Cyber Security & Law

(CSET 260)

Lecture 2: Issues in Cyber Security

Lecture Conducted By:

Dr. Sujan Kumar Roy
Assistant Professor,
Dept. of CSE, RU
 OUTLINES
 Private Ordering Solutions
 Regulation and Jurisdiction for Global Cyber Security
 Copy Right-source of risks
 Pirates
 Internet Infringement
 Fair Use
 Postings
 Criminal Liability
 First Amendments
 Data Loss
 PRIVATE ORDERING SOLUTIONS

What is Private Ordering?

 Private ordering is common in the field of Internet governance,
cybersecurity, and cybercrime.
 Private ordering comes to modify the scope of protection granted by
default under the law.
 Specifically, Private ordering refers to governance by means of contracts,
markets, or voluntary cooperative networks of non-state actors.
 The Internet relies heavily on private ordering because it is difficult for
territorial governments to regulate effectively by traditional methods of
intervention.
 PRIVATE ORDERING SOLUTIONS
How Private Ordering Works?
 Private ordering is used in Internet governance institutions such as the
Internet Corporation for Assigned Names and Numbers (ICANN).
 ICANN implements policies through contractual agreements and
develops policies via a multistakeholder process rooted in non-state
actors.
 Nevertheless, ICANN’s control of the root of the Domain Name System
(DNS) creates a centralized “choke point” where control over website
content and Internet expression can be exerted by regulating domain
name registries and registrars.
 For instance, by taking down domains or withdrawing licenses to
register names.
REGULATION AND JURISDICTION FOR GLOBAL CYBER
SECURITY
Issues on Cyber Security Regulations
 Given the current deficiencies of the law, the private sector began to assume a
predominant role in regulation of information in the digital environment.
 Data breaches have become the new “business normal.”
 For example, in a 2019 report, Carbon Black reported that in the past 12
months, 88% of global businesses had experienced one or more breaches.
 In response to this growing onslaught of cyber threats, new regulations are
being implemented to protect organizations, their data, and their customers.
 From the EU’s General Data Protection Regulation (GDPR) and HIPAA to PCI
security standards and privacy laws throughout the world, cyber security
regulations have never been as voluminous or complicated.
 To comply with increasingly complex cybersecurity regulations, organizations
need powerful tools for monitoring cybersecurity risk, managing cybersecurity
governance, and implementing cybersecurity best practices.
REGULATION AND JURISDICTION FOR GLOBAL CYBER
SECURITY
How to Manage Cyber Security Regulations?
By analyzing the massive and escalating volume of regulation, the following
themes emerge loud and clear:
 Many elements of cybersecurity regulations are directed at establishing
accountability and responsibility to ensure that senior leadership in companies
are treating security and risk issues seriously and strategically.
 Many regulations stipulate information security requirements and controls that
organizations must have in place to safeguard customers’ personal data from
risk of misuse, unauthorized access, and theft.
 Additionally, under many cyber security regulations, organizations are now
liable for the actions or failings of their vendors and third parties.
REGULATION AND JURISDICTION FOR GLOBAL CYBER
SECURITY
How to Manage Cyber Security Regulations?
 These regulations recognize the risk within supply chains and the
importance of having effective risk management processes to support
privacy obligations and information passed on to third parties.
 To meet these mandates, organizations must adopt a cybersecurity
model that focuses on monitoring, managing, and reducing risk
through security controls and regular board-level reporting.
 Organizations must also continuously assess and monitor their
security posture and performance as well as that of their partners,
third-parties, and all those connected to their network to identify
security gaps and prioritize remediation of risk.
REGULATION AND JURISDICTION FOR GLOBAL CYBER
SECURITY
Cyber Security Jurisdiction
 Jurisdiction provides states with the power and authority to define and preserve
the duties and rights of people within its territory, enforce laws, and punish
violations of laws.
 The developing law of jurisdiction must be addressed whether a particular
event in cyber space is controlled by the law of state or country where the
website is located, by the law of the state or the country where the internet
service provider is located.
 Several commentators have voiced their opinion that cyber space should be
treated as separate jurisdiction.
 For example, digital security act in Bangladesh, for which, a separate tribunal is
available.
REGULATION AND JURISDICTION FOR GLOBAL CYBER
SECURITY
Problems of Cyber Security Jurisdiction
 Cyber space can be seen as a multi jurisdictional because of the ease
which a user can access of website anywhere in the world.
 It can also be even viewed as a jurisdictional in the sense that from the
user‘s perspective that the state and national borders are essentially
transparent.
 The challenge primarily faced in the issue of Jurisdiction is that the
internet is borderless and there are no territorial boundaries with regard to
the cyber space.
 This is as the location of the victim and the offender with the location of
the commission of the offence is vague.
 COPY RIGHT-SOURCE OFRISKS

Copy Right Issues in Cyber Space

 The growth of Information Technology has led to proliferation of e-businesses
due to its cost effectiveness, accessibility, convenience and vast user base.
 The global nature of internet has provided immense visibility to start up
enterprises and medium size businesses on the internet.
 The touchscreen age today knows very well the importance of software,
multimedia, trademarks, artwork and icons.
 However, any unauthorized use or copying of trademarks, original music ,
films, artwork, software ,multimedia or literary matter causes copyright risks
over the internet.
 Different categories of copy right risks include, Deep linking, Framing, piracy
of music, software, video, others.
 PIRATES
Pirates in Cyber Space
 Piracy refers to the unauthorized duplication of copyrighted content that is
then sold at substantially lower prices in the 'grey' market.
 The principle behind piracy has predated the creation of the Internet, but
its online popularity arose alongside the internet.
 Despite its explicit illegality in many developed countries, online piracy is
still widely practiced, due to both the ease with which it can be done and
the often-defensible ethics behind it.
 Piracy examples: Downloading a copyrighted song off the Internet is an
example of piracy.
 The unauthorized publication, reproduction, or use of a copyrighted or
patented work.
 INTERNET INFRINGEMENT
Copy Right Infringement in Cyber Space
 Copyright infringement in cyberspace is a form of Intellectual Property
Theft, which can lead to significant security issues and legal penalties.
 If a person attempts to use or distribute another person's work, who has
"exclusive rights" over it, without authorization, he may be found guilty of
copyright infringement.
 The common copyright violations in cyberspace involve illegal download
of movies, music files and pirating software applications.
 Posting a copyrighted work such as writing or graphics online without the
permission of the owner may also constitute copyright infringement in
cyberspace.
 Where copyright is infringed, owner of copyright is entitled to sue for
remedies including injunction, damages, profit of accounts and delivery
up of infringing goods.
 INTERNET INFRINGEMENT

How infringement Occurs in Cyber Space

The infringement in Cyberspace shall take place in different ways:
 FRAMING
 Framing is the process whereby one website is allowed to incorporate
the contents from another independent website into a frame of its
own, in which the framing site appears as the original website.
 In framing, each frame functions independently so that the
information downloaded into the frame goes within the frame and
does not go into the other frame or overlap onto the frame itself
 INTERNET INFRINGEMENT
How infringement Occurs in Cyber Space
 LINKING
 Linking is connecting the user from the original site to a linked site. The user is
provided for an access of a website through the original site.
 The Universal Resource Locator (URL) need not be typed separately. Linking, for
research purpose provides ease to the user. Unfortunately, it gives rise to several
legal issues.
 Linking may be of distinctive types such as:
o Surface Linking: The original site provides the link of the homepage of another site.
o Deep Linking: The original site offers the link of the ‘inner pages’ of another side which
can be accessed by the user without entering the homepage of the linked website.
o In-line Linking: The image is placed by the inline link on the website that is being
viewed by the user from another distant website.
 INTERNET INFRINGEMENT
How infringement Occurs in Cyber Space
 CACHING
 Caching is the process whereby a material is copied from an original source to
the cache.
 Such material would be available to the user for a temporary period of time[8].
Caching make be executed by three ways;
o Firstly, copying of document itself which is displayed on the computer screen
whilst accessing the web.
o Secondly, the document that is being displayed are copied and retained along
with the documents reviewed by the user in the past.
o Thirdly, the documents are not stored in a personal computer but on an ISP
(Internet Service Provider) or on a website.
 INTERNET INFRINGEMENT
How infringement Occurs in Cyber Space
 ARCHIVING
 In case of framing and linking, the materials were hyperlinked or framed from
another website creating a conduit between the two on the internet.
 In Archiving, the process entails downloading and storing of the material of
another website and incorporating the same.
 Even if there does exist a hyperlink, the link shall take the user to another area
of the same site where the material of another site has been stored.
 Archiving without the permission of the Copyright owner may amount to
infringement.
 INTERNET INFRINGEMENT
How infringement Occurs in Cyber Space
 PUBLIC DISPLAY OF RIGHT BY POSTING OR UPLOADING
 When any work is published in the Internet, there is almost unrestricted viewing.
 Thus, when a Copyright material is published on the internet without
authorization, it becomes a case of infringement.
 However, the Courts have not provided for any straight jacket formula for
arriving at such a conclusion but have delivered mixed responses subject to the
facts of each case.
 FAIR USE
Concept of Fair Use
 Fair use is a legal doctrine that says you can reuse copyright-protected material under
certain circumstances without getting permission from the copyright owner.

 Details about Fair Use

 The fair use of a copyrighted work, including such use by reproduction in copies
or phonorecords or by any other means specified by that section, for purposes
such as criticism, comment, news reporting, teaching (including multiple copies
for classroom use), scholarship, or research, is not an infringement of copyright.
 FAIR USE
Four Factors of Fair Use
In the United States, judges decide what’s considered fair use. A judge will consider how the four
factors of fair use apply to each specific case. The four factors of fair use are:
1. The purpose and character of the use, including whether such use is of commercial nature or is
for nonprofit educational purposes.
 If you use another's copyrighted work for the purpose of criticism, news reporting, or
commentary, this use will weigh in favor of fair use.
2. The nature of the copyrighted work
 In examining this factor, a court will look to whether the material you have used is
factual or creative, and whether it is published or unpublished.
3. The amount and substantiality of the portion used in relation to the copyrighted work as a
whole
 Unfortunately, there is no single guide that definitively states how much of a
copyrighted work you can use without copyright liability.
4. The effect of the use upon the potential market for, or value of, the copyrighted work
 In examining the fourth factor, a court will look to see how much the market value of
the copyrighted work is affected by the use in question.
 FAIR USE
Practical Tips for Avoiding Copyright Liability
While there is no definitive test for determining whether your use of another's
copyrighted work is a fair use, there are several things you can do to minimize
your risk of copyright liability:
 Use only as much of the copyrighted work as is necessary to accomplish your
purpose or convey your message;
 Use the work in such a way that it is clear that your purpose is commentary,
news reporting, or criticism;
 Add something new or beneficial (don't just copy it -- improve it!);
 If your source is nonfiction, limit your copying to the facts and data; and
 Seek out Creative Commons or other freely licensed works when such
substitutions can be made and respect the attribution requests in those works.
 POSTINGS
Postings
 Posting" something like a photo, a video, or a link to a website means putting it on
the internet somewhere.
 You can post things to a social media service like Facebook, Twitter, Instagram,
YouTube by agreeing to the site's terms of use, which often give the site a license
to use your work.
 Posting your work on social media does not mean that others can use it without
attribution.
 For example, if you create a meme and post it to Twitter, other users can retweet
it.
 However, if someone merely copies the meme, without attribution, and posts it on
their own feed or even somewhere outside of social media, it does not
automatically constitute fair use and most likely does not comply with the terms
of service for the platform.
 POSTINGS
Posting Requirements
 For posting something on the internet, a fair use disclaimer must be included,
saying that the website is for educational or entertainment purposes only, helping
to further solidify the fair use of the copyrighted content.

 By meeting fair use guidelines and advertising your commitment to protecting

intellectual property, you’ll be better able to protect yourself against allegations of
copyright infringement.
How to Write a Fair Use Disclaimer
You write a fair use disclaimer by following these three steps:
1. Clearly state that your site may contain copyrighted content not authorized for
use by the owner.
2. Explain that your use of copyrighted content falls under the guidelines of fair use.
3. Cite or link to Section 107 of the Copyright Act.
 CRIMINAL LIABILITY
Criminal Liability in Cyber Space
 Criminal liability in cyber space means accepting the consequences of one's
criminal act that occurred in the Internet environment so the concept of separation
of responsibilities in cyber space has no other responsibility.
 The problem of cyber-crimes is a question of how the law deals with new
technologies.
 The realization that traditional Criminal Laws were not sufficient to deal with
cybercrimes led to the development of several initiatives to address the issue.
 The Council of Europe on Cybercrime responded to the patent inadequacy of
legislations criminalizing certain activities occurring on the cyberspace.
 Since then, many jurisdictions have enacted legislations on cybercrime.
 For example, in Bangladesh, the Digital Security Act is the talk of the moment.
 FIRST AMENDMENTS
What is First Amendments?
The five freedoms it protects: speech, press, religion , assembly, and the right to
petition the government.

 Speech
 What does the First Amendment say about freedom of speech?
 Can speech be restricted, and if so, when?
 According to the article of constitutional faith, what sorts of speech are
protected, where free expression may be limited, and why “freedom of speech
is a core American belief, almost a kind of secular religious tenet.
 Press
 How did freedom of the press come about?
 Are there restrictions on press freedom?
 The ways in which this core freedom has developed in law are explained in this
overview by a First Amendment scholar.
 FIRST AMENDMENTS
 Religion
 The First Amendment introduced bold new ideas to the world: that government
must not impose a state religion on the public, or place undue restrictions on
religious practice, but must recognize the right of the people to believe and
worship, or not, as their conscience dictates.
 Assembly
 Our right to gather in peaceful public protest – in marches, rallies and other
assemblies – is another core freedom guaranteed by the First Amendment.
 First Amendment freedoms ring hollow if government officials can repress
expression that they fear will create a disturbance or offend.
 Petition
 This least-known First Amendment freedom is nevertheless crucial to our
democratic republic’s form of government.
 Petition is the right to ask government at any level to right a wrong or correct a
problem.
 DATA LOSS
 What Is Data Loss?
 Data loss occurs when valuable or sensitive information on a computer is
compromised due to theft, human error, viruses, malware, or power failure.
 It may also occur due to physical damage or mechanical failure or equipment of
an edifice.
 Social engineering and phishing attacks are common sources of computer viruses
and malware infections that infiltrate computers and lead to data loss.
 The attackers can also encrypt data and hold it hostage until the user pays a
ransom to obtain the decryption key.
 Types of Data Loss
 Human error - accidental or unknowing data deletion, modification, overwrite.
 File corruption - software error, virus infection.
 Hardware - drive failure, controller failure, CPU failure.
 Site-related - theft, fire, flood, earthquake, lightning, etc.
 TRADEMARKS

 What Is Trademark?
 A trademark is a logo, image, symbol, word(s), letter(s) or color(s) that is
used and sometimes legally registered as a representation of a company.
 Trademarks are used to keep a company’s distinctly identifying intellectual
property secure.
 Trademarking company identifiers provides legal rights that prevent other
parties using the registered property.
 A trademark must be distinct, identifiable and original.
 Often a trademark will convey the brand essence of a product. Trademarks are
seen everywhere in modern life.
 TRADEMARKS
 Trademark in Cyberspace
 The concept of the trademark in cyberspace has become very important as the use
of technology is growing day by day.
 The Intellectual property protection in relation to trade was recognized by the
world trade organization (WTO) in the form of Trade Related Aspects of
Intellectual Property Rights (TRIPS) agreements.
 The agreement is considered a landmark and complete agreement on Intellectual
property rights.
 The trademark law was applicable to protect those traders who had a registered
trademarks, by providing them an exclusive right to carry on trade under that mark
and preventing any third parties from using the same.
 However, with the rise of the internet and the paradigm shift from the traditional
trading process to the online platform.
 Many new challenges have taken birth in relation to protection of trademark.
 DEFAMATION
 Defamation in Cyberspace
 Cyber Defamation means using the internet as a tool to defame and malign another
person. It involves use of social media and online campaigns to tarnish the image of the
victim.
 The three essentials of defamation are:
 The statement must be false and defamatory,
 The said statement must refer to the victim, and
 The statement must be published.
 A person's reputation is his or her property and sometimes even more valuable than
physical property. Thus, cyber defamation law (e.g., digital security act in Bangladesh) is
essential.
 For example, a disgruntled employee of a Company may post some defamatory remarks
about the Company on a popular blog site or may send some slanderous email, defaming
the company or any of its important managerial personnel, to the clients.
 PRIVACY-COMMON LAW
 Common Law Right to Privacy
 Privacy is the right to be let alone or to be free from misuse or abuse of one’s personality.
Specifically, Privacy is when nobody is aware of what you are doing but potentially, they
know your identity.
 The common law of privacy recognizes five discrete rights of privacy.
o First, the common law affords individuals the right to sue when their seclusion or
solitude has been intruded upon in an unreasonable and highly offensive manner.
o Second, individuals have a common-law right to sue when information concerning
their private life is disclosed to the public in a highly objectionable fashion.
o Third, tort liability may be imposed on individuals or entities that publicize
information that places someone in a false light.
o Fourth, the common law forbids persons from appropriating someone's name or
likeness without his or her consent.
o Fifth, the common law prevents business competitors from engaging in unfair
Competition through the theft of trade secrets.
 CONSTITUTIONAL LAW
 Constitutional Law
 Constitutional law is a body of law which defines the role, powers, and structure
of different entities within a state, namely, the executive, the parliament or
legislature, and the judiciary.
 It also addresses the basic rights of citizens and, in federal countries such as the
United States and Canada, the relationship between the central government and
state, provincial, or territorial governments.
 The Constitutional Law of Cyberspace justifies and further expands the powers of
the government to control and monitor the use of the internet without institutional
checks.
 Thus, Constitutional laws can be considered second order rule making or rules
about making rules to exercise power.
 Therefore, one of the key tasks of constitutions within this context is to indicate
hierarchies and relationships of power.
 FEDERAL STATUS
 Federal Status in Cyberspace
 Cyber crimes typically rise to the level of a federal criminal offense because they involve
the internet by their very nature.
 Federal agencies are subject to a variety of federal government-wide and agency-specific
laws and guidance that address cybersecurity.
 Federal government-wide laws include the Federal Information Security Modernization
Act of 2014 (FISMA), the Federal Information Technology Acquisition Reform Act of
2014 (FITARA), and the Privacy Act of 1974.
 Federal sentencing guidelines recommend a prison sentence of up to 20 years for those
convicted of cyber crime offenses.
 If the offense results in the death of another person, then a defendant convicted of the
crime could be sentenced to life in prison. This is irrespective of the type of cyber crime.
 Federal sentencing guidelines recommend a prison sentence of up to 10 years for those
first time offenders. Even still, consulting with a cyber crime lawyer can greatly reduce
your criminal liability.
 ANONYMITY
 Anonymity in Cyberspace
 Cyber crimes typically rise to the level of a federal criminal offense because they involve
the internet by their very nature.
 An anonymity network enables users to access the Web while blocking any tracking or
tracing of their identity on the Internet.
 This type of online anonymity moves Internet traffic through a worldwide network of
volunteer servers.
 Anonymity networks prevent traffic analysis and network surveillance - or at least make it
more difficult.
 For example you could connect to an anonymizing service like 'Tor' to post a political
message under an anonymous user name in a country where this is prohibited.
 In this instance, you are keeping separate from your identity while making your non-
private message.
 TECHNOLOGY EXPANDING PRIVACY RIGHTS
 Technology and Privacy Rights
 Human beings value their privacy and the protection of their personal sphere of life. They
value some control over who knows what about them.
 But recent advances in information technology threaten privacy and have reduced the
amount of control over personal data and open up the possibility of a range of negative
consequences as a result of access to personal data.
 The 21st century has become the century of big data and advanced information technology
(e.g. forms of deep learning), the rise of big tech companies and the platform economy,
which comes with the storage and processing of exabytes of data.
 The combination of increasing power of new technology and the declining clarity and
agreement on privacy give rise to problems concerning law, policy and ethics.
 Many of these conceptual debates and issues are situated in the context of interpretation
and analysis of the General Data Protection Regulation (GDPR) that was adopted by the
EU in spring 2018 as the successor of the EU 1995 Directives, with application far
beyond the borders of the European Union.
 CLASS ASSIGNMENT-2
Case Study 2: Design a Complete Software Piracy Statement/Proposal
It includes:
 Definition
 Regulation Issues
 Copy right Issues
 Piracy Issues (Different Types)
 Impact/Danger of Software Piracy
 License Agreement Issues
*** This Case study is individual basis: Submit as PDF file. I will not
accept any statement which are identical between two or more students.