Legal and Ethical Aspects. IT 4823 Information Security Administration. Cybercrime / Computer Crime. Law Enforcement Challenges.



Similar documents

LEGAL AND ETHICAL ASPECTS

Intellectual Property

UNLV Intellectual Property Policy

Web development, intellectual property, e-commerce & legal issues. Presented By: Lisa Abe

Many people think that Ideas constitute an Invention. In this module, we make the distinction between an idea and an invention more clear.

1. How are intellectual property, copyright and related terms defined in Canadian law and at Ryerson?

Intellectual Property

Law & Ethics, Policies & Guidelines, and Security Awareness

Why Have Intellectual Property?

Art Institute Intellectual Property Policy (MAY 2013)

PROFESSIONALISM AND CODES OF ETHICS

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.

Introduction to Information Management IIM, NCKU

Cambridge Public Schools Administrative Guidelines and Procedures INTELLECTUAL PROPERTY/COPYRIGHT AND FAIR USE

The Intellectual Property System in Ethiopia

CODE OF ETHICS AND BUSINESS CONDUCT

Software Copyright. 1. Introduction. Last update: July 2009

Legal and Ethical Issues Facing Computer & Network Security Researchers

Copyright, standards and the internet

World Book. Protection of IP France TRADE MARKS 1.1 INTRODUCTION

Ethical and Social Issues in Information Systems

Information Security Policy

GROUP POLICY MANUAL CODE OF CONDUCT AND ETHICS POLICY

PROTECT YOUR INTELLECTUAL PROPERTY

The Copyright and Innovation Consultation in Adobe Systems Inc.

RESEARCH & INNOVATION INTELLECTUAL PROPERTY (IP)

E-Commerce Strategy. Electronic Commerce

Intellectual Property Policy

The Basics of Intellectual Property. Mala Joshi, Blaney McMurtry LLP

Intellectual Property in Hong Kong Contents

INFORMATION SECURITY MANAGEMENT POLICY

Equipment Needed. Connecting to the Internet

Top 10 Questions About Intellectual Property

THE NATIONAL PROFESSIONAL PRACTICE EXAMINATION

Bridget Rankin Principal Pharmacist, Medicines Information Guy s & St. Thomas NHS Foundation Trust April 2015

Intellectual Property and Copyright

Intellectual Property Policy Abilene Christian University Revised November, 2003

Anchor Bay Schools Software Policy

Panel discussion on Intellectual Property and Human Rights

BSA GLOBAL CYBERSECURITY FRAMEWORK

Business Models of Innovation Closed Innovation and Open Innovation (Topic 7 (c))

code of Business Conduct and ethics

Cyber Security Issues on E-Commerce

UCO Copyright Compliance Starting Point for Al Copyright Concerns: 1. Is the work Copyrighted? 2. Is the class traditional or Online?

University of the West of England, Bristol. Intellectual Property Policy

Code of Conduct PLANSEE HPM Group

Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop Presented by An In seok

ANTI-FRAUD POLICY Adopted August 13, 2015

The Fundamentals of Intellectual Property for the Entrepreneur

Creative Industries Workshop Key IPR Issues

Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity

FINAL May Guideline on Security Systems for Safeguarding Customer Information

BASIC NOTIONS ABOUT COPYRIGHT AND NEIGHBOURING RIGHTS

UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014

Introduction to Software Engineering

Checklist. davies.com.au

Copyright in Photography

COMPUTER AND NETWORK USAGE POLICY

Scientific Research and Ethics in Japan

World Book. Protection of IP Canada TRADE-MARKS 1.1 INTRODUCTION 1.2 REGISTERED TRADE-MARKS

Intellectual Property & Technology Commercialization Basics

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Consultation on the Code of Conduct. Consultation document

LET S ENCRYPT SUBSCRIBER AGREEMENT

LET S ENCRYPT SUBSCRIBER AGREEMENT

WIPO TRAINING OF TRAINERS PROGRAM ON EFFECTIVE INTELLECTUAL PROPERTY ASSET MANAGEMENT BY SMALL AND MEDIUM-SIZED ENTERPRISES (SMEs)

Private Copying and Fair Compensation:

SUBJECT: INFORMATION TECHNOLOGY RESOURCES I. PURPOSE

DIOCESE OF DALLAS. Computer Internet Policy

BERKSHIRE HATHAWAY INC. CODE OF BUSINESS CONDUCT AND ETHICS

Intellectual Property. Litigation and. Enforcement PATENT, TRADEMARK COPYRIGHT. 360 IPR Management and IPR Audit

Wowprime Corporation Ethical Corporate Management Best Practice Principles

In an age where so many businesses and systems are reliant on computer systems,

Information Security Law: Control of Digital Assets.

PROCEDURES AND COSTS FOR PATENTS

EADS-NA Code of Ethics

Revised 05/22/14 P a g e 1

CIVIL CODE OF THE RUSSIAN FEDERATION

Transcription:

IT 4823 Information Security Administration Legal and Ethical Considerations March 24 Legal and Ethical Aspects Topics include: cybercrime and computer crime intellectual property issues privacy ethical issues Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles and Practice, 1/e, by William Stallings and Lawrie Brown, Chapter 6 Intrusion Detection. Cybercrime / Computer Crime Law Enforcement Challenges Criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity Categorized based on computer s role: as target as storage device as communications tool More comprehensive categorization seen in Cybercrime Convention, Computer Crime Surveys Intellectual Property Copyright Protects tangible or fixed expression of an idea but not the idea itself Is automatically assigned when created May need to be registered in some countries Exists when: proposed work is original creator has put original idea in tangible form e.g. literary works, musical works, dramatic works, pantomimes and choreographic works, pictorial, graphic, and sculptural works, motion pictures and other audiovisual works, sound recordings, architectural works, software-related works. 1

Copyright Rights The copyright owner has these exclusive rights, protected against infringement: reproduction right modification right distribution right public-performance right public-display right Patents Grant a property right to the inventor to exclude others from making, using, offering for sale, or selling the invention Types: utility - any new and useful process, machine, article of manufacture, or composition of matter design - new, original, and ornamental design for an article of manufacture plant - discovers and asexually reproduces any distinct and new variety of plant e.g. RSA public-key cryptosystem patent Trademarks A word, name, symbol, or device used in trade with goods indicate source of goods to distinguish them from goods of others Trademark rights may be used to: prevent others from using a confusingly similar mark but not to prevent others from making the same goods or from selling the same goods or services under a clearly different mark Intellectual Property Issues and Computer Security Software protect using copyright, perhaps patent Database content and arrangement protect tusing copyright Digital content audio / video / media / web protect using copyright Algorithms may be able to protect by patenting U.S. Digital Millennium Copyright ACT (DMCA) Implements WIPO treaties to strengthens protections of digital copyrighted materials Encourages copyright owners to use technological lmeasures to protect ttheir copyrighted works, including: measures that prevent access to the work measures that prevent copying of the work Prohibits attempts to bypass the measures have both criminal and civil penalties for this A nasty piece of legislation! DMCA Exemptions Certain actions are exempted from the DMCA provisions: fair use (but often prevented by technical controls!) reverse engineering encryption research security testing personal privacy Considerable concern exists that DMCA inhibits legitimate security/cryptography research 2

Digital Rights Management (DRM) Systems and procedures ensuring digital rights holders are clearly identified and receive stipulated payment for their works may impose further restrictions on their use No single DRM standard or architecture The goal is often to provide mechanisms for the complete content management lifecycle To provide persistent content protection for a variety of digital content types / platforms / media Privacy Overlaps with computer security There has been a dramatic increase in scale of information collected and stored motivated by law enforcement, national security, economic incentives and because we can But individuals increasingly aware of access and use of personal or private information Concerns on extent of privacy compromise have seen a range of responses EU Privacy Law European Union Data Protection Directive was adopted in 1998 to: ensure member states protect fundamental privacy rights when processing personal info prevent member states from restricting the free flow of personal info within EU Organized around principles of: notice, consent, consistency, access, security, onward transfer, enforcement US Privacy Law Privacy Act of 1974 which: permits individuals to determine records kept permits individuals to forbid records being used for other purposes permits individuals to obtain access to records (but try to get your no-fly list records ) Ensures agencies properly collect, maintain, and use personal information Creates a private right of action for individuals There is a range of other privacy laws, COPA, ECPA, etc. Organizational Response Common Criteria Privacy Class An organizational data protection and privacy policy should be developed and implemented. This policy should be communicated to all persons involved in the processing of personal information. Compliance with this policy and all relevant data protection legislation and regulations requires appropriate management structure and control. Often this is best achieved by the appointment of a person responsible, such as a data protection officer, who should provide guidance to managers, users, and service providers on their individual responsibilities and the specific procedures that should be followed. Responsibility for handling personal information and ensuring awareness of the data protection principles should be dealt with in accordance with relevant legislation and regulations. Appropriate technical and organizational measures to protect personal information should be implemented. ISO 17799 3

Ethical Issues Many potential misuses / abuses of information and electronic communication Ethics: a system of moral principles relating benefits and harms of particular actions to rightness and wrongness of motives and ends of them. Doing the right thing. The study of the moral character of our voluntary actions towards others. --Baase Unique considerations in computer ethics: scale of activities, in new types of entities Technology and Ethics General ethics: Doing the right thing. Professional Ethics: A special obligation Arises when people who are affected by the practice of a profession may not have the training to judge the quality of the products or services they receive. Broadens responsibilities. Professional Ethics A professional claims certain expertise, and so has a responsibility to provide it. Professionals have special responsibilities To their customers To the general public The work of professionals, including computer professionals, can affect safety, life, and health. Two Classes of Responsibilities Avoid intentional evil Lying and misrepresentation Cheating Carefully follow good professional practices Safety Security Privacy Reliability Ease of use Professional Codes and Guidelines Most professional organizations have codes of ethics or good practice Reminders of specific responsibilities Guidance for new members of the profession You Handling will need of to difficult read the ethical ACM situations and IEEE codes (in the back of the textbook) before Monday s class. Some Guidelines Understand what success means Include users in design and testing Do a thorough and careful job Planning and scheduling Writing contracts t Design for real users Do not assume existing software is safe Be open and honest Require a convincing case that a system is safe 4

More Guidelines Pay careful attention to defaults Most hardware and software is configurable However, many users do not bother So, the default choices made by the designer are used forever. Develop communications skills You will frequently be asked to explain technical matters to non-rechnical people. Professional Ethics Ethical Issues Related to Computers and Information Systems Some ethical issues from computer use: repositories and processors of information producers of new forms and types of assets instruments of acts symbols of intimidation and deception Those who understand / exploit technology, and have access permission, have power. The issue is balancing professional responsibilities with ethical or moral responsibilities Ethical Question Examples Whistle-blower when professional ethical duty conflicts with loyalty to employer e.g. inadequately tested software product organizations and professional societies should provide alternative mechanisms Potential conflict of interest e.g. consultant has financial interest in vendor which should be revealed to client Codes of Conduct Ethics is not a precise law or set of facts Many areas may present ethical ambiguity Many professional societies have ethical codes of conduct which can: 1. be a positive stimulus and instill confidence 2. be educational 3. provide a measure of support 4. be a means of deterrence and discipline 5. enhance the profession's public image Codes of Conduct See ACM, IEEE and AITP codes Place emphasis on responsibility to other people Have some common themes: 1. dignity and worth of other people 2. personal integrity and honesty 3. responsibility for work 4. confidentiality of information 5. public safety, health, and welfare 6. participation in professional societies to improve standards of the profession 7. the notion that public knowledge and access to technology is equivalent to social power 5

Questions 6