http://allafrica.com/stories/200805300826.html Public Agenda (Accra) OPINION 30 May 2008 When Abed-Nego Bandim, 27 left Ghana a few years ago for further studies, not many gave him the chance to rise to stardom. But Abed, as he is affectionately called defied all odds and recently graduated in LLM from the Robert Gordon University (RGU) in Scotland. While in school, Abed became the first international student to be elected Student President of RGU IN 2004. That was also the first time an international student had been elected to the post in the north east of Scotland. Abed, who was studying an LLM International Information Technology Law, decided to run for Student President because he was extremely interested in the activities of students and what they were receiving in terms of welfare needs such as food, accommodation and transport. In Abed's manifesto, he said his main objective was to form a student general assembly to brainstorm and debate issues relating to the overall welfare of the students both academically and socially. Abed soon emerged as a good organizer of people a feat he would carry into his future career. Little wonder that on competing his LMM course, Abed became a Senior Fellow of the Young UK and Ireland Programme. In 2006 he was also appointed as ELIR for Higher Education in Scotland. From the look of things, Abed is destined to become one of the young leaders Ghana and indeed Africa will be looking to for the future. Below is an analysis of what he suggests should be done to deal with computer insecurity and concludes that this will vary amongst sectors-government, military, banking, commercial etc. The internet brings with it unprecedented potential for the positive development of our society. The ability to disseminate information and to communicate almost instantaneously has already revolutionised numerous facets of our lives and will continue to do so. Simultaneously, the computer and related activities or use provides enormously effective tools and mechanisms for individuals and groups who seek to conduct unlawful activity. People have often agued that, each advance in technology has brought new means which traditional crimes could be committed. So it is with the computer. Recent development at the Electrical Commission (EC) of Ghana regarding the issue of the bloated voter register in certain parts of the country raises the fundamental questions of computer and internet crimes and how it can properly be dealt with by law. The EC and the NDC argument on the issue of the doctored disk is the best case scenario for this exercise and probably sets the tone for the various arms of government especially the legislature and stakeholders to consider either a specific legislation which prosecutes individuals for Computer Misuse and Data Protection violations or consider amending the already existing Acts to effectively deal with computer and internet related crimes. These Acts often contain wording to the effect that those responsible for data processing operations, such as company directors, data controllers, data processors etc are under a statutory duty to take adequate, appropriate or effective technical security measures to protect data against accidental or unlawful destruction or alteration, and unauthorised access or disclosure. Examples of such legislation include: The Data Protection Act The Companies Act The Financial Service Act So exactly what is meant by the term "effective", "appropriate" or "adequate" computer security and how can one quantify this metric? And with the new means of facilitating mass communication comes the ability to commit crimes inexpensively, quickly, and across enormous geographical space. The question then is: The domestic criminal law in any civilised legal system is as important as, if not more important than, any computer specific legislation in the battle against cybercrime. But such a system does not necessarily hold all of the answers. Critical analysis of what crime is, how crime is committed and how criminals are punished can best determine the above question. Crime, in any well organised, civilised legal system or society is defined as any unlawful activity or default which is an offence against the public and renders the person guilty of the act liable to legal punishment. Criminal law suit are normally initiated by the state through the recommendation of the Attorney General's Department or the office of the Director of the Public Prosecutions (DPP) or the Police in most countries. There are two main sources of law that can be used to prosecute computer related crimes. These are common laws and the statutory laws. To establish any form of criminal act against accused person's three elements come into play, i.e. the actus reus and the mens rea and in some countries no defence. Cybercrime what is it? Just as any other normal crime is an unlawful conduct that involves the use of a computer or computer device for unlawful purposes, domestic or traditional crimes such as fraud, data and privacy, computer hacking, crimes of dishonesty, child pornography and sexual crimes, offences against property, deformation, drug trafficking, road traffic offences etc. are increasingly evident that crimes of this nature are now highly sophisticated, much more easily to commit with the aid of the internet, computers; and its related components than before and difficult to define when one commits it, hence the need for specific computer legislation to combat these crimes. CASE ANALYSIS IN RELATION TO COMPUTER CRIMES Crimes of Dishonesty In most cases when one commits a crime by using a computer or the internet, the objective will be to simply break into a computer in order to get a thrill out of being able to do so, and do not wish to gain any tangible benefit from the act. Such crimes can best be dealt with under a specific Computer Misuse Legislation. However, often computer crime is aimed at securing some positive gain, other than simply breaking into a system. On occasions, the aim is to benefit financially, and such cases, a crime of dishonesty may be have been committed. There are two main types of such crimes that may affect computer activities: Theft and Fraud. Theft: or stealing is defined according to the laws of Ghana as: The .. taking or appropriation of the property of another without the consent of the owner and with the intention to deprive him of that property. This definition is recognised in any or all jurisdictions; however, going by this definition according to the law of Ghana, will not be enough to deal with theft committed with the use or aid of a computer. For example, it will be very difficult to hold one responsible for copying a document from the computer since he/she will not permanently deny the owner of ownership of his property even though he/she might be taking it without his/her knowledge, because, there must be an intention to deprive the owner of the computer work under the definition of the law of theft. Intention here is again relevant in establishing a criminal act, the person downloading or copying must have an intention not to return the document. For instance, where a hacker gains access to a computer or computer network and removes some files from it will not be committing the act of theft, even though he took or committed the act without the knowledge or permission of the owner. The case of Smith v. Dewar and Another. Two accused persons were charged inter alia that they "did steal a moped". Both entered pleas of not guilty. It was held that no intent existed, therefore any presumption of theft arising from the unauthorised removal of the moped from the place where the owner had placed it was not binding and the two were found not guilty. Realistically, under a specific computer legislation persons can be charged for unauthorised access to computer material with or without intent. Another issue which is critical in the debate on the role of the criminal law concerns the availability of the legal remedies. For example, in an act of an employee seeking to obtain unauthorised access to information held on the employer's computer might constitute serious industrial misconduct justifying summary dismissal. However, it can also be agued that employers have the responsibility and should take the necessary steps to bring such a prospect unequivocally to the notice of employees. Although, it may be considered that the threat of dismissal is a more real sanction in the employment relationship than that of criminal prosecution. (See the Monday edition for the concluding part of this article) Copyright 2008 Public Agenda. All rights reserved. Distributed by AllAfrica Global Media (allAfrica.com). _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 02 2008 - 00:18:32 PDT