
• Offices, Shops and Railways Act 1963
• Contract law – shink-wrap agreement controversy!
Plus what about things such as professional advice given by a
computer?
Computer Misuse Act
• In 1988 two teenagers “hacked” the Duke of
Edinburgh’s e-mail account and changed a
message
• They were taken to court, but hadn’t actually
committed an offence (there was no theft and
no fraud committed)
• People also started getting worried about
viruses, which had started to appear in 1986
• In response, the government introduced the
Computer Misuse Act in 1990
Computer Misuse Act
Under the CMA there are three offences:
• Unauthorised access to computer programs or
data
• Unauthorised access with further criminal intent
• Unauthorised modification of computer material
(programs or data)
However…
• Unauthorised access can be difficult to detect
• The first people to be prosecuted (in 1997) were
caught when boasting about their crime!
Computer Misuse Act
The CMA therefore protects us against:
• Hacking
• Theft and Fraud
• “Logic Bombs”
• “Denial of Service” attacks
• Viruses could commit offences at different levels
depending on the payload:
– Some display harmless messages
– Some are deliberately malicious
– Some are unintentionally dangerous
Other Measures to Prevent Misuse
Other steps can be taken to prevent misuse.
• JavaScript, for example, was created with
computer misuse in mind and was designed to
prevent it being used to create viruses:
– JavaScript cannot write directly to discs (other
than cookies) and so cannot delete or change
any files
– There is no direct access to memory or to other
hardware
Copyright and Patent
• Patents cover the ideas and concepts on which
products or services operate:
– You can only patent software that performs a
technical function – e.g. an encryption algorithm
– You can’t patent software that performs a human
function, such as translating English to French
• Copyright covers the implementation of the
idea – the actual words, images and sounds
that you use
Copyright, Designs and Patents Act
• Under this act it is illegal to:
– Copy software
– Run pirated software
– Transmit software over a telecommunications link
(thereby copying it)
• The act is enforced by FAST – the Federation Against
Software Theft (also FACT for general copyright)
• The enforcement is complicated by:
– The confusion between copyright and patent
– Whether you can copyright a “look and feel”
– Contracts such as licensing and acceptable use
agreements
Using Computers to Combat Crime
Computers can also be used to solve crimes:
• The Police National Computer (PNC) now
allows forces across the country to share
information
• Number-plate recognition can be used to
identify people committing motoring offences
• Mobile phone records can be used to locate
criminals and victims of crime
• Audit logs and records of e-mails and network
traffic could be used as evidence
Data Protection
• We all have a right to privacy
• There might be a variety of reasons why you’d
want to keep something private:
– It might be possible to using the information for
fraudulent purposes
– The information might be of a sensitive nature,
such as medical records
– You might just not want people to know!
• The Data Protection Act is to protect privacy
Data Protection Act
The Data Protection Act…
• Was introduced in 1984 and updated in 1998 to create
a standard for data protection across Europe
• Originally covered personal data that are
automatically processed but now covers some
manual records as well
• Defines the terms data subject (the person about
whom data is held) and data controller (called data
user in the 1984 version)
• Requires that all data controllers (and the nature of the
processing they do) must be recorded on the public
register of data controllers
• Is overseen by the Information Commissioner
Data Protection Act – Eight Principles
Under the Data Protection Act, data must be…
• fairly and lawfully processed;
• processed for limited purposes and not in any manner
incompatible with those purposes;
• adequate, relevant and not excessive;
• accurate;
• not kept for longer than is necessary;
• processed in line with the data subject's rights;
• secure;
• not transferred to countries without adequate protection.
Processing Personal Data
• Personal data covers both facts and opinions about the
individual. It also includes information regarding the
intentions of the data controller towards the individual.
• Processing can only be carried out where:
– the individual has given his or her consent;
– the processing is necessary for the performance of a
contract with the individual;
– the processing is required under a legal obligation;
– the processing is necessary to protect the vital interests of
the individual;
– the processing is necessary to carry out public functions;
– the processing is necessary in order to pursue the
legitimate interests of the data controller or third parties
Data Protection Act – What Else?
• It covers any information recorded as part of a
“relevant filing system” – i.e. information that is
“readily accessible”
• Data controllers must take security measures to
safeguard personal data – i.e. to prevent
unlawful processing or disclosure
• There are certain exemptions from the DPA
• Data subjects have rights that are defined in
the act
DPA – The Rights of Individuals
If data are held about you, you are entitled to be…
• given a description of the data told for what purposes
the data are processed
• told the recipients or the classes of recipients to whom
the data may have been disclosed
• given a copy of the information with any unintelligible
terms explained
• given any information available to the controller about
the source of the data
• given an explanation as to how any automated
decisions taken about you have been made
DPA – The Rights of Individuals
Further rights include:
• The right to access the data held – within 40
days and at a cost of no more than £10 for
computer records and £50 for paper records
• The right to rectify, block, erase or destroy
details that are inaccurate, or opinions based on
inaccurate data
• The right not to have your details used for direct
marketing
• The right to compensation for damage caused if
the Data Protection Act is breached
Exemptions from the DPA
The Act does not apply to:
• Payroll, pensions and accounts data
• Names and addresses held for distribution
purposes
• Personal, family, household of recreational use
• Data can be disclosed to an agent of the
subject, or in response to a medical emergency
• Use of data in cases dealing with national
security, the prevention of crime, or the
collection of taxes & duty
Criminal Offences under the DPA
• Notification offences – where the data
controller fails to notify the commissioner of
processing or changes to processing
• Procuring and selling offences – disclosing,
selling or obtaining data without authorisation
• Enforced access offences – e.g. you can’t
make someone make an access request as a
condition of employment
• Other – such as failure to respond to a request
or to breach an enforcement notice
Freedom of Information Act
• Covers all types of 'recorded' information held by public authorities
• Covers personal and non-personal data
• Public authorities include:
– Government Departments
– local authorities
– NHS bodies
– schools, colleges and universities
– the Police
– Parliament
– The Post Office
– The National Gallery
– The Parole Board
– Plus lots, lots more!
Related documents
Computer Misuse Act
Computer Misuse Act
School ICT Policy
School ICT Policy
Computer Misuse (student presentation 2010)
Computer Misuse (student presentation 2010)
ICT in Art and Design work
ICT in Art and Design work
An Introduction to Motivational Interviewing in Social Work
An Introduction to Motivational Interviewing in Social Work
Evolving ICT into Computing Secondary
Evolving ICT into Computing Secondary
Viviki Platform
Viviki Platform
Innovative use of ICT in home economics
Innovative use of ICT in home economics
Legal Framework for ICT - Department of Computing
Legal Framework for ICT - Department of Computing
Download
advertisement