Computers and the Law

Computer crime With the growth of information systems there has been an increase in computer crime. There has been a move away from cash transactions, so much less cash is held by companies than it used to be, Many more employees are now paid by cheque or by direct payment into their bank accounts. The opportunity for the criminal to steal cash is Limited. However, the ease with which trans-actions now take place has opened a whole new area of credit card fraud. Credit card fraud Credit card fraud costs the credit card companies hundreds of millions of pounds each year. It is not surprising that ways of reducing this fraud have been looked into. One way around the problem is to authorise each transaction as it occurs by checking via the phone or a special terminal whether the card has been stolen. Another way is to make people key in their PIN at the checkout when making purchases using credit or payment cards. Biometric testing can also be performed, whereby the user places an index finger into a machine which compares the fingerprint with one previously recorded. Another method looks at the way a person writes a signature by concentrating on the timing, the rhythm and the invisible pen movements. Figure 18.3 shows a fingerprint being checked. There are also systems which use the pattern on

the retina of a person's eye, Electronic fraud Electronic fraud is the use of computers or communication systems to commit fraud for financial gain. The main problem with this crime compared with traditional crimes is that the criminals tend to be quite intelligent and technically competent and therefore make considerable efforts to prevent discovery. They frequently see weaknesses in systems and set out to exploit them. Electronic fraud often involves setting up false suppliers, who send invoices to a real company for payment. When payments are made to these fictitious suppliers the money is stolen. Barclays Bank has introduced a pilot scheme where a pinhole camera secretly concealed near the screen of the cash dispensen takes a picture of the person withdrawing the cash. This picture is digitally compressed and stored on disk along with the details of the withdrawal, such as date, time, branch and account details. These cameras may further be used to photograph vandals who try to vandalise machines, when sensors inside the machine are activated. Smart cards A smart card is a plastic card which contains its own built-in microchip, which performs, two security functions. First it carries the holder's identification data and secondly it verifies this data against the PIN code that the cardholder enters at a card-reading terminal, In addition to this. the smart card can

also hold details of the holder's credit limit and carry a record. I the transactions made within this limit. The main objection to the use of the smart card has been one of cost, since many ATMs and POS terminals would to need converting

be able to read smart cards. Also, it has been found that smart

cards used to decode the TV Phantom withdrawals There has been a lot of dscussion in the press regarding phantom withdrawals. This is money which has been debited (taken out) mysteriously using an ATM without the per-son who owns the card, using it. This withdrawal of money usually only reveal is itself when the customer checks their monthly statement. Although the courts have taken phantom withdrawals seriously, allowing groups of individuals jointly to take action for the return of their money, the banks have remained adamant that this can-not happen, In many cases, the banks say, the money has been removed by someone in the user's household who has borrowed a user's card and found the PIN number. The banks further support their case by saying that nearly all 'phantom withdrawals' take place near to the card holder's home. Software piracy Software piracy involves the illegal copying of computer

software. It is estimated to cost the software developers around 3000 million per year. In 1992 it was estimated that about 66% of the software used in Europe was illegal.

If a company has developed its own software rather than used off the shelf software it will have spent a lot of time and money on development. Large programs are usually written by a team, with each person writing a particular section or module. The number of man hours taken to write the programs can be large. Suppose five programmers are working on a project and it takes each programmer 200 hours, then the total number of man hours worked on the project is 5 x 200 = 1000 man hours. The programs for the Police National Computer have been estimated to Have taken around 2000 man years to write and test. Why electronically stored Information is easier to misuse than information kept in conventional form 1. Cross referencing It is easy using a computer to link the data from different systems. 2. Danger of hacking If the system uses communication links then there is a risk of people gaining unauthorised access (called hacking) and looking at, or changing confidential information, 3. Making alterations If alterations have been made to data on paper then these can usually be seen. With a computer, there is no such evidence. 4. Faster access to data It is much quicker to gain access to electronically held data and copy or print. It out than it is to search through and photocopy

manually held files. Data Protection Act 1998 The reasons behind the Data Protection Act As more and more Information came to be stored on computers, much of it personal data about individuals, there became the need for some sort of control over the way that it was collected and the way it could be used. There was an. earlier Data Protection Act in 1984 which set out to address some of these problems. There is now a new act, called the Data. Protection Act 1998. The 1998 Data Protection Act The Data Protection Act 1998 replaces the earlier Data Protection Act 1984. The purpose of the new Act is to deal with some of the things that weren't around when the older Act was introduced. These new things include the Internet, loyalty cards and the use of huge customer databases for marketing purposes. The new Act also covers manually held data not covered by the earlier Act. The Data Protection. Act 1998 covers the processing of data, either manually or by a computer. Your rights as a data subject Yon have the right to see any details about you held on computer. To see the details, you need to send a letter. The organization has to respond to your request and may send a form for further details about you to aid identification or it may send the data in the form of a letter or a computer printout.

An organization is able to make a small charge for providing the information. You do not, however, have the right to see all the information held about you. You may be denied the information if it is being used for any of the following purposes:
the prevention or detection of crime catching or prosecuting offenders collecting taxes or duty (e.g. VAT) medical or social workers reports in some ins lances.

The Copyright, Designs and Patente Act 1989 The Copyright, Designs and Patents Act makes it a criminal offence to copy or steal software. Under the act it is an offence lo copy or distribute software or any manuals which come with it, without permission or a licence from the copyright owner, who is normally the software developer. It is also an offence to run purchased software covered by copyright on two or more machines at the same time, unless the licence specifically allows it. The act makes it illegal for an organization to encourage, allow, compel or pressure its employees to make or distribute copies of illegal software for use by the organization. The Computer Misuse Act 1990 With the widespread use of computer and communication systems, problems started to arise about the misuse of systems. The

problems centred on a variety of uses that were not covered by existing laws. Several cases went to court but the courts were unable to convict because older laws did not cover these misuses. One particular case involved a schoolboy using his computer at home with a modem to hack into the Duke of Edinburgh's electronic mailbox and read his correspondence. Other schoolboy hackers were able to get through to stockbrokers, hospitals, oil companies and even the Atomic Energy Authority's computer systems. The courts were reluctant to use the theft laws, which weren't intended to cover these situations, and advised Parliament that it would need to make specific new laws. This gave rise to the Computer Misuse Act 1990. The Computer Misuse Act 1990 covers a variety of misuses which were not covered by existing laws. It deals with the following:
deliberately planting virases into a computer-system to cause

damage to program files and data

using a firm's computer to run a friend's payroll

information or altering it
using a computer for various frauds; people have been known

to put fictitious employees on a payroll program and use false bank accounts opened in the name of these employees to steal money.