Professional Documents
Culture Documents
Cipher's actions can be addressed through several sections of the Digital Security Act, but
mostly can be confined to the Chapter VI of the law. Depending on the sections
punishments can be different in both compensation and imprisonment. Here’s a listing of
the sections by which Cipher can be condemned. We are assuming here on his goodwill
that he didn’t intend to commit any evil crime with his act.
Section Offense
32(1) Committing an offense under the Official Secrets Act, 1923 (Act No. XIX
of 1923) by means of computer, digital device, computer network, digital
network or any other digital means
2. According to the Act, the potential punishments Cipher could face for unauthorized
access and data extraction are as follows. We will assume that
(i) Cipher didn’t commit this crime for the second time.
(ii) The computer or computer system or computer network were’t protected as a
vulnerability had been found by Cipher him/heself.
4. The preventive measures the government and organizations could take to avoid such
incidents in the future is as follows.
(i) Rigorous testing of the system could have been done before deployment so that any
other potential vulnerabilities can be found and patched.
(ii) The data can be kept in an encrypted version so that even if someone gets his hands
on thai data, he/she cannot make any sense out of it.
(iii) Adopting more stricter laws can be proved useful. For example, along with the
imprisonment and fines, a restraining order could have been added barring the criminal
from getting into touch with computers ever again.
(iv) The users of the system could have been trained in a more advanced way more
strictly so that the confidentiality of the system holds.
(v) Another way could have been to fragment the database so that even if someone gets
her hand on one table, he/she can’t identify a person precisely without other tables.
(vi) The development of the database must be done with a skilled and competent person
with adequate knowledge and experience in this sector.
(vii) Regular auditing must have been done with penetration testing and threat analysis to
get a proper idea of the security of the database so that it can be updated with time.