Professional Documents
Culture Documents
Computers in a
Networked Society
Unit 4 Legal and
Professional
Issues in
Computing
Contents
Unit overview 1
Unit objectives 1
4.1 Cybercrime 2
Objectives 2
Introduction 2
What is cybercrime? 2
Types of cybercrime 5
Various cybercrimes 7
4.2 Cyberlaws 19
Objectives 19
Introduction 19
Objectives 28
Introduction 28
What is intellectual property? 28
Types of IP rights 29
Objectives 37
Introduction 37
Code of ethics 45
Objectives 53
Introduction 53
Summary of Unit 4 64
References 69
Glossary 70
Unit Overview
This unit is divided into five sections. The first section explores the various
types of cybercrimes and the precautions to be taken against them.
The second section provides an overview of cyberlaws and discusses
the need for these laws. Intellectual property rights and professional
ethics are covered in section three. The fourth section discusses moral
responsibility and codes of ethics in computing. Finally, the impacts of
computers on the environment and how to manage them are explored
in section five.
Unit Objectives
By the end of this unit, you should be able to:
1. Define cybercrime.
Introduction
Symantec (a cybersecurity company based in the United States) defines a
cybercrime as “any crime that is committed using a computer network or
hardware device”. It is vital for computer professionals, law enforcement
officials and even ordinary users to understand the different types and
categories of cybercrimes that exist. Once we understand the unique
threats posed by cybercrimes and their effects, we can implement
relevant security policies and procedures to ensure our safety.
What is cybercrime?
Computer crime or cybercrime consists of a large number of offences that
are related to the use of computers and online networks. They involve
criminal activities that have computer- or cyber-based aspects.
Cybercrimes pose a larger risk now than ever before, because of the
enormous number of people and devices that are connected online
globally. In fact, according to Norton (2016), in terms of being a
moneymaking source, cybercrimes have already surpassed the drug
trafficking trade in terms of revenue generated annually.
2. Pornography
4. Copyright infringement
One of the very largest cybersecurity attacks ever was carried out in 2013
when cybercriminals stole the data of millions of individuals from a retail
company called Target. The authorities believe that the cybercriminals
accessed Target’s network by hacking a different company that was in
charge of Target’s ventilation, heating and air conditioning system. This
is a clear example of how determined and resourceful cybercriminals
have become today.
Types of cybercrime
Cybercrimes involve a wide range of attacks. These attacks require
their own unique and focused solutions so as to improve online safety
and protect computer users. This is because affected computers or
other devices may be the victims of a crime, agents of cybercriminals
or conduits to facilitate cybercrimes.
Type 1 cybercrimes
Type 2 cybercrimes
Bot attacks
Certain bots will even clean up infected systems to ensure that they do
not get removed from their host computer by another bot. Other methods
by which bots spread include being downloaded by Trojans, installed by
certain websites or via emails from an infected system.
Via the command and control server, attackers are able to control their
botnets and give instructions to their entire army of zombie systems to
carry out tasks on their behalf. A typical botnet comprises a large number
of machines worldwide. In some cases, botnets may have hundreds or
thousands of computers globally.
Currently, Trojan horse attacks are the first part of a cyberattack and
their main aim is to remain hidden while enabling stronger threats such
as bots to be downloaded into a computer system. However, unlike
worms and viruses, Trojan horse programs cannot spread themselves.
To ensure replication, they are usually sent to a victim via an innocent-
looking email. After installation, Trojan horses continue to exist quietly
in infected systems and download spyware, bots and other malicious
programs to their host computers.
Trojans and spyware are classified as crimeware. Today, they are the
main methods used by cybercriminals worldwide to secure unauthorised
access to and illegally obtain data from computers. In fact, Symantec
estimates that these attacks comprise over 37% of all threats processed
by their company annually.
Spyware
Phishing attacks
Phishing attacks are online con-games. Phishers (the people who practise
phishing) use spam, fake websites, crimeware and other methods
to trick other people into revealing their sensitive data, such as their
banking information. Once they have collected enough information,
these cybercriminals may defraud their victims (e.g., by creating new
bank accounts by using the victim’s information) or sell the information
on the online black market (online identity theft).
Phishers often forward a large quantity of spam email. Every email carries
a message that looks like it originated from a trusted organisation (e.g.,
a bank). The messages may even include the organisation’s name and
logo. Written in an urgent professional style, these emails often request
that recipients provide their sensitive or personal data. The emails may
also direct recipients to fake websites. These fake websites look authentic
and their actual URL is masked so that they appear real to unsuspecting
visitors. They may ask visitors to provide confidential data (e.g., banking
data, passwords, etc.) As the emails and fake websites seem authentic,
the hope of the phishers is that at least a small number of recipients are
tricked into divulging their data. It is believed that about 1% – 10% of
email recipients are tricked by phishers, with a “successful” phishing
campaign having a response rate of around 5%.
There was also a variant of Code Red called Code Red II that installed
a “backdoor” into the computers that it had infected. Criminals could
then remotely run programs or carry out commands on infected systems,
leading to further compromises of these systems. Statistics from the
Malaysia Computer Emergency Response Team (MyCERT) indicate that
in 2001, these worms infected 40652 computers in August, 27705 in
September and 195 in October.
Nimda was the first worm-based attack that modified Web documents
and various executable files located on systems that it infected. Nimda
attacked computers that had been contaminated by the Code Red worm.
MyCERT statistics indicate that in 2001, the Nimda worm infected 9713
computers in September, 7654 in October and 462 in November. Total
damages were estimated at RM22 million, which did not take into account
lost business opportunities.
Blaster
The Blaster (or Lovsan or Posa) worm was discovered on August 11,
2003. It took advantage of a weakness in Windows NT, 2000 and XP.
At its peak, over 1.4 million computers were affected according to the
CERT Coordination Centre at Carnegie Mellon University. According to
MyCERT, about 500 systems were infected by this worm in Malaysia.
https://www.mycert.org.my/statistics/2016.php
2. Cyberthreats in Malaysia:
https://www.mycert.org.my/en/
It is important to note that doing this alone will not protect your
system from every attack out there. Nevertheless, it will make
it much more difficult for attackers to break into your system
as it will block many standard and automated attacks, and
can discourage less determined attackers from attempting an
attack.
When you want to visit a website, type in its URL directly into your
web browser instead of clicking on a link in an email or instant
message. Cybercriminals often make fake links look real. The
URLs of online banking and shopping portals or any other website
where secure information is used should contain the letter “s”
after the letters “http” (e.g., https://www.agcbank.com and not
just http://www.agcbank.com). The “s” signifies “secure”.
8. Do not easily trust online “offers” that are too good to be true
Activity 4.2
Describe the basic steps that you can take to secure your system
against cybercrime.
Self-test 4.1
Feedback
Activity 4.1
1. Define cyberlaws.
Introduction
Cyberlaws are laws that are specifically related to the Internet and various
computer offences. These laws encompass areas such as online fraud,
patent or copyright infringement, and online contracts. Cyberlaws are
growing in importance because our lives are becoming increasingly
intertwined with the Internet and the computer devices that we use.
Cyberlaws are part of the overall legal system in a country and specifically
deal with the Internet and cyberspace and their legal matters. Cyberlaws
encompass a broad area, including and not limited to freedom of
expression, access to and usage of online resources, and online privacy.
Cyberlaws have been collectively defined as the Law of the Internet.
Activity 4.3
PDPA
Data
integrity Security
principle principle
Notice
and choice Retention
principle principle
Figure 4.2 The elements of the Personal Data Protection Act 2010
Web Reference
Read the following article to learn more about the Personal Data
Protection Act 2010:
http://www.pdp.gov.my/images/LAWS_OF_MALAYSIA_PDPA.pdf
In this section, you learned about cyberlaws and why they are
vital in our modern world. You also learned about the cyberlaws
enacted in Malaysia including the Digital Signature Act 1997, the
Computer Crimes Act 1997 and the Personal Data Protection Act
2010.
Self-test 4.2
Feedback
Activity 4.3
Introduction
Intellectual property involves the ownership of ideas. Hence, intellectual
property differs from physical assets such as computers or vehicles.
Intellectual property may be protected through the use of patents,
copyrights or trademarks.
Types of IP rights
Individuals are given rights to keep private certain information that they
deem important. Laws are enacted to regulate the use, development,
and ownership of data and programs. This is normally done via patent
laws and trade secret laws. Actions can be pursued via legal channels
to protect the secrecy, integrity and availability of information.
A patent is protected for 20 years from the date of filing and a utility
innovation is protected for a period of 10 + 5 + 5 years from the date of
filing, subject to use.
Where to apply?
It is important to note that for reasons of national interest and security, any
Malaysian resident wishing to apply for a patent or certificate protection
outside Malaysia must first seek written authority from the Registrar.
Patentable inventions
1. It must be new, which means that the invention has not been
publicly disclosed in any form, anywhere in the world.
1. http://www.myipo.gov.my/en/1814-2/?lang=en%2F#
patentable_inventions
2. http://www.myipo.gov.my/en/trademark-basic/?lang=en%
2F#type-trademark
3. http://www.myipo.gov.my/en/copyright-basic/?lang=en%
2F#works-eligible-for-copyright
Activity 4.4
A. logo
B. copyright
C. trademark
D. patent
A. patent
B. copyright
C. trademark
D. licence
In addition, a part of the rights still belongs to the company if the employee
writes code that relates to his or her job in the company, even in his or
her free time. However, if someone writes code that has nothing to do
with a current work assignment or falls within a different area from a
work assignment, then the rights to the code belong to the programmer.
Companies have the right to protect their trade secrets and may require
that their employees sign an NDA (non-disclosure agreement).
With all this in mind, employment contracts should clearly state who has
the rights of ownership to the output of an employee’s effort.
Summary
Feedback
Activity 4.5
1. D
2. B
Introduction
Computing professionals have many different duties. They may code new
applications, design computer processors, and perform software testing
and validation. However, in carrying out their duties professionally, it is
important that they appreciate and understand the moral responsibility
and the code of ethics in computing. This is very important as their work
and actions affect the lives of millions, if not billions, of people worldwide.
This device relied on computer software to carry out its functions and
treat cancer patients using radiation. Unfortunately, from 1985 to 1987
the device caused several fatal accidents. Investigations were carried
out by the relevant authorities to determine the cause of these accidents.
Questions were asked as to who should be held responsible for the
deaths:
2. Was it the fault of the software engineers who wrote the code
and carried out software testing and failed to notice several
serious coding mistakes?
However, just as the storm cannot be blamed for moral failures, those
directly operating the Therac-25 device cannot be held morally responsible
since they adhered to the standard operating procedure (SOP) and the
information displayed on their machines regarding radiation levels was
actually misleading. The SOP only went so far as to ask the operators
to ensure that the equipment was working properly based on the data
displayed by their machines.
Role responsibility
Legal responsibility
Moral responsibility
Responsibilities to employers
All employees are expected to work for and on behalf of their employers
in a loyal fashion. Most importantly, computing professionals must be
alert to various possible conflicts of interest. These are situations where
they may owe their loyalty to third parties.
Code of ethics
It is important to be able to differentiate between laws and ethics. Laws
are different from ethics in that laws are set out in written form, passed
by a legislature elected by voters (e.g., Parliament) and are subsequently
interpreted by judges in the courts. Laws apply to all individuals and are
enforced by the relevant authorities.
The differences between ethics and laws are outlined in Figure 4.5.
Ethics Laws
Various laws are passed to control and regulate the usage of computers
and online resources. Even so, legal matters in the technology industry
are not often as straightforward as they may seem. This is because
technology and the Internet are developing constantly and this results in
various complex legal and ethical issues. These legal and ethical issues
have an effect on various areas of computing technology and the Internet,
including privacy issues, data sharing, hacking and environmental issues.
What is the data or information that we can classify as private and how
is the ownership of such data or information established? For instance,
personal pictures that are uploaded by people on social networks may
become the legal property of a social network company. Therefore, it is
important to identify the level at which such private data can be used
and the purpose of use. For general users, uploading highly personal
information is discouraged, as it may end up in the hands of various third
parties and remain on the Internet for a long time.
Data sharing
Hacking
The term “hacking” has both positive and negative connotations. Hacking
may be activities that involve an irregular use of or an attempt to infiltrate
a computer system. From a negative perspective, hacking can be used
to discover weaknesses in computer systems in order to locate and steal
sensitive data. Hacking can also be positive, in that it can be used to:
Hackers who hope to achieve positive goals are called “white hats” while
those engaging in criminal activity are called “black hats”.
A code of ethics lays out ideals which professionals can strive to meet.
It can inform new members of their professional obligations and educate
members of the public on how they can expect professionals to behave.
The foundations of computer ethics were laid down during World War
Two and have subsequently been developed into what we have today.
A Massachusetts Institute of Technology (MIT) professor named Norbert
Wiener planted the seeds of ethics in the computing industry in his book
Cybernetics (1948: 27 – 28). He wrote:
“It has long been clear to me that the modern ultra-rapid computing
machine was in principle an ideal central nervous system to an
apparatus for automatic control; and that its input and output need
not be in the form of numbers or diagrams but might very well
be, respectively, the readings of artificial sense organs, such as
photoelectric cells or thermometers, and the performance of motors
or solenoids...
Both the IEEE and ACM have followed codes of ethics for the benefit
of their respective members. The ACM code that was instituted in 1992
encompasses “general moral imperatives”, including “avoid harm to
others” and “be honest and trustworthy”. This code also contains more
specific professional responsibilities such as “acquire and maintain
professional competence” and “know and respect existing laws pertaining
to professional work.”
For the IEEE, their code of ethics (1990) encompasses principles including
“avoid real or perceived conflicts of interest whenever possible” and “be
honest and realistic in stating claims or estimates based on available
data.”
Activity 4.6
Self-test 4.4
Feedback
Activity 4.6
Introduction
Computers and gadgets such as mobile devices have become inseparable
parts of modern life. These devices have undeniably made our lives
easier in many different ways. However, it is also important to consider
the impact of computing on the environment, particularly the results of
the production, use and ultimate disposal of these devices.
Toxic techno-trash
These toxic materials may ultimately seep into the ground and
contaminate our drinking water and edible plants, and affect the fauna
in the surrounding areas. Thus, many developed countries have banned
techno-trash from waste dumps.
Scientists believe that over the last 100 years, the quantity of greenhouse
gases in our atmosphere has shot up tremendously as a result of carbon
emissions. Carbon emissions come from industrial plants, vehicles and
power plants. Carbon emissions also come from human beings and
current livestock farming methods. All of these contribute to serious
global warming.
Before recycling your computer, you must remove all sensitive data
contained on the hard disk. Usually, most people will simply try to erase
their data. However, doing this only partially erases the data.
Cybercriminals can discover this “deleted” data (in the “Recycle Bin”
for instance), and use the data for their illegal purposes. Therefore, to
ensure full protection against this, you need to install and run software
that can “sanitise” your hard disk before disposing of it.
Another great option is to donate rather than dispose of your old mobile
devices. Old but functional mobile devices can be useful to the poor.
In Figure 4.7, we can see that computers and electronic devices are
constructed from metals, plastics and glass among other things. Once
these devices are earmarked for recycling, the first step involves manual
disassembly, which means deconstructing the devices into their smallest
components.
Web Reference
http://www.thenewecologist.com/2010/04/recycling-statistics/
Many businesses that sell brand new ink cartridges for printers can fill
up our old ink cartridges for a tiny fraction of the original cost. From an
environmental perspective, every ink cartridge that we dispose of may
require 400 to 1000 years to fully decompose.
However, not all ink cartridges allow for refills, and even cartridges that
have been filled up before will eventually break down after repeated use.
Once this occurs, we can recycle them.
Activity 4.7
Web Reference
https://pubs.usgs.gov/fs/fs060-01/fs060-01.pdf
Self-test 4.5
Feedback
Activity 4.7
(https://www.cru-inc.com/products/wiebetech/wiebetech_
drive_erazer_ultra/)
(https://dban.org/)
Summary
Feedback
Self-test 4.1
Self-test 4.2
Self-test 4.3
Lucas can:
Self-test 4.4
Self-test 4.5
COURSE COORDINATOR
Ms. Tan Cheng Peng
PRODUCTION
In-house Editor: Mr. Yeap Hock Aun
Graphic Designer: Ms. Audrey Yeong
Wawasan Open University is Malaysia’s first private not-for-profit tertiary institution dedicated to
adult learners. It is funded by the Wawasan Education Foundation, a tax-exempt entity established
by the Malaysian People’s Movement Party (Gerakan) and supported by the Yeap Chor Ee Charitable
and Endowment Trusts, other charities, corporations, members of the public and occasional grants
from the Government of Malaysia.
The course material development of the university is funded by Yeap Chor Ee Charitable and
Endowment Trusts.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or
transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or
otherwise, without prior written permission from WOU.