Cyber security Legal and regulatory aspects

Cyber securityLegal and regulatory aspects

Dr. Mona Al-AchKar JabbourProfessor of Law- Filiere FrancophoneLebanese University

IEEE Lebanon Communications workshop 2010 (IEEE LCW10)18 Dec 20101Objective A birds eye view of the outlay of the legal and regulatory aspects of cyber security2Defining Cyber Security Safety in the cyberspaceIndividualsEntreprisesGovernemntsInter-state relationsRights and obligations Technology -(directive EU 98/84 CE 20 Nov. 1998 protection of Services with authorized accesslike encrypted Channel and services) protection of security technology

3issues of cyber security:Crimes and assaults -1- Information securitySystems and information protection(Continuing disclosures of major data breaches at financial institutions, government agencies and academic institutions globally )Critical infrastructure protectionContinuing releases of malware and the increased sophistication of their deployments (e.g., Stuxnet)Cyber defense National security governmental monitoring and filtering (or censorship) of Internet use and contentDetection System Cyber war The cyber-attacks on key infrastructure in Lithuania, Estonia, Georgia and other countriesGovernmental and commercial espionage

4issues of cyber security:Crimes and assaults -2-Cyber crime online fraudidentity theft,child pornography intellectual propertyMoney launderingCyber TerrorismSpamming, phishing, spyware, malware.

5Legal aspects Tricky balance Responses to cyber security challenges:Human rights values ((privacy, anonymity, freedom of expression and freedom of association)- Democracy of the internet and human development goals(new rights: universel right of access to knowledge)- Economic interests(innovation, competition, protection of trade secrets and intellectual property)Personal and sensitive data (directive 95/46 EU)

6Content of Cyber security regulationE-commerce (defining a framework where e-commerce operation can develop in trust)Civil liberties and human rights (racism, child pornography, slander)Intellectual property (protection of economic rights)Illegal content & illegal access Spamming, spyware and malware

7Who regulates the cyberspace?

Legislation:Problematic situation Traditional Legislation unable to keep up

Code-architecture Standards (user empowerment)

8New paradigms International organization : managing techniques of the internets users behaveTechnical regulators (IETF, W3C, ICANN, OECDE, UNESCO, ISO, OMC (libre echange en matiere de commerceLegislators and judges have to consider this reality9the Effective mixMultilateralism governance Governments social society private sectorIntergovernmental organizations such as: ITU and UNESCONon-governmental bodies such as the Internet Engineering Task Force (IETF).

10Responses to cross-borders cybersecurity issuesSovereignty levelNational RegionalInternationalEconomic level.11Paving the way- United Nations -1990: 8th UN Congress on the Prevention of Crime and the Treatment of Offenders (recommendations concerning cybercrime investigations)1995: Manual on the Prevention and Control of Computer Related Crime (examines a wide range of issues related to crime and technology)December 2000 and January 2002, the UN adopted General Assembly Resolutions 55/63 and 56/121 on Combating the Criminal Misuse of Information Technologies

12international regulation

Laws enforced through international treaties such as the Council of Europes Convention on CybercrimeLaws enforced through the Internet architecture by the Internet Corporation for Assigned Names and Numbers (ICANN).. Unintentional laws enforced through existing international mechanisms such as the World Trade Organization (WTO) .. laws imposed by market power such as Europes privacy laws and Chinas smut laws ..

13Key international regulationsLaw of 23 janvier 2006 to counter terrorisme (France) Patriot Act - USASarbanes-Oxley (SOX), SEC (Securities Exchange Act)UNGA Resolutions 55/63 and 56/121 the Council of Europe's Convention on Cybercrime.NASD (National Association of Securities Dealers) (USA)Law n 2004-575 of 21 juin 2004 trust in digital economy (France)

14International regulation 2directive of the EU on Copyright and other related Rights in Information Society 2001.The Australian Co regulatory regimes in the areas of content regulation (Broadcasting Services ( online services) Amendment Act 1999 and privacy Act 2000. the ICANNs Domain name dispute resolution policy adopted by WIPO and administered by it to resolve domain name disputes between parties that may belong to different jurisdictions.

15International regulation 3the Council of Europe (COE) adopted a Convention on Cybercrime 2001

The treaty addresses three sets of issues: - categories of cybercrime that nations should address in their criminal codes; - Principles and measures the authorities governments should adopt in order to access communications or stored records for evidentiary purposes; - the mechanisms for transnational cooperation.the Budapest Convention has entered into force in 30 countries, and another 21 countries have signed it or been invited to accede. some 100 countries used the Budapest Convention when developing national cyber-crime legislation.

16Other tools - 1the Commonwealth of Nations has issued a Model Law on Computer and Computer Related Crimes,the ITU draft cybercrime legislationUnder WSIS Action line C5, in 2007, the ITU Secretary-General launched the Global Cybersecurity Agenda to provide a framework within which an international response to the growing threats and challenges can be coordinated and addressed. Then in 2008, ITU launched the child online protection initiative.

17Other tools -2The national strategies for cyber-security The European Program for Critical Infrastructure Protection set forth in a Directive EU COM(2006) 786The Program also applied to the European Economic Area. Action Plan to Combat High-Tech Crime (G8) The Europol Computer System (TECS)

18

Military and Diplomatic Response Cyber-War In January 2010, ITU Secretary General Hamadoun Toure proposition at the World Economic Forum in Davos NATO issued an experts report, NATO 2020: Analysis and recommendations of the group of experts on a new strategic concept for NATO 19League of Arab StatesModel law Law of Arab emirates to fight IS crimes adopted by:Board of ministers of Justice 495/D19 8/10/2003Board of arab ministers of homeland security. arrete 417/ 21 du 2004

20Lebanon response 21Thank you all

moacja@ul.edu.lb

22