Computer intrusions and attacks compromise individuals, companies and communities. Whilst it is clear that computer and information security studies point to a generalised increase in the number and sophistication of computer security attacks over the past decade and that nations now entirely rely upon computer systems, insufficient attention is paid to the protection of those systems. Computer data and network systems affect our everyday lives, from the supply-chain software that ensures that the shelves are stocked at the supermarket, to systems that manage finance and share markets. Compromises of computer security are, therefore, rightly seen both as an attack on those individual entities whose systems and information are compromised, and as a communal attack upon the people and organisations that rely upon or use computer systems, both directly and indirectly. The aim of this thesis is to give an analysis of computer system security, information protections and the legal ramifications of computer security compromise, notably, data security compromise in Australia. Ultimately, the aim is to address three overlapping questions: what are the ways in which systems are breached, what are the legal consequences of a breach and are those consequences adequate? This paper looks at the underlying technology and relationships between actors involved in the majority of security compromises and looks at the common factors in how systems and networks are attacked and actors damaged. The paper then goes on to look at criminal liability for security compromises and shows how a criminal analysis feeds into the proper civil law consideration of the topic. Finally, the paper looks at data security through the lens of privacy. Ultimately, this paper concludes that Australia is inconsistent in its legal responses to information security incidents. Such variations are based on the area of law being discussed and dependent on the breach methodology and outcome. The criminal law provides the most current and potent legal protection any business or individual has had in this field. This is followed by statutory privacy law which provides a narrow degree of coverage and provides only a weak conciliation process for addressing data security issues. Finally, common law and equity provide the most uncertain commercial remedies for those that suffer data security breach. This paper concludes that present protections are inadequate and uncertain, and that change is required.
| Identifer | oai:union.ndltd.org:ADTP/279408 |
| Creators | Quentin Cregan |
| Source Sets | Australiasian Digital Theses Program |
| Detected Language | English |
Page generated in 0.0013 seconds