Electronic Communication Timeline
Morse code 1810
Telecommunications Lines1839
Transatlantic Line 1866
Prototype Telephone 1876
Conventional Telephone 1878
Fax Machine 1861
Radio Communication 1893
Television 1925
Teletype 1940
Walkie Talkie 1940
Cellular Communication 1960
E-Mail 1965
Instant Messaging Mid 1960s
SMS messaging 1980
Bluetooth 1998
Skype 2003
Monday 9 November 2009
Wednesday 4 November 2009
Computer misuse act 1990
(1) A person is guilty of an offence if:
a) he causes a computer to perform any function with intent to secure access to any program or data held in a computer;
b) the access he intends to secure is unauthorized; and
c) he knows at the time when he causes the computer to perform the function that this is the case. 1(2) the intent a person has to commit an offence under this section need not be directed at
a) any particular program or data
b) a program or data of any particular kind; or
c) a program or data held in any particular computer. 1(3) a person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5, on the standard scale or both.
2(1) a person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorized access offence") With intent
a) to commit an offence to which this section applies; or
b) to facilitate the commission of such an offence (whether by himself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence. 2(2) this section applies to offences
a) for which the sentence is fixed by law; or
b) for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or in England and Wales might be so sentenced but for the restrictions imposed by section 33 of the Magistrates Courts Act 1980). 2(5) a person guilty of an offence under this section shall be liable
a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and
b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.
3(1) A person is guilty of an offence if
a) he does any act in a way which causes the unauthorized modification of the contents of any computer; and
b) at the time when he does so the act he has the requisite intent and the requisite knowledge. 3(2) for the purposes of subsection 3(1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing
a) to impair the operation of any computer;
b) to prevent or hinder access to any program or data held in any computer; or
c) to impair the operation of any such program or the reliability of any such data. 3(3) the intent need not be directed at
a) any particular computer;
b) any particular program or data or a program or data of any particular kind; or
c) any particular modification or a modification of any particular kind. 3(4) For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized. 3(5) it is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary
The Act was created to criminalise unauthorized access to computer systems (the s1 offence) and to deter the more serious criminals from using a computer to assist in the commission of a criminal offence or from impairing or hindering access to data stored in a computer (the ss2 and 3 offences). The basic offence is to attempt or achieve access to a computer or the data it stores, by inducing a computer to perform any function with intent to secure access. Hackers that program their computers to search through password permutations are therefore liable, even though all their attempts to log on are rejected by the target computer. The only precondition to liability is that the hacker should be aware that the access attempted is unauthorized. Thus, using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence. Even if the initial access is authorized, subsequent exploration if there is a hierarchy of privileges in the system, may lead to entry to parts of the system for which the requisite privileges are lacking and the offence will be committed. But looking over a user's shoulder or using sophisticated electronic equipment to monitor the electromagnetic radiation emitted by VDUs ("electronic eavesdropping") is outside the scope of this offence.
The ss2 and 3 offences are aggravated offences, requiring a specific intent to commit another offence (for these purposes, the other offences are to be arrestable, and so include all the major common law and statutory offences of fraud and dishonesty). So a hacker who obtains access to a system intending to transfer money or shares, intends to commit theft, or to obtain confidential information for blackmail or extortion. Thus, the s1 offence is committed as soon as the unauthorized access is attempted, and the s2 offence overtakes liability as soon as specific access is made for the criminal purpose. The s3 offence is specifically aimed at those who write and circulate a computer virus or worm, whether on a LAN or across networks. Similarly, using phishing techniques or a Trojan to obtain identity data or to acquire any other data from an unauthorized source, or modifying the operating system files or some aspect of the computer's functions to interfere with its operation or prevent access to any data, including the destruction of files, or deliberately generating code to cause a complete system malfunction, are all criminal "modifications".
a) he causes a computer to perform any function with intent to secure access to any program or data held in a computer;
b) the access he intends to secure is unauthorized; and
c) he knows at the time when he causes the computer to perform the function that this is the case. 1(2) the intent a person has to commit an offence under this section need not be directed at
a) any particular program or data
b) a program or data of any particular kind; or
c) a program or data held in any particular computer. 1(3) a person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5, on the standard scale or both.
2(1) a person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorized access offence") With intent
a) to commit an offence to which this section applies; or
b) to facilitate the commission of such an offence (whether by himself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence. 2(2) this section applies to offences
a) for which the sentence is fixed by law; or
b) for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or in England and Wales might be so sentenced but for the restrictions imposed by section 33 of the Magistrates Courts Act 1980). 2(5) a person guilty of an offence under this section shall be liable
a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and
b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.
3(1) A person is guilty of an offence if
a) he does any act in a way which causes the unauthorized modification of the contents of any computer; and
b) at the time when he does so the act he has the requisite intent and the requisite knowledge. 3(2) for the purposes of subsection 3(1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing
a) to impair the operation of any computer;
b) to prevent or hinder access to any program or data held in any computer; or
c) to impair the operation of any such program or the reliability of any such data. 3(3) the intent need not be directed at
a) any particular computer;
b) any particular program or data or a program or data of any particular kind; or
c) any particular modification or a modification of any particular kind. 3(4) For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized. 3(5) it is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary
The Act was created to criminalise unauthorized access to computer systems (the s1 offence) and to deter the more serious criminals from using a computer to assist in the commission of a criminal offence or from impairing or hindering access to data stored in a computer (the ss2 and 3 offences). The basic offence is to attempt or achieve access to a computer or the data it stores, by inducing a computer to perform any function with intent to secure access. Hackers that program their computers to search through password permutations are therefore liable, even though all their attempts to log on are rejected by the target computer. The only precondition to liability is that the hacker should be aware that the access attempted is unauthorized. Thus, using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence. Even if the initial access is authorized, subsequent exploration if there is a hierarchy of privileges in the system, may lead to entry to parts of the system for which the requisite privileges are lacking and the offence will be committed. But looking over a user's shoulder or using sophisticated electronic equipment to monitor the electromagnetic radiation emitted by VDUs ("electronic eavesdropping") is outside the scope of this offence.
The ss2 and 3 offences are aggravated offences, requiring a specific intent to commit another offence (for these purposes, the other offences are to be arrestable, and so include all the major common law and statutory offences of fraud and dishonesty). So a hacker who obtains access to a system intending to transfer money or shares, intends to commit theft, or to obtain confidential information for blackmail or extortion. Thus, the s1 offence is committed as soon as the unauthorized access is attempted, and the s2 offence overtakes liability as soon as specific access is made for the criminal purpose. The s3 offence is specifically aimed at those who write and circulate a computer virus or worm, whether on a LAN or across networks. Similarly, using phishing techniques or a Trojan to obtain identity data or to acquire any other data from an unauthorized source, or modifying the operating system files or some aspect of the computer's functions to interfere with its operation or prevent access to any data, including the destruction of files, or deliberately generating code to cause a complete system malfunction, are all criminal "modifications".
Tuesday 3 November 2009
Civil rights in the information age
The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act does not mention privacy, in practice it provides a way in which individuals can control information about themselves. Most of the Act does not apply to domestic use,[1] for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles.
http://en.wikipedia.org/wiki/Data_Protection_Act_1998
The Key points of the Data Protection Act are:
Data may only be used for the specific purposes for which it was collected.
Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
Personal information may be kept for no longer than is necessary and must be kept up to date.
Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.
Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion)
It is there to protect the privacy of people who submit information online so it is not missused or abused. It also means that sites cannot share the information unless you give tem permission to.
http://en.wikipedia.org/wiki/Data_Protection_Act_1998
The Key points of the Data Protection Act are:
Data may only be used for the specific purposes for which it was collected.
Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
Personal information may be kept for no longer than is necessary and must be kept up to date.
Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.
Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion)
It is there to protect the privacy of people who submit information online so it is not missused or abused. It also means that sites cannot share the information unless you give tem permission to.
Subscribe to:
Posts (Atom)