GNED 136  Outline136 C ©
The Internet and its Impact on Society
As Taught by Prof. Tim Richardson richardson@witiger.com
.

identity theft - explained in class
- facilitated by access to information on the internet
.
.
.
 

Jurisdictional Issues

One of the biggest challenges in Internet legal issues is the matter of jurisdiction. If you are speeding in New York City, you can be pulled over by the New York City Police. If you are speeding on a highway between metro areas, you can be arrested by New York State Troopers. If you commit a crime that involves travelling between states, you can be arrested by the FBI. If you commit a crime that is outside the jurisdiction of any particular countries - you will not be arrested since the law can only be enforced when their is an agency that has jurisdiction.   . Many companies involved in adult entertainment and gambling on the Internet think they can avoid prosecution of local and regional laws by having their server (the hardware machine that actually contains the .html pages being accessed) in various small countries in the Caribbean and this will allow them to avoid prosecution in USA, Canada of wherever they originated from. The question of jurisdiction does not just apply to adult and gambling sites but as we can see in the case of Yahoo vs. France, relatively innocent companies can drawn into jurisdictional matters through 3rd party actions.. WTGR In August 2000 there was a case involving Yahoo which saw Yahoo being ordered by the French government to block access to sites auctioning Nazi memorabilia. In France, it is against the law for such things to be sold since it comes under the category of their anti-racism and hate crimes legislation. While "www.yahoo.fr" does not carry links to such Nazi sites, it is possible for people to go onther Yahoo sites and find Nazi auctions. Yahoo pleaded that it was technologically impossible to block people accessing such sites but the French government did not agree and took Yahoo to court. As of August 12, 2000, the French judge hearing the case had not yet called for Yahoo to be fined for failing to comply and was delaying his ruling. The most interesting point coming out of the trial was the judge's "rejecting Yahoo's argument that French courts did not have the power to impose French law ... when French people tapped in to Yahoo's English language portal" Reuters  Update 2001   By Tim McDonald  www.NewsFactor.com,   Part of the NewsFactor Network   November 8, 2001  listed on E-Commerce Times site "A federal [United States] judge said Wednesday [Nov 2001] that Yahoo! (Nasdaq: YHOO) is protected by the  First Amendment of the U.S. Constitution from French groups trying to force the  company to ban Nazi memorabilia on its auction sites.  Yahoo! was sued last year by anti-racism groups in France, despite the fact that the Nazi memorabilia was selling on a U.S. auction site aimed at U.S. customers, because French users were able to access the site.  Though Yahoo! has already taken most Nazi-related items off its global auction sites, the Internet portal asked U.S. District Judge Jeremy Fogel in San Jose, California to consider whether a French court could impose French law on a U.S.-based Internet company. Fogel ruled that Yahoo! would not have to comply with the French order to ban the items."

.
.
Security Considerations can be broadly categorized into three main areas (WTGR)

• National
• security of the country's border, property and assests from general external risk and threats
• protection and defense against the activities of hostile countries or organizations
• security and safety of the citizens
• Corporate
• security of the company's property and assests from general and unspecified external risk and threats
• protection and defense against the targeted activities of hostile competitive companies, organizations or individuals - which would negatively effect the company's ability to achieve profit and the prime corporate goals
• security and safety of the employees
• Personal
• security for your family and protection of property
• personal protection and defense against an attack specifically directed to you

In SAN's web page, which includes the listing "How To Eliminate The Ten Most Critical Internet Security Threats" their introduction serves to provide some important points we should consider in beginning this section of the IEC 719 course, namely:

The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws.  Recent compromises of Windows NT-based web servers are typically traced to entry via a well-known vulnerability.  A few software vulnerabilities account for the majority of successful attacks because attackers are  opportunistic – taking the easiest and most convenient  route. They exploit the best-known flaws with the  most effective and widely available attack tools. They  count on organizations not fixing the problems, and  they often attack indiscriminately, by scanning the  Internet for vulnerable systems. System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all

Security  Considerations   Proper Procedures

"Security is a process, not a product" Bruce Schneier, CTO of Counterpane and  Author of the book Applied Cryptography read the BusinessWeek article interviewing Bruce Schneier about "distributed denial-of-service attacks"   http://www.businessweek.com/2000/00_10/b3671089.htm " The nature of distance has also changed. In the world offline, your house only has  to be secure from criminals within driving distance. On the Net, eBay (EBAY) and  Yahoo! (YHOO) must be concerned about everyone on the planet. The hackers  need not be in America. This is the death of distance: Crime is no longer based on  proximity."  "We are dealing with fact that software products are always buggy, and probably always will be. At the same time, systems are too complex to secure. We actually can't test security to the level we need to. We'll see three or four major bugs in each new version of Windows or Explorer or Java. New products are coming out faster and faster, so we keep losing ground. We've been finding and fixing security bugs in past years, but none of those fixes transfers forward. For all these programs, a new version comes out, the new version is more complex, and there are new bugs."

.
 

Virus Protection and business risk                   Virus Protection and business risk

"IT's Battleground: The Quest for Virus Protection"  is the title of an August 4th, 2000 in Computing Canada   www.plesman.com/Archives/cc/2000/Aug/2616/cc261614a.html   . It is not the intention of this part of the course to be able to adequately cover all the various types of viruses that may effect e-commerce since do not have the time not resources to do that satisfactorly - but, it is important to have some understanding of the business risk at stake here and try to evaluate if it is a serious problem, because - if it is a serious problem, then every e-commerce professional needs to add to their portfolio of knowledge, some degree of understanding about viruses.  WTGR . In this August 4rth article it is noted that  "A recent survey estimated that viruses and other destructive acts will cost large businesses (over 1,000 employees) worldwide $US1.6 trillion this year and result in almost 40,000 person-years of lost productivity ...It's no wonder the anti-virus software market has hit almost $US70 million so far  this year [2000]"    . Is the problem getting worse? At this stage statistics on known virus attacks seem to indicate the problem is getting worse. For the most part, security experts believe the majority of virus attacks are made by unhappy employees and egotistical hackers and crackers - it does not appear to be something that companies are employing against each other to give themselves a competitive edge - but it may not be long before this happens since businesses large and small have been known to use very "illegal and immoral" tactics to gain advantage.  WTGR . From the August 4rth article  "Symantec,  publisher of the market-leading Norton Anti-Virus, has seen an average of 115 new viruses each month this year, up 30 per cent from 1999."

.
 

National Government Involvement in internet crime and e-business Security                                 National Government Involvement in internet crime and e-business Security

It was announced in August 2000 that The Federal Bureau of Investigation (FBI) will head up this year's World E-Commerce  Forum, at which global Internet security will be an issue for the first time. The full story announcing this event, written by Jennifer Hampton, was in the E-commerce Times in August.   www.ecommercetimes.com/news/articles2000/000804-7.shtml The reason why you would read this article is because it mentions that Michael Vatis, director of the FBI's   computer crime investigation unit "the goal of the summit ... is to identify how a global Internet security agency can be established, and how international law can be utilized to develop and enforce penalties against hackers and virus-mongers" "The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity." Recommended by Mr. Sean Rooney   http://www.nipc.gov/warnings/advisories/2000/00-060.htm in this particular document  "... the NIPC has observed that there has recently been an increase [December 2000]  in hacker activity specifically targeting U.S. systems associated with e-commerce and other internet-hosted sites. The majority of the intrusions have occurred on Microsoft Windows NT systems, although Unix based operating systems have been victimized as well. The hackers are exploiting at least three known system vulnerabilities to gain unauthorized access and download propriety information. Although these vulnerabilities are not new, this recent activity warrants additional attention by system administrators. In most cases, the hacker activity had been ongoing for several months before the victim became aware of the intrusion." . The reason why we want to note a few of these American and Canadian government police and intelligence agencies is because they often are at the leading edge in trying to identify particular virus and hacker situations.  These agencies, when theyc ome across a "bad situation" try to make the public aware through different means - sometimes by issuing a press release, and other times by sending out emals (to subscribers) with details of the situation and howit may be addressed. ie. a particular patch from Microsoft. .