Australian Legal Ramifications of Information System and Data Security Compromise: A review of issues, technology and law.

Quentin Cregan

Unknown Date

Computer intrusions and attacks compromise individuals, companies and communities. Whilst it is clear that computer and information security studies point to a generalised increase in the number and sophistication of computer security attacks over the past decade and that nations now entirely rely upon computer systems, insufficient attention is paid to the protection of those systems. Computer data and network systems affect our everyday lives, from the supply-chain software that ensures that the shelves are stocked at the supermarket, to systems that manage finance and share markets. Compromises of computer security are, therefore, rightly seen both as an attack on those individual entities whose systems and information are compromised, and as a communal attack upon the people and organisations that rely upon or use computer systems, both directly and indirectly. The aim of this thesis is to give an analysis of computer system security, information protections and the legal ramifications of computer security compromise, notably, data security compromise in Australia. Ultimately, the aim is to address three overlapping questions: what are the ways in which systems are breached, what are the legal consequences of a breach and are those consequences adequate? This paper looks at the underlying technology and relationships between actors involved in the majority of security compromises and looks at the common factors in how systems and networks are attacked and actors damaged. The paper then goes on to look at criminal liability for security compromises and shows how a criminal analysis feeds into the proper civil law consideration of the topic. Finally, the paper looks at data security through the lens of privacy. Ultimately, this paper concludes that Australia is inconsistent in its legal responses to information security incidents. Such variations are based on the area of law being discussed and dependent on the breach methodology and outcome. The criminal law provides the most current and potent legal protection any business or individual has had in this field. This is followed by statutory privacy law which provides a narrow degree of coverage and provides only a weak conciliation process for addressing data security issues. Finally, common law and equity provide the most uncertain commercial remedies for those that suffer data security breach. This paper concludes that present protections are inadequate and uncertain, and that change is required.

18 Law and Legal Studies

La répression de la cybercriminalité dans les Etats de l’Union européenne et de l’Afrique de l’Ouest / The cybercrime sanctions within both European Union and West African states

Tano-Bian, Anmonka Jeanine-Armelle

28 May 2015

Chaque partie de l'espace, matérialisée par les frontières terrestres, maritimes ou aériennes est convoitée par les nations qui parviennent à en faire des chasses gardées à l’exception d’une seule composante : le cyberespace. Ce lieu d’échanges et de circulation de l’information s'est affranchi de cet accaparement. C’est ce qui le rend réel pour les utilisations qu’il permet (envois de messages, diffusion des informations en temps réel, formations…) et virtuel (dans la mesure où les réseaux numériques empruntent des voies difficilement localisables) au point de générer des difficultés quant à son encadrement par la loi. Dès lors, le cyberespace s’érige en un espace où il est aisé de cultiver des activités illégales compte tenu des facilités qu’il offre. Les activités illégales épousent des formes pluridimensionnelles et complexes qu’on regroupe sous l’appellation générique de cybercriminalité. De par sa nature et ses subdivisions, la cybercriminalité fait l’objet de réflexions, d’études, de recherches, de mises en place de politiques et d’actions à une échelle nationale et internationale en vue de parvenir à son éradication. Les actions sont menées de manière coordonnée entre les Etats et les institutions. La lutte contre ce phénomène interplanétaire exige la mutualisation des efforts de la part des acteurs des télécommunications, de l’informatique, de toutes les couches professionnelles ainsi que de la part des consommateurs sous réserve qu’ils soient bien informés des risques liés à l’usage du cyberespace. L’étude comparée des systèmes de répression mis en oeuvre dans les espaces européen et ouest-africain permettra de mieux comprendre l’exercice du droit souverain pénal face à la cybercriminalité et l’importance des collaborations entre ces deux espaces communautaires. / Each party of the space, realized by the ground, maritime or air borders is desired by the nations which succeed in making it private grounds with the exception of a single component: the cyberspace. This place of exchanges and circulation of information freed itself from this cornering. It is what makes it real for the uses which it allows (sendings of messages, broadcasting) of real-time information, trainings and virtual (as far as the digital networks follow with difficulty localizable paths) in the point to generate difficulties as for its frame by the law. From then on, the cyberspace sets up itself as a space where it is easy to cultivate illegal activities considering the opportunities which it offers. The illegal activities marry forms pluridimensionnelles and complex which we group under the generic naming of cybercrime. Due to its nature and its subdivisions, the cybercrime is the object of reflections, studies, searches, implementations of politics and of actions in a national and international scale to reach in his eradication. The actions are led in way coordinated between States and institutions. The fight against this interplanetary phenomenon requires the mutualization of the efforts on behalf of the actors of telecommunications, computing, all the professional layers as well as her on behalf of the consumers under reserve that they are informed well about the risks connected for the cyberspace. The study compared by the systems of repression implemented in the European and West-African spaces will allow to understand better the exercise of the penal sovereign right in front of the cybercrime and the importance of collaborations between these two community spaces.

Afrique de l’Ouest

Cybercriminalité

Etats

Répression

Union européenne

Cybercrime

European Union States

Sanctions

West African States

342

Trusted computing or trust in computing? : legislating for trust networks

Danidou, Ioanna

January 2017

This thesis aims to address several issues emerging in the new digital world. Using Trusted Computing as the paradigmatic example of regulation though code that tries to address the cyber security problem that occurs, where the freedom of the user to reconfigure her machine is restricted in exchange for greater, yet not perfect, security. Trusted Computing is a technology that while it aims to protect the user, and the integrity of her machine and her privacy against third party users, it discloses more of her information to trusted third parties, exposing her to security risks in case of compromising occurring to that third party. It also intends to create a decentralized, bottom up solution to security where security follows along the arcs of an emergent “network of trust”, and if that was viable, to achieve a form of code based regulation. Through the analysis attempted in this thesis, we laid the groundwork for a refined assessment, considering the problems that Trusted Computing Initiative (TCI) faces and that are based in the intentional, systematic but sometimes misunderstood and miscommunicated difference (which as we reveal results directly in certain design choices for TC) between the conception of trust in informatics (“techno-trust”) and the common sociological concept of it. To reap the benefits of TCI and create the dynamic “network of trust”, we need the sociological concept of trust sharing the fundamental characteristics of transitivity and holism which are absent from techno-trust. This gives rise to our next visited problems which are: if TC shifts the power from the customer to the TC provider, who takes on roles previously reserved for the nation state, then how in a democratic state can users trust those that make the rules? The answer lies partly in constitutional and human rights law and we drill into those functions of TC that makes the TCI provider comparable to state-like and ask what minimal legal guarantees need to be in place to accept, trustingly, this shift of power. Secondly, traditional liberal contract law reduces complex social relations to binary exchange relations, which are not transitive and disrupt rather than create networks. Contract law, as we argue, plays a central role for the way in which the TC provider interacts with his customers and this thesis contributes in speculating of a contract law that does not result in atomism, rather “brings in” potentially affected third parties and results in holistic networks. In the same vein, this thesis looks mainly at specific ways in which law can correct or redefine the implicit and democratically not validated shift of power from customer to TC providers while enhancing the social environment and its social trust within which TC must operate.

005.8

Internetová a počítačová kriminalita / Internet and computer criminality

Hefka, Rostislav

January 2016

Internet and computer criminality Summary This thesis, as its name indicates, deals with the problems of our times associated with computers and the Internet, which make it possible to commit all sorts of crimes. Computers are part of our daily life and the sphere of information and communication technologies are constantly and rapidly developing, which gives space to potential perpetrators to find new approaches. The thesis is composed of eight chapters. The opening chapter of this thesis describes the basic concepts related to computer and Internet criminality. It includes the definitions of computer criminality, cybercrime, cyberspace, as well as basic technical concepts such as computer, hardware or software. Approximation of this terminology is essential to understanding the issue. Next chapter is devoted to some illegal activities in cyberspace, which are then legally assessed. The third chapter forms the most important part of the whole thesis because it describes in details the issue of copyright violations in connection with computers. At first it generally talks about intangible goods, and after that it acquaints to readers with piracy of audio and audiovisual works and later with software piracy. It shows the most important judgments that are connected to the discussed topic and were judged at...

Les libertés individuelles confrontées à la cybercriminalité / Individual freedoms facing cybercrime

Beraud, Camille

11 December 2015

L’émergence de l’internet, au delà de son aspect novateur et de ses prérogatives pratiques, a eu pour conséquence l’apparition d’un nouveau type de délinquance et de nouveaux profils criminels qu’est la cybercriminalité. En effet, si l’utilisation d’internet est aujourd’hui indéniablement entrée dans les moeurs, Internet est également un vecteurs d’activités illicites. Or le cyberespace est un territoire virtuel qui ne connaît aucune frontière physique. La cybercriminalité est donc une matière complexe en ce qu’elle est transnationale, mobile et très technique. Elle semble apparaître comme un fléau moderne pesant sur les libertés individuelles des utilisateurs des réseaux numériques / The emergence of Internet beyond its innovative nature and its prerogatives led to the appearance of a new type of delinquency and new criminal profiles. Indeed if using Internet is now undeniably into the customs, Internet is also a vector of illegal activities. However cyberspace is a virtual land that knows no physical borders. Therefore cybercrime is a complex matter because it is transnational, highly mobile and really technical. It seems to appear as the modern scourge weighing on individual freedoms of users of digital networks.

Cybercriminalité

Libertés individuelles

Cyberespace

Internet

Utilisateurs

Cybercrime

Individual freedoms

Cyberspace

Internet

Users

Réflexions sur les politiques françaises et européennes de lutte contre la cybercriminalité / Analysis French and European policies against Cybercrime

Iler, Betul

17 December 2015

La mondialisation et le progrès technologique défient constamment la capacité d’adaptation des politiques publiques des États. Le cyberespace constitue un nouvel espace de liberté mais aussi un nouvel espace de danger donnant naissance à une forme de criminalité originale, appelée la cybercriminalité. La régulation de cet espace numérique transfrontalier, rapide et technique ne se fait pas sans difficulté pour les États. La lutte contre la cybercriminalité pose des questions politiques, juridiques et techniques. Le cyberespace montre les limites de nos systèmes juridiques actuels. L’adaptation du droit pénal et de la procédure pénale à la cybercriminalité doit se faire dans le respect des libertés individuelles. Cet équilibre entre sécurité et liberté est particulièrement délicat dans un espace virtuel. Le législateur, le juge et les services d’enquêtes sont confrontés à l’évolution constante des méthodes cybercriminelles, nécessitant une réponse judiciaire coordonnée et prompte au niveau international. Ces nécessités tardent à se matérialiser dans un contexte d’hétérogénéité des systèmes judiciaires et d’absence de stratégie globale et harmonisée. Cette lutte pose des questions quant à la souveraineté des États et pousse à repenser les modèles actuels. / Globalization and technological progress constantly challenge the adaptation capacity of government policies. Cyberspace is a new freedom space and a new danger space giving birth to a new form of original crime called cybercrime. The regulation of this cross-border, fast and technical space, is not easy for States. The fight against cybercrime generates political, legal and technical problems. Cyberspace shows deficiencies of our current legal systems.The criminal law and criminal procedure’s adaptation to cybercrime should be done in Human rights’ respect. This balance between security and freedom is particularly hard in a virtual space. The legislator, the judge and the policeman are faced with the constant evolution of cybercrime methods requiring a coordinated and fast international judicial action. These requirements are difficult to achieve in a context of heterogeneity remains of judicial systems and no comprehensive and harmonized strategy has emerged. This fight raises questions about states sovereignty and requires rethinking current models.

Cybercriminalité

Cyberparadis

Coopération internationale

Harmonisation des législations

Criminal law

Cybercrime

Criminal procedure

Cyberparadise

International cooperation

Laws harmonisation

The legal regime for anti-cyberlaundering

Leslie, Daniel Adeoye

January 2012

Doctor Legum - LLD / Along with its inumerable wonders, the advent of the internet has brought with it very bad vices. The notion of convenience, which comes with the use of the internet, can be attributed to criminals who wish to disguise the proceeds of their ill-derived funds, or what is better known as cyberlaundering. Cyberlaundering is a phenomenon that seems negligible on face value, but, to the contrary, has very dire effects, especially on national economies, which are in no way trifling.This study describes the problem of cyberlaundering, pointing out the various legal issues pertaining to it. Given that cyberlaundering is a comparatively new crime, which is not yet conceptualized legally, criminal justice authorities find it hard to detect, investigate and prosecute cyberlaundering. An adequate legal regime against cyberlaundering is currently non-existent, as there is presently no concise international or national legal framework in place to contain the problem. Whilst the chief focus of the thesis is to devise a legal framework to combat cyberlaundering, considerable attention is also devoted to the tension that arises between public and private interests, amongst several other legal issues that come to play along the way. This is a debate that necessarily arises when legislatures resort to more radical anti-cyberlaundering laws. The study advocates a middle ground, which leads to the desired end of curbing the exponential growth of cyberlaundering, at the very least.

Anti-Cybercrime

Anti-Money Laundering

Internet service provider

Cyberlaundering

Money laundering

Kyberzločin / Cybercrime

Šembera, Kryštof

January 2013

The master's thesis Cybercrime is a reaction to the increasing number of criminal activity related to the virtual space. It's main aim is to provide an overall description of this issue. Firstly the thesis presents theoretical problems regarding the definition of cybercrime. Following is an overview of international legislation and policy in the Czech Republic, EU, and USA. Second part is about two specific types of cybercrime - cyberstalking and cyberbullying. Not only are both defined theoretically, their respective participants (perpetrators, victims) and prevention are also described. Lastly the behaviour of adolescents online from the point of view of forming relationships and divulging personal information is presented.

Leveraging Scalable Data Analysis to Proactively Bolster the Anti-Phishing Ecosystem

January 2020

abstract: Despite an abundance of defenses that work to protect Internet users from online threats, malicious actors continue deploying relentless large-scale phishing attacks that target these users. Effectively mitigating phishing attacks remains a challenge for the security community due to attackers' ability to evolve and adapt to defenses, the cross-organizational nature of the infrastructure abused for phishing, and discrepancies between theoretical and realistic anti-phishing systems. Although technical countermeasures cannot always compensate for the human weakness exploited by social engineers, maintaining a clear and up-to-date understanding of the motivation behind---and execution of---modern phishing attacks is essential to optimizing such countermeasures. In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020

Computer science

browser blacklists

cybercrime

internet

phishing

social engineering

web security

La répression de la cybercriminalité dans les Etats de l’Union européenne et de l’Afrique de l’Ouest / The cybercrime sanctions within both European Union and West African states

Tano-Bian, Anmonka Jeanine-Armelle

28 May 2015

Chaque partie de l'espace, matérialisée par les frontières terrestres, maritimes ou aériennes est convoitée par les nations qui parviennent à en faire des chasses gardées à l’exception d’une seule composante : le cyberespace. Ce lieu d’échanges et de circulation de l’information s'est affranchi de cet accaparement. C’est ce qui le rend réel pour les utilisations qu’il permet (envois de messages, diffusion des informations en temps réel, formations…) et virtuel (dans la mesure où les réseaux numériques empruntent des voies difficilement localisables) au point de générer des difficultés quant à son encadrement par la loi. Dès lors, le cyberespace s’érige en un espace où il est aisé de cultiver des activités illégales compte tenu des facilités qu’il offre. Les activités illégales épousent des formes pluridimensionnelles et complexes qu’on regroupe sous l’appellation générique de cybercriminalité. De par sa nature et ses subdivisions, la cybercriminalité fait l’objet de réflexions, d’études, de recherches, de mises en place de politiques et d’actions à une échelle nationale et internationale en vue de parvenir à son éradication. Les actions sont menées de manière coordonnée entre les Etats et les institutions. La lutte contre ce phénomène interplanétaire exige la mutualisation des efforts de la part des acteurs des télécommunications, de l’informatique, de toutes les couches professionnelles ainsi que de la part des consommateurs sous réserve qu’ils soient bien informés des risques liés à l’usage du cyberespace. L’étude comparée des systèmes de répression mis en oeuvre dans les espaces européen et ouest-africain permettra de mieux comprendre l’exercice du droit souverain pénal face à la cybercriminalité et l’importance des collaborations entre ces deux espaces communautaires. / Each party of the space, realized by the ground, maritime or air borders is desired by the nations which succeed in making it private grounds with the exception of a single component: the cyberspace. This place of exchanges and circulation of information freed itself from this cornering. It is what makes it real for the uses which it allows (sendings of messages, broadcasting) of real-time information, trainings and virtual (as far as the digital networks follow with difficulty localizable paths) in the point to generate difficulties as for its frame by the law. From then on, the cyberspace sets up itself as a space where it is easy to cultivate illegal activities considering the opportunities which it offers. The illegal activities marry forms pluridimensionnelles and complex which we group under the generic naming of cybercrime. Due to its nature and its subdivisions, the cybercrime is the object of reflections, studies, searches, implementations of politics and of actions in a national and international scale to reach in his eradication. The actions are led in way coordinated between States and institutions. The fight against this interplanetary phenomenon requires the mutualization of the efforts on behalf of the actors of telecommunications, computing, all the professional layers as well as her on behalf of the consumers under reserve that they are informed well about the risks connected for the cyberspace. The study compared by the systems of repression implemented in the European and West-African spaces will allow to understand better the exercise of the penal sovereign right in front of the cybercrime and the importance of collaborations between these two community spaces.

Afrique de l’Ouest

Cybercriminalité

Etats

Répression

Union européenne

Cybercrime

European Union States

Sanctions

West African States

342