NATIONAL INFORMATION INFRASTRUCTURE PROTECTION POLICYPERPECTIVES ON THE ROLE OF THE GOVERNMENT - PowerPoint PPT Presentation

Loading...

PPT – NATIONAL INFORMATION INFRASTRUCTURE PROTECTION POLICYPERPECTIVES ON THE ROLE OF THE GOVERNMENT PowerPoint presentation | free to view - id: 1a9fb4-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

NATIONAL INFORMATION INFRASTRUCTURE PROTECTION POLICYPERPECTIVES ON THE ROLE OF THE GOVERNMENT

Description:

'The controversy between those who believe that law should essentially follow and ... cannot be a space beyond law a kind of legal hinterland where the reach ... – PowerPoint PPT presentation

Number of Views:214
Avg rating:3.0/5.0
Slides: 40
Provided by: legisl1
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: NATIONAL INFORMATION INFRASTRUCTURE PROTECTION POLICYPERPECTIVES ON THE ROLE OF THE GOVERNMENT


1
NATIONAL INFORMATION INFRASTRUCTURE PROTECTION
POLICY---PERPECTIVES ON THE ROLE OF THE
GOVERNMENT T.K.VISWANATHAN SECRETA
RY TO GOVT. OF INDIA MINISTRY OF LAW
JUSTICE NEW DELHI
2
RELATIONSHIP BETWEEN LAW SOCIAL CHANGE
The controversy between those who believe that
law should essentially follow and not lead and it
should do so clearly formulated social sentiment
and those who believe that law should be a
determined agent in the creation of new social
norms is one of the recurring themes in the
history of legal thought PROFESSSOR WOLFGANG
FRIEDMANN- Law in a Changing Society
3
THIRD MILLENNIUM RESURRECTS THIS AGE OLD
CONTROVERSY WITH A SHARPER FOCUS ON LAW
TECHNOLOGY
4
LEGAL PROBLEMS OF NEW TECHNOLOGY APPLICATION
OF JURISPRUDENTIAL CONCEPTIONS TO CYBERSPACE
UNIQUE PROBLEMS
5
Three outstanding features which make Digital
revolution unique are the resultant 1.
Cyberspace 2. Knowledge Economy 3. Speed with
which it has transformed industrial economy into
a Knowledge Economy
6
Challenge of Cyberspace
  • Cyberspace calls into question many traditional
    legal conceptions like
  • Ownership
  • freedom of expression ,
  • liability
  • Property etc

7
How problems posed by Cyberspace is different?
Doctrine of Functional Equivalence suggests
that whatever laws are applicable to human
conduct and activity in the physical (off-line)
world also be equally be applicable to conduct
and activity Online (virtual reality) But
application of this doctrine poses difficulties
where for every online conduct/activity no
functional equivalent can be found for offline
conduct/activity
8
POLICY FORMULATION RELATING TO THE ROLE OF GOVT
IN REGULATING CYBERSPACE RAISES COMPLEX
ISSUES TRANSLATION OF POLICY REQUIRES
LEGISLATIVE INTERVENTION WHICH MEANS A
LEGISLATION IS NECESSARY TO TRANSLATE IT INTO AN
EFFECTIVE LEGAL REGIME BINDING UPON ALL THE
ACTORS AND STAKEHOLDERS EVERY LAW IS AN
INFRACTION OF LIBERTY
9
CREATION OF NEW OFFENCES -CYBERCRIMES - BASIC
ISSUES FOR POLICYMAKERS
One way of responding to the problems posed by
the digital revolution has assumed the form of
demanding the creation of new offences called
cyber crimes. While criminal conduct should not
go unpunished whether committed online or
offline, before undertaking this exercise of
creating new criminal liability ,the basic issues
involved in the creation of new basis of
criminal liability should not be lost sight off.
10
Cyberspace is a product of technological
innovation and new technologies always overawe
us. They also create novel situations which
existing law cannot address. Cyberspace is
projected as a new universe, a parallel
universe created and sustained by the worlds
computers and communications lines
11
That may be true, but cyberspace cannot be a
space beyond law a kind of legal hinterland
where the reach of the national legal systems
cannot extend and where greed malice and
treachery can reign supreme . The internet has
never been a space beyond the law national laws
apply to it .The offences committed on the
internet reflect behaviours that are specific to
social life, and which have already found
carriers in the traditional media.
--The Final Report of the International
Symposium on Freedom of Expression in the
Information Society organized by the French
National Commission for UNESCO in November 2002.
12
Creating new offences to deal with problems posed
by cyberspace without laying the foundation for
law enforcement and capacity building in computer
forensics would not be a prudent course of action
This was one of the crucial factor which kept
the offences under the Information Technology Act
2000 to the minimum
13
THREE PROBLEMS OF CYBERSPACE WHICH CONFRONT
LAWMAKERS 1. BORDERLESS NATURE 2. ANONYMITY 3.
NATURE OF INFORMATION
14
Vanishing Borders in Cyberspace
  • Sovereignty exercise of Jurisdiction which are
    attributes of statehood are linked to territorial
    nexus
  • In cyberspace territorial boundaries are
    meaningless
  • Internet address has no relation to the physical
    location of the computer or its user
  • Law implies the application of coercive force but
    this is not feasible over individuals not within
    the territory

15
  • BORDERLESS NATURE OF CYBERSPACE MAKES
    ENFORCEMENT OF CRIMINAL LAIBILITY DIFFICULT
  • CRIMES CAN BE ENGINEERED FAR AWAY FROM THE SCENE
    OF THE CRIME
  • INTERNET FACILITATES CRIMINALS TO COMMIT
    OFFENCES WITHOUT HAVING TO VISIT THE SCENE OF THE
    CRIME

16
TRADITIONAL CRIME SCENARIO THE OFFENDER HAS TO
VISIT THE THE SCENE OF THE CRIME OR HAS TO BE IN
THE VICINITY OF THE SCENE TO PERPETRATE THE
CRIME IN SUCH SITUATIONS IT IS EASY TO LINK THE
OFFENDER WITH THE SCENE OF THE CRIME BUT IN
CYBERSPACE SINCE THE OFFENDER NEED NOT BE IN THE
VICINITY SUCH LINKAGES ARE ABSENT AND DIFFICULT
TO ESTABLISH
17
Problems posed by anonymity Pseudonymity
Cyberspace permits anonymity Pseudonimity Users
can mask their real flesh Blood identities and
assume digital avatars Anonymous remailers
facilitate sending messages without revealing
their identity or origin Causes problem for
imposing liability
18
Legal problems of electronic evidence
Information is intangible Networked environment
flees at the speed of the light crossing
boundaries Cybercriminals need not visit the
scene of the crime to commit the offence To
capture the electronic trail is very
important Digital environment there is no
original or duplicate
19
Data is never deleted Recovery of data is crucial
for successful litigation Data is also fragile in
the digital environment Changes very quickly
Courts must be convinced that the data crucial
to litigation has been frozen and integrity has
been preserved so that no manipulation has taken
place Computer Forensics Digital Discovery are
fast emerging as new expertises
20
The Latent Nature of Electronic Evidence Electron
ic evidence is information and data of
investigative value that is stored on or
transmitted by an electronic device. As
such, electronic evidence is latent evidence in
the same sense that fingerprints or DNA
(deoxyribonucleic acid) evidence are latent.
21
The Forensic Process The nature of electronic
evidence is such that it poses special challenges
for its admissibility in court. To meet these
challenges, follow proper forensic procedures.
These procedures include, 4 phases collection,
examination, analysis, and reporting.
22
COMPUTERS CAN - (a) BE USED TO COMMIT
CRIME (b) CONTAIN EVIDENCE OF CRIME, (c) BE
TARGETS OF CRIME.
23
INFORMATION HIDING Users have the opportunity to
hide evidence in a variety of forms. files can be
hidden under 1. an innocuous name. 2.
Compressed files. 3. Misnamed files. 4. Encrypted
files. 5. Password-protected files. 6. Hidden
files. 7. Steganography.
24
CRYPTOGRAPHY, DIGITAL SELF-INCRIMINATION AND
ELECTRONIC SURVEILLANCE
Article 14 paragraph (3) sub-paragraph (g) of the
International Covenant on Civil and Political
Rights confers upon a person, charged with a
criminal offence, the right not to be compelled
to testify against himself or to confess to his
guilt.
In the Constitution of U.S, the Fifth Amendment
freedom confers a similar right on an accused
person. Clause (3) of article 20 of the
Constitution of India incorporates a similar
safeguard, which provides that "No person shall
be compelled to be a witness against himself".
25
Cryptographic keys create communicative content.
This triggers the constitutional safeguard.
Making available the key to a safe containing a
document does not alter the communicative content
of the document made available. But compulsory
production of cryptographic keys gives the
document a testimonial content by decrypting the
document and returning it to the plain text.
Thus compulsory production of cryptographic key
is compulsory creation of testimonial content
since without the key the documents would not be
useful as testimony
26
Section 69 of the Information Technology Act 2000
empowers the Controller of Certifying Authorities
to direct any agency of the Government to
intercept any information transmitted through any
computer resource. Sub-section (2) of that
section imposes a duty upon a subscriber or any
person in charge of the computer resource to
extend all facilities and technical assistance to
decrypt information failing which he shall be
punished with imprisonment for a term which may
extend to 7 years
27
Apart from section 69 of the Information
Technology Act 2000, section 91 of the Code of
Criminal Procedure Code 1973 empowers a court or
an officer in charge of a Police station to issue
a summons or a written order requiring any person
to produce a document or a thing in his
possession. Obviously this power would include a
power to produce the cryptographic keys also.
28
Thus it is possible that in pursuance of the
aforesaid powers the controller under section 69
of the Information Technology Act 2000 or the
Court or the Officer in charge of a police
station under section 91 of the Code of Criminal
Procedure 1973 can direct or order the production
of the keys for decrypting any encrypted
information So long as the person who is called
upon to produce the key, is not accused of
committing any offence, the direction or order or
summon will not trigger the constitutional
safeguard enshrined in clause (3) of article 20.
29
Once he is accused of any offence the
constitutional safeguard comes to his rescue.
The only means available to the law enforcement
agencies is to use the power to search and seize
the key to decrypt the information if it can be
found. And where it is not possible to find the
key other means of breaking the code has to be
resorted to by the law enforcement agencies since
the accused cannot be compelled to render
assistance by way of producing the key or by
decrypting the information.
30
Cryptography it is said is the conspirators ideal
tool. It enables criminals to build cryptographic
fortresses which law enforcement agencies cannot
penetrate. Nature of the digital medium is such
that it will be difficult to collect electronic
evidence after the commission of an offence since
criminals will ensure that all audit trails and
login records are erased and there will be no
evidence left for the Police to collect and
prosecute the offenders. This problem can be
addressed only if the police can capture the
evidence on a real time basis which requires
surveillance capabilities data recovery tools and
above all personnel trained in computer
forensics.
31
The Government of Indias concern to protect
countrys Critical Information Infratstructure
finds recognition in section 70 of the
Information Technology Act 2000
32
Section 70 empowers the appropriate governments
both the Centre and State to declare any
computer, computer system or a network as a
protected system 2.Any attempt to interfere or
access to systems without lawful authority, may
be punished with imprisonment for ten years.
3.This is essential to prevent antinational
elements from hacking into our computers and
networks which are sensitive in nature as it
happened when the computers at the BAARC were
hacked last year.
33
SECURITY COMPLIANCE ASSURANCE FRAMEWORK NATIONAL
INFORMATION SECURITY ASSURANCE PROGRAM
(NISAP) For Government and Critical
Infrastructure Organizations
34
A) Security Assurance Framework - Concept It has
four elements Mandatory compliance requirement
in the form of a legal/regulatory
framework Mandatory compliance efforts to ISMS
standards like IS 15150/BS 7799 etc Mandatory
compliance verification of security technical,
managerial as well as operational controls
including ISMS assessments, penetration testing,
vulnerability assessment, application security
testing, etc. Mandatory compliance reporting
to CERT in as a notified entity on a periodic
basis
35
It has two distinct actions Enabling actions
Directives/ Standards/ Guidelines/ Empanelment
rating/ Training awareness Endorsing actions
Assessments, Testing Certification covering
Product, Process People and include specific
services such as ISMS certification as per IS
15150/BS 7799 Common Criteria security product
test/evaluation as per ISO 15408 IT Security
auditing (Pen. Test/VA etc.)
36
B) Security Assurance Framework
Highlights Government and Critical infrastructure
organizations (public or private) must have a
security policy Mandatory for organizations to
implement security controls and report security
incidents to CERT in CERT In will create and
maintain a panel of Auditors for IT Security,
including Penetration Testing and Vulnerability
assessment. All organizations must be subject to
third party audit from this panel once a year,
and whenever major configurations change
Security compliance to be reported to CERT-In on
periodic basis
37
Security control emphasis depends on the kind of
environment Low risk Awareness- know your
security concerns and follow best
practices Medium risk Awareness Action
Proactive strategies leave you better prepared to
handle security threats and incidents High risk
Awareness, Action and Assurance Since
security failures could be disastrous and may
lead to unaffordable consequences, assurance
(basis of trust confidence) that the security
controls work when needed most is essential.
38
We live in a fascinating era. As Lessig
describes it we are enjoying the excitement of a
teenager driving a motorbike with his hands off
the steering wheel. We do not have ready answers
to the problems posed by the digital revolution.
We are confused .We search for answers. The
past does not guide us. Perhaps the spirit of
the present plight can be summed up by quoting
from Charles Dickens novel "A Tale of Two
Cities It was the best of times, it was the
worst of times, it was the age of wisdom, it was
the age of foolishness,
39
As the UNESCO World Communication Report
concludes the nation states of the world are
subjected to the direct shock of new
technologies, planetary networks and
globalization spawning a Cyber Galaxy, a kind of
virtual world overreaching continents,
disregarding national laws and creating new
political and cultural reference points, a
transformation without precedent in the history
of mankind.
About PowerShow.com