Technology & Law

General information : Technology & Law

Highlights

BookCover

Ethisch hacken
Ymkje Lugten


Internetbankieren van ING werkt niet meer, data van KPN zijn vrij toegankelijk en patiëntendossiers liggen op straat. Hackers kunnen grote schade aanrichten in een samenleving die steeds verder digitaliseert. Bedrijven en de overheid werken hard aan streng beveiligde computersystemen, maar soms is er toch die ene hacker die ze te slim af is. De politie heeft een speciaal cybercrime-team en ook het Openbaar Ministerie doet zijn best om hackers achter slot en grendel te zetten. Sommige hackers hebben echter geen kwade bedoelingen, maar willen juist helpen. Ze kraken de mailbox van een kamerlid vanwege het maatschappelijk belang of maken het publiek duidelijk op welke wijze persoonlijke informatie is op te vragen op websites van overheden en bedrijven. Als `ethische` hackers bestaan, hoe mogen zij dan te werk gaan en op welke manier kunnen zij juridisch beschermd worden? Zijn er richtlijnen denkbaar die de goede hackers beschermen, maar tegelijk voorkomen dat de kwaadwillende hacker zijn straf ontloopt?

Ymkje Lugten studeerde strafrecht aan de Universiteit Utrecht en werkt nu bij de Raad voor de rechtspraak. Ze verdiepte zich in hackers, richtlijnen en bedrijven die samenwerken met hackers. In dit boek biedt zij een overzicht van haar bevindingen en de mogelijkheden en onmogelijkheden van het beschermen van ethische hackers.

€ 14.95 Verkrijgbaar via bol.com of uw lokale boekhandel

Recent Publications

image1

Digital Evidence Changing the Paradigm of Human Rights Protection
Salvatore di Cerbo

In a “digital world” like ours, vast Information and Communication Technology (ICT)
infrastructures are highways where run extensive flows of information, dictating the
rhythm of our day-to-day lives. Such a deep influence, close to be an addiction for us, turns
ICT an unquestioned feature of modern life. These premises well portrait the landscape in which the diverse spectrum of actors
committed to promote, defend and restore the human rights operate. Therefore, the risk is
to mistake the means with the ends; but, even if the subject of this work, Digital Evidence,
is technology-related, the purpose of the study is the goal to which it tends: human rights
and their protection. Moreover, the wide diffusion of “capturing devices” that allow the documentation of human
rights abuses throughout massive streams of data from diverse sources will raise new
needs: in primis a careful collection and interpretation of the most relevant ones, and then
the establishment of mechanisms to ensure the validity and reliability of newly acquired
information. The whole chain that connects all the required steps in order to turn digital data into
“digital legal evidence” relevant for the protection of human rights, represents a challenge
for human rights practitioners, as individual activists, as well as organizations. Every single
step is fundamental: collection, management, preservation, analysis and security of data,
along with an effective communication and strategic use of evidence. Twitter tweets, Facebook and Blogs posts, Instagram photos and Youtube videos, even
when considered too weak for a conviction to be founded on, can play an important
role outside of a courtroom, establishing the grounds for prosecution indictments or, in
general, creating awareness of human rights abuses. Consequently, new forms of human rights activism, like the so-called “hashtag activism”,
pass through social media and have the power to generate a real change at both legal and
awareness level. The risk to be avoided is to mortify this power using social media as a
shortcut to be politically active or socially trendy making a mere “clictivism”. Hence, the core of this work revolves around the pivotal question of legal sufficiency of
the digital means employed in recording human rights abuses and the consolidation of
standards and procedures regulating the admissibility of collected evidence in the court of
law. The purpose is to provide an answer from a tri-folded point of view. The U.S. legal system leads in the regulation of the requirements for digital evidence to be
admitted at trial; nonetheless, also International courts like ICC, ICTY and ICTR follow
rules and procedure for that purpose, based on authenticity, protection of privacy, chain
of possession and reliability of the electronic evidence. At the European level, instead, the
lack of a common legislation relevant to the admissibility of d-evidence at trial required a
comparative study of the respective provisions contained in many Europeans countries’
procedural law. For these three levels a special attention is reserved to the analysis
of the lifecycle of digital evidence, from the creation and use of digital digital human
rights documentation for immediate purpose to its later admission as evidence in legal
proceedings, as well as to the authentication issue. At the last stage a collection of the most relevant case law form the principal U.S. courts
and International courts is provided.

image1

A Comparative Study of Cybercrime in Criminal Law
Q. Wang

The development of information technology provides new opportunities for crimes. Firstly, it facilitates traditional crimes such as fraud, and secondly, it breeds new crimes such as hacking. The traditional crimes facilitated by information technology and the new crimes bred by it are the so-called cybercrime in this book. To regulate cybercrime, legal regimes have developed countermeasures in the field of criminal law at different levels. At the national level, China, the United States, England and Singapore have all undergone reforms to adapt their criminal law. At the international level, the Council of Europe has drafted the Convention on Cybercrime and opened it for signatures. However, the still commonly committed cybercrime, such as DDoS attacks and online fraud, indicates the insufficiency of these countermeasures. In this background, this book intends to answer the research question: how can the criminal law be adapted to regulate cybercrime? By using doctrinal research and comparative study as the main methods, this book firstly explores and analyses the approaches of cybercrime legislations in the selected five legal regimes both in the past and in the present, and secondly, compares the different approaches and concludes with respect to the following aspects:   Aspect 1: Do we need a cyber-specific legislation to regulate cybercrime?   Aspect 2: If we do need a specific legislation, what approaches are more systematic for it?   Aspect 3: What principles are sufficient and appropriate to determine jurisdiction over cybercrime?   Aspect 4: What is the function of the Convention on Cybercrime in shaping appropriate legislation against cybercrime?

image1

Computer Forensics and Digital Evidence
M. Lori

The book has the aim to explain the relevance of the Computer Forensic within investigations related to crimes which involve technology supports. The paramount importance that the innovations have gained in people’s life is a signal of the necessity to acquire knowledges about them. This statement must be considered especially in regards to crime investigations where an unlawful act could irremediably damage lives and rights. Experts in this area are constantly asked to improve their competence in regards to technological data collection, analysis and conservation due to the difficulty to preserve them as a reliable proof in the Court. Although many difficulties still cause flaws within the
Computer Forensic investigations, the development of this branch of knowledge are increasing every day. This publication tries to outline an understandable and incisive description it under a scientific and legal point of view.

image1

Trust on the line
Esther Keymolen

Governments, companies, and citizens all think trust is important. Especially today, in the networked era, where we make use of all sorts of e-services and increasingly interact and buy online, trust has become a necessary condition for society to thrive. But what do we mean when we talk about trust and how does the rise of the Internet transform the functioning of trust? This books starts off with a thorough conceptual analysis of trust, drawing on insights from -amongst othersphilosophy and sociology to sharpen our understanding of the topic. The book explains how the arrival of large systems – such as the internet- has changed the character of trust which today is no longer based on interpersonal interactions but has become completely mediated by technologies. Based on the layered building plan of the Internet itself, a new conceptual lens called 4 Cs is developed to analyse and understand trust in the networked era. The 4Cs refer to the 4 layers which all have to be taken into account to assess trust online, namely: context,code, codification, and curation. The 4cs bring together the firsthand experiences of the user (context), the sort of technology that is being used (code), the legal implication (codification) and business interests (curation) in order to get a clear picture of the trust issues that may arise. In the final part of the book some real-life cases are discussed (digital hotel keys, Airbnb, online personalization) to illustrate how trust –analysed through the 4 Cs lens- might flourish or be challenged in our current networked era.

image1

Profiling Technologies in Practice


This volume presents the findings of some interesting research into profiling. The aim of the research has been to identify and tackle the challenges posed by profiling technologies to fundamental rights. The focus is on data protection, and the context is that of the European Union.

This volume testifies to the increased awareness of the far-reaching implications of profiling, notably with regard to democracy and the rule of law. Profiling confronts traditional understandings of fundamental rights with a new environment that is progressively contingent on data-driven applications and infrastructures. Profiling nourishes the advance of smart grids, smart cars and traffic management, remote e-health, personalized advertising and search engines, as well as data-driven fraud detection, policing, criminal justice and foreign intelligence.

Mireille Hildebrandt, co-editor of “Profiling the European Citizen”

image1

Digital Rights Management Systems vs. users´ privacy
Robert Kutiš

At the time of their introduction, Digital Rights Management systems were often triumphantly presented as the decisive technological response to digital piracy. However, shortly after their introduction it became clear that this technological protection presents a rather small, but costly speed bump on the digital highway leading to the protected content, and not a panacea for this undesirable phenomenon. As a result, Digital Rights Management systems have undergone crucial transformation. With their further development, the Digital Rights Management systems ceased to focus solely on combating piracy and started to collect vast amounts of information about the users and content usage for various purposes. This book describes the crucial stages of this process, evaluates the extent of the threat to the privacy of users’ using protected content and assesses both - legality and legitimacy of the current use of Digital Rights Management systems. Although this book emphasizes privacy and data protection legislation in the European Union and Digital Rights Management systems usage interrelation, it also offers non-legal insight by adding social and economical views on the development in the field.

€ 14.95 Verkrijgbaar via bol.com of uw lokale boekhandel

image1

Made in Africa
Hanna Weijers

An ICT revolution is underway in Africa. New possibilities have been created by the landing of international broadband sea cables on African shores and by the rapid spread of mobile telephony all over the continent. As a result, there are many startup ICT businesses trying to create new and inventive products and services, based upon internationally available technology but tailored to African markets and needs. However, little
empirical research has yet been done regarding role that law plays in the absorption of technological knowledge in this particular sector and context.

In this study, empirical data from case studies in Zambia, Kenya and Ghana is compared to what has been assumed in literature to be the role of law in absorptive capacity. The results of this
study provide insight in the actual role that law has played for startup ICT businesses, which may have significant policy implications for national governments and regulators in developing countries that seek to promote their ICT sector.

image1

The impact of Business Process Outsourcing on privacy and data protection - a thorough risk analysis
Kalin Cvetkov

At present, a company, either small/medium enterprise or huge corporation, develops its activities within a competitive environment where solely the perspicacious one could gain a profit and hold or improve its positions on the market. Therefore, “firms increasingly buy all or at least parts of selected services they need from external service providers. This is especially true for services which rely to a great extent on new information and communication technologies and they carry out that task by means of outsourcing. The aim of the present research is to examine how a premature termination of a business process outsourcing project (hereafter BPO) might infringe upon several major provisions of the current EU data protection framework. Such a question is relevant because of the technological means inherent in a BPO through which personal data are being processed, and of the great possibility for unlawful data processing after a premature termination of the project. Therefore, a BPO falls under the scope of regulation by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Ultimately, as the research will show, the DPD 95/46/EC as a legal instrument devoted to protect the right to personal data protection turns to be unable to provide sufficient protection on the data subjects’ rights in the context of prematurely terminated BPO contract. Therefore, the Proposed Data Protection Regulation represents an instrument that could deal properly with the said issue, especially if some proposals for amendments made within the present paper be taken into account.  

Other interesting publications: