Socioeconomic and Legal Implications of Electronic Intrusion
Μέσα στον Απρίλιο 2004 αναμένεται να εκδοθεί από τον εκδοτικό οίκο IGI το νέο βιβλίο με τίτλο “Socioeconomic and Legal Implications of Electronic Intrusion”, στο οποίο περιέχονται συμβολές συγγραφέων σχετικά με ζητήματα προσβολής της ιδιωτικότητας.
Table of Contents:
TENTATIVE
SECTION I: The Social and Economic Dynamic for Electronic Crime
Chapter I: The Socioeconomic Background of Electronic Crime
Maria Karyda, University of the Aegean, Greece
This chapter discusses current and emerging forms of network and computer-related illegality (electronic crime), its background, the motives driving individuals to such actions as well as strategies and techniques for controlling it. The chapter places emphasis on current and future trends and highlights the open issues that need to be addressed to tackle this phenomenon.
Chapter II: Intrusion in the Sphere of Personal Communications
Judith Rauhofer, University of Central Lancashire, UK
In this chapter the limits for the sphere of personal communications are set. Different understandings of the “right to be alone” or “the right to respect for private and family life” are provided. The significance of the information privacy is pointed out and the right to informational self-determinationis is deciphered. Having presented the substrate for personal data protection, a legal synopsis of the aforementioned subject is the concluding part of the chapter, with emphasis on data retention.
Chapter III: Criminal Sanctions Against Electronic Intrusion
Irini E. Vassilaki, Aristotle University of Thessaloniki, Greece
The international dimension of intrusion is discussed in this chapter along with the different legislative approaches adopted by various countries leading to the development of computer specific-legislation concerning electronic intrusion in a rather homogeneous style approach. The integrity of information and computer systems is presented and the misuse of devices, the illegal interception of data transfer and the illegal access to computer systems are bounded so to demonstrate the responsibility of providers or users.
Chapter IV: Protecting Identity without Comprising Privacy: Privacy Implications of Identity Protection
Ioannis Iglezakis, Aristotle University of Thessaloniki, Greece
In this chapter, a specific issue is addressed that concerns the protection of privacy vis-à-vis the efforts to combat identity theft and protect personal identifying information. There are, in particular, measures undertaken by legislators that involve penal sanctions and the introduction of new technological means for identity verification. Also, identity management schemes are introduced, which are utilized by service providers, mainly in the e-business sector, in order to support controlled access to resources. The solutions undertaken to protect identity are seen as measures enhancing privacy, which is endangered by identity theft. Personal information is largely available in the information society and its collection by identity fraudsters is also possible. Therefore, an effective protection of information protection should also include the protection of identity. The downside of the identity protection approach is that identity management actually presents risks to privacy, since the processing of personal data takes place in this context and it is argued that there are certain implications concerning the lawfulness of the processing. The use of electronic authentication through electronic cards or biometrics on passports and identity cards pose privacy issues, too. Subsequently, the legislation concerning identity theft and identity related crime is outlined. This is followed by specific analysis of privacy issues concerning identity management and identity verification methods, with particular reference to biometrics.
Chapter V: RFID Technology and its Impact on Privacy: Is Society One Step Before The Disappearance of Personal Data Protection?
Tatiani-Eleni Synodinou, Attorney at law, Bar Office of Thessaloniki, Greece
This chapter explores privacy issues posed by the use of RFID systems and applications. The existing legal framework for data protection is analyzed in order to discover how general privacy safeguarding principles could be applied in the case of RFIDs, with special focus on the main areas which are going to experience widespread use of such applications. The structure of the paper is based on a chronological order which follows the consecutive phases of contact and interaction between the individual and the RFID tag.
The incorporation of a tag to a product or in the human body establishes the first point of contact of the individual with the RFID tag. This is the first part of the chapter. The symbiosis of the person with the tag is examined in the second part. Indeed, privacy concerns are equally significant during the phase of processing of personal information, even if processing is conducted lawfully, either based on the legal ground of the individual’s consent or justified on another legal basis. Finally, the last part examines the legal regime of separation between the person and the tag.
Chapter VI: How Much is Too Much? How Marketing Professionals can Avoid Violating Privacy Laws by Understanding the Privacy Principles
Nicholas P. Robinson, Attorney at law, USA
Prescott C. Ensign, Telfer School of Management, University of Ottawa, Canada
A marketeer’s point of view is presented in this chapter. Although legal restrictions safeguard processes and restrict annoying intrusive techniques, protecting customers, it can be argued that responsible privacy practices in the marketing profession will add value for consumers. As businesses compete with greater intensity to provide the customer with control over areas such as product offerings, services provided, and account management, privacy standards, being an important part of the customer-company relationship, formulate the grounds upon which businesses compete to provide greater customer control.
Chapter VII: Navigating the Internet: Privacy and the “transparent” Individual
Christina Akrivopoulou, Aristotle University of Thessaloniki, Greece
Aris Stylianou, Aristotle University of Thessaloniki, Greece
This chapter gives an interpretation of why the Internet seems to be an unfriendly place for privacy using terms of political science. The authors present the conflict between transparency of information and the protection of privacy. The technological texture poses old threats in new clothes, and overall, the loss of control over our personal information, the surveillance, and the disclosure of our private facts are disruptions and infringements upon our privacy in the new information age. Guaranteeing transparency and access to information are presuppositions of a democratic society; however, the threats that the Internet is posing to privacy are affecting the autonomy and freedom of the individual. The need for ‘reconceptualizing’ privacy in the Internet, confirms the evolving, developing character of the right, whose substantial content is not given or static but is closely connected and constructed via societal change. The paper explores the technological threats that the right to privacy confronts in the Internet, such as “cookies”, “spam messages”, the dangers they pose to the freedom and autonomy of the individual as well as the positive dimensions of the Internet, especially its role in democratic accountability and political dialog.
Chapter VIII: Controlling Electronic Intrusion by Unsolicited Unwanted Bulk Spam: Privacy Versus Freedom of Communication
Phaedon John Kozyris, Universities of Thessaloniki (Greece) & Ohio State (USA)
The ordinary and uncomplicated Spam menace is made possible by technological advances which enable the sender to dispatch millions if not billions of commercial messages without significant monetary cost and without wasting time. The present review will focus on fundamentals, exploring what has already been done and suggesting avenues of improvement. The chapter promotes basic approaches of handling Spam depending on the actions and choices of the receiver. The anti-Spam campaign needs effective enforcement powers and should be able to use all available technological know-how. As the vagaries of enforcement are presented, the role of the Internet Service Providers and advertisers is envisaged.
SECTION II: Electronic Intrusion: Technologies, Strategies and Methodologies
Chapter IX: Cyberproperty in the United States: Trespass to Chattels & New Technology
Greg Lastowska, Rutgers School of Law, Camden, USA
This chapter presents one of the most interesting and controversial legal developments in the United States having to do with the acceptance by some courts of a new modification to an old common law property interest. Under the theory of cyberproperty, the owners of computer chattels have been granted the right to prohibit non-damaging contact with their systems. Essentially, cyberproperty amounts to a right to “exclude others from network-connected resources.” For a better comprehension, the right is analogized to the right to exclude others from real property.
Chapter X: Digital Forensics and the Chain of Custody to Counter Cybercrime
Andreas Mitrakas, European Network and Information Security Agency (ENISA)
Damián Zaitch, Erasmus University, Rotterdam, The Nederlands
Targeting information technology resources has marked a growing trend for all sorts of reasons that include, profit making, causing damage, carrying out espionage, exploiting human beings etc. Although information security is used to protect information assets, electronic crime remains firmly on the rise. Computer forensics is the analysis of data processing equipment such as a data carrier, a network etc. to determine whether that equipment has been used for illegal or unauthorised purposes. Establishing the chain of custody through appropriate policy frameworks can be used in order to assess the quality of the collected data. Policy for forensics may address the practices of forensics agents and labs in investigating cybercrime. This chapter concludes that full-scale harmonisation of policies on criminal law and legal processes is likely to only happen at regional level (e.g. the EU) rather than at a global scale. Along with the assumption that safe havens where criminals operate from are not likely to be suppressed any time soon, leads to the conclusion that cyber-crime is here to stay for the long run in spite of the good efforts made to trail digital suspects through digital forensics.
Chapter XI: An Analysis of Privacy and Security in the Zachman and Federal Enterprise Architecture Frameworks
Richard McCarthy, Quinnipiac University,Hamden, USA
Enterprise Architecture has had a resurgence of interest in the IT community in the past ten year; in part because of a mandate for federal agencies of the United States government and in part because of the complexity of managing today’s information systems environments. It has become a critical component of an overall IT governance program to provide structure and documentation to describe the business processes, information flows, technical infrastructure and organizational management of an information technology organization. Many different enterprise architecture frameworks have emerged over the past ten years. Two of the most widely used enterprise architecture frameworks (the Zachman Framework and the Federal Enterprise Architecture Framework) are described and their ability to meet the security and privacy needs of an organization is discussed. These frameworks represent a contrast of industry and government perspectives in addressing issues of key importance to senior IT leadership.
Chapter XII: Surveillance in the 21st Century: Integration of Law And Technology
Pieter Kleve, Erasmus University, Rotterdam, The Netherlands
Richard V. De Mulder, Erasmus University, Rotterdam, The Netherlands
Kees van Noortwijk, Erasmus University, Rotterdam, The Netherlands
An overview of technologies for monitoring and surveillance will be presented in this chapter. From this overview it becomes clear that the use of this type of technology is growing fast. At the same time, questions arise regarding its permissibility in the light of legal and constitutions rights, such as the right to privacy. These questions are then addressed in the context of the wider social developments. Finally, it is concluded that with the increasing importance and use of surveillance technology, ‘monitoring the surveillors’ will become essential as well.
Chapter XIII: Designing Light Weight Intrusion Detection Systems: Non-negative Matrix Factorization Approach
Václav Snášel, VSB – Technical University of Ostrava, Czech Republic
Jan Platoš, VSB – Technical University of Ostrava, Czech Republic
Pavel Krömer, VSB – Technical University of Ostrava, Czech Republic
Ajith Abraham, Norwegian University of Science and Technology, Trondheim, Norway
Recently cyber security has emerged as an established discipline for computer systems and infrastructures with a focus on protection of valuable information stored on those systems from adversaries who want to obtain, corrupt, damage, destroy or prohibit access to it. An Intrusion Detection System (IDS) is a program that analyzes what happens or has happened during an execution and tries to find indications that the computer has been misused. This article presents some of the challenges in designing efficient ad light weight intrusion detection systems, which could provide high accuracy, low false alarm rate and reduced number of features. Intrusion detection is based on the assumption that intrusive activities are noticeably different from normal system activities and thus detectable. Intrusion detection is not introduced to replace prevention-based techniques such as authentication and access control; instead, it is intended to complement existing security measures and detect actions that bypass the security monitoring and control component of the system. Therefore, the methods explained in this highly technical chapter constitute a second line of defense for computer and network systems controlling loss of integrity, confidentiality, denial of resources, or unauthorized use of resources.
Chapter XIV: Data mining of Personal Information: A Taste of the Intrusion Legacy with a Sprinkling of Semantic Web
Dionysios Politis, Aristotle University of Thessaloniki, Greece
In this chapter data-mining techniques are presented that can be used to create data-profiles of individuals from anonymous data that can be found freely and abundantly in open environments, such as the Internet. Although such information takes in most cases the form of an approximation and not of a factual and solid representation of concrete personal data, nevertheless it takes advantage of the vast increase in the amount of data recorded by database management systems as well as by a number of archiving applications and repositories of multimedia files. Chapter XV: Surveillance of Employees’ Electronic Communications In The Workplace: An Employers’ Right To Spy Or An Invasion to Privacy?
Ioannis Iglezakis, Aristotle University of Thessaloniki, Greece
The use of Information and Communication Technologies in the workplace is constantly increasing, but also the use of surveillance technology. Electronic monitoring of employees becomes an integral part of information systems in the workplace. The specific software which is used for monitoring electronic communications is, however, intrusive and infringes upon the employees’ right to privacy. The issue of surveillance of employees’ electronic communications is subject to different approaches in various jurisdictions. The most comprehensive protection to employees is afforded in the EU, however, there are still ambiguities concerning the balancing of interests between employers and employees.
SECTION III: Annex: The Forensic Challenges for Intrusion
Chapter XVI: Forensic Watermarking for Secure Multimedia Distribution
Farook Sattar, Nanyang Technological University, Singapore
Dan Yu, Hewlett-Packard, Shanghai, China
This chapter discusses on forensic tracking through digital watermarking for secure multimedia distribution. The existing watermarking schemes are elaborated and their assumptions as well as limitations for tracking are discussed. Especially, an Independent Component Analysis (ICA) based watermarking scheme is presented, which overcomes the problems of the existing watermarking schemes. Multiple watermarking technique is used where one watermark is used for ownership varification and the other one is used to identify the legal user of the distributed content. In the absence of a priori information, i.e. the original data, original watermark, embedding locations as well as the strength, our ICA technique provides efficient watermark extraction scheme with the help of side information. The robustness against common signal processing attacks are presented. Lastly, the challenges in the forensic tracking through digital watermarking techniques are discussed.
Chapter XVII: Spim and Advertisement: Proposing a Model For Charging Intrusion
Dionysios Politis, Aristotle University of Thessaloniki, Greece
An issue factually challenging the peer-to-peer nature of the Internet is the increase of spam trafficking. Having reached record levels the last years, it raised consciousness that Internet communication was endangered by an erosive threat similar to the uncontrollable, massive free circulation of MP3s that devastated the musical industry. Recent combined advances in the software industry and in the legal front have reduced the phenomenon. The technical, social, financial and legal parameters of this campaign are examined in this chapter under the prism of a networked economy. A mathematical model is proposed for charging spam based on advertisement standards and weights.
Chapter XVIII: European E-Signatures Solutions on the Basis of PKI Authentication Technology
IIoannis P. Chochliouros, Hellenic Telecommunications Organization S.A.(ΟΤΕ), Greece
Anastasia S. Spiliopoulou, Lawyer, Athens Bar Association, Greece
Stergios P. Chochliouros, Hellenic Telecommunications Organization S.A.(ΟΤΕ), Greece
Konstantinos N. Voudouris, Technological Educational Institute of Athens, Greece
This chapter presents systems of certification authorities and registration authorities and other supporting servers and agents that perform certificate management, archive management, key management, and token management functions. These activities that support security policy by monitoring and controlling security services, elements and mechanisms, distributing security information, and reporting security events are examined with the main focus on PKI authentication technology.
Chapter XIX: Security of Alternative Delivery Channels in Banking: Issues and Countermeasures
Manish Gupta, State University of New York, USA
H. Raghav Rao, State University of New York, USA
Shambhu Upadhyay, State University of New York, USA
To sustain competitive advantages, financial institutions continuously strive to innovate and offer new banking channels to their customers as technology creates new dimensions to their banking systems. One of the most popular such diversification of channel is electronic banking (e-banking). Information assurance is a key component in e-banking services. This chapter investigates the information assurance issues and tenets of e-banking security that would be needed for design, development and assessment of an adequate electronic security infrastructure. The technology terminology and frameworks presented in the paper are with the view to equip the reader with a glimpse of the state-of-art technologies that may help towards learned and better decisions regarding electronic security.