Response To Criticism On E Crime Law

50 %
50 %
Information about Response To Criticism On E Crime Law

Published on October 11, 2007

Author: mfnaqvi

Source: slideshare.net

Description

Response to the Criticism on Prevention of Electronic Crimes Law of Pakistan

Response to Criticism on Prevention of E-Crimes Bill 2007 By: M. Faisal Naqvi CISSP [email_address]

Definition of electronic Criticism: “ Wrong. Electronic means much more. There is no need to define electronic. What needs to be defined is electronic. Also note ETO 2002 does not define electronic nor does any law or model law define this internationally…” Response: Same definition is given in ETO 2002 under section 2 (ℓ) Moreover electronic is defined in: Canada - Electronic Transactions Act 2001 Canada - Uniform Electronic Commerce Act Canada - The Electronic Commerce And Information, Consumer Protection Amendment And Manitoba Evidence Amendment Act Ireland - E-Commerce Act, 2000 India - IT Act 2000 u/s. 2 (r) Turks and CAICOS Islands - Electronic Transactions Ordinance 2000 Bermuda The Electronic Transactions Act 1999

Criticism:

“ Wrong. Electronic means much more. There is no need to define electronic. What needs to be defined is electronic. Also note ETO 2002 does not define electronic nor does any law or model law define this internationally…”

Response:

Same definition is given in ETO 2002 under section 2 (ℓ)

Moreover electronic is defined in:

Canada - Electronic Transactions Act 2001

Canada - Uniform Electronic Commerce Act

Canada - The Electronic Commerce And Information, Consumer Protection Amendment And Manitoba Evidence Amendment Act

Ireland - E-Commerce Act, 2000

India - IT Act 2000 u/s. 2 (r)

Turks and CAICOS Islands - Electronic Transactions Ordinance 2000

Bermuda The Electronic Transactions Act 1999

Data / System Damage Criticism: “ any interference with Data should be the focus” Response: Interference even includes: Prying Intrusion Modification Deletion etc. Damage includes only Active Attacks like: Modification, Deletion, Obstruction etc. Passive Attacks – Criminal Access = 2 yrs. punishment Active Attacks = 3 yrs. punishment

Criticism:

“ any interference with Data should be the focus”

Response:

Interference even includes:

Prying

Intrusion

Modification

Deletion etc.

Damage includes only Active Attacks like:

Modification, Deletion, Obstruction etc.

Data / System Damage (Cont…) Criticism: “ Do I damage a system if I don’t interrupts any normal processing, nor obstruct the functioning or reliability or usefulness of an electronic system, yet take control of the system? If the answer is yes how does clause 7 address it.” Response: answer is No! You are just accessing the system which is punishable under clause 3 i.e. Criminal Access. 1 st level = Access, 2 nd level = Damage Access and Damage are treated separately Interference treats both equally

Criticism:

“ Do I damage a system if I don’t interrupts any normal processing, nor obstruct the functioning or reliability or usefulness of an electronic system, yet take control of the system? If the answer is yes how does clause 7 address it.”

Response:

answer is No!

You are just accessing the system which is punishable under clause 3 i.e. Criminal Access.

1 st level = Access, 2 nd level = Damage

Access and Damage are treated separately

Interference treats both equally

Data / System Damage (Cont…) United States Code § 1030 (e)(8) define damge as: ‘ the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information;’ Data will be damaged, even with a single bit change If the word “Destroy” would used be then criticism may be valid. Almost All Budapest Convention Signatories have treated Access and Damage separately Almost every Signatory used a different title and definition Many of Budapest Convention Signatories have used word “Damage” including Switzerland Have a look at leaders (UK, France, Germany & Switzerland)…

United States Code § 1030 (e)(8) define damge as:

‘ the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information;’

Data will be damaged, even with a single bit change

If the word “Destroy” would used be then criticism may be valid.

Almost All Budapest Convention Signatories have treated Access and Damage separately

Almost every Signatory used a different title and definition

Many of Budapest Convention Signatories have used word “Damage” including Switzerland

Have a look at leaders (UK, France, Germany & Switzerland)…

Budapest Signatories Comparison Computer Sabotage Alteration of Data Data Espionage Penal Code Germany Damage to data Unauthorized access to data processing system Penal Code Switzerland Obstruction or interference Unauthorised access with intent to commit or facilitate commission of further offences System Damage Fraudulent introduction of data Unauthorised modification of computer material Data Damage Fraudulent accessing Unauthorised access to computer material. Criminal Access Penal Code Computer Misuse Act France UK Crime

Electronic Fraud Draft: “ Whoever for gain interferes with data or electronic system …” Criticism: “ What about automated transactions that require no inducement of person?...” “… important element of economic gain in the section which is wholly missing in the Draft law.” Response: E-System is mentioned, Gain is mentioned A 50 yrs. old man in UK deceives a 20 yrs. girl in Pakistan and marry her, there is gain , but gain is not economic , will this not be a fraud? (Real world case not hypothetical)

Draft:

“ Whoever for gain interferes with data or electronic system …”

Criticism:

“ What about automated transactions that require no inducement of person?...”

“… important element of economic gain in the section which is wholly missing in the Draft law.”

Response:

E-System is mentioned, Gain is mentioned

A 50 yrs. old man in UK deceives a 20 yrs. girl in Pakistan and marry her, there is gain , but gain is not economic , will this not be a fraud? (Real world case not hypothetical)

Electronic Forgery Draft: “ Whoever for gain interferes with data or electronic system…” Criticism: “ what about for no gain? A cracker just out there interested in checking to see what systems can be compromised.” Response: Again it is Criminal Access not Electronic Forgery

Draft:

“ Whoever for gain interferes with data or electronic system…”

Criticism:

“ what about for no gain? A cracker just out there interested in checking to see what systems can be compromised.”

Response:

Again it is Criminal Access not Electronic Forgery

Malicious code Draft: “ Whoever willfully writes, offers, makes available, distributes or transmits malicious code …” Criticism: “ Indeed. Malicious code may be used for research, investigatory or counter offensive purposes .” “ Code performing functions unintended or unauthorized functions” Response: counter offensive malicious code, will be Taking law in your hand Willfully means intended and if a genuine code is malfunctioning unintended, this will not be the crime.

Draft:

“ Whoever willfully writes, offers, makes available, distributes or transmits malicious code …”

Criticism:

“ Indeed. Malicious code may be used for research, investigatory or counter offensive purposes .”

“ Code performing functions unintended or unauthorized functions”

Response:

counter offensive malicious code, will be Taking law in your hand

Willfully means intended and if a genuine code is malfunctioning unintended, this will not be the crime.

Cyber Stalking Criticism: Obscene, immoral and harm? Response: Definition of Obscene:- “The term is most often used in a legal context to describe expressions (words, images, actions) that offend the prevalent sexual morality of the time.” Use of words “Obscene”, “Moral” and “Harm” USA - Child Online Protection Act (47 U.S.C. § 231): “ Material that is harmful to minors means any communication, picture, image, graphic image file, article, recording, writing, or other matter of any kind that is obscene ” Germany (Budapest Signatory) Amendment of the Act on the Dissemination of Publications Morally Harmful to Youth India - Obscene Publications Act 1973 Bermuda - Obscene Publications Act

Criticism:

Obscene, immoral and harm?

Response:

Definition of Obscene:- “The term is most often used in a legal context to describe expressions (words, images, actions) that offend the prevalent sexual morality of the time.”

Use of words “Obscene”, “Moral” and “Harm”

USA - Child Online Protection Act (47 U.S.C. § 231):

“ Material that is harmful to minors means any communication, picture, image, graphic image file, article, recording, writing, or other matter of any kind that is obscene ”

Germany (Budapest Signatory) Amendment of the Act on the Dissemination of Publications Morally Harmful to Youth

India - Obscene Publications Act 1973

Bermuda - Obscene Publications Act

Cyber Stalking (Cont…) Criticism: Pictures distribution? Response: Pictures Distribution is crime in: United States Code § 223 (1)(a)(ii) “initiates the transmission of, any comment, request, suggestion, proposal, image , or other communication which is obscene or child pornography, with intent to annoy, abuse, threaten, or harass another person;” Spain ( Budapest Signatory) Penal Code CHAPTER I Article 197 (3): “… the images captured, as indicated in the proceeding paragraphs, are divulged, revealed or transferred to third parties. Punishment consisting of imprisonment from between one and three years…”

Criticism:

Pictures distribution?

Response:

Pictures Distribution is crime in:

United States Code § 223 (1)(a)(ii) “initiates the transmission of, any comment, request, suggestion, proposal, image , or other communication which is obscene or child pornography, with intent to annoy, abuse, threaten, or harass another person;”

Spain ( Budapest Signatory) Penal Code CHAPTER I Article 197 (3):

“… the images captured, as indicated in the proceeding paragraphs, are divulged, revealed or transferred to third parties. Punishment consisting of imprisonment from between one and three years…”

Spoofing Draft: “ Whoever establishes a website, or sends an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source…” Criticism: “ This is phishing! The definition is completely off the mark technically and demonstrates the dire need for this Draft to be discussed line by line with industry face to face…” Response: Phishing includes three steps which are: Counterfeit Source e.g. e-mail/web = Spoofing Induces user to surrender private information = Fraud Use of private Info. to make any illegal claim or title = Forgery Phishing is dealt at every step individually

Draft:

“ Whoever establishes a website, or sends an electronic message with a counterfeit source intended to be believed by the recipient or visitor or its electronic system to be an authentic source…”

Criticism:

“ This is phishing! The definition is completely off the mark technically and demonstrates the dire need for this Draft to be discussed line by line with industry face to face…”

Response:

Phishing includes three steps which are:

Counterfeit Source e.g. e-mail/web = Spoofing

Induces user to surrender private information = Fraud

Use of private Info. to make any illegal claim or title = Forgery

Phishing is dealt at every step individually

Spoofing (Cont…) Response (Cont…): Very comprehensive definition, covers: Identity Theft E-Mail Spoofing Domain Name Spoofing (Multilingual – Μicrosoft <> Microsoft) IP Spoofing ( Session Hijacking SYN Flooding mostly used for simple DOS attack ICMP flood UDP flood Man-in-the-middle attack Source routing DNS Poisoning Smurf Attack Fraggle Attack Blind spoofing And partially Phishing as well

Response (Cont…):

Very comprehensive definition, covers:

Identity Theft

E-Mail Spoofing

Domain Name Spoofing (Multilingual – Μicrosoft <> Microsoft)

IP Spoofing (

Session Hijacking

SYN Flooding mostly used for simple DOS attack

ICMP flood

UDP flood

Man-in-the-middle attack

Source routing

DNS Poisoning

Smurf Attack

Fraggle Attack

Blind spoofing

And partially Phishing as well

Denial of Service (DOS) Attack Violates Availability Two Major Types of DOS Attack: Spoofed Flooding (Covered under Spoofing and System Damage) Distributed Denial of Service (D-DOS) Attack Covered at each step i.e. : Spreading of code. covered under Malicious Code Executing Attack remotely. covered under Criminal Access Denial of Service. covered under System Damage

Violates Availability

Two Major Types of DOS Attack:

Spoofed Flooding (Covered under Spoofing and System Damage)

Distributed Denial of Service (D-DOS) Attack Covered at each step i.e. :

Spreading of code. covered under Malicious Code

Executing Attack remotely. covered under Criminal Access

Denial of Service. covered under System Damage

Retention of traffic data Criticism: All the data is required to be retained, which is impossible Response: Not the whole data is required to be retained by an ISP Just header information is required to be retained i.e.: Communication’s origin Destination Route Time Date Size Duration Type of underlying service Above is Defined under section 2 (w) “traffic data”

Criticism:

All the data is required to be retained, which is impossible

Response:

Not the whole data is required to be retained by an ISP

Just header information is required to be retained i.e.:

Communication’s origin

Destination

Route

Time

Date

Size

Duration

Type of underlying service

Above is Defined under section 2 (w) “traffic data”

Spamming Draft 2004: “ Whoever transmits, without the express permission of the recipient, unsolicited electronic messages in bulk…” Old Criticism: “ Very bad clause – Will hurt Off-shore marketing and other efforts. Legal spamming should be allowed…” Draft 2007: “ Whoever transmits harmful, fraudulent , misleading, or illegal unsolicited electronic messages in bulk to any person without the express permission of the recipient…” Latest Criticism: “ NOT COMPATIBLE WITH INT’L DEFINITIONS” Response: That’s why some of definitions are not Compatible with Int’l Definitions

Draft 2004:

“ Whoever transmits, without the express permission of the recipient, unsolicited electronic messages in bulk…”

Old Criticism:

“ Very bad clause – Will hurt Off-shore marketing and other efforts. Legal spamming should be allowed…”

Draft 2007:

“ Whoever transmits harmful, fraudulent , misleading, or illegal unsolicited electronic messages in bulk to any person without the express permission of the recipient…”

Latest Criticism:

“ NOT COMPATIBLE WITH INT’L DEFINITIONS”

Response:

That’s why some of definitions are not Compatible with Int’l Definitions

Cyber Terrorism Criticism: “ The word TERRORISTIC is without doubt a figment of their imagination vocabulary” Response: New Hamlyn Encyclopedic Word Dictionary Terroristic Denoting or pertaining to Terrorist or their methods American Heritage Dictionary of the English Language Terrorist OTHER FORMS: terror·istic —ADJECTIVE Collins English dictionary Terrorist terroristic adj The Merriam-Webster dictionary Main Entry: ter·ror·ism ter·ror·is·tic /&quot;ter-&r-'is-tik/ adjective

Criticism:

“ The word TERRORISTIC is without doubt a figment of their imagination vocabulary”

Response:

New Hamlyn Encyclopedic Word Dictionary

Terroristic

Denoting or pertaining to Terrorist or their methods

American Heritage Dictionary of the English Language

Terrorist

OTHER FORMS: terror·istic —ADJECTIVE

Collins English dictionary

Terrorist

terroristic adj

The Merriam-Webster dictionary

Main Entry: ter·ror·ism

ter·ror·is·tic /&quot;ter-&r-'is-tik/ adjective

Investigation Procedures Detailed Procedures for: Evidence Chain of custody Investigation Will be drafted as rules/regulations subsequently.

Detailed Procedures for:

Evidence

Chain of custody

Investigation

Will be drafted as rules/regulations subsequently.

? [email_address]

?

[email_address]

Thank You

Thank You

Add a comment

Related presentations

Related pages

Louisiana Enacts Hate Crimes Law to Protect a New Group ...

Hate crime statutes originated as a response to ... criticism of law enforcement. That criticism has come in ... Crime Law Protects New Group ...
Read more

Response To Criticism On E Crime Law - Technology

Share Response To Criticism On E Crime Law. Embed size(px) start on. Link. Report Description. Response to the Criticism on Prevention of Electronic Crimes ...
Read more

China state media cite Dallas shooting in response to ...

Law & Crime • Politics ... China state media cite Dallas shooting in response to criticism of lawyer crackdown. 2 min. Facebook; Twitter; Print; Flattr ...
Read more

Law & Crime Archives | Hong Kong Free Press

Law & Crime. Hong Kong law and order stories from Hong Kong Free Press. ... China state media cite Dallas shooting in response to criticism of lawyer ...
Read more

Malaysia: Stop Treating Criticism as a Crime | Human ...

... Stop Treating Criticism as a Crime. ... to the government’s response to a spiralling ... and send the signal that the rule of law is ...
Read more

Legal Punishment (Stanford Encyclopedia of Philosophy)

Legal punishment presupposes crime as that for ... that our response to crime should ... Crime and the Criminal Law, London ...
Read more

Criticism blights launch of new crime ... - The Independent

The Independent Books; Puzzles; ... Criticism blights launch of new crime ... need to talk up the tough side to appease the Tory law and ...
Read more

DECC responds to recent coverage on shale regulation ...

DECC responds to recent coverage on shale regulation. ... Government response to recent media coverage of shale regulation in ... Crime, justice and the law;
Read more