Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor.

Slides:

Advertisements

Similar presentations

Efforts of Pakistan to Curb Electronic Crimes and Combat Cyber Terrorism Syed Mohammed Anwer Director Legal Ministry of Information Technology Government.

Advertisements

UN Comprehensive Study on Cybercrime

UNODC & the Global Response to Cybercrime

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data privacy law in Asia-pacific -introduction to the privacy law in China (mainland China and Hong Kong) Yue Liu

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry.

Cybercrimes - main problems and analysis - Takato Natsui Professor at Meiji University, Japan Copyright © 2002 Takato Natsui, All Rights Reserved.

The Area of Liberty, Security and Justice. Objectives Free movement for EU citizens Security and safety in a Europe without borders Figth against international.

Latest Developments relating to Information John Giles Harty Rushmere McPherson Inc. Kindly note that this presentation does not constitute legal advice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.

Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.

Sri Lankan perspective in meeting the Cyber crime challenge

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

AN INTERNATIONAL SOLUTION TO A GLOBAL PROBLEM. A Global Problem What is cybercrime? How does it affect us ? The solution.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)

Legal, Ethical, and Professional Issues in Information Security

Nigel, Lochie, Anika and Martin. As the internet is becoming the most popular area of crime, countries around the world are struggling to update the law.

MINISTRY OF FINANCE Counsellor, docent, Dr Tuomas Pöysti1 The Constitutionalisation and Evolution of Penal Law and Control Policy in the European.

IT REGULATORY FRAMEWORK IN HONG KONG The Chinese University of Hong Kong Department of Electronic Engineering Sin Chung-kai Legislative Councillor (IT)

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

Brad Butt MP February 10, – criminalize the advocacy or promotion of terrorism offences in general; – counter terrorist recruitment by giving our.

General Purpose Packages

What distinguishes cyber crime from “traditional” crime? What distinguishes cyber crime from “traditional” crime? How has the Internet expanded opportunities.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

Information Technology Act India is one of the few countries other than U.S.A, Singapore, Malaysia in the world that have Information Technology.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Computer Legislation The need for computer laws Go to Contents.

1 The interplay of stopping computer crime while protecting privacy Svein Yngvar Willassen Department of Telematics, Norwegian University of Science and.

Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,

COPYRIGHT © 2011 South-Western/Cengage Learning. 1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears,

ISPA Internet Week Regulatory Session The Regulation of Interception of Communications (RIC) Bill 12 September 2002 Tracy Cohen.

International Telecommunication Union Accra, Ghana, June 2009 Towards Cyber Security - Kenyan Experience Christopher Kemei, Asst. Director Licensing.

2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.

Perspectives for an effective European-wide fight against cybercrime Anne Flanagan Institute for Computer and Communications Law Centre for Commercial.

1 The Broader Picture Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar.

Dr. Hilton CHAN Technology Crime Division Commercial Crime Bureau

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

s Protected by Fourth Amendment Right of Privacy By: Xavier Mulligan.

1 The Broader Picture Chapter 12 Copyright 2003 Prentice-Hall.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

The EU Fight against Environmental Crime – Directive 2008/99 Helge Elisabeth Zeitler DG Justice, Criminal Law.

Models for Cyber-legislation in ESCWA member countries Presented by Jean Akl & Roula Zayat Amman, December 11, 2007.

Workshop 4 Tutor: William Yeoh School of Computer and Information Science Secure and High Integrity System (INFT 3002)

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Concept Criminalize new types of crime and few of the traditional crimes when committed by computer Criminalize certain acts where : The Computer is the.

Cybercrimes and the laws to suppress such crimes in Oman: Success and Challenges Dr. Muhammad Masum Billah College of Law, Sultan Qaboos University.

OTHER COUNCIL OF EUROPE CONVENTIONS INTRODUCTION.

Experience of Slovenia in implementation of European Arrest Warrant

MINISTRY OF FINANCE Counsellor, docent, Dr Tuomas Pöysti1 The Constitutionalisation and Evolution of Penal Law and Control Policy in the European.

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.

By Prof. Dr. PI Yong Wuhan University of China New China Criminal Legislation against Cybercrime in the Common Internet.

And the additional protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through.

Surveillance around the world

Chapter 9: Internet Law, Social Media, and Privacy

1st Workshop On Transposition Of SADC Cybersecurity Model Laws In National Laws For Namibia Windhoek, Namibia - 30 April 2013 Transposition of SADC.

Cyber Laws in Pakistan.

SCHOOL OF LAW L 470- INFORMATION TECHNOLOGY LAW

U.S. Department of Justice

Overview of the Budapest Convention on Cybercrime (2001)

Cybercrime in the election process:

Forensic and Investigative Accounting

Cyber Laws in Pakistan Hassan Khalil.

Forensic and Investigative Accounting

Presentation transcript:

Information Security Legislation Moving ahead Information Security 2001 Professional Information Security Association Sin Chung Kai Legislative Councillor (IT) July 28, 2001

2 A. The “Report” The Inter-departmental Working Group on Computer Related Crime Sept 2000 The major review of laws concerning computer crime since 1993 Legislative amendments in the coming year

3 A. The “Report”  Comments by professional bodies & associations   Government’s response   Accept most recommendations from the Working Group  Legislative amendments will be submitted to LegCo in 2001/02

4 Major Recommendations  Redefine “Computer”  Clarify gray areas in legislation  definition of “computer data”  definition of “access to computer”  definition of “hacking”  Increase penalties of computer crimes  “unauthorized access to the computer”  “accessing a computer with the intent to commit an offence”  deception and dishonest intent

5 Controversial Recommendations  encrypted computer records  serious offences  require judicial scrutiny  Hacking  extend jurisdictional rules

6 1. Encrypted computer records  Compulsory disclosure of encrypted computer records  law enforcement agencies  decryption tool or the decrypted text  judicial scrutiny  similar to production order  serious offences  maximum penalty on conviction of not less than 2 years  penalty will be in commensurate with the specific offence under investigation

7 Government view  law enforcement agencies have to  provide admissible evidence from encrypted data in criminal cases  prove beyond reasonable doubt  use the right decryption method

8 Opposite view  disclosure of decryption key may make one incriminating himself  threshold of offence carrying maximum penalty of not less than 2 years is sufficiently high  potential infringement of privacy

9 Overseas Experience  prohibit unauthorized encryption  China, Russia & Saudi Arabia  provide for mandatory key escrow  create the power to require production of encryption keys by warrant or order  Singapore  Malaysia  UK

10 Implication  Information Security professionals may be required to provide the decryption key under the aforesaid situation.

11 2. Hacking--Existing Law  unauthorized access to computer by telecommunications  hacking  Telecommunications Ordinance S. 27A  access to computer with a criminal or dishonest intent  Crimes Ordinance S. 161

12 2. Hacking--New proposals  increase penalty  hacking  include a custodial term  accessing a computer with the intent to commit an offence  regard to the severity of the offence to be committed  accessing a computer with deception and dishonest intent  maximum penalty:3 years

13 2. Hacking--New proposals  extend the jurisdiction  include hacking in Criminal Jurisdiction Ordinance (Cap. 461)  Hackers attacking Hong Kong from foreign countries commit an offence

14 3. Hacking - New proposals  implication  unauthorized access to computer by telecommunications  access to computer with a criminal or dishonest intent  The above crimes originated from overseas are offences in HK

15 Legislation in progress  Gambling Amendment Bill 2000

16 Other new legislation  Smart ID Card  Collection of data  Privacy issues  Review of Electronic Transactions Ordinance  Enacted Jan, 2000  review within 18 months

17 Overseas Experience  Australia  European Union  US

18 Australia  Cybercrime Bill 2001  Amend  Criminal Code Act 1995  Crimes Act 1914  enhance investigation powers relating to the search and seizure of electronically stored data  take into account the draft Council of Europe Convention on Cybercrime 

19 Council of Europe  Convention on Cyber-crime  Final Version--29, June, 2001  The first international treaty on cyber crime   Request members to criminalize:  illegal access  illegal interception  data interference  system interference  misuse of devices  hacking tools

20 US  HR 1259  Computer Security Enhancement Act of 2001  Expands the National Institute of Standards and Technology's (NIST) role in promoting computer security.  H Cont. Res 22  Expressing the sense of Congress regarding Internet security and ``cyberterrorism'’  Designates cyberterrorism as an emerging threat to the national security of the United States; and calls for a revised legal framework for the prosecution of `hackers' and `cyberterrorists’

21 US  HRes 12  Opposing the imposition of criminal liability on Internet service providers based on the actions of their users.  Opposes foreign governments' attempts to prosecute or penalize ISPs for content that is protected in the U.S. by the First Amendment, and the idea that ISPs should be held liable for content posted by others.

22 US  HR 2136  Confidential Information Protection Act  Limits the use and disclosure of personally identifiable information by federal agencies, and exempts such information from requests made under the Freedom of Information Act.

23 D. Current Legislation in HK  Telecommunications Ordinance (Cap 106)  Crimes Ordinance (Cap 200)  Theft Ordinance (Cap 210)  Electronic Transactions Ordinance (Cap 553)  Personal Data (Privacy) Ordinance (Cap 468)  Copyright Ordinance (Cap 548)  Control Obscene and Indecent Article Ordinance (Cap 390)  Gambling Ordinance (Cap 148)

24 Thank You