DTU CL Unit 4

4.1 Ethics

-> Principles or moral guidelines that govern the behavior and decision-making in cyberspace (dealing with issues related to - technology, internet use, digital interactions)

• Where (individuals, corporations, and governments) must operate in a manner that respects (privacy, intellectual property, fundamental rights)

Ethical use of Technology

• Ensure that technology and digital tools are used in a (responsible and fair manner). Consideration of:
  • how data is (collected, stored and used)
  • how technology is deployed in a way that does not harm others
  • ex:
    • Privacy concerns - not misuse of personal data for profit (like data mining or selling personal data to third parties)
    • Fair Competition - not using cyber attacks to undermine competitors or steal trade secrets

Types of Ethical Use ⭐

1. Respect for Intellectual Property (IP) - refraining from unauthorized (downloading, sharing, copying) of digital content and respect licensing agreements

   • Copyright Infringement - Ethical Dilemmas - ease of copying and distributing IP online

2. Privacy and Data Protection

   • Protect Privacy - Ensuring that personal data is not harvested and misused by (government and organizations )
   • Balance Surveillance - Raise questions on Mass surveillance without legal frameworks or jurisdiction…
   • Prevent Data Breaches - companies have ethical responsibility to protect user data from breaches and unauthorized access

3. Cybercrime Prevention

   • Prevent Hacking and Cyberattacks: preventing and punishing individuals who engage in malicious activities
   • Responsibility of White-Hat Hackers: Raise question how far White hacker can go in terms of accessing private info
   • in name of testing and identifying vulnerabilities

4. Cyberbullying and Online Harassment:

   • Ethical Considerations : address the issues (cyberbullying, trolling and harassment) ethically by balancing free speech
   • Responsibilities of Platforms : Social media and website, ethical responsibility to moderate content and prevent abuse without stepping into censorship

5. Freedom of Speech vs Harmful Content

   • Balancing Act: Prevent harmful content, (hate speech, misinformation, defamation) and also balance free speech
   • Censorship Concern: Governments and private companies need to implement policies that avoid unjust censorship while still protecting users from harm.

6. Ethical Responsibilities of Cyber Professionals

   • Responsibility of IT and cybersecurity professionals: individuals working in cybersecurity and IT must uphold standards when dealing with sensitive data, implementing security measures, or responding to breaches
   • Whistleblowing - Ethical Dilemmas - IT professionals encounter unethical practices within their organisations but not report due to risks.

7. Ethics in Cyber Law Enforcement:

   • Law Enforcement Responsibilities: while investigating cybercrime, authorities must operate within legal and ethical boundaries, respecting privacy rights.
   • Due/Required Process- Law enforcement must ensure due process and avoid unethical practices and overreach or misuse of power such unlawful or over searches, accessing private data without proper warrant

Global Ethical Standards

• Cross-Border Ethics : Ethical cyber law aims to create universal standards that protect user globally, ensuring fairness and justice

• Ethical Challenges in International Cooperation: How countries cooperate in enforcing cyber, in Different legal and moral standards

Role of Ethical Frameworks

1. Code of Conduct and Standards: organisations adopt ethical code of conduct and professional standards to guide their operations in cyberspace.
2. Legislation and Regulation: ethical concerns let to the development of various international and national laws to prevent harms. Ex - GDPR in Europe
3. Ethics and Legal Reforms: Legal reforms like Ensuring data protection, preventing cyberbullying, and safeguarding intellectual property.

---

4.3 Cyber Security in Society

Importance of Cybersecurity in Society

1. For Individuals: protects (personal information, financial data, and digital identities)

   • A breach could lead to identity theft, loss of personal data, or financial fraud)

2. For Businesses: crucial to protect (intellectual property, financial data, and customer information.)

   • A cyberattack can result in (financial losses, reputational damage, and legal penalties)

3. For Governments: Cybersecurity is essential for protecting sensitive data related to (national security, defense, and public services).

   • Cyberattacks can impact critical infrastructure like (power grids, hospitals, and transportation systems)

Social Impact of Cyber Security

1. Trust in Technology: Frequent cyberattacks erode public trust in online platforms
2. Privacy Concerns - Excessive surveillance lead to ( privacy violations, fueling public distrust and raising ethical concerns) and Data breaches can have long-lasting consequences for individuals
3. Digital Divide - Vulnerable populations, including the (elderly, economically disadvantaged, and those with limited digital literacy), may be less equipped to protect themselves from cyber threats.

Legal and Regulatory Responses

• GDPR (General Data Protection Regulation) – 2018 (EU): mandates strict data protection measures, requiring businesses to implement cybersecurity strategies to safeguard personal data.

• Cybersecurity Information Sharing Act (CISA) – 2015 (USA): CISA promotes the sharing of cybersecurity threat information between private sector entities and the government.

• Indian Cybersecurity Policy – 2013 (India): policy promotes data protection, the safeguarding of critical infrastructure, and the development of cybersecurity capabilities.

Cyber Security and National Security

• Cyber Warfare - foreign governments or terrorist group disrupt another nation’s defense systems, elections, or infrastructure using cyberattack

• The security of critical infrastructure, such as (energy grids, transportation systems, financial services, and healthcare facilities,) is essential for national security.

• Critical Infrastructure Protection

Challenges Facing Cybersecurity

1. Sophisticated Cyberattacks - new technologies to breach security system making difficult for individual, business and government to keep pace. ex ATP, zero-day vulnerability.
2. Human Error - falling prey to phishing attacks, using weak passwords, failing to update security patches.
3. Ransomware - These attacks target individuals, businesses, and even healthcare institutions, causing significant financial and operational damage.
4. Insufficient Cybersecurity Policies - Small businesses, lack comprehensive cybersecurity policies, making them easy targets for cybercriminals.

APT - Advanced persistent Threats

Technological Advancement in cyber Security

• Artificial Intelligence (AI) and Machine Learning: detect anomalies, identify potential cyber threats, and respond to security breaches in real time. Help in predicting attacks by analyzing patterns and detecting suspicious activities before they cause harm.

• Blockchain Technology: Blockchain offers a decentralized approach to securing transactions and data.

• Quantum Cryptography: emerging field that promises to revolutionize cybersecurity by making data encryption virtually unbreakable. By harnessing the principles of quantum mechanics, it provides highly secure communication channels that are immune to hacking.

Preparedness and Cyber Security Education

1. Public Awareness Campaigns
2. Cybersecurity Educations in Schools
3. Workplace Cybersecurity Training

---

4.4 Security in Cyber Law case Studies

1. The Landmark Case of R v. Gold Schifreen (1988)

(Robert Schifreen and Stephen Gold) vs (British Telecom’s Groups) conviction - unauthorized access

-> Unauthorize Access to BT’s Prestel Service by obtaining the login credentials of a BT engineer. -> Using this Hack into personal accounts , including Prince Philip’s Account

• Legal Implications:

  • Charges and Appeal :
    • convicted under the Forgery and Counterfeiting Act 1981
    • Court of Appeal overturned the Conviction, arguing that act did not cover unauthorized computer use
  • Creation of the Computer Misuse Act (1990), highlighted the lack of legal provision

• Legal Precedent

  • Shaping cybercrime legislation in the UK.
  • TCMAC is now a fundamental Law

2. The Yahoo Data Breach Case (2013-2016)

(Yahoo) vs (Users) Conviction - Delay in Breach Disclosure

-> Series of massive data breaches, affecting more than 3 billion user account -> exposed personal data (email add, telephone no., DOB, hashed password) -> one of the Largest Cybersecurity breaches

• Legal Implications:

  • Failure to Disclose :
    • Initially delayed disclosing the breaches, raised question about the company’s responsibility
  • Lawsuits and Settlements:
    • Faced numerous lawsuits (negligence, failure to protect user data, breach of privacy)
    • company settled for $117 million to compensate affected user
    • Cyber Security and Disclosure Laws: this case underscore the importance of timely breach notification/report within 72 hours of discovery mandates under (US’s Data Breach Notification Law and EU’s GDPR)

• Legal Precedent

  • Highlighted the need for strong data protection and timely disclosure, prompted legislative bodies to tighten law

3. The WannaCry Ransomware Attack (2017)

(Ransomware) vs (Microsoft) Conviction - Failed to Patch software

-> Affected hundreds of thousands computer worldwide -> targeting organisations like UK’s National Health Service (NHS) -> Vulnerability in Windows to encrypt user’s file

• Legal Implications

  • Failure to Patch Software - organisations failure to security update
  • Cross-Border Crime - global attack so challenges (tracing and prosecuting) prosecuting perpetrators
  • Corporate Responsibility : Companies question about their responsibility

• Legal Precedent

  • Illustrated the importance of having clear legal frameworks
  • highlighted the challenges in prosecuting actors operating in different jurisdiction

4. The Equifax Data Breach (2017)

(Equifax) vs (Consumers) Conviction - failed to protect user data and not promptly disclosing

-> Equifax (Credit reporting agency) suffered a data breach -> Exposed sensitive personal information (Social security no., Credit card details) of over 147 million people -> caused by vulnerability in a web application that company had failed to patch

• Legal Implications
  • Negligence - faced lawsuit from (consumer, regulators, state attorneys general) for failing to protect sensitive information and not promptly disclosing.
  • GDPR Violation - operating in EU and Does not comply with strict data protection rules, so faced sever penalties.
  • Penalties and Settlements: Equifax Agreed to pay up to $700 million (compensation + fines)
• Legal Precedent
  • reinforced the importance of following cybersecurity best practices - (timely patching of vulnerabilities)
  • Enforced stricter standards for data breach.

5. The Facebook-Cambridge Analytica Scandal (2018)

(Cambridge Analytica) vs (Facebook) Conviction - Failed to protect user data and allowed third-party

-> Revealed that Cambridge Analytica (data analytics firm) had harvested personal data from millions of Facebook user without their consent -> using it for political advertising during the 2016 U.S. Presidential election and The Brexit referendum

• Legal Implications

  • Data Privacy Violation - Facebook accuse of failing to adequately protect user’s data and allowing a third-party app to harvest data without consent.
  • Fines and Settlements - fined $5 billion by Federal Trade Commission, and **€**500,000 fine under Data Protection Act 1988 (pre-GDPR) by UK information Commissioner’s Office (ICO)
  • Global Impact - Stricter enforcement of privacy laws and more comprehensive regulations like the California Consumer Privacy Act (CCPA) and revision to GDPR

• Legal Precedent

  • highlighted importance of clear user consent and data protection practices
  • emphasis need for transparent data-sharing policies

---

4.5 General Law and Cyber Law Swift Analysis

General Law -> Traditional legal framework that govern societal interaction. these law (Criminal, Civil, Constitutional) established over centuries to address issues like (property right, contracts, crimes, civil wrongs)

Cyber Law -> Relatively new area, deals with legal issues related to the (internet, digital communication , IT). often has to evolve and adapt to address the unique challenges posed by the digital world.

Areas of General Law Relevant to Cyber Law

1. Criminal Law and Cyber Crime

   • General Law - addresses offenses like (theft, fraud, trespass, harassment). safeguard citizen and penalties for crimes.
   • Cyber Law - hacking, phishing, identity theft, online harassment, cyberstalking
   • Swift- Cyber crimes (like theft, fraud, harassment) resemble traditional crimes in committed in cyberspace

2. Civil Law and E-Commerce

   • General Law -: governs disputes such as (contract disputes, property disputes, and torts).
   • Cyber Law - governs (online contracts, digital payments, and business transactions) conducted over the internet.
   • Swift - The principles of contract law still apply, but cyber law adds provisions for (digital signatures, electronic contracts, and consumer protection in online transactions.)

3. Constitutional Law and Cyber Rights

   • General Law - outlines the fundamental rights and freedoms of individuals, including the (right to privacy, free speech, equal protection) under the law
   • Cyber Law - concerns about (privacy, surveillance, and freedom of expression).
   • Swift - incorporates these issues by addressing (online privacy rights, government surveillance, and the regulation of digital content)
   • Example -

4. Intellectual Property Law vs Digital Copyright

   • General Law - protects creations of the mind, (inventions, literary and artistic works, and symbols, names, and images)
   • Cyber Law - prevent (copyright infringement, software piracy, and trademark violations)
   • Swift - applying intellectual property protections to digital content and establishing frameworks for online enforcement

5. Tort Law and Cyber Defamation

   • General Law - provides remedies to individuals who suffer harm due to the wrongful actions of others, (defamation, negligence, and invasion of privacy)
   • Cyber Law - Prevent harming of someone’s reputation through false statements made on digital platforms, such as (social media, blogs, or websites)
   • Swift - extends defamation laws to cover online speech, providing remedies for victims of cyber defamation

• Examples

  1. Criminal Law and Cyber Crime - The Indian IT Act 2000, includes provisions for punishing cybercrimes like (hacking, identity theft, and online fraud).

  2. Civil Law and E-Commerce - In India, the IT Act, 2000, recognizes digital (signatures and electronic contracts) as legally valid, making it easier for businesses and individuals

  3. Constitutional Law and Cyber Rights - In the landmark 2017 judgment (Puttaswamy v. Union of India), the Indian Supreme Court declared privacy a fundamental right under Article 21 of the Constitution.

  4. Intellectual Property Law vs Digital Copyright : The Digital Millennium Copyright Act (DMCA) in the U.S. a extend copyright protections to (digital content, imposing penalties for unauthorized use or distribution) of copyrighted works online

  5. Tort Law and Cyber Defamation : Social media platforms like Facebook and Twitter have faced numerous cases of defamation

Unique Challenges to Cyber Law

1. Jurisdictional Issues: cybercrimes often transcend national borders

   • solution -must address these challenge through international cooperations
   • example - Budapest convention facilitates cooperation among nations to combat cybercrime

2. Anonymity in Cyberspace: Difficult to (identify and Prosecute cybercriminals)

   • solution - must develop methods for tracking anonymous actors, such as (IP addresses or digital forensics), while balancing privacy.
   • example - In many countries law enforcement are allowed request information from internet service providers (ISPs) to trace anonymous user

3. Rapid Technological Advancement: Technology evolves rapidly, cyberlaw must constantly update to address new forms of cybercrimes and threats

   • solution - laws governing Ai and cryptocurrency are still in development
   • example - Cryptocurrency like Bitcoin, has been topic of debate in developing countries like India and US to implement new laws and regulations specifically addressing digital currencies

General Law and Cyber Law Complementary Roles

1. Harmonizing Laws - adapts principles from general law to address issues in digital world.
2. Regulation and Enforcement - General law provides foundational legal framework, while cyber law introduces specialized provisions.
3. Protection of Right - Cyber law extends the Protection of Individual rights (privacy, free speech, property) in digital realm