International Dimensions
So far we have explored laws
in the United States. But many people outside the United States will read this
book, perhaps wondering why they should learn about laws from a foreign
country. This question has two answers.
Technically, computer
security laws in the United States are similar to those in many other
countries: Lawmakers in each country learn about subtle legal points and
interpretation or enforcement difficulties from laws passed in other countries.
Many other countries, such as Australia, Canada, Brazil, Japan, the Czech
Republic, and India, have recently enacted computer crime laws. These laws
cover offenses such as fraud, unauthorized computer access, data privacy, and
computer misuse. Schjolberg [SCH02] has
compiled a survey of different countries' laws to counter unauthorized access.
The second reason to study
laws from a foreign country is that the Internet is an international entity.
Citizens in one country are affected by users in other countries, and users in
one country may be subject to the laws in other countries. Therefore, you need
to know which laws may affect you. The international nature of computer crime
makes life much more complicated. For example, a citizen of country A may sit
in country B, dial into an ISP in country C, use a compromised host in country
D, and attack machines in country E (not to mention traveling on communications
lines through dozens of other countries). To prosecute this crime may require cooperation
of all five countries. The attacker may need to be extradited from B to E to be
prosecuted there, but there may be no extradition treaty for computer crimes
between B and E. And the evidence obtained in D may be inadmissible in E
because of the manner in which it was obtained or stored. And the crime in E
may not be a crime in B, so the law enforcement authorities, even if
sympathetic, may be unable to act.
Although computer crime is
truly international, differing statutes in different jurisdictions inhibit
prosecution of international computer crime. In the remainder of this section
we briefly discuss laws around the world that differ from U.S. laws and that
should be of interest to computer security students.
Council of Europe Agreement on Cybercrime
In November 2001, the United
States, Canada, Japan, and 22 European countries signed the Council of Europe
Agreement on Cybercrime to define cybercrime activities and support their
investigation and prosecution across national boundaries. The significance of
this treaty is not so much that these activities are illegal but that the
countries acknowledged them as crimes across their borders, making it easier
for law enforcement agencies to cooperate and for criminals to be extradited
for offenses against one country committed from within another country. But to
really support investigation, prosecution, and conviction of computer
criminals, more than just these 25 countries will have to be involved.
The treaty requires countries
that ratify it to adopt similar criminal laws on hacking, computer-related
fraud and forgery, unauthorized access, infringements of copyright, network
disruption, and child pornography. The treaty also contains provisions on
investigative powers and procedures, such as the search of computer networks
and interception of communications, and requires cross-border law enforcement
cooperation in searches and seizures and extradition. The original treaty has
been supplemented by an additional protocol making any publication of racist
and xenophobic propaganda via computer networks a criminal offense.
E.U. Data Protection Act
The E.U. Data Protection Act,
based on the European Privacy Directive, is model legislation for all the
countries in the European Union. It establishes privacy rights and protection
responsibilities for all citizens of member countries. The act governs the
collection and storage of personal data about individuals, such as name,
address, and identification numbers. The law requires a business purpose for
collecting the data, and it controls against disclosure. Dating from 1994 in
its initial form, this law was one of the first to establish protection
requirements for the privacy of personal data. Most significantly, the act
requires equivalent protection in non-E.U. countries if organizations in the
European Union pass protected data outside the European Union. Chapter 10 contains more detail on this
directive.
Restricted Content
Some countries have laws
controlling Internet content allowed in their countries. Singapore requires
service providers to filter content allowed in. China bans material that
disturbs social order or undermines social stability. Tunisia has a law that
applies the same controls on critical speech as for other media forms [HRW99].
Further laws have been
proposed to make it illegal to transmit outlawed content through a country,
regardless of whether the source or destination of the content is in that
country. Given the complex and unpredictable routing structure of the Internet,
complying with these laws, let alone enforcing them, is effectively impossible.
Use of Cryptography
Cryptography is the fourth
major area in which different countries have developed laws. We survey these
laws in a subsequent section.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.