NationStates Jolt Archive

Computer Crimes Act

A resolution to improve world security by boosting police and military budgets.

Category : International Security
Strength : Minor
Proposed by : Gwenstefani

Description : Computer Crimes Act

NOTING the increasing trend for computer networks to be interconnected and to transcend national borders, and therefore that the practices listed herein may also affect multiple nations;

AWARE that the vast majority of businesses and most national and international economies rely on these systems and the information contained within;

ALERT to the dangers of allowing such a vital and grand-scale system to remain unprotected by international law; dangers which could cause massive economic, and other, damage to individuals, corporations and states alike through the damage or theft of computer systems or the information contained therein;

PROHIBITS the following practices:

1) The use, spread, and creation without proper safety precautions*, of computer viruses and other similar malicious programs including worms, Trojans, or any other program which damages, or otherwise adversely affects, computer systems; or destroys, damages, manipulates or steals information without authorisation. This excludes security specialists in their attempts to find new ways of defending against viruses, so long as they are creating and using such programs solely for that purpose, and do not use them without the authorisation of the owners of the computer system. They still may not spread them, and they must use proper safety precautions* (*to prevent spread and/or direct damage to computer systems or data in them without the express permission of the owners).

2) Computer hacking, defined as the intentional unauthorised access to, or unauthorised use, theft, manipulation or damage of information stored electronically.

3) Identity theft, defined as any unauthorised attempt to use or steal elements pertaining to another individual’s identity, including credit card details.

MANDATES that all businesses and organizations (both governmental or non-governmental) implement tough security measures to protect all confidential data they may possess, especially data that pertains to individuals or other entities. Such measures include, but are not limited to: Authentication, data encryption, firewalls, user policies, more secure operating systems, and protection against malicious files, etc.

URGES all WA nations to implement security measures or legislation to protect these computer networks and the information contained on them through the promotion of, and education on, such measures, including encryption, password protection, firewalls, virus scanning software, and the use of secure operating systems, etc.

ENCOURAGES international cooperation between national law enforcement agencies, as well as the voluntary co-operation of the computer and Internet industry, in an attempt to reduce computer crime and improve the security of global computer networks and systems

ESTABLISHES the International Computer Security Institute (ICSI) whose tasks shall be to promote and facilitate international and inter-agency cooperation with regards to computer crime prevention and enforcement, and the development of new security systems and solutions to help prevent computer crime, and which shall be funded by voluntary donations by states, organisations, businesses or individuals.

EXEMPTS national law enforcement agencies from clause 2 relating to unauthorised access to computer systems and information in the course of their duties, subject to national laws.

ACKNOWLEDGES that electronic warfare by WA members is beyond the scope of this resolution, but prohibits such tactics that cannot be confined solely to the computer systems of the target nation.

The addition of the 'Exempts' clause is an excellent change to your original proposal, I think. I'm not so sure about the last clause, though: given you acknowledge it would be more properly dealt with by some other proposal, wouldn't it be better to leave everything up to that?

-- Samantha Benson
Quintessence of Dust, Delegate of Wysteria

The addition of the 'Exempts' clause is an excellent change to your original proposal, I think. I'm not so sure about the last clause, though: given you acknowledge it would be more properly dealt with by some other proposal, wouldn't it be better to leave everything up to that?

-- Samantha Benson
Quintessence of Dust, Delegate of Wysteria

I don't know. I only included it at all due to so many people last time round complaining that the proposal would prevent such tactics. However, given the point of this proposal is pertaining to the international element of computer crime, then its inclusion is relevant. Using such tactics as a means of war has a dangerous possibility of affecting not just the enemy nation in question, but potentially all nations. Thus if these electronic weapons are targetted, this proposal does not apply. But it prevents use of general computer viruses which could spread to other nations not party to the conflict.

MANDATES that any business, organisation (either governmental or non-governmental) must take security measures to protect any confidential data contained in them, especially that data that pertains to information about their customers or members of the public. Such measures may include, but are not limited to, password protection of systems, data encryption, firewall installation, virus scanning software, and more secure operating systems, etc.

Perhaps try:

MANDATES that all business, organizations (both governmental or non-governmental) implement tough security measures to protect all confidential data they may possess, especially data that identifies living people. The security include, but are not limited to: Authentication, data encryption, firewalls, user policies, and protection against malicious files;

(Remark: Based on the UK Data protection Act of 1988)

You need to generalize ways to protect computers.

Passwords come under authentication, and so do too smart cards. protection against malicious files not only include anti-virus systems, but also anti-spyware systems.

What is this "UN" you speak of?

What is this "UN" you speak of?

D'oh. Well, I was dredging up an oldie.

Perhaps try:

MANDATES that all business, organizations (both governmental or non-governmental) implement tough security measures to protect all confidential data they may possess, especially data that identifies living people. The security include, but are not limited to: Authentication, data encryption, firewalls, user policies, and protection against malicious files;

(Remark: Based on the UK Data protection Act of 1988)

You need to generalize ways to protect computers.

Passwords come under authentication, and so do too smart cards. protection against malicious files not only include anti-virus systems, but also anti-spyware systems.

Yep that makes sense to me. Though I'm not sure about the 'living people' phrase, as information can be held about companies, etc, which are not living people but which is still confidential.

The addition of the 'Exempts' clause is an excellent change to your original proposal, I think.

We must beg to disagree; we can think of few reasonable cases where the police would be unable to acquire authority from the courts to sidestep clause 2, and many civil rights cases in which we do not believe that the police should have the power to hack into anyone's computer system at their whim. We would be very much against this exemption.

Aside from the aforementioned "UN" thing, this looks good. I'll contact my regional delegate about supporting this once it's proposed.

EXEMPTS national law enforcement agencies from clause 2 relating to unauthorised access to computer systems and information.

It might not be a bad idea to add something about that clause only applying when done in the line of duty. That way it'll prevent agents from hacking into computers just for the hell of it and then claiming immunity from prosecution by virtue of this proposal.

Bob Flibble
WA Representative

Yep, as the Gobbannean and Flibbleite delegates have noted, I was wrong. That clause probably does need doctoring to require searches to be subject to warrants.

We must beg to disagree; we can think of few reasonable cases where the police would be unable to acquire authority from the courts to sidestep clause 2, and many civil rights cases in which we do not believe that the police should have the power to hack into anyone's computer system at their whim. We would be very much against this exemption.

This proposal does not say that national police forces must be allowed to do so. It only states that this proposal does not prevent that, and leaves it as a matter of national law.

It might not be a bad idea to add something about that clause only applying when done in the line of duty. That way it'll prevent agents from hacking into computers just for the hell of it and then claiming immunity from prosecution by virtue of this proposal.

Bob Flibble
WA Representative

I think that's implied by the exemption of "law enforcement agencies", not agents, but I have no objections to making that amendment really.

But does this address both of your concerns?

EXEMPTS national law enforcement agencies from clause 2 relating to unauthorised access to computer systems and information in the course of their duties, subject to national laws.

Looks good to me.

Bob Flibble
WA Representative

Given the mildness of the proposal in general, we suppose so. It dims our enthusiasm more than somewhat; we would rather than the police not be allowed a more priviledged position than anyone else without explicit case-by-case authorization. Still, if that is what the author wishes, we shall live with it.

Given the mildness of the proposal in general, we suppose so. It dims our enthusiasm more than somewhat; we would rather than the police not be allowed a more priviledged position than anyone else without explicit case-by-case authorization. Still, if that is what the author wishes, we shall live with it.

Let it be clear- this proposal does not give the police any privileges- it just does not prevent them from having them. We decided to leave that to national law, as many nations have different criminal systems, etc, and it was not the purpose of this proposal to stray into privacy issues in connection with criminal investigations.

Nations are well within their right not to grant the police such privileges without e.g. a warrant.

OOC: The old UN resolution did not contain the exemption clause, but it was the biggest area of contention. For an easier life, I omitted it. It leaves room for a more general privacy proposal covering all aspects of life- not just the electronic. I believe the UN also had such a resolution.

Not a great deal fo response to this- any further suggestions before I submit this?

I'd like to see what the current version looks like for analysis. Thanks.

I'd like to see what the current version looks like for analysis. Thanks.

It's the first post.

Well, if there are no further comments I'm now going to submit this for approval. I'd be very grateful to any delegates who would see fit to endorse this.

Ok, NOW the proposal is available for endorsement.

I had previously been unable to submit it- turns out it had too many characters including spaces. To remedy that, I have removed the last half of the last sentence, taking on board earlier comments that if electronic warfare is truly outside the scope of the proposal then it should not be included.

I'd appreciate all endorsements.

That's a pretty good resolution that would be worth a good debate if it reaches quorum.

I have added my approval to this proposal, here's hoping it makes it to the floor of the Assembly. Good luck.

This proposal is bull. The interwebs are free. You will not restrict the online anarchy. Fascist pig-dog.