I attended the 2010 Lex-Informatica conference at the Innovation Hub in Pretoria which ran from 14th to the 16th July 2010 and the topic for this year was "Integrating Cyberlaw with Business Management and IT Security" which proved to be a rather interesting and diverse range of topics and speakers.
The conference was hosted and Co-Chaired by Snail Attorneys and Barend Burgers Attorneys both technology law firms in the Gauteng area.
For ease of reporting on this three day conference I will list the speakers, the topic presented and a brief outline on the subject, sometimes a few words from their own presentations. If you want more information on the subject please contact the speakers via the Co-Chairs through the contact detail at the end of this report.
ICT lawyer from Michalsons Attorneys
A member of the King III IT Governance Sub-Committee.
Be aware of the ICT laws that apply to your organisation
John spoke on:
• IT Governance
• What must you comply with?
• Legal Frameworks.
The action points from the presentation were:
• Read the Kong Code
• Be aware of all ICT laws, rules, codes and standards
• Identify and appoint your Information IProtection) Officer
• Get a framework to help you.
Spoor & Fisher
Hugh spoke about what needed to be thought of when creating a software license contract, also touched on defining the roles of computer programmer, the author and the owner of the software and when to ensure transfer of those rights.
He concluded that the purpose of a software license is to:
• Effect an economic return
• Comply with the Copyright Act.
Professor of Law - UNISA
10 Things I Hate about the ECT Act or 10 Things that Should be in Project 126
Tana did mention that it is not a hatred for the ECT Act but more things that should be looked at in the Project 126. She pointed out that over time things have lost their relevance and should be redrafted, to mention just one point.
She said the reasons these changes are becoming important to address are:
• Technological advances
• Techno-social changes
• Legal plurality & uncertainty
• Policy considerations
• South Africa's international obligations
• The interpretation of the "data message"
She also mentioned a very valid point that when people register or request the IT providers to purchase a domain name that the name should be in the name of the company purchasing the domain and not the IT vendor which is often the case. This prevents blackmail when the relationship sours between the two parties.
Director at Snail Attorneys
Domain Name Resolution in South Africa - Cases to Date
Sizwe covered some interesting cases involving domain name resolution and reasons for the verdicts.
He then covered the web site for domain name resolution:
Where you can lodge a complaint and follow it through an arbitration process.
Dr. Mohamed Chawki
Senior Judge, Egypt and Chairman of AILCC in France
Islam in the Digital Age: Counselling and Fatwas at the "Click of a Mouse"
Delivered via SKYPE to venue
Dr Chawki delivered his presentation via Skype and touched on the following topics:
- Islam and Internet Dilemma
- The Emergence of Islam in Cyberspace
- Issuing Fatwas Online
- Analysis of Sunni Websites
- Sources and Conditions of Official Fatwas.
In his conclusion he mentioned:
• Internet technology has the potential to transform aspects of religious understanding and expression, and the power to enable elements within the population to discuss aspects of religious interpretation and authority with each other.
• This technology has had a major role to play in the post 9-11 contexts, which redefined relationships between Islam, Muslims and the West.
• 9-11 and its aftermath certainly highlighted Islamic cyberspace to a wider audience, but it also stimulated the development of new sites and content from a variety of perspectives, debating the issues raised in a way that was impossible in other media.
• The final question needs to be asked as to whether this enhances or challenges traditional forms of knowledge about Islam?
- One difficulty is clearly measuring the effect the Internet may have, given the substantial range of sites and contents.
- As access levels rise, in some contexts websites could develop to become a significant channel of information and a means of developing identity(-ies) for Muslim individuals.
- One means for this development - including fatwas, ijtihad and other forms of religious and spiritual authority in HTML and other formats - makes it a critical area for research, observation and discussion in the future.
Prof. Basie von Solms
University of Johannesburg
Securing the Internet : Fact or Fiction?
The big question is, and has always been, how secure is all this information and data, and can it be properly secured?
The Sophos Security Threat Report - 2009 (Sophos, 2009) Under the summary, Six Months at a glance :
• 23 500 infected websites are discovered every day. That's one every 3.6 seconds - four times worse than the same period in 2008
• 15 new bogus anti-virus vendor websites are discovered every day. This number has tripled, up from average of 5 during 2008
• 89.7 % of all business email is spam
I liked the Professor's conclusion, which he says that all users of the internet must be licensed and registered for usage:
From the discussion, the author's conclusion is that presently, and with the present knowledge, the author's conclusion is: Securing the Internet is fiction.
So what about the future?
Being negative about comprehensively securing the Internet and the users using the Internet, very definitely does not mean that the author is of the opinion that users should stop using the Internet - far from it! The positive side (benefits) of using the Internet, at least at this stage, still outweighs the negative side (disadvantages).
The Internet will only grow, and it will just keep serving more and more applications.
Any person who wants to buy a car, must have a driver's license. To obtain such a license, the person must complete a strict training course in which the potential driver is exposed to all the laws, rules, regulations and risks related to driving a car. If the user passes, and buys a car, he/she is doing that on an informed basis about the risks of driving a car, and the possibility of being injured or even killed in an accident. One thing you are never promised, and which every driver understands, is that there are NO promises by anyone that no mishaps will occur when driving. Driving without a license is an offense, in your own country and across borders.
What must happen as far as Internet usage is concerned, and which must happen on a massive national and international scale, is that all users must be made aware of the risks of using the Internet. This will probably mean compulsory security awareness courses (with proof of understanding?) before a user is granted Internet access rights. The user should be in a position to make a well informed decision of whether the benefits for which he/she wants to use the Internet, outweighs the risks. One thing users should never be promised, and which every Internet user should understand, is that there are NO promises by anyone that no mishaps will occur when accessing the Internet.
Users should understand and accept that accessing the Internet has risks, and that it is not secure or safe.
We need an Information Security Internet Driver's License (ISIDL). Accessing the Internet without an ISIDL should be an offense, in your own country and across borders.
• Accessing the Internet has many risks
• Securing the Internet is fiction and impossible
• Allowing users to access the Internet without such users being totally aware of relevant risks, is unethical, and should be prohibited
• Comprehensive User Internet Security Awareness should be the entrance requirement before access is granted."
Money Laundering on the Internet
New and innovative methods of electronic transfer are emerging globally. These new payment systems include extensions of established payment systems as well as payment methods that are substantially different from traditional transactions. New payment systems raise concerns about money laundering and terrorist financing because criminals can adjust quickly to exploit new opportunities" FATF report
Stats on Cyber crime:
• $67.2 billion: FBI estimate of what U.S. businesses lose annually because of computer-related crimes.
• $8 billion: Consumer Reports estimate of what U.S. consumers lost the past two years because of viruses, spyware and Internet scams.
• Only 5% of cyber criminals are caught and prosecuted.
• It's estimated that 85% of malware today is created with profit in mind - software designed to infiltrate or damage a computer system without the owner's informed consent.
• Up to 50% of adult Americans will fall victim to Identity theft in the next 10 years.
Paul had many interesting cases and statistics, but what he said was that to help curb crime the authorities need to form stronger alliances with big business like Pay Pal where together they can be proactive about the crime fighting instead of being reactive.
Principal Consultant at RSA, the Security Division of EMC
Business Success in a Dark Market: An Inside Look at How the Fraud Underground Operates
Karel gave a talk on the way the fraudsters operate and more specifically the "Man In The Middle" crime, so the real perpetrator is protected and often nowhere near the corrupt transaction when it happens.
These criminals spend a large amount of money designing systems to mimic large online business web sites, so that they can gather the information they need to use, often unnoticed by the account holder.
His comment to one of the question raised by the audience was to start thinking about security. If you PC at home is open to everybody using it and has all kinds of file uploaded and downloaded - don't use it for online banking, rather use your office PC as it will be less prone to attacks.
Ms Pria Chetty
New Legislative Era for Cyberlaw in South Africa - Cyber Security Bill and Evidence Bill
Pria touched on various draft acts in the pipeline, the reasons for them being drafted and how they are going to affect the process of law. She also touched on the Issue Paper on the "Electronic Evidence in Criminal and Civil Proceedings" - which covers submitting electronic evidence in court, and it should be given it's due evidential weight.
I liked the way Pria did a search on Twitter on topics or discussions to see how hot the topic was and what was being said - very clever use of information that is free and immediate.
Cyber Forensic Lead, Special Investigation Unit
The necessity for Digital Forensic Readiness within Organisations
Jason gave a very good scenario of a large international company seeking out the perpetrator from within an organisation - when the organisation could not prove who in their institution was guilt, the large international company then held the organisation liable for the violation.
His conclusion was:
• Organisations in both the private and public sector will at some stage require digital evidence, whether it is to ensure the prosecution of an offender, to defend or institute civil litigation, or to address a disciplinary action. There is a clear need for organisations to be aware of digital evidence and how it is relevant to them. The success of this is dependent on what digital evidence is available and how readily it can be obtained
• Digital forensic readiness is a well-documented strategy to ensure that an organisation is optimally set up to retain appropriate digital evidence should it be required in a legal issue, with minimum disruption to the organisation, with appropriate costs. There is a clear need for digital forensic readiness in any organisation that will need digital evidence, and there is sufficient justification to build a business case to do so, as the benefits of digital forensic readiness as well established"
You never know when the evidence on computer activity will be needed and often simple things like logs are disregarded as the immediate need has passed!
Adv Shamla Naidoo. Esq
The Implications of Identity Management to Business and Law
In her presentation Shamla discussed the following:
• The Problem
• The Legal Solutions
• The Business Solutions
• Are Business Solutions more effective than the Law?
In her conclusions she mentioned that Identity Management will help your business by increasing consumer trust, reduces business losses and reduces the cost of doing business. Identities are a fact of life making Identity Management necessary and important.
Cláudio S. de Lucena Neto
Lecturer Department of Private Law - Paraíba State University – Brazil
Access to Justice in the Information Society: e-lawsuits in Brazil
Brazil – a country with continental dimensions
- Approximately 190 million inhabitants
- 54 million lawsuits (2009, www.cnj.jus.br)
- 18,6 million new cases every year
- The State of Rio Grande do Sul, for example, led the statistics of lawsuits filed in 2008, when 1,5 million new cases reached the State Court, in a proportion of more than 14 new lawsuits per 100 inhabitants
- High degree of litigiousness
The average duration of a lawsuit in Brazil for the various methods of courts are:
- State Justice 789,51 days
- Hybrid (paper/electronic) Courts 239,23 days
- Electronic Court 37,83 days
Other characteristics of the electronic courts
- physical presence at the foruns is dismissed
- courts function 24/7
- automatic control of procedural deadlines and notifications
- files and lawsuits are always and instantaneously accessible
- otimization of human and material resources
- transportation problem surpassed
The conclusion was:
The results, as has been pointed out, are still preliminary. Although they can be exciting, since it is a simple conceptual innovation that can bring positive impacts in the productivity of Brazilian justice, further investigation has to monitor and continuously analyze the middle and long term effects of the large scale implementation of this solution, to verify if similar results will be achieved in different spheres of the Judiciary Power, like civil, administrative, taxation, criminal, constitutional, electoral and other courts of justice.
Finally, it is also essential to deepen the study to evaluate to what extent the historical problems of duration, formality and storage can be adequately faced with minimum side effects, and minimum impact on other complex issues, such as privacy, security, and accessibility.
University of Witwatersrand School of Law
Defining the Current Corporate IT Risk Landscape
Verine says that there are three broad categories of cyber-attacks:
1. interference with information/data
2. interception of information/data
3. Impersonation of information/data
She discussed each category and gave examples of what they are and then chatted about a few scenarios and legal consequences of an attack.
Managing Director - Computer Security and Forensic Solutions
IT Security Pro-Activeness in today's Cyber Crime Environment
Wimpie spoke about the risks of poor security and why IT forensics was important. Then also discussed the way botnets, key loggers and information theft are used to get access to other people's money and information.
He also talked about why IT Forensics is important?
•Securing of electronic evidence
•Keeping of complete audit trails
•Chain of evidence
•Expert Testimony in Civil / Criminal cases.
And what can be put in place to combat cybercrime.
Ms Carmen Cupido
Cost of Compliance - the new barrier to entry in SA's electronic communications industry
Carmen spoke about the new regulatory body for the communications sector, how it came about, where it hopes to add value and where it's boundaries and scope are to regulate. She also spoke about the Service Licensing and who has what part of the pie. The cell phone termination rates were also spoken about, where they had been, how they have come down and where the regulator hopes it will end up!
Protection of Private Information
So why do we need to protect our privacy?
• 494,378,918 records compromised (1599 breaches) in USA Jan 2005 -14th July 2010
• Cybercrime cost Australian Citizens $3bn in 2008
• Symantec: crime committed every 3.5 mins in NYC, every 2.5 mins in Tokyo, every 3 secs an identity stolen online
• Value of Cybercrime worldwide greater than value of the drug trade?
And to conclude Mark said that you need to ensure you put a policy in place to comply and also assist your staff in understanding the risks:
- Determine and document policy (ISC)
- Monitor (ISO)
- Review .
ICT lawyer from Michalsons Attorneys
A member of the King III IT Governance Sub-Committee.
How will the Protection of Personal Information Bill affect you?
John spoke about the Protection of Personal Information Bill, how it affects business and what everyone should be doing to comply and what the ramifications are if there is a breach.
He then closed off by sharing these action points:
• Identify your biggest risk
• Make people aware
• Identify your Information Officer
• Implement a breach policy plan.
University of Pretoria
The Right to Privacy and the Internet - Is Facebook the End of Privacy as we know it?
Sylvia tackled an interesting subject in Facebook and it put the presentation into perspective for the audience. It also sparked a good debate as being so popular made for many opinions.
• Can privacy exist where there is no physical space or inherently private subject matter, secrecy or seclusion?
• Can established jurisprudence surrounding the public disclosure of private facts be applied within the phenomenon of online social networking sites?
She concluded saying:
"Firstly instead of concentrating or focusing on the space where the disclosure took place we should think in terms of walls of confidentiality built by technical architecture, agreements and relational bonds.
Instead of categorizing certain subject matter as per se private, we should focus on a contextual analysis of the harm that ensued from the information's' disclosure.
Instead of obsessing on whether the information was completely secret or secluded, we should think in terms of its overall accessibility."
For more information of the speakers or topics please contact either of the Co-Chairman:
Mr Sizwe Snail
Tel : + 27 (012) 362-6087
Fax: +27 (086) 617-5721/17
WWW : www.Lex-informatica.org
Mr Barend Burgers
Tel : + 27 (012) 362-6087
Fax: +27 (012) 362 6087