Sunday, 30 October 2016

Regulation of Investigatory Powers Act (2000)

Regulation of Investigatory Powers Act (2000)

Image result for Regulation of Investigatory Powers Act (2000)

The Regulation of Investigatory Powers Act basically allows people with the correct clearance to carry out surveillance and potential investigation. On top of that said person's can carry out interception of communications.

These are the main points of the legislation: 

      Authorization of directed surveillance.

(1)    Subject to the following provisions of this Part, the persons designated for the purposes of this section shall each         have power to grant authorizations for the carrying out of directed surveillance.
(2)   A person shall not grant an authorization for the carrying out of directed surveillance unless he believes—
(a)that the authorization is necessary on grounds falling within subsection (3); and
(b)that the authorized surveillance is proportionate to what is sought to be achieved by carrying it out.
(3)   An authorization is necessary on grounds falling within this subsection if it is necessary—
(a)in the interests of national security;
(b)for the purpose of preventing or detecting crime or of preventing disorder;
(c)in the interests of the economic well-being of the United Kingdom;
(d)in the interests of public safety;
(e)for the purpose of protecting public health;
(f)for the purpose of assessing or collecting any tax, duty, levy or other imposition, contribution or charge payable to a government department; or
(g)for any purpose (not falling within paragraphs (a) to (f)) which is specified for the purposes of this subsection by an order made by the Secretary of State.
(4)   The conduct that is authorized by an authorization for the carrying out of directed surveillance is any conduct that—
(a)consists in the carrying out of directed surveillance of any such description as is specified in the authorisation; and
(b)is carried out in the circumstances described in the authorization and for the purposes of the investigation or operation specified or described in the authorization.

(5)  The Secretary of State shall not make an order under subsection (3)(g) unless a draft of the order has been laid           before Parliament and approved by a resolution of each House.
 http://www.legislation.gov.uk/ukpga/2000/23/section/28 http://www.intelsecurity.co.uk/slir/w691/images/stories/additionalFields/content-3-40-iss%2022.jpg https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000

Police and Justice Act (2006)

  Police and Justice Act (2006)
Image result for police and justice act 2006 definition

This act aims to create a National Policing Improvement Agency. This agency intends to make arrangements for police forces and police authorities and make arrangements regarding police pension. It also intends to make set rules in terms of police powers and duties of the community support officers. 

The main points of this act are as follows: 
  1.  Establishes the National Policing Improvement Agency.
  2.  Grants the home secretary additional powers to intervene over under performing police forces.
  3.  Allows the police to demand passenger manifests on domestic flights.
  4.  Creates an internal border within Britain: passengers on domestic flights and ferries can be required to carry identity papers. 
  5.  Empowers police officers to stop and search individuals and vehicles at airports.
  6.  Allows the police to impose electronic tags and curfew restrictions when they grant conditional bail.
  7.  Permits the home secretary the authority to widen the list of professions granted the power to issue fixed penalty notices, without seeking further parliamentary approval.
https://www.theguardian.com/commentisfree/libertycentral/2008/dec/16/police-justice-act
http://www.legislation.gov.uk/ukpga/2006/48/contents
http://image.slidesharecdn.com/saferswanseapartnershipstrategicprogressatapr2010-100628063739-phpapp02/95/safer-swansea-partnership-3-728.jpg?cb=1277707259

Thursday, 20 October 2016

Intellectual Property Act (2014)

 Intellectual Property Act (2014)
Image result for Intellectual Property Act (2014)

The intellectual Property Act is an attempted to modernize copyright law and help new designers and patent -holders protect their IP. It is hoped that the changes will get business get more involved and provide better balance to protect designer rights. Many changes are being made to benefit small to medium sized enterprises.

What counts as Intellectual Property?

Intellectual Property is something unique that you physically create. An idea own its own is not IP (Intellectual Property). As an example a new book idea is not and words you have written are.

Changes (Improvements) are as follows: - 

1.  Marking Products with a Link
Prior to 1 October 2014, patented products had to be marked with a specific patent number to reduce the possibility of a potential infringer claiming that they were not aware of the infringing act. Section 15 IPA 2014 gives patent-owners the option to mark their products with an internet link which takes the user to a website which details the specific patent number associated with the patented product.
2.  Unified Patent Court (UPC)
In future, inventions may be protected in up to 25 EU countries by way of a single unitary patent. The UPC will be a new specialist patents court with competence to deal with the new unitary patent as well as European bundle patents. The IPA 2014 lays the groundwork for the introduction of the UPC in the UK. London is to be one of the three main centres of the new Pan-EU Court together with Paris and Munich.
3.  Extension of the IPO Opinion Service
Launched in 2005, the IPO Opinion Service helps businesses resolve patent disputes by providing a quick and affordable assessment on the question of validity or infringement of a patent. An opinion, although non-binding in nature, can assist in resolving a dispute before it escalates into full litigation before the courts. An opinion costs £200. The success of the Opinion Service means that the range of issues on which opinions can be issued is being extended. In addition, the Intellectual Property Office will be able to start the process of revoking a patent if an opinion has been issued indicating that the patent is not new and inventive. The aim is to provide a faster, cheaper service for businesses facing patent disputes.
Design Rights
1.  Criminal Offence for Copying
Section 13 IPA 2014 creates a new criminal offence for infringement of registered designs. It is now an offence for a person in the course of a business to intentionally copy a registered design so as to make a product exactly to that design or only immaterially different.  The person must know or have reason to believe that the design is a registered design.  There is a similar offence applicable to parties offering, marketing, importing or using, or stocking such products in the course of a business.  The offence is punishable by imprisonment of up to 10 years and by fines, and applies to both UK and EU Community registered designs.
2.  Ownership
Since first introduced in 1989, unregistered designs commissioned by one party from a third party designer have been owned by the commissioning party unless there is an agreement that provides otherwise. Section 2 IPA 2014 changes this so that for registered designs and unregistered designs) the first owner of the work will be the designer, not the commissioner, unless there is a contract which provides otherwise.
3.  Introduction of Opinion Service for Designs
Section 11 IPA 2014 allows for regulations to enable persons to seek a non-binding opinion from the IPO as to whether a registered design is unoriginal. It is intended that this will operate in a similar way to the existing Opinion Service for patents and aims to give parties an indication of the strength of their position before embarking on costly design rights proceedings. The Opinion Service should be finalised and implemented next year.
4.  Prior User Rights
The IPA 2014 offers some limited protection to those who, in good faith, start to use a design, but who subsequently find someone else has registered that same design before they have done so. If these circumstances arise, a user may continue to use the registered design in the way they were already using it before it was registered by another, but expanding their use of the design beyond its original use would be infringement.
https://www.gov.uk/intellectual-property-an-overview/what-ip-is
http://gdknowledge.co.uk/intellectual-property-act-2014-a-summary-of-the-key-provisions/

Copyright, Design and Patents Act (1988)

Copyright, Design and Patents Act (1988)
Image result for Copyright, Design and Patents Act (1988)

The Copyright, Design and Patents Act is the current UK copyright law. It gives the creators of literary, dramatic, musical and artistic works the right to control the ways in which their material may be used. The law will cover the following: - 



  1. For literary, dramatic, musical or artistic works
    70 years from the end of the calendar year in which the last remaining author of the work dies, or the work is made available to the public, by authorized performance, broadcast, exhibition, etc.
    The Copyright (Computer Programs) Regulations 1992 extended the rules covering literary works to include computer programs.
  2. Sound Recordings and broadcasts
    50 years from the end of the calendar year in which the last remaining author of the work dies, or the work is made available to the public, by authorized release, performance, broadcast, etc.
  3. Films  
    70 years from the end of the calendar year in which the last principal director, author or composer dies, or the work is made available to the public, by authorized performance, broadcast, exhibition, etc.
  4. Typographical arrangement of published editions
    25 years from the end of the calendar year in which the work was first published.
But what would happen if you were to break the law?

The author of the piece or work may send you a polite letter requesting you to say who it belongs to or some form of source for the original owner to get credit or even remove the material from the website.
If more action is required you would be breaking Internet Service Provider Laws and Copyright Laws and could find yourself with a fine of 100,000 pounds, but that's the worse possible situation.
Under certain circumstances you could also go and have a criminal trial in which the fine would be exceedingly higher than the normal and you could potentially face jail time of up to 10 years but that's only if its a very bad criminal offence.

http://smallbusiness.chron.com/happens-someone-breaks-copyright-law-55834.html
https://www.copyrightservice.co.uk/copyright/uk_law_summary

Tuesday, 11 October 2016

Computer Misuse Act (1990)

Computer Misuse Act (1990)

Image result for computer misuse act 1990 definition
The Computer Misuse Act is a law passed by the British government. It was introduced to try to fight the growing threat of hackers and hacking. The law has three parts. In the U.K., it is now a crime to: Access a computer without permission.

As you can see form the picture above the Computer Misuse Act is based of three main principles: -

Unauthorized access to computer programs or data (So basically cracked/stolen versions of products such as games, video editors etc).

Unauthorized access with a further criminal intent (The end goal is to get bank/email address/passwords. Anything of value to you).

Unauthorized modification of computer material (This also is like the one above but is for Trojan Horse users and other virus writing).

Image result for Computer Misuse Act (1990)


Computer misuse offences

1.U                  Unauthorized access to computer material.

(1)                 A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured ;
(b)the access he intends to secure , or to enable to be secured, is unauthorized; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
(2)                 The intent a person has to have to commit an offence under this section need not be                  directed at—
(a)any particular program or data;
(b)a program or data of any particular kind; or
(c)a program or data held in any particular computer.
(3)                 A person guilty of an offence under this section shall be liable—
(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
(b)on summary conviction in Scotland, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

(c)on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.



https://simple.wikipedia.org/wiki/Computer_Misuse_Act

http://www.legislation.gov.uk/ukpga/1990/18

Monday, 3 October 2016

Data Protection Act (1998)

  Data Protection Act (1998)

What is the Data Protection Act of 1998?
The DPA (Data Protection Act) was a legislation passed by the parliament to put a form of digital protection on people's information so it can't just be handed out to this, that and the other. Its a type of legal right to       the information stored about you.    

The Data Protection Principles are as follows: - 
  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:
    1. at least one of the conditions in Schedule 2 is met, and
    2. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. About the rights of individuals e.g. personal data shall be processed in accordance with the rights of data subjects (individuals).
  7. Appropriate technical and organisational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal

Examples of when it was broken (Data Protection Act)

One of the biggest times the data protection act was broken was when Sony received a £250K fine for not using the most up to date software and security systems available for its PlayStation Network. This resulted in PSN being hacked a large number of times and caused loss of accounts and bank details. It was described as a 'serious Breach' of the Data Protection Act and the Japanese company took a big hit from it.

Another one was when a 15 year old school pupil from Hampshire hacked into his schools network and managed to expose over 20,000 peoples personal details including 7,000 pupils medical details.

https://www.theguardian.com/technology/2011/aug/09/pupil-hacked-hampshire-school-website

http://www.thedrum.com/news/2013/01/24/sony-fined-250k-over-serious-data-protection-act-breach

https://en.wikipedia.org/wiki/Data_Protection_Act_1998#Data_protection_principles

http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev1.shtml









Monday, 5 September 2016

Types of Cyber Crime

Different types of cyber crime

One of the most common I have heard of is phishing: - this is when you send out emails claiming to be big name companies and try and get passwords, card numbers from someone, so really anything that could expose money or accounts you have.
The emails these ''Scammers'' will send will tend to have some form of link and/or a file to download. This will most likely take you to a dangerous site or install a malware onto your PC to once again steal any data of worth.
They make the emails look so convincing by stealing information right from big company websites and throw in logos and they can also do spoofed ULRs so you might think its safe but then it installs a malware or any form of virus.

Another one I hear a lot about is DDoSing or distributed denial-of-service: -  This is when someone with access to multiple IPS (Servers) will send a massive flood of data (traffic) to another server (network) in the hope that it will shut it down.

From what this site tells me there are three types of DDoS people can do they are as follows: - 
Traffic Attack - Data gets lost and can force in malware sent by the hacker
Bandwidth Attack - Overloading your system with junk data 
Application Attack - (Not sure about this one) 
But they are all trying to achieve the same goal of shutting you or a company network down.

References:
https://www.government.nl/topics/cybercrime/contents/forms-of-cybercrime

http://searchsecurity.techtarget.com/definition/phishing

https://en.wikipedia.org/wiki/Denial-of-service_attack

http://www.webopedia.com/TERM/D/DDoS_attack.html - three types of DDoS