Resource materials on technology-enabled crime

Designed to assist prosecutors and members of the judiciary faced with proceedings involving technology-enabled crime, the report will be a useful general guide to concepts and terms for other non-technical people

Cyber Law and Espionage Law as Communicating Vessels

Professor Lubin\u27s contribution is Cyber Law and Espionage Law as Communicating Vessels, pp. 203-225. Existing legal literature would have us assume that espionage operations and “below-the-threshold” cyber operations are doctrinally distinct. Whereas one is subject to the scant, amorphous, and under-developed legal framework of espionage law, the other is subject to an emerging, ever-evolving body of legal rules, known cumulatively as cyber law. This dichotomy, however, is erroneous and misleading. In practice, espionage and cyber law function as communicating vessels, and so are better conceived as two elements of a complex system, Information Warfare (IW). This paper therefore first draws attention to the similarities between the practices – the fact that the actors, technologies, and targets are interchangeable, as are the knee-jerk legal reactions of the international community. In light of the convergence between peacetime Low-Intensity Cyber Operations (LICOs) and peacetime Espionage Operations (EOs) the two should be subjected to a single regulatory framework, one which recognizes the role intelligence plays in our public world order and which adopts a contextual and consequential method of inquiry. The paper proceeds in the following order: Part 2 provides a descriptive account of the unique symbiotic relationship between espionage and cyber law, and further explains the reasons for this dynamic. Part 3 places the discussion surrounding this relationship within the broader discourse on IW, making the claim that the convergence between EOs and LICOs, as described in Part 2, could further be explained by an even larger convergence across all the various elements of the informational environment. Parts 2 and 3 then serve as the backdrop for Part 4, which details the attempt of the drafters of the Tallinn Manual 2.0 to compartmentalize espionage law and cyber law, and the deficits of their approach. The paper concludes by proposing an alternative holistic understanding of espionage law, grounded in general principles of law, which is more practically transferable to the cyber realmhttps://www.repository.law.indiana.edu/facbooks/1220/thumbnail.jp

Security of electronic personal health information in a public hospital in South Africa

The adoption of digital health technologies has dramatically changed the healthcare sector landscape and thus generates new opportunities to collect, capture, store, access and retrieve electronic personal health information (ePHI). With the introduction of digital health technologies and the digitisation of health data, an increasing number of hospitals and peripheral health facilities across the globe are transitioning from a paper-based environment to an electronic or paper-light environment. However, the growing use of digital health technologies within healthcare facilities has caused ePHI to be exposed to a variety of threats such as cyber security threats, human-related threats, technological threats and environmental threats. These threats have the potential to cause harm to hospital systems and severely compromise the integrity and confidentiality of ePHI. Because of the growing number of security threats, many hospitals, both private and public, are struggling to secure ePHI due to a lack of robust data security plans, systems and security control measures. The purpose of this study was to explore the security of electronic personal health information in a public hospital in South Africa. The study was underpinned by the interpretivism paradigm with qualitative data collected through semi-structured interviews with purposively selected IT technicians, network controllers’, administrative clerks and records management clerks, and triangulated with document and system analysis. Audio-recorded interviews were transcribed verbatim. Data was coded and analysed using ATLAS.ti, version 8 software, to generate themes and codes within the data, from which findings were derived. The key results revealed that the public hospital is witnessing a deluge of sophisticated cyber threats such as worm viruses, Trojan horses and shortcut viruses. This is compounded by technological threats such as power and system failure, network connection failure, obsolete computers and operating systems, and outdated hospital systems. However, defensive security measures such as data encryption, windows firewall, antivirus software and security audit log system exist in the public hospital for securing and protecting ePHI against threats and breaches. The study recommended the need to implement Intrusion Protection System (IPS), and constantly update the Windows firewall and antivirus program to protect hospital computers and networks against newly released viruses and other malicious codes. In addition to the use of password and username to control access to ePHI in the public hospital, the study recommends that the hospital should put in place authentication mechanisms such as biometric system and Radio Frequency Identification (RFID) system restrict access to ePHI, as well as to upgrade hospital computers and the Patient Administration and Billing (PAAB) System. In the absence of security policy, there is a need for the hospital to put in place a clear written security policy aimed at protecting ePHI. The study concluded that healthcare organisations should upgrade the security of their information systems to protect ePHI stored in databases against unauthorised access, malicious codes and other cyber-attacks.Information ScienceM. Inf. (Information Security

Managing the radio spectrum : framework for reform in developing countries

Bringing management of the radio spectrum closer to markets is long overdue. The radio spectrum is a major component of the infrastructure that underpins the information society. Spectrum management, however, has not kept up with major changes in technology, business practice, and economic policy that have taken place worldwide during the last two decades. For many years traditional government administration of the spectrum worked reasonably well, but more recently it has led to growing technical and economic inefficiencies as well as obstacles to technological innovation. Two alternative approaches to spectrum management are being tried in several countries, one driven by the market (tradable spectrum rights) and another driven by technology innovation (spectrum commons). This paper discusses the basic features, advantages and limitations, scope of application, and requirements for implementation of these three approaches. The paper then discusses how these approaches can be made to work under conditions that typically prevail in developing countries, including weak rule of law, limited markets, and constrained fiscal space. Although spectrum reform strategies for individual countries must be developed case by case, several broadly applicable strategic options are outlined. The paper proposes a phased approach to addressing spectrum reform in a country. It ends by discussing aspects of institutional design, managing the transition, and addressing high-level changes such as the transition to digital television, the path to third-generation mobile services, launching of wireless fixed broadband services, and releasing military spectrum. The paper is extensively annotated and referenced.E-Business,Roads&Highways,Telecommunications Infrastructure,Climate Change,ICT Policy and Strategies

Australia and Cyberwarfare

This book explores Australia’s prospective cyber-warfare requirements and challenges. It describes the current state of planning and thinking within the Australian Defence Force with respect to Network Centric Warfare, and discusses the vulnerabilities that accompany the use by Defence of the National Information Infrastructure (NII), as well as Defence’s responsibility for the protection of the NII. It notes the multitude of agencies concerned in various ways with information security, and argues that mechanisms are required to enhance coordination between them. It also argues that Australia has been laggard with respect to the development of offensive cyber-warfare plans and capabilities. Finally, it proposes the establishment of an Australian Cyber-warfare Centre responsible for the planning and conduct of both the defensive and offensive dimensions of cyber-warfare, for developing doctrine and operational concepts, and for identifying new capability requirements. It argues that the matter is urgent in order to ensure that Australia will have the necessary capabilities for conducting technically and strategically sophisticated cyber-warfare activities by the 2020s. The Foreword has been contributed by Professor Kim C. Beazley, former Minister for Defence (1984–90), who describes it as ‘a timely book which transcends old debates on priorities for the defence of Australia or forward commitments, [and] debates about globalism and regionalism’, and as ‘an invaluable compendium’ to the current process of refining the strategic guidance for Australia’s future defence policies and capabilities

Syringa Networks v. Idaho Department of Administration Clerk\u27s Record v. 1 Dckt. 38735

https://digitalcommons.law.uidaho.edu/idaho_supreme_court_record_briefs/1519/thumbnail.jp

Revisiting the legal regulation of digital identity in the light of global implementation and local difference

This thesis aims to address a vital gap that has emerged in the digital identity regulatory discourse: how can the legal regulation of digital identity mirror the global nature of digital identity and be compatible with national local difference? Digital identity, or the digital representation of an individual, is a complex concept, which manifests in myriad forms (e.g. authenticators, claims, data or information, identifiers, presence, relationship representations and reputation) and natures. As such, it engages a gamut of legal domains ranging from criminal law, constitutional law, human rights law, law of identity schemes, contract law, intellectual property law, tort law and data protection law. Digital identity is global and local in its nature, influence and effects. Yet, the digital identity regulatory discourse has primarily developed in and focussed on the digitally advanced West, leaving out countries like India which are developing strong digital presences, with their own digital identity perceptions and needs. This situation is adverse to the sustained future of digital identity. Thus, the contribution of this thesis lies in filling this gap and preparing the ground for a dialogue between different countries with different national agendas through building international and local awareness of how similarities and differences operate in respect of digital identity, its regulation and providing a modest solution to help preserve the global and local dimensions of digital identity and its regulation. To this end, the thesis carried out comparative legal research on the legal regulation of digital identity using the UK and India as base jurisdictions. The original hypothesis was that that immense differences in the legal regulation of digital identity between the comparator countries would emerge. Yet, though differences were evident, considerable degrees of similarity also emerged, not just on the superficial level of mere identity of rules, but also in legal practice, in large part attributable to India’s penchant for legal transplants. While the transplantation of Western law did not result in a full-scale rejection of the transplanted laws in relation to digital identity in India, there are indications of anomalies caused by the imposition of Western cultural norms through law on an Indian society ill prepared for it. Thus there has resulted a tension between the local and the global, the indigenous and the externally imposed. The challenge is thus to resolve this, taking into account, on the one hand the need to maintain the global nature and relevance of digital identity and the other, the need to accommodate and be responsive to local differences. The thesis proposes a tentative solution called the tri-elemental framework (TeF) which draws from the Indian philosophical and legal concept of dharma (and its elements of Sad Achara, Vyavahara and Prayaschitta) and learns from the most universally relevant digital identity proposal, De Hert’s right to identity. The solution provides one way in which the law regulating digital identity, whatever its nature, can be made sense of and acquire cultural meaning appropriate to local contexts

Ethical and Unethical Hacking

The goal of this chapter is to provide a conceptual analysis of ethical, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normativelyadequate nomenclature. ‘Ethical hackers’ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackers’ individual ethics in morally debatable, grey zones

Best Practices and Recommendations for Cybersecurity Service Providers

This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers