Law: Computer Misuse - Essay Example

You work as a researcher for the Association of Police Force Chiefs England and Wales (a fictitious group) who are concerned that the law in England and Wales in unable to meet the challenges of e-crime. They would like you to research on the following area: Computer Misuse Advise the Association of your critical assessment of the current situation in your chosen area and suggest ways in which the law could improve. The Internet has become a playground for professional and highly skilled criminals who are motivated by the ample opportunities of financial gains of e-crimes. Countless individual Internet users and companies become subjected to ever increasing e-crimes because Government has failed to provide sufficient security against these crimes and individual are blamed for their lack of prevention measures. The cost of the crime in many cases is immense. The confidence of the general public has succumbed and internet is regarded as a place with ’wild west’ culture. The internet service providers, Government, hardware and software manufacturers have done little to minimize the various risks associated with use of internet. Ekaterina Drozdova a doctoral candidate of Stern School of Business, New York University conducted a survey about legal codes regarding e-crimes in fifty countries and came up different actions that can account for breaching of cyber laws. They are; unauthorized access, unlawful fiddling with files or data (e.g. illegal copying, alteration, or destruction), damage to computer or network (e.g. viruses, worms, Trojan horses), use of information systems to commit or advance conventional crimes (e.g. scam, forgery, money laundering, acts of terrorism), computer-mediated spying, infringement of privacy in the attainment of personal data theft or damage of computer hardware or software (Sofaer & Goodman, 2001). According to one report about the rising public anxiety in relation to e-crimes, 21% of the people felt at risk from e-crimes and only 16% worried about burglary in UK. It is also estimated that an average company or firm in UK loses about 3% of its profits to electronic theft. According to one estimate in the UK, £40 billion is spent on the fraud prevention industry which is equivalent to half of what the country spends on the National Health Service (Saxby, 2006). This alarming report is reason enough to undertake every measure to aid in provision of the security that the internet users deserve. The figures like this makes it clear that computer misuse is a very wide spread and board level issue that needs a more sound infrastructure to amply fight it, instead of relying on just the IT department of organizations to counteract it. The first milestone to achieve is determining the extent of the problem and calculating the size of the problem. It is perhaps a serious problem but we still are very limited when it comes to statistics regarding the e-crimes. Many a crimes remain undiscovered for lengthy period of time and many goes unreported. Many a time’s companies are reluctant to publicize the crimes to safeguard their good reputation in the market (Hodgson, 2006). It is recommended to establish and enforce a centralized system for proper reporting of e-crimes. A data security breach notification law can be enacted to prompt the companies to help expose the culprits. The legal liability on the part of the firms will combat the issue of non-reporting. The phishing1 attacks are ever increasing so much so that the 93% e-crimes in financial services are committed through bogus websites and emails (Phishing Activity Trends Report, 2006). It is estimated that almost all of the UK’s high street banks have been affected by phishing. Phishing and scam2 can be tackled by adopting various strategies. One simple technique that can go a long way to counter act phishing and spam is simply making it mandatory to set a minimum identification requirement for online transactions and cancellation of data on even the suspicion of a spam. Further more, legitimacy of the orders should be ensured by properly screening them. In this way the likelihood of a fraudulent credit card is greatly reduced. (Charalambos, 2008) The first Phishing case dates back to 1996 and it has since then become a major concern for auction sites such as eBay and payment gateways such as PayPal (Phishing Activity trends Report, 2006; what is phishing). On February 12, 2010 Max Ray Butler age 37 of San Francisco, California was sentenced in Federal Court in Pittsburg to 13 years in prison, followed by five years supervised release and was ordered to pay $27.5 million. He was charged for conducting computer hacking and identity theft over the internet on a large scale. As part of the scheme Butler hacked in to financial institutions credit card processing centers and other secure computers in order to acquire credit card account information and other personal identification information (Cessar, 2010). The sound authorizing of the transaction with the financial institution which can be done over phone or the internet should be ensured to prevent further such cases. Additionally a database of fraudulent orders and stolen credit cars should be maintained. (Charalambos, 2008) Another form of e-crime is the use of malicious software that is used to place excessive demand on a computer’s resources and to waste its data or hardware destruction. Originally the user was made aware of the presence of the malware by sending a message to the user or deleting the contents of a hard drive. However the latest forms of malware may function without any prior knowledge or warning to the user and they are being used for more malicious purposes e.g. steal financial information of credit card details and infecting the computers and turning them in to an asset for the attacker. The March of 1999 marks the date for beginning of a Melissa computer virus in which viruses could automatically send emails with the victim’s name with the intention of attacking thousands of personal and corporate computers around the globe (Granville, 2003). The hackers of the new world are also using viruses to stop or slow down computer systems. In the same manner the Klez worm was instituted in 2002. This kind of a worm became known as blended threat, because it combined two different types of malicious code, namely worms and viruses. The use of Trojan horses are also regarded as a e-crime because they are installed on a victim’s computer without the user’s consent and are used to acquire different benefits than the stated ones (Sofaer & Goodman, 2001). Brian Thomas Mettenbrink, a man of 20 of Grand Island was charged with carrying out an attack on Church of Scientology websites in January 2008. The group website was shut down as a result and the company had to bear heavy expenses. He used anonymous software (virus) to bombard the website of Scientology that impaired it and compromised the integrity and availability of those websites. The access of the targeted website was made impossible to legitimate users who were trying to access it at a crucial time because it failed to handle the high volume of internet traffic (Mrozek, 2010). These viruses, worms3 and Trojan Horses4 can be tackled with ample knowledge about handling of unsolicited emails. As they are usually transferred through attached files of email, one should refrain from opening any such links or clicking on any links because they contain malignant viruses. Another preliminary way to tackle this problem is to make the regular updating of anti viruses and implementation of firewalls5 mandatory. There are many ways in which corporation, government agencies and individual users can protect themselves and reduce the risks of intrusion in to their computer networks (Soafaer & Goodman, 2003). The protection can be given in the form of encryption policies, frequently updated virus checkers and access control to protect hardware. Digital signatures can significantly prove identity and signify if a message has been tampered with. These are fundamentally electronic IDs that include a public key and the name and address of the user, all digitally signed and encrypted with a private key to ensure maximum protection and safeguard (Hutchinson & Warren, 2001). It is very important to amply punish the e-criminals because the ease with which hackers can commit cyber crime and its relative costs to the businesses are very alarmingly. Sofaer and Goodman (2001) in their book ‘The transnational Dimension of Cyber Crime and Terrorism’ illustrates how the loopholes within the law puts constrains on otherwise punishable e-crimes. The legal dilemmas can be amply highlighted with the example of Ardita who tampered with important information but as that tampering did not result in copying or destruction of data, the actions were not regarded illegal by Argentina Law system. In the same manner the Filipino programmers were not punished on the bizarre account that their intention was not to defraud but to destroy. The laws in Filipino have been modified to, since then to incorporate prohibiting of spread of viruses. However it still is inapplicable to young miscreants. There is a lack of international cyber laws which enable hackers to penetrate or rather find loopholes and find safe havens to commit theses crimes from. There is great difference in the laws from country to country. According to the survey conducted by Tonya Putnam (doctoral candidate, Stanford University) and David D Elliot (Consortium for research on Information Security and Policy, Stanford University) relating to cyber laws in three countries namely; United States, East Asia, and Western Europe, the disparity concerning the cyber laws between these countries is great. In Vietnam and Thailand there are hardly any laws governing the e-crimes while countries in China have been known to sentence the criminals of e-crimes to death. This disparity in the laws is aiding in providing safe havens to criminals as they can access the databases from anywhere in the world while taking refuge in countries with relatively softer laws. So, a need of implementation of international cyber laws is the need of the day. Other additional ways to protect websites is by filtering out all ICMP (internet control message protocol) packets. The use of rate limitation devices on routers to halt requests when the volume becomes too great can also go a long way. The secure sockets layer (SSL) tool fails to testify the authenticity of the websites, however “authentication software” between the client and server can be added so that the client can be ensure logging to the authentic website” (Hutchinson: p. 64). The implementation of intrusion detection system (IDS) which basically detects the “fingerprint” of the attack should also be made necessary. The employees of the organization should be trained to accredit against security standards and take sound computer security measures and systems. The footsteps of Germany in this regard can be taken which has devised laws for penetration of ‘specially protected computer’ (Sofaer: p.60) There is a need of proactive action by implementation of ample security measures and establishment of International cyber laws rather than a reactive approach. The call for “constant vigilance plus good intelligence” and preventive action over post-hoc reactions have been stressed (Hutchinson & Warren, 2001). Conclusively the catch-22 of international cyber security is apparent that cyber crimes stems from the ever growing interconnectedness of states and their lack of correlation in the security measures and implementation of cyber laws. The countries with primitive security measures should be encouraged to form and implement sophisticated cyber laws for the sake of prevention of global e-crimes (Granville, 2003). Bibliography Sofaer, A., & Goodman, E. (2001). The transnational Dimension of Cyber Crime and Terrorism. California: Hoover Institution Press. Abraham D. Sofaer and Seymour E. Goodman’s books offer a well researched survey of cyber crimes with further ample references and possible solutions for the ever increasing issue of e-crime. Abraham Sofaer both taught law at Columbia University and worked as a legal advisor at US department of State. He has other well known books under his name, namely The New Terror: Facing the Threat of Biological and Chemical Weapons (California: Hoover Institution Press, 1999). Saxby (2006) Computer Law and Security Review; The International Journal of Technology Law and Practice. Southampton: Institute of Law and the web. CLSR is in 25th year of its publishing and it basically publishes academic and research papers on a wide scope of papers including IT security, Identity management, intrusion with online privacy, Cyber laws and their possible modifications, online distribution of data, software law, e-commerce, data protection, computer and network security. Hodgson, A. (2006). People Power Combats Cyber Fraud. Retrieved from http://www.net-security.org/article.php?id=886 The author of ‘People Power Combats Cyber Fraud’ is Vice President for BT Global Services and he highlights the high tech frauds fuelled by the internet, their relative human factor and their possible tackling techniques. Anti Phishing Working Group (2006) Phishing Activity trends Report. Retrieved from http://www.antiphishing.org/reports/apwg_report_jan_2006.pdf The APWG phishing can be regarded as the internet’s most comprehensive database of email fraud and other related phishing activity. The research is carried out independent for with other additional agenda of preventing e-crimes by giving the needed information about it through widely published reports. It is published and backed by Anti-Phishing working group. Charalampos, P. (2008). E-Crimes. Thessaloniki: Alexander Technological Educational Institution. Cessar, S (2010) Iceman- Computer Hacker receives 13 years Prison Sentence. Pennsylvania: Department of Justice. Case study retrieved from http://www.justice.gov/criminal/cybercrime/butlerSent.pdf Granville, J. (2003). Dot.Con: The Dangers of Cyber Crime and a Call for Proactive Solutions Australia: Australian Journal of Politics and History, vol. 49. This research paper basically reviews five infamous books on e-criminology and international internet security settings. It takes in to account the statistics available about e-crimes, the shortcomings of many a security settings and aims to provide remedies that can be a strategic asset and can be utilized to minimize the e-crimes and protect your organization/firm against the horror of crimes inflicted through the internet. Mrozek, T. (2010) Nebraska Man agrees to Plead guilty in attack of scientology websites orchestrated by ‘Anonymous’. Case study retrieved from http://www.justice.gov/criminal/cybercrime/mettenbrinkPlea.pdf Hutchinson, W. & Warren, M. (2001). Information Warfare: Corporate Attack and Defense in a Digital World. Great Britain: Butterworth- Heinemann The wealth of knowledge in Information Warfare: Corporate Attack and Defense in a Digital World focuses on the significance of defending the information and data of the organization almost as much as the physical assets. The concepts relating to I-war are tackled in the book where the hackers are a perpetual threat to the reputation and the profits of a company. The actions and strategies needed to amply counteract any harm or threat through the internet are also provided. Read More