Workshop 4 Tutor: William Yeoh School of Computer and Information Science Secure and High Integrity System (INFT 3002)

The issues Abraham is asking for advice on are: 7. Is there any legislation to help him if his network is hacked into again? 8. What kind of legal or ethical issues will he herself face if the data in his databases or files is lost or damaged?

7. Is there any legislation to help him if his network is hacked into again? The scope of legislation depends on the location of the company Eg. for Hong Kong Telecommunication Ordinance, chapter 106, Law of HK Crime Ordinance, Chapter 2000, Law of HK Theft Ordinance, Chapter 210, Law of HK Control of Obscene and Indecent Articles Ordinance, Chapter 390, Law of HK Copyright Ordinance, Chapter 528, Law of HK Prevention of Copyright Privacy Ordinance, Chapter 544, Law of HK

Scenario: Hacking of the system Referring to section 27A, Telecommunication Ordinance (Cap 106), Law of HK, it states that “unauthorised access to computer by telecommunication’ is a criminal offense. Hence, Police officer is authorised to investigate the case and arrest the criminal This law protects AW from being hacked, if anyone access to AW’s pc via telecommunication means without an authorization

Scenario II: Virus/Trojan Infection or unauthorised program modifications By section 11, Theft Ordinance, Law of HK, it states that ‘unlawfully causing a computer to function other than as it has been established, and altering, erasing or adding any computer program or data is a criminal offense. This section protects AW from being attacked by viral or trojan programs and unauthorised modifications of code to hinder its normal operations eg. DoS

Scenario III: Theft of Information Section 17, Theft Ordinance (Cap 210), Law of HK, it states that ‘Obtaining property by deception’ constitutes a criminal offense. This section interprets that stealing, intercepting and unauthorised access of info constitutes an offense This law protects AW from eavesdropping during info transmission and stealing of sensitive info.

Scenario IV: Damaging of equipment & resources Referring to Section 161, Crime Ordinance (Cap 200), Law of HK This section safeguards the loss of AW caused by intentional destructions, eg, destroying the firewall and DB, and combats illegal gain made by attacker who makes profit from attacking AW’s system

8. What kind of legal or ethical issues will he herself face if the data in his databases or files is lost or damaged? Referring to HK Law, no liability shall be incurred by manager of an authorised institution or any person appointed by the manager According to this interpretation, this law relates to the legal concerns of our customers if the data is lost, neither legal liability is liable to AW nor his staff

Other matters on legal aspects that need to be considered: Bona fide of service – data loss or damage must be caused during AW’s staff exercising their duty in good faith Due diligence – whether the customer has taken all possible steps to protect the system from being attacked Criminal damage and theft – any possibility to show that employees are involved in intentional damage or theft of info

Ethical issues Pfleeger defined ethics as a set of social values or norms to judge whether people are doing things right or wrong Staff/customers may bear no legal liability if duties are done in ‘bona fide’ manner However, ethical issues are highly concerned for business Hence, code of ethics must be formulated

The ethical issues are many and varied, however it’s useful to focus on just four- PAPA: Privacy: What information about one self must a person reveal to others, under what conditions and what safeguards? Accuracy: Who is responsible for the authenticity, fidelity an accuracy of info?

Property: Who owns information? What are the just price for its exchange? Accessibility: What info does a person/org have a privilege to obtain? Under what conditions and with what safeguards?

Q &A Group Discussions