Issues - Law
Issues within computer science can be economic, moral, legal, ethical or cultural. Because technology has advanced so far in the last few decades, the way in which we live our lives has changed enormously as well. Because of this, new laws have had to be recently introduced, or edited, in order to keep up to date. So many crimes, especially things like scams, are regularly committed over the internet on a daily basis and so it is important that these laws are put into place. Other than crime, though, many ethical situations such as artificial intelligence have been debated. In this topic, we cover the issues surrounding the ever growing computing industry.
This topic covers:
Laws in computing and what they mean
The roles of code of conduct in promoting professional behaviour
The social and economic changes that are happening due to technological advances
The ethical, cultural and legal issues
The impacts on security, privacy and data protection
How copyright and similar laws work
Data Protection act 1998
In recent years, you may have heard stories of how large companies, like Facebook, make millions, if not billions, via selling your personal data to third parties. These companies can then make economic decisions, like advertising targets, based on this data. Before the data protection act, the data kept on you didn't have to be kept secure, meaning that cyber criminals could gain access to it and use it for malicious purposes, such as spam.
Types of data stored
When the data protection act was introduced, it was important to recognise the difference between what would become 'personal' data and 'sensitive data'. Essentially, personal data is data about you that is available to practically anyone, like your name, address or age. Sensitive data though, involves the data you may not want shared, such as your ethnicity, religious views or political opinions.
The 8 principles of the act
The data protection act describes how anyone storing data must behave in order to abide by the law
Personal data will be processed fairly and lawfully
This means that any data kept on an individual must have legitimate reasons for doing so. Companies are also required to tell you how they intend to use this data, as well as provide privacy notices. They must also ensure that they don't use this data with malicious intent and only as they have stated they will.
Personal data shall be kept only for specified reasons and will not be used in any manner incompatible with those purposes
As stated before, those collecting data on an individual must be clear abut why they are doing so and what they intend to do with it. This law states that if they make any changes as to how they wish to use your data, you must be informed and accept those changes before they can do so.
Personal data will be kept adequate, relevant and not kept excessively in comparison to the purposes for which they have stated
Companies must ensure that they aren't keeping data that isn't relevant to the specified purposes they have stated. The data must also be kept securely.
Data must be accurate and kept up to date where necessary
Companies are required to ensure that any data they obtain is accurate and up to date. The individual for who the data is kept on may request for this information to be changed when required, as well as request what data a company holds on them
Data must be kept no longer than is necessary for the purpose it is used for
Companies must make sure that they remove any personal information on an individual when it is no longer being used for the purposes it was obtained for.
Data must be processed in accordance with the rights of data subjects under this act
Data subjects (the person to which the data applies to) have the right to:
Request a copy of the data kept on them by a company
Prevent processing of their data for direct marketing
Have inaccurate data removed
Claim compensation for damages caused by a breach in the act
Object to decisions taken by automated means
Object to processing that could cause damage or distress, like causing them to get rejected job applications based on the data
Data must be kept secure, with appropriate measures taken to prevent unauthorised or unlawful access to the data
Any company keeping data on anyone must ensure that it is kept under suitable security, meaning that it should be unable to be accessed, destroyed or stolen. This doesn't only involve online security, but also physical - meaning that doors and windows must be kept locked in the room in which the data is kept.
Data must not be transferred to countries that do not have adequate protection
data should not be sent outside the European Economic Area (EEA), unless that country abides by an equivalent legalisation of data protection.
Roles within the DPA 1998
Data holder - The organisation keeping the data
Data subject - The person to which the data applies to
Data controller - The person within the organisation responsible for managing the data
Not all organisations have to follow the data protection act. The main example is that of data regarding on-going criminal investigations and matters that could affect someones security. In this case, no one would be able to request information on suspects or victims etc. Data for domestic reasons, like a private address, is also exempt.
Computer Misuse Act 1990
This act was passed as a response to the rising levels of cyber crime, combined with the inability of non-existing laws to punish it. There are 4 main offences within the act:
Unauthorised access to computer material
This offence comes into effect when someone attempts or succeeds in accessing any program or data that they know is unauthorised at the time. Anyone found guilty of this can face up to 1 year jail time, as well as a fine of up to £5,000.
This essentially made hacking anyone, even gaining access to your friends social media account, illegal in the UK.
Unauthorised access with intent to commit, or facilitate, commission of further offences
This offence comes into effect when someone does the same as act 1, but with the intention of committing, or facilitating a future, criminal offence. Someone could still commit this offence, even if they fail in their attempt.
Anyone found guilty can be imprisoned between 1-5 years and a substantial fine, depending on the severity. An example of this offence could be hacking into a bank with the intention of transferring funds to a bank account.
Unauthorised acts with intent to impair the operations of a computer, or similar
This offence comes into effect when someone knowingly carries our any act with the intention of harming the operation of a computer. It also covers any attempt that is made in order to harm someone else's access to programs or data on a computer.
Anyone found guilty of this can be put in prison for 1-10 years, or be given a large fine.
Making, accessing or supplying articles that are in offence of previously stated sections 1-3
If you supply, create or share any kind of material, with the intention of it being used to go against one of these sections, then you are guilty of this offence.
Copyright, Designs and Patents Act 1988
This act was extremely important to individuals or corporations who wanted any kind of work that they created to be protected as their own by law. It gives the creator of any kind of material the right to choose how that material is used. It is automatically applied from the moment the material is created. It usually lasts 70 years after the creator has passed away, or 50 years for sound recordings.
Offences under this act
This act makes it an offence to do any of the following, without direct consent from the owner. It is illegal to copy the work, rent or lend copies to the public, adapt the work, or perform/broadcast it in public.
Anyone who breaches this act can receive up to 2 years in prison, as well as expect a very large fine, rising based on the seriousness of the breach.
Exemptions from the act
There are some exemptions from the act. Material can be:
Used for educational purposes where no profit is being made
Made available for lending in a library
Duplicated / recorded in the case of a backup or with the intention of viewing later (like a tv show)
Used in a club/society (like a song / documentary)
Regulation Of Investigatory Powers Act 2000
This act was created in an effort to make provision for the interception of online communications. Under the act, the security services, government communication headquarters and the secret intelligence service can legally intercept private communications, decrypt them and place surveillance devices.
Provisions of the act
Regulates the situations and methods by which public bodies can carry out covert surveillance
Provides a framework that enables public authorities to carry out covert surveillance in compliance with the human rights act
Gives 5 broad categories of covert surveillance, including: Directed (photographing), Intrusive (bugging), Use of covert human intelligence sources (undercover officers following people), accessing communications data (record of emails, calls) and interception (listening to calls)
Allows government to issue an interception warrant in order to examine communications on the basis of national security, preventing crime, the interests of public order and safety or the economic well being on the UK. This part requires a warrant
Prevents the existence of interception warrants and any data collected from them being revealed in court
Enables the government to demand decryption keys be given to decrypt protected information and makes it a criminal offence to refuse to do so
Human rights and privacy campaigners feel that many of the acts provision show a lack of oversight and are worried that they could be open to misinterpretation. This was especially true in 2002, when the government requested a wider range of bodies (like local councils) be given the same powers. It was withdrawn following harsh backlash, but means that the act still remains a controversial one.