(6.c)Importance and Effectiveness of Legal Regulation in Computer Fraud
In today's world due to the advancement in the modern technology there has been always problem arising related with computers especially computer fraud & misuse. People who are using computers are deceived in many ways like program fraud, system hacking, e-mail hoax, auction, retail sales, investment schemes, information hacking, virus/worm attacks and people claiming to be experts on subject areas. Anyone who uses the computer with an internet connection is a potential candidate for being a victim of computer fraud. The computer fraud rate is increasing every day as the internet usage among the people increases, most of the people are using the computers and internet for a good cause but there are some people who are intentionally using the computers to bring down some organizations or business firms or to get peoples personal information. But due to the implementation of current legal regulations in each and every fields; the crime people started to get tracked down and are punished under the Computer Misuse Act, which may ultimately reduce the number of computer fraud rate in the future.
Over the past decades the amount of financial, military and intelligence information, business data and personal information is stored on and transmitted by computers has increased by tremendous growth. All the major sectors like government and military operations entirely depend upon computers / internet for their work process and data transmission. The information which is stored and transmitted via internet will be vulnerable to attack from any unknown source; almost every organization has been affected in some way due to the computer fraud. “The British National Computer Centre reported that more than 80% of British organizations suffered security threat in the last two years” , most of the investigation revealed that the computer fraud occurred involves unauthorised access to computers via the internet. The current growth in the technology suggest that within a decade it will be possible for every person in the world to access all the information network including the security defence data and government departments personal information but it is in the hand of the people to make sure that they do not misuse the available information. Other than the increase in the number of computer users, there will be also increase in the number of computers per person. Each person will own and connect to hundreds of computers for information processing through network environment. In the
future all the people will use computers in home appliances, phones, televisions, offices and automobiles; all these computers share the information to optimize the use of resources and to provide convenience in daily life which might result in a threat for computer fraud.
In this context we will discuss about the detailed term of
* Computer fraud
* Causes for computer fraud
* Types of computer fraud/attacks
* Basic ways to prevent computer fraud apart from legal regulation.
* Importance / Effectiveness of the legal regulation in computer fraud.
Basically computer fraud is defined as taking control access illegally or stealing information without others knowledge, computer fraud can take place in any form; it includes fraud committed by an employee of a company using the computer to steal funds or information from the work company, whereas some people use deception to gain access to individual resources. Therefore the type and the method carried out to do the computer fraud vary from people to people depending upon the need to do it.
Causes for computer fraud
Most of the computer fraud is done for the main purpose of gaining money either by stealing the needed information from big organizations/firms or directly stealing funds from big organizations/firms. There are few people who are not concerned about the money or information but they wanted to bring down the fame of the organization/firm so they reveal all the secrets of the particular organization and few people like hackers does the computer fraud/crime just for a fun.
Types of computer fraud
Computer fraud can be classified into many types depending upon the fraud committed but the major categorisations of fraud are mentioned below. All the computer crime/fraud taking place now a day comes under these main categories.
o Internet auction/Bid sales fraud
o Retail sales
o Investment schemes
o Identity theft
o Credit card fraud
o Information hacking
o Email hoax
o Virus/Worm attack
o Letter scam
o Ad ware
All these types of computer frauds are caused mainly due to the advancement in the technology and crime is still growing around the world.
Basic ways to prevent computer fraud apart from legal regulation
The most important thing to do to prevent computer fraud is to be alert to the scams that are circulated over the internet so that it helps to safeguard the system and the information stored within the system, there are some basic rules to be followed in order to prevent the system from computer fraud
o Users should be aware of not to publish any of their personal details on the websites or forums.
o The organization/firms should not broadcast much of their business details on the internet.
o Organizations/firms should ensure that they follow security policies, and procedures.
o People working at homes or organization should ensure that before sending any personal information on the net should check for valid signatures.
Internet auction/bid sales fraud
o Understand the way how the auction/bidding works on the internet, think what is the need for the seller to sell it.
o Check out what will be actions taken by the online seller if something goes wrong during transaction and shipment.
o Try to find more information about the seller; if the only information you have is the business email id, check the Better Business Bureau where the seller/business is located
o Examine the seller's feedback on previous sales, if the seller has good history and good feedback on previous sales; then there is no need to worry about the purchase.
o Determine what method of payment the seller is asking for during the transaction.
o Be aware of the difference in laws governing auctions between the U.K. and other countries like U.S, China. If a problem occurs with the auction transaction that has the seller in one country and a buyer in another country, it might result in a dubious outcome leaving you empty handed.
o Be sure to ask the seller about when delivery can be expected and warranty/exchange information for the product.
o To avoid unexpected costs, find out whether shipping and delivery cost are included in the auction price or are additional.
o Finally, avoid giving out your social security or driver's license number to the seller, as the sellers have no need for this information.
Credit Card Fraud
o Do not give out credit card number online unless the site is both secure and reputable. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. The icon is not a guarantee of a secure site, but may provide you some assurance.
o Before using the site, check out the security software it uses; make sure your information will be protected.
o Make sure you are purchasing product from a reputable/legitimate source. Once again investigate the person or company before purchasing products.
o Try to obtain a physical address rather than merely a post office box and a phone number, call the seller to see if the number is correct and working.
o Send them e-mail to see if they have an active e-mail address and be cautious about the sellers who use free e-mail service where a credit card was not required to open the account.
o Do not purchase from sellers who will not provide you with this type of information.
o Check with the Better Business Bureau to see if there have been any complaints against the seller before.
o Check out other web sites regarding this person/company details.
o Be cautious when responding to special offers.
o Be cautious when dealing with individuals/companies from outside your own country.
o If you are going to purchase an item via the Internet, use a credit card since you can often dispute the charges if something does go wrong.
o Make sure the transaction is secure when you electronically send your credit card somewhere.
o You should keep a list of all your credit cards and account information along with the card issuer's contact information. If anything looks suspicious or you lose your credit card contact the card issuer immediately.
o Do not invest in anything based on appearances. Just because an individual or company has a flashy web site does not mean it is legitimate. Web sites can be created in just a few days. After a short period of taking money, a site can vanish without a trace.
o Do not invest in anything you are not absolutely sure about. Thoroughly investigate the individual or company to ensure that they are legitimate.
o Check out other web sites regarding this person/company.
o Be cautious when responding to special investment offers; inquire about all the terms and conditions dealing with the investors and the investment.
Importance of the legal regulation in computer fraud
After all the basic discussion about the concepts and the causes of computer fraud, we are going to discuss about the legal regulation issues related with the computer fraud which tells how the legal regulations prevent or reduce the increasing computer fraud rate in today's developing world of technology, Most of the law reform is achieved by modifying and extending existing law to cope with new situations rather than by the introduction of completely new legislation.This can sometimes make it difficult to find a single place where the whole of an area of law is clearly set out. The Computer Misuse Act was enacted in 1990 and it remains the primary piece of UK legislation focusing on the misuse of computer systems. It covers computer frauds such as hacking and the deliberate spread of viruses and was created to prevent unauthorized access or modification of computer systems and to prevent criminal elements from using a computer to assist in the commission of a criminal offence or from impairing or hindering access to data stored in a computer. “In 2004, MPs - specifically, the All-Party Internet Group (APIG) - began a review of the CMA, on the basis that this legislation was created before the emergence of the Internet and therefore required updating” . The Act was seen to focus too much on individual computers and not enough on computer networks. In addition some of the definitions used in the 1990 Act need updating. The final report outlined several recommendations to the government for changes to the CMA. In March 2005, APIG called for amendments to the CMA to address the threat from denial of service attacks.
The Computer Misuse Act was passed in 1990 to deal with the problem of hacking/other threats of computer systems. In the early days hacking/other computer fraud related issues was not taken very seriously by the law and the impression was that it is mischievous rather than something which causes serious loss to organizations. However, with developments in technology the issue has become more serious and legislation was introduced to recognize three key offences:
o Unauthorized access to computer material, Example: - Finding or guessing someone's password and then using that to get into a computer system and have a look at the information.
o Unauthorized access with intent to commit further offences. The key to this offence is the addition of intent to commit further offences. It therefore includes guessing or stealing a password and using that to access material or services without the consent of the owner.
o Unauthorized modification of computer material. This could include deleting files, changing the desktop set-up or introducing viruses with the deliberate intent to impair the operation of a computer.
Effectiveness of legal regulation in computer fraud ( Conclusion)
All the above mentioned computer fraud issues was not taken seriously until the legal regulation was made properly, and due to the implementation of legal law of Computer Misuse Act, the effectiveness caused a tremendous change by punishing all the illegal users of the computer system. Below example shows the consequence for an ‘Unauthorized Access to system'.
Incident - Unauthorized Access to Communications Systems
Provision - Computer Misuse Act Section 1
Description - Cause a computer to perform any function with the intention of securing access to any program or data held in a computer, if this access is unauthorized and if this is known at the time of causing the computer to perform the function.
Sanction - A fine and/or a term of imprisonment not exceeding 6 months was sentenced for the illegal user.
Total number of words in the Task1 report: - 2500
Signed [ ]
(2)Do legal developments in law relating to Software copyright and Patents help or harm the cause of information system security
Information system security acts as the protection of information system against unauthorized access or modification of existing information whether in storage, processing or transit stage. The information system ensures to safeguard all the stored information. Information security covers not just information but the entire infrastructures that facilitate access and use of information. The primary concern to organizations is the security of valuable information which can be anything from a formula to a customer list or organizations valuable information to financial statements. Three widely accepted elements of information system security are:
o Confidentiality - Ensuring information is only accessed by authorized users.
o Integrity - Safeguarding the accuracy and completeness of information.
o Availability - To ensure that authorized user have secure access to information when required.
Law relating to Software Copyright and Patents
In early 1970's there was a debate concerning about whether there is a need to make a copyright for the software's or not, but later on it was decided that all the developed software needed to be copyrighted and if needed it can also be patented under the UK Copyright, Design and Patents Act 1988. The UK law for copyright and patent helped the organizations from misuse of their developed software's/concepts. Some organizations try to steal the concepts/parts of code from developed software of other organization and try to utilize them in their developing software product. But due to the software copyright and patent law, all the leading software organizations like ‘Microsoft' started to make copyright for their parts of developed code, so that no other organizations can use their part of code for developing other applications, this helped most of the organizations to develop a unique software product.
Legal requirement for Information Security
Keeping valuable information secure is not only a matter of good organization practice it is also a legal requirement. Since 1999 in UK and most parts of the world, there is a statutory obligation on all organizations to maintain minimum levels of security. Organizations that fail to meet the minimum security requirements may face enforcement action by the UK Government via the Information Commissioner's Office. “Enforcement action can take any form and the Information Commissioner's powers are not limited. Organizations that want to be relatively safe can choose to implement BS7799” , that is a voluntary standard which helps to ensure that sensitive information is handled by an organization in a professional and secure manner, it can done by making the organization to classify the sensitivity of information and to provide necessary control access to it.
Legal developments in laws relating to software copyright and patents ‘help' the information system security (Conclusion)
As discussed earlier, the main work of information system security is to provide a secure environment for the information storage and processing, in the past decades when there was no legal laws for software copyright and patents, hackers used to break the information system and get the needed information/software's; they are not really afraid of anything because there was not any law stating that taking/hacking the software's/information was a crime which caused a big problem for the software developing organizations but now due to the development of legal laws; if a person tries to hack the information system security, he can be sentenced to prison due to the current state of law. So the development of the legal laws relating to software copyright and patents did help the information system security to make a secure environment.
Total number of words in the Task2 report: - 500
Signed [ ]
(4)Evaluate the proposition that Data protection laws are an unnecessary burden on legitimate public and commercial data collection
The Data Protection Act was originally started on 1984 but later the existing act was replaced by the new Data Protection Act of 1998[DPA 1998], the “new act of 1998 implemented the EU Data protection Directive 95/46” . The DPA relates to the protection of personal information that includes names, email addresses, financial details, personal documents and photographs. Personal information is everywhere and because it is generally impossible to separate personal information from other organizations information, most observers agree that the security standards required by the Data Protection Act are the minimum that must be applied to organization IT Systems as a whole. The security of information is so important to most organizations that, regardless of what the law require, organizations generally implement levels of security that are as high as budgets and technology.
Data Protection Act of 1998—Personal Data Security
The main legal requirements are set out in Principle 7 of the Data Protection Act 1998 says that all organizations must take “Appropriate technical and organizational measures against unauthorized or unlawful use and against accidental loss, damage or destruction, of information.” 
Today, all computerized processing of personal data, structured manual records, and even some unstructured manual records are subject to provisions of the DPA 1998, including the right of the individual to access the data which is held about them. Together with the Freedom of Information Act 2000 (FOIA 2000), the DPA 1998 has forced a re-think of organizations good practice in personal data handling, new approaches to records management and made organizations consider more carefully their obligations to those whose data they hold. The FOIA 2000 extends the rights of the individual to access their data which had already existed under the DPA 1998. The definition of 'data' is widened, as far as public authorities are concerned; to include all other 'recorded information held by a public authority'. However, there are limits to the data subject rights that apply to this additional category of data.
A request by an individual for information about him or herself is exempt under the FOIA 2000 and should be handled as a 'subject access request' under the DPA 1998. In certain circumstances such a request may involve the release of associated information in which case the provisions of sections 7(4) and (5) of the DPA 1998 should be used to determine whether it is appropriate to release the third party information. Where an applicant specifically requests information about a third party or where responding to a request for information would involve the disclosure of personal information about a third party which is not also personal information about the applicant, the request falls within the remit of the FOIA 2000. However, the authority must apply the Data Protection Principles when considering the disclosure of information relating to individuals. An authority must not release third party information if to do so would mean breaching one of the Principles.
Even though the DPA secures the users personal information/data, there are some problems/burden exist for the legitimate users/public facing the Data Protection Act, according to DPA there is no exemption for back-up of data/information. In practice it will be unlikely that a data subject want access to data back-up and there is nothing to prevent a controller confirming that a data subject wishes to access only the most recent records. The back-up data which provides that automated data processed to replace other data which has been lost, destroyed or impaired are exempt from section 7 during the first transitional period ending on 23 October 2001; but this is not a general exemption for back-up data in the traditional sense.
Total number of words in the Task3 report: - 500
Signed [ ]
o Andrew Terrett., The Internet, Business Strategies for Law firms, (2000, Law Society, London)
o Bobbie Johnson., ‘UK computer laws are ridiculous', April 30, http://technology.guardian.co.uk/news/story/0,,1763989,00.html
o ‘Computer Fraud and its Acts', April 30, http://www.itwales.com/999573.htm
o ‘Concepts of Patent work', May 1, http://www.patent.gov.uk/about/consultations/conclusions.htm
o ‘Data protection effect on senior management', May 2, http://www.jisc.ac.uk/index.cfm?name=pub_smbp_dpa1998
o ‘Data protection law, The key change', May 1, http://webjcli.ncl.ac.uk/1998/issue4/widdis4.html
o David Icove. and Karl Seger, Computer Crime, (1995, O'Reilly & Associates, USA)
o David S. Wall., Cyberspace Crime, (2003, Darmouth Publishing Company , Hants, England)
o Douglas Thomas. and Brian Loader, Cyber crime, (2000, Routledge publication , London)
o ‘Facts on copyright', May 1, http://www.intellectual-property.gov.uk/faq/copyright/what.htm
o ‘Fraud law reforms', April 30, http://www.bcs.org/server.php?show=conWebDoc.1149
o ‘Fraud Tips', April 30, http://www.fraud.org/internet/intset.htm
o ‘Hacking and other computer crime', April 30, http://www.met.police.uk/computercrime/#SO6
o Ian Lloyd., Information Technology Law, (1997, Reed Elsevier Ltd, Halsbury, London)
o Joshua Rozenberg., Privacy and the Press, (2005, Oxford university press Inc , USA)
o Michael Levi., Regulating Fraud, (1987, Tavistock Publication , London)
o ‘New laws for computer fraud', April 30, http://www.thisismoney.co.uk/news/article.html?in_article_id=400895&in_page_id=2
o ‘Summary of Intellectual property rights', May 1, http://www.copyrightservice.co.uk/copyright/intellectual_property
o Susan Singleton., Data protection The New Law, (1998, Jordans Publication , Bristol)
o ‘UK Data protection laws are chaotic', May 2, http://www.theregister.co.uk/2004/11/17/data_protection_laws_chaotic/