Consequences of uses for computing Flashcards
A student has decided to develop an online library for digital content. Users will need to sign up with their name, email address and postal address (for verification) and will then be able to access one selected album, fil, or TV program for 24 hours. At the end of the 24 hours the user will be able to select a new digital product.
State the names of relevant pieces of legislation the student should be aware of (3 marks)
- Copyright, Designs and Patents Act/Copyright:
- Data Protection Act OR General Data Protection Regulation (GDPR):
- Regulation of Investigatory Powers Act (RIPA):
In 2012, a charity offering pregnancy advice and pregnancy terminations was maliciously accessed and the names, addresses and phone numbers of several thousand people were copied.
The organistion later admitted that they did not realise that the data was stored as part of their website and did not take steps to protect the data.
How it was possible for this data to be stored as part of the website?
- Data entered into an online OR HTML form.
- Details saved to a file/database stored on the web server.
- Staff access these details remotely OR without being aware of the exact location of the data.
In 2012, a charity offering pregnancy advice and pregnancy terminations was maliciously accessed and the names, addresses and phone numbers of several thousand people were copied.
The organistion later admitted that they did not realise that the data was stored as part of their website and did not take steps to protect the data.
Discuss steps the owners of the charity could have taken to prevent the data from being accessed (4 marks)
- Data stored somewhere other than on the web server – transferred to a secure computer that is not running a web server as soon as it is entered.
- Data stored in a folder that is not publicly accessible OR outside the public-facing folders in the web server’s folder structure.
- Data encrypted so that if the data is accessed it cannot be understood.
- Permissions used so that where the data is stored on the web server, only members of a specific group of users would be able to access the data.
- (Refuse ‘password protected’ as this is vague and, alone, would not provide sufficient levels of security.)
In 2012, a charity offering pregnancy advice and pregnancy terminations was maliciously accessed and the names, addresses and phone numbers of several thousand people were copied.
The organistion later admitted that they did not realise that the data was stored as part of their website and did not take steps to protect the data.
Discuss what legal and ethical issues might have arisen as a result of storing this data as part of the website
- Does this constitute personal data?
- What are the possible consequences for users who have had their personal data compromised?
- Potential for blackmail.
- Potential for reprisal from militant pro-life groups.
- Damage in trust OR damage to public reputation of the charity.
- Who designed/maintained the online system – was it in-house or contracted out, and how much of the blame should fall with each party?
- Was the Data Protection Act breached? Legislation says that data should be held securely, but there are no explicit rules about exactly what this means.
- Did the person who accessed the data break the Computer Misuse Act?
- Could the access be classed as unauthorised if it was unsecured?
- What legal penalties should apply to the charity?
- What legal penalties should apply to the person who accessed the data?
- What legal recourse is there for the users whose details were accessed?
In 2012, a charity offering pregnancy advice and pregnancy terminations was maliciously accessed and the names, addresses and phone numbers of several thousand people were copied.
The organistion later admitted that they did not realise that the data was stored as part of their website and did not take steps to protect the data.
Discuss what lessons the charity might have learnt from the incident and how their practices might have changed as a result
- Improved training for developers in terms of the legal requirements of data security.
- Need for scrutiny of the system/penetration testing to ensure that data is secure.
- All personal data should be encrypted.
- No personal data should be stored on a public-facing server.
A student has decided to develop an online library for digital content. Users will need to sign up with their name, email address and postal address (for verification) and will then be able to access one selected album, fil, or TV program for 24 hours. At the end of the 24 hours the user will be able to select a new digital product.
Explain the relevance of the Copyright, Designs and Patents Act for the student (4 marks)
- Student doesn’t necessarily own the intellectual property rights/copyright permissions to share the resources.
- If the student fails to gain permission from the relevant copyright holders they will be in breach of the law.
- The users of the service may still have access to the file after the 24 hours if they have made a local copy.
- Possibility to include DRM as part of the file in order to prevent access after the 24 hours.
A student has decided to develop an online library for digital content. Users will need to sign up with their name, email address and postal address (for verification) and will then be able to access one selected album, fil, or TV program for 24 hours. At the end of the 24 hours the user will be able to select a new digital product.
Explain the relevance of the General Data Protection Regulation (GDPR) for the student (5 marks)
- The student has a legal responsibility to ensure that any personal data is held securely.
- The data collected must be adequate, relevant and not excessive.
- The data must not be kept for longer than is necessary.
- The data must not be transferred to another country without similar regulation.
- The user must be able to have their data deleted on request.
A student has decided to develop an online library for digital content. Users will need to sign up with their name, email address and postal address (for verification) and will then be able to access one selected album, fil, or TV program for 24 hours. At the end of the 24 hours the user will be able to select a new digital product.
Explain the relevance of the Regulation of Investigatory Powers Act (RIPA) for the student
- The student may need to comply with a request for access to data from authorities.
- This may include logs of specific items accessed/times/dates.
(Refuse reference to Computer Misuse Act as this is aimed at those who would gain unauthorised access and not at the student hosting the site.)
A student has decided to develop an online library for digital content. Users will need to sign up with their name, email address and postal address (for verification) and will then be able to access one selected album, fil, or TV program for 24 hours. At the end of the 24 hours the user will be able to select a new digital product.
Explain why the Computer Misuse Act is not relevant to the student
The Computer Misuse Act as this is aimed at those who would gain unauthorised access and not at the student hosting the site
Explain some of the challenges that face legislators in the digital age. [3 marks]
Any 3 from:
- Information can be combined/processed/transferred in ways that were not previously possible
- Technology evolves quickly (so difficult for law to keep up with changes) // new types of crime become possible // some crimes are easier // future problems may not be understood
- Global nature of Internet means crimes may be committed in one country from outside its direct jurisdiction // laws are often national/local whilst the Internet is global // digital crime can be committed from a great distance // different countries have different laws
- Some crimes may be committed by states rather than individuals
- Different countries/cultures may have different attitudes to principles important to computer science (such as copyright, intellectual property, privacy); Note: this point relates to attitudes not legislation
- Methods such as encryption make it harder to monitor criminal activity // electronic evidence may be harder to gather than physical evidence // can be harder to identify culprits online (eg by use of proxies, VPN) // peer-to-peer systems make it harder to identify criminal
- Individuals may have access to large amounts of sensitive information that may be of public interest // conflicts between freedom of speech/information and privacy/state secrets
- Technology companies (can use their wealth) to lobby for their own interests // concern over influence of companies on legislators
- Resources required to enforce legislation may not be available