*IN PROGRESS* COMPUTING RELATED LEGISLATION Flashcards
(10 cards)
The Regulation of Investigatory Powers Act (2000) has been described as both a vital legal tool
to ensure the public’s safety and an attack on an individual’s freedoms.
Evaluate the purpose and use of the Act.
You should include:
the additional powers given under the Act
to whom these powers are given
the perceived benefits and/or drawbacks of the Act.
Knowledge (AO1)
Implements additional rights regarding surveillance/
monitoring of individuals and acquisition of
communications data
Provides the right for many organisations (including
the Police and security services) to do this.
* Purpose is to detect crime and defend national
security (e.g. terrorism, public disorder)
*
Gives access to individuals’ private communications,
such as emails, text messages, phone calls, Internet
history.
Some people feel this is an invasion of their privacy
Application (AO2)
Monitoring can be carried out by far more
organisations than just the Police and Security
services - for example, local councils, the pension
regulator and the Environment Agency are all able to
use surveillance or request data about individuals.
If files are encrypted, the Act gives powers to force
the handover of keys (from individuals or
organisations) with a 2 year prison sentence
possible on refusal.
Wide ranging powers have allowed Police and
Security services to intercept criminals’
communications and stop / disrupt crime.
Evaluation (AO3)
* In the modern world, it is important that Police and
Security services are given the power to deal with
electronic communications in this way. Many crimes
(e.g. terrorism) can be detected and stopped before
they occur, making the public safer.
However, some say that it is now a “snooper’s
charter”, with more organisations using their powers
for minor offences such as detecting those lying
about their address to get children into a better
school or fly-tipping.
Many communication tools (e.g. WhatsApp) now
include end-to-end encryption by default so that
messages cannot be divulged by the organisation
because they do not have access to it. Other
encryption tools include plausible deniability.
“The Computer Misuse Act means that computer users are criminalised for simply trying to learn
how systems work.”
Discuss whether or not you agree with this statement.
A01
Computer Misuse Act is legislation aimed at
criminalising unauthorised access to a computer
system Three stages:
Unauthorised access to a computer system
Unauthorised access with intent to commit further
offences
Unauthorised modification of computer material
Punishable by up to twelve months in prison and an
unlimited fine.
A02
Computer users who investigate how systems work
require authorisation in order to not break the Act.
Examples such as changing a social media post on a
friend’s mobile phone potentially breaks all three
sections of the Act.
Investigation of systems can break the Act without
intent, e.g. by changing server logs because of their
actions.
Users must be aware of the Act (as with any other law)
in order to be responsible.
A03
Material available online (e.g. self study videos) that
explain how systems work and teach without the need
to investigate using unauthorised access.
Investigating systems that you own yourself or have
authorisation to access does not break the law.
Systems are offered to users with strict conditions
attached and investigation is not a legitimate excuse for
breaking the law.
Ethical/white hat hackers will not break this law
because they have authorisation.
Grey and black hat hackers will break Computer Misuse
Act.
The Copyright Designs and Patents Act 1988 applies to all videos that are streamed.
Explain how this act applies to the videos.
Copyright assigned to owner of video automatically
on creation
Makes it illegal to copy/distribute videos as your
own/without permission
Copyright holder can ask for their work to be
removed from the streaming platform
Membership/licence gives subscribers the
agreement to view videos
Which may restrict their use (e.g. to whom it is
shown or geographical location from which it is
accessed).
“It’s like the Wild West, the Internet. There are no rules.” - Steven Wright.
The quote above suggests that the Internet is a lawless place.
Discuss the extent to which you agree with this statement and how important you feel that the
regulation of the internet is.
Anyone can put content onto the Intemet.
It can be hard to track down who put information up.
People can make untrue claims or present biased
information.
There are certain crimes that have originated because
of the internet (e.g. phishing and pharming)
Other crimes have found new avenues through the
intemet (e.g. drugs, obscene materials etc.)
Laws have been written to take into account the internet
(e.g. RIPA in the UK).
Traditional laws still apply to the Internet.
Governments can apply laws in their jurisdictions…
..but may not be able to enforce them if content is from
outside their country.
It can be hard to track people down if they actively try to
hide their identity.
Regulation whilst difficult on the internet may be to
some extent desirable.
Education is important - teaching people about the risks
of using the internet.
Content is available to people of all ages and
vulnerabilities.
Describe the purpose of the Regulation of Investigatory Powers Act.
Sets out to empower/ limit the extent…
to which public bodies..
can use technological surveillance..
This can include monitoring internet activity
Electronic communications
And forcing users to hand over encryption keys
“Technology is changing too quickly for the law to keep up.”
Discuss to what extent you agree with the statement above. In your discussion you should explain
which laws regulate the use of technology and how advancements in technology have made the
laws difficult to enforce/implement.
AO1 Knowledge and Understanding
Laws that regulate technology include:
the Data Protection Act..
…which regulates how personal data is stored.
The Computer Misuse Act…
…which regulates unauthorised access.
The Copyright and Patents Act.
…regulated intellectual property.
Regulation of Investigatory Powers Act…
…Regulates how government agencies can use IT for surveillance
AO2 Application
Computer Misuse Act is harder to enforce with the
increased use of DDoS attacks (often involving
unwitting participants). The Internet of things is likely to
make such attacks even more common place.
People are connecting to the internet in new ways using
mobile networks/public Wi-Fi making attacks potentially difficult to track.
Films/Music etc. are being shared in new ways.
Streaming is common - often this is legitimate but the
global nature of it can bring licensing issues into play.
Fast internet speeds, peer to peer and the dark web all
contribute to making piracy more prevalent and harder
to track.
Digital watermarking can be used to track piracy.
End to end encryption makes government monitoring of
communications trickier.
AO3 Evaluation
May conclude that although technology develops
quickly the laws are broad enough to cover all
eventualities.
Alternatively, may conclude that people are always
looking for ways of using technology to access loophole
in the law/ to avoid detection.
Look for a well-reasoned conclusion. Could decide
either for or against but should be backed up with
examples.
Explain how the measures of the Data Protection Act are designed to protect the privacy of data.
Customer has the right to see the data and to ask for it to be
corrected if wrong so that they are not responsible for incorrect data
Data must be lawfully collected so that customer rights are not flouted
Data can only be accessed by/changed by authorised people so that
malicious alterations are not made
Authorised people must be notified to the DPR so that they are
accountable
Data is only used for the specified purpose so that junk mail is not
encouraged
Data collected should not be excessive so that irrelevant data is not
stored
Data should be accurate and up to date so that customers are not
held responsible for goods they have not bought
Data should not be kept longer than necessary so that customers can
leave an organisation
Data should be protected by adequate security measures so that
people with malicious intent cannot gain access
Data should not be transferred out of the EU so that data remains
subject to DPA.
Companies have responsibilities with regard to the welfare of their employees.
State four legal responsibilities companies have with regard to the data they hold about their employees.
Ensure only relevant data is held about them
It is kept up to date
It is accurate
Must not be held longer than necessary.
Employees are given access to their data
Data must be kept securely
Data must not be passed on to 3rd parties without permission.
Data must not be passed outside the EU
The robot’s web interface uses images that show the robot in action. These photographs have
been taken using a digital camera.
The programmers do not want other people to download and use these images.
State the name of one relevant piece of legislation and describe how this would protect
these images.
Copyright Designs and Patents Act
Gives the author (the programmers)
ownership/copyright of the photographs
…no need to apply // this is automatic
Others cannot use/distribute // can be
prosecuted/fined for using/distributing…
…without permission
Permission can be granted / bought/licenced
For other areas of the web interface, programmers need to use images that they have not created themselves.
Give two ways that they could make sure these images are used legally.
Ask permission of author /photographer /
owner
Use images marked as copyright free (e.g.
Creative Commons Licence)
Purchase (licence to use) image
