GNED 136  Outline136 C ©
The Internet and its Impact on Society
As Taught by Prof. Tim Richardson richardson@witiger.com
.
.
changes last made 2003 Feb 25
.
outline136a.htm
outline136b.htm
outline136c.htm
outline136d.htm
.

identity theft - explained in class
- facilitated by access to information on the internet
.
http://www.witiger.com/ecommerce/privacyissues.htm.
.
 
Jurisdictional
Issues

 

One of the biggest challenges in Internet legal issues is the matter of jurisdiction.
If you are speeding in New York City, you can be pulled over by the New York City Police.
If you are speeding on a highway between metro areas, you can be arrested by New York State Troopers.
If you commit a crime that involves travelling between states, you can be arrested by the FBI.
If you commit a crime that is outside the jurisdiction of any particular countries - you will not be arrested since the law can only be enforced when their is an agency that has jurisdiction.
 
. Many companies involved in adult entertainment and gambling on the Internet think they can avoid prosecution of local and regional laws by having their server (the hardware machine that actually contains the .html pages being accessed) in various small countries in the Caribbean and this will allow them to avoid prosecution in USA, Canada of wherever they originated from.

The question of jurisdiction does not just apply to adult and gambling sites but as we can see in the case of Yahoo vs. France, relatively innocent companies can drawn into jurisdictional matters through 3rd party actions..
WTGR



http://fr.yahoo.com/
In August 2000 there was a case involving Yahoo which saw Yahoo being ordered by the French government to block access to sites auctioning Nazi memorabilia. In France, it is against the law for such things to be sold since it comes under the category of their anti-racism and hate crimes legislation. While "www.yahoo.fr" does not carry links to such Nazi sites, it is possible for people to go onther Yahoo sites and find Nazi auctions. Yahoo pleaded that it was technologically impossible to block people accessing such sites but the French government did not agree and took Yahoo to court. As of August 12, 2000, the French judge hearing the case had not yet called for Yahoo to be fined for failing to comply and was delaying his ruling.

The most interesting point coming out of the trial was the judge's "rejecting Yahoo's argument that French courts did not have the power to impose French law ... when French people tapped in to Yahoo's English language portal"
Reuters 



Update 2001
 
By Tim McDonald
 www.NewsFactor.com, 
 Part of the NewsFactor Network 
 November 8, 2001 
listed on E-Commerce Times site
"A federal [United States] judge said Wednesday [Nov 2001] that Yahoo! (Nasdaq: YHOO) is protected by the  First Amendment of the U.S. Constitution from French groups trying to force the  company to ban Nazi memorabilia on its auction sites.  Yahoo! was sued last year by anti-racism groups in France, despite the fact that the Nazi memorabilia was selling on a U.S. auction site aimed at U.S. customers, because French users were able to access the site.  Though Yahoo! has already taken most Nazi-related items off its global auction sites, the Internet portal asked U.S. District Judge Jeremy Fogel in San Jose, California to consider whether a French court could impose French law on a U.S.-based Internet company. Fogel ruled that Yahoo! would not have to comply with the French order to ban the items."
.
.
Security Considerations can be broadly categorized into three main areas (WTGR)

This section of GNED 136 will be focusing on Corporate Security
 
 
http://www.sans.org
  • In SAN's web page, which includes the listing "How To Eliminate The Ten Most Critical Internet Security Threats" their introduction serves to provide some important points we should consider in beginning this section of the IEC 719 course, namely:

  •  
    • The majority of successful attacks on computer systems via the Internet can be traced to exploitation of one of a small number of security flaws. 
    • Recent compromises of Windows NT-based web servers are typically traced to entry via a well-known vulnerability. 
    • A few software vulnerabilities account for the majority of successful attacks because attackers are  opportunistic – taking the easiest and most convenient  route. They exploit the best-known flaws with the  most effective and widely available attack tools. They  count on organizations not fixing the problems, and  they often attack indiscriminately, by scanning the  Internet for vulnerable systems.
    • System administrators report that they have not corrected these flaws because they simply do not know which of over 500 potential problems are the ones that are most dangerous, and they are too busy to correct them all
    .
     
    Security 
    Considerations
     

    Proper
    Procedures

    http://www.counterpane.com/ "Security is a process, not a product"

    Bruce Schneier, CTO of Counterpane and 
    Author of the book Applied Cryptography


    read the BusinessWeek article interviewing Bruce Schneier about "distributed denial-of-service attacks" 
     http://www.businessweek.com/2000/00_10/b3671089.htm

    " The nature of distance has also changed. In the world offline, your house only has 
    to be secure from criminals within driving distance. On the Net, eBay (EBAY) and 
    Yahoo! (YHOO) must be concerned about everyone on the planet. The hackers 
    need not be in America. This is the death of distance: Crime is no longer based on 
    proximity." 

    "We are dealing with fact that software products are always buggy, and probably always will be. At the same time, systems are too complex to secure. We actually can't test security to the level we need to. We'll see three or four major bugs in each new version of Windows or Explorer or Java. New products are coming out faster and faster, so we keep losing ground. We've been finding and fixing security bugs in past years, but none of those fixes transfers forward. For all these programs, a new version comes out, the new version is more complex, and there are new bugs."

     
    .

    http://www.witiger.com/ecommerce/cookies.htm
    .
     
    Virus
    Protection
    and
    business
    risk
     
     
     
     
     
     
     
     
     

    Virus
    Protection
    and
    business
    risk


    "IT's Battleground: The Quest for Virus Protection
    is the title of an August 4th, 2000 in Computing Canada 
     www.plesman.com/Archives/cc/2000/Aug/2616/cc261614a.html
     
    . It is not the intention of this part of the course to be able to adequately cover all the various types of viruses that may effect e-commerce since do not have the time not resources to do that satisfactorly - but, it is important to have some understanding of the business risk at stake here and try to evaluate if it is a serious problem, because - if it is a serious problem, then every e-commerce professional needs to add to their portfolio of knowledge, some degree of understanding about viruses. 

    WTGR

    .
    In this August 4rth article it is noted that 
    "A recent survey estimated that viruses and other destructive acts will cost large businesses (over 1,000 employees) worldwide $US1.6 trillion this year and result in almost 40,000 person-years of lost productivity ...It's no wonder the anti-virus software market has hit almost $US70 million so far  this year [2000]" 
     
    . Is the problem getting worse? At this stage statistics on known virus attacks seem to indicate the problem is getting worse. For the most part, security experts believe the majority of virus attacks are made by unhappy employees and egotistical hackers and crackers - it does not appear to be something that companies are employing against each other to give themselves a competitive edge - but it may not be long before this happens since businesses large and small have been known to use very "illegal and immoral" tactics to gain advantage. 

    WTGR

    .
    From the August 4rth article 
    "Symantec,  publisher of the market-leading Norton Anti-Virus, has seen an average of 115 new viruses each month this year, up 30 per cent from 1999." 
    .
     

    . This section on National Government Involvement in internet crime and e-business Security is not a core part of the course - but rather provided for your information. 

    It is hoped that you will be able to read a couple of these articles to get some idea of the degree to which the FBI, CIA, RCMP, CSIS etc. may or may not, be understanding of, and contributing to, a more safe environment for business on the Web.

    .
    National
    Government
    Involvement
    in internet
    crime and
    e-business
    Security
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    National
    Government
    Involvement
    in internet
    crime and
    e-business
    Security

    It was announced in August 2000 that The Federal Bureau of Investigation (FBI) will head up this year's World E-Commerce  Forum, at which global Internet security will be an issue for the first time. The full story announcing this event, written by Jennifer Hampton, was in the E-commerce Times in August. 
     www.ecommercetimes.com/news/articles2000/000804-7.shtml
    The reason why you would read this article is because it mentions that Michael Vatis, director of the FBI's 
     computer crime investigation unit "the goal of the summit ... is to identify how a global Internet security agency can be established, and how international law can be utilized to develop and enforce penalties against hackers and virus-mongers"

    http://www.nipc.gov/warnings/advisories/2000/00-060.htm

    "The National Infrastructure Protection Center (NIPC) serves as a national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity."
    Recommended by Mr. Sean Rooney 

     http://www.nipc.gov/warnings/advisories/2000/00-060.htm

    in this particular document 

    "... the NIPC has observed that there has recently been an increase [December 2000]  in hacker activity specifically targeting U.S. systems associated with e-commerce and other internet-hosted sites. The majority of the intrusions have occurred on Microsoft Windows NT systems, although Unix based operating systems have been victimized as well. The hackers are exploiting at least three known system vulnerabilities to gain unauthorized access and download propriety information. Although these vulnerabilities are not new, this recent activity warrants additional attention by system administrators. In most cases, the hacker activity had been ongoing for several months before the victim became aware of the intrusion."

    . The reason why we want to note a few of these American and Canadian government police and intelligence agencies is because they often are at the leading edge in trying to identify particular virus and hacker situations. 

    These agencies, when theyc ome across a "bad situation" try to make the public aware through different means - sometimes by issuing a press release, and other times by sending out emals (to subscribers) with details of the situation and howit may be addressed. ie. a particular patch from Microsoft.

    .
     
    National
    Government
    Involvement
    in internet
    crime and
    e-business
    Security 
     
     
     
     
     
     
     
     
     

    National
    Government
    Involvement
    in internet
    crime and
    e-business
    Security
     
     
     
     
     
     
     

    National
    Government
    Involvement
    in internet
    crime and
    e-business
    Security

    The FBI and
    "Carnivore"
    DSC1000, the U.S. government Web surveillance system known as Carnivore

    "Carnivore attaches a combination of hardware and software  applications to the network of an Internet Service Provider (ISP) and scans all of the e-mail and other transmissions to locate a "target" piece of e-mail or communication from a 
     specific person or suspect. Carnivore can analyze millions of messages per second while it searches for the specific messages that it wants. 

     The FBI is developing Carnivore to help the agency police cyberspace. Law enforcement officials have expressed increasing concern over how the Internet is used illegally for those who would anonymously distribute child pornography, 
     steal confidential proprietary information or wreak havoc on e-commerce giants by hacking into their systems". 
    by Dan Gebler  E-Commerce Times  August 3, 2000 

    full online article at 
     www.ecommercetimes.com/news/articles2000/000803-2.shtml

    The FBI and
    "Carnivore"
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    The FBI and
    "Carnivore"

    The FBI's own statement on their web site about using "Carnivore" 
     www.fbi.gov/pressrm/congress/congress00/kerr072400.htm

    These words come from a speech given by Donald M. Kerr, Assistant Director,     Federal Bureau of Investigation before the United States House of Representatives,  The Committee on the Judiciary 
    The speech was made July 2000 

    "The technical assistance of service providers in helping a law enforcement agency execute an electronic surveillance order is always important, and in many cases it is absolutely essential. This is increasingly the case with the advent of advanced communication services and networks such as the Internet. Title III mandates service provider assistance incidental to law enforcement's execution of electronic surveillance orders by specifying that a court order authorizing the interception of communication  shall upon the request....!

     
    .
     www.witiger.com/ecommerce/scams.htm.