Introduction to Cyberspace, Computer and Internet

Cyberspace

Cyberspace is the electronic medium of computer networks, in which online communication takes place.

The term “cyberspace” was first used by the cyberpunk science fiction author William Gibson. Later Gibson himself would describe it as an “evocative and essentially meaningless” buzzword.

The term “cyberspace” stands for the global network of interdependent information technology infrastructures, telecommunications networks and computer processing systems.

According to Chip Morningstar and F. Randall Farmer, cyberspace is defined more by the social interactions involved rather than its technical implementation.

The word “cyberspace” (from cybernetics and space) was coined by William Gibson in his 1982 story “Burning Chrome” and popularized by his 1984 novel Neuromancer. The portion of Neuromancer cited in this respect is usually the following:

Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts… A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding.

While cyberspace should not be confused with the Internet, the term is often used to refer to objects and identities that exist largely within the communication network itself, so that a Website, for example, might be metaphorically said to “exist in cyberspace.” According to this interpretation, events taking place on the internet are not happening in the locations where participants or servers are physically located, but “in cyberspace”.

Cyberspace is the “place” where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk.

Computer crimes

Cyberspace also brings together every service and facility imaginable to expedite money laundering. One can purchase anonymous credit cards, bank accounts, encrypted global mobile telephones, and false passports.

  • Chat room abuse
  • Copyright violations
  • Fraud scams
  • Child pornography
  • Email Abuse
  • Stalking
  • Harassment / Threats
  • Hacking / Viruses
  • Online Terrorism

Terms used in Cyberspace:

  • Augmented browsing:
  • Augmented virtuality
  • Community Information Grid (CIG) 1.0
  • CyberEmotions
  • Cyberglove
  • Cybernetics
  • Cybercrime
  • Cyber law
  • Cyber Operations
  • Cybersecurity
  • Cyber-warfare
  • Cybersex
  • Cyberzine
  • Cipherspace
  • Crypto-anarchism
  • Digital pet
  • Electronic sports
  • Information highway
  • Infosphere
  • Internet art
  • Meatspace
  • Metaverse
  • Mixed reality
  • Noosphere
  • Simulated Reality
  • Social software
  • Telepresence
  • Virtual world
  • Virtuality Continuum
  • Virtual reality

Computer

A computer is a general purpose device that can be programmed to carry out a finite set of arithmetic or logical operations.

a computer consists of at least one processing element, typically a central processing unit (CPU) and some form of memory.

The first electronic digital computers were developed between 1940 and 1945 in the United Kingdom and United States. In this era mechanical analog computers were used for military applications.

Modern computers based on integrated circuits are millions to billions of times more capable than the early machines, and occupy a fraction of the space.

Simple computers are small enough to fit into mobile devices, and mobile computers can be powered by small batteries.

Personal computers in their various forms are icons of the Information Age and are what most people think of as “computers”. However, the embedded computers found in many devices from mp3 players to fighter aircraft and from toys to industrial robots are the most numerous.

History

The first use of the word “computer” was recorded in 1613, referring to a person who carried out calculations, or computations, and the word continued with the same meaning until the middle of the 20th century.

In 1801, Joseph Marie Jacquard made an improvement to the textile loom by introducing a series of punched paper cards as a template which allowed his loom to weave intricate patterns automatically.

In 1837, Charles Babbage was the first to conceptualize and design a fully programmable mechanical computer, his analytical engine.

Alan Turing is widely regarded as the father of modern computer science. In 1936 Turing provided an influential formalisation of the concept of the algorithm and computation with the Turing machine, providing a blueprint for the electronic digital computer.

The first program-controlled computer was invented by Konrad Zuse, who built the Z3, an electromechanical computing machine, in 1941. The first programmable electronic computer was the Colossus, built in 1943 by Tommy Flowers.

George Stibitz is internationally recognized as a father of the modern digital computer.

Machine Code

In most computers, individual instructions are stored as machine code with each instruction being given a unique number (its operation code or opcode for short).

Programming language

Low-level languages: Machine languages and the assembly languages
Higher-level languages: High level languages are usually “compiled” into machine language using another computer program called a compiler.

Features of Computer

  • Input/output (I/O)
  • Multitasking
  • Multiprocessing
  • Networking and the Internet

Misconceptions

A computer does not need to be electronic, nor even have a processor, nor RAM, nor even a hard disk. While modern usage of the word “computer” is synonymous with a personal electronic computer, the definition of a computer is literally “A device that computes, especially a programmable [usually] electronic machine that performs high-speed mathematical or logical operations or that assembles, stores, correlates, or otherwise processes information”. Any device which processes information qualifies as a computer, especially if the processing is purposeful.

Internet

The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite.
It is a network of networks that consists of millions of private, public, academic, business, and government networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical networking technologies.
The Internet carries an extensive range of information resources and services, such as the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to support email.

Birth of new services: Voice over Internet Protocol (VoIP) and Internet Protocol Television (IPTV).

History

The origins of the Internet reach back to research of the 1960s, commissioned by the United States government to build robust, fault-tolerant, and distributed computer networks. The funding of a new U.S. backbone by the National Science Foundation in the 1980s, as well as private funding for other commercial backbones, led to worldwide participation in the development of new networking technologies, and the merger of many networks.

The commercialization of what was by the 1990s an international network resulted in its popularization and incorporation into virtually every aspect of modern human life.

The Internet has no centralized governance in either technological implementation or policies for access and usage; each constituent network sets its own standards.

Definitions of the two principal name spaces in the Internet

  • the Internet Protocol address space
  • the Domain Name System, are directed by a maintainer organization, the Internet Corporation for Assigned Names and Numbers (ICANN).

Internet is a short form of the technical term internetwork, the result of interconnecting computer networks with special gateways or routers.
The terms Internet and World Wide Web are often used interchangeably in everyday speech

The Internet, referring to the specific entire global system of IP networks

Technology

Protocols

  1. Application layer: HTTP, FTP, DNS, Telnet, SSH, SMTP
  2. Transport layer: TCP
  3. Routing protocols * belongs to either application or network layer: BGP, OSPF, RIP
  4. Internet layer: IP, IPv4, IPv6
  5. Link layer: Ethernet, DSL, ISDN

Routing

Internet Service Providers connect customers (thought of at the “bottom” of the routing hierarchy) to customers of other ISPs.

Internet exchange points create physical connections between multiple ISPs, often hosted in buildings owned by independent third parties.

Computers and routers use routing tables to direct IP packets among locally connected machines. Tables can be constructed manually or automatically via DHCP for an individual computer or a routing protocol for routers themselves.

Modern uses of Internet

  • Education
  • Sharing of ideas, knowledge, and skills
  • Work on shared sets of documents simultaneously
  • Remotely access other computers and information stores easily
  • File sharing is an example of transferring large amounts of data across the Internet.
  • Streaming media is the real-time delivery of digital media for the immediate consumption or enjoyment by end users.

Social impact

  • The Internet has enabled entirely new forms of social interaction, activities, and organizing
  • Use chat, messaging and email to make and stay in touch with friends worldwide,
  • Social networking websites such as Facebook, Twitter, and MySpace have created new ways to socialize and interact.

Politics and Political revolutions

Politics and political revolutions
The Internet has achieved new relevance as a political tool. The presidential campaign of Howard Dean in 2004 in the United States was notable for its success in soliciting donation via the Internet. Many political groups use the Internet to achieve a new method of organizing in order to carry out their mission, having given rise to Internet activism, most notably practiced by rebels in the Arab Spring.

The New York Times suggested that social media websites such as Facebook and Twitter helped people organize the political revolutions in Egypt where it helped certain classes of protesters organize protests, communicate grievances, and disseminate information.

The potential of the Internet as a civic tool of communicative power was thoroughly explored by Simon R. B. Berdal in his thesis of 2004:

“As the globally evolving Internet provides ever new access points to virtual discourse forums, it also promotes new civic relations and associations within which communicative power may flow and accumulate. Thus, traditionally … national-embedded peripheries get entangled into greater, international peripheries, with stronger combined powers… The Internet, as a consequence, changes the topology of the “centre-periphery” model, by stimulating conventional peripheries to interlink into “super-periphery” structures, which enclose and “besiege” several centres at once.”

 

Source: Wikipedia

Class Notes on PG. Diploma Cyber Law – Information Technology Law (SEM II)

Class Notes on PG. Diploma Cyber Law – Information Technology Law (SEM II)

UNIT I

Information Technology Act, 2000 (with Amendments update)

Nature and Scope of the Act

Objectives of IT Act

  • To provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communications, commonly referred to as “electronic commerce”

  • To facilitate electronic filing of documents with Government agencies

  • To amend the Indian Penal Code, Indian Evidence  Act, 1872, The Bankers Book Evidence Act, 1891 and the Reserve Bank of India, 1934

Regulatory Bodies and Dispute Settlement Mechanism, under the Act

48 Establishment of Cyber Appellate Tribunal

(1) The Central Government shall, by notification, establish one or more appellate tribunals to be known as the Cyber 1 […] Appellate Tribunal.

(2) The Central Government shall also specify, in the notification referred to in sub-section (1), the matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction.

52A Powers of superintendence, direction, etc.

The Chairperson of the Cyber Appellate Tribunal shall have powers of general superintendence and directions in the conduct of the affairs of that Tribunal and he shall, in addition to presiding over the meetings of the Tribunal, exercise and discharge such powers and functions of the Tribunal as may be prescribed.

UNIT II

Privacy Issues in the Cyber World

“The Internet is a super-recorder,” says John McCarthy. Technology allows more accurate information gathering. There is a powerful debate around the fears we have. According to McCarthy, “We are getting a very clear picture of who you are.” Nowadays, the more information a company has, the more valuable it is.

With the evolution of technology, our concerns have changed. In the past it was nearly impossible to record any information about people. Nowadays we can retrace every web site a customer has visited. According to David Sobel, the Internet acts like a massive deregulator. “Government has become a seller of information to the private sector,” he said.

Is there a solution? One solution would be the self-regulating market approach. According to Jerry Kang “If the personal information is valuable, then the market has a price for it.” For example, if Amazon.com values information, they can buy it by giving customer a coupon with a dollar value.

The issue of privacy in the cyber world also depends on the level of knowledge of the customer. Many Internet users are not aware of the amount of data institutions have on them. It was suggested that a potential solution would be encryption, already used for credit card transactions. A legal framework is also needed, the panelists noted. No one solution is the answer because of cyber crime.

Data Protection Principles

Personal data must be:

1. Processed fairly and lawfully.

2. Obtained for specified and lawful purposes.

3. Adequate, relevant and not excessive.

4. Accurate and up to date.

5. Not kept any longer than necessary.

6. Processed in accordance with the “data subject’s” (the individual’s) rights.

7. Securely kept.

8. Not transferred to any other country without adequate protection in situ.

Privacy Rights of Data Subjects

The purpose of doing so is to empower and enable subjects to check what data relating to them is being held and what is being done with it. These rights come with responsibilities, it is not granted to subjects so that they may make enquiries out of idle curiosity but rather so that they can check what data is being processed on them and how accurate that data is.

The rights of data subjects are as follows:

  • The right to establish the existence of personal data;
  • The right of access;
  • The right of objection;
  • The right of rectification.
  • These rights are discussed in greater detail below.

The right to establish the existence of personal data

Section 3 of the Data Protection Acts provides that subjects may request in writing to be informed whether a person is keeping data relating to them. That person must respond to the request, and if data is being kept then they must provide a description of the data and the purpose of its processing. This right has several advantages over the broader right of access: its quicker, 21 days versus 40; cheaper, being free versus €6.35 for the section 4 right; and broader, there are no exceptions to this right. However, the right is an anachronism, a holdover from the 1981 Strasbourg Convention and such a right is not required by the Data Protection Directive.

The Right of Access

Section 4 of the Data Protection Acts provides a right of access. Any data subject may request access to their personal data, such a request must be made in writing, be accompanied by a fee of €6.35 and contain such information as the controller “…may reasonably require in order to satisfy himself of the identity of the individual and to locate any relevant personal data or information”. The subject must fulfil all of these criteria before time will begin to run, but once time begins to run the controller has 40 days within which to respond to the request. The 40 days are calendar, not business, days. So a controller has a little less than 6 weeks within which to respond to a request. When responding to a request the controller must:

  • Inform the requestor whether or not it processes data relating to the requestor;
  • If it does, then provide the requestor with a description of the following:
  • The categories of data being processed;
  • The purpose of the processing
  • The personal data
  • Any recipients of the data.
  • Have the data communicated to them in an intelligible form
  • If the automated processing of this data will form the sole basis upon which a decision will be made relating to the subject, then the subject must be informed of the logic of the processing.
  • There are a few exceptions to the right of access, but the data will have to be released unless those exceptions apply.

The right of rectification or erasure

If data is being processed in breach of the Data Protection Acts then subjects have the right to request its rectification or erasure. Such a request must be made in writing. Controllers should comply with such requests as soon as possible and must do so within 40 days. Where data is inaccurate or out-of-date then the subject will be deemed to have complied with such a request if he supplements the data. Where the controller makes such a change in respond to a request, then the controller must inform the subject that the change has been made and also inform anyone to whom the data was disclosed within the previous 12 months.

The Right of objection

Subjects have the right to request the cessation of the processing of their data which is causing or likely to cause substantial damage or distress to him or her or to another person, and the damage or distress is or would be unwarranted. Such a request must be made in writing for the processing either not to begin or else to cease within a reasonable time. Such a request can only be made where the processing is being undertaken:

  • in the public interest or in the exercise of official authority or
  • in the legitimate interests pursued by the data controller unless those interests are overridden by the interests of the data subject in relation to fundamental rights and freedoms and, in particular, his or her right to privacy with respect to the processing of personal data.

Such a request cannot be made where the subject has given his explicit consent or the processing is necessary:

  • for the performance of a contract to which the data subject is a party;
  • in order to take steps at the request of the data subject prior to his or her entering into a contract;
  • for compliance with any other legal obligation to which the data controller or data subject is subject;
  • to protect the vital interests of the data subject;
  • for electoral activities;

The ministerial power to regulate for other cases lacks the powers and principles requited by the High Court in — and so is not effective. Where such a request is made it the controller must serve a notice within 20 days indicating that:

  • the request will be complied with;
  • the request will not be complied with and statin the reasons for such non-compliance.

A subject who is unhappy with the response to such a request may complain to the Data Protection Commissioner, who may invoke his power under section 10 of the Data Protection Acts.

Rights in respect of automated data processing

The Data Protection Acts apparent prejudice against automated data processing now seems somewhat anachronistic. The reality is that automated data processing systems make decisions about people all the time, it is not at all clear that there is any real point in having such decisions looked-over by a living person. It would seem likely that if a controller’s prejudices are reflected in his programming then they will also be reflected in his hiring choices.

What section 6B of the Data Protection Acts says is:

“…a decision which produces legal effects concerning a data subject or otherwise significantly affects a data subject may not be based solely on processing by automatic means of personal data in respect of which he or she is the data subject and which is intended to evaluate certain personal matters relating to him or her such as, for example (but without prejudice to the generality of the foregoing), his or her performance at work, creditworthiness, reliability or conduct”

Many of the decisions that produce “…legal effects concerning a data subject…” will occur in the public sector, where basic standards of fair procedure will apply. Such standards would seem to preclude the taking of such automated decisions in any event, so rendering section 6B partially redundant.

In addition section 6B will not apply where:

  • The subject has consented;
  • The processing is necessary to comply with a statutory obligation of which the subject has been informed;
  • The processing is necessary to enter into or fulfil a contract with the subject;
  • The processing will grant a request of the subject and adequate steps have been taken to preserve his rights.

Enforcement is possibly the most interesting aspects of Europe’s Data Protection Laws but is an aspect that is frequently overlooked. Data protection is designed to be primarily enforced by users themselves, with supervisory authorities such as the Data Protection Commissioner and the Courts themselves reduced to a supervisory role. This role is conferred on users by giving a number of powers to them, namely: the right of access; the right of rectification; the right to object; and the right to sue.

Protection of Sensitive Data

Protecting sensitive data is the end goal of almost all IT security measures. Two strong arguments for protecting sensitive data are to avoid identity theft and to protect privacy.

The improper disclosure of sensitive data can also cause harm and embarrassment to students, faculty, and staff, and potentially harm the reputation of the Institute. Therefore, it is to everyone’s advantage to ensure that sensitive data is protected.

1. Data security is fundamental

Data security is crucial to all academic, medical and business operations. All existing and new business and data processes should include a data security review to be sure MIT data is safe from loss and secured against unauthorized access.

2. Plan ahead

Create a plan to review your data security status and policies and create routine processes to access, handle and store the data safely as well as archive unneeded data. Make sure you and your colleagues know how to respond if you have a data loss or data breach incident.

3. Know what data you have

The first step to secure computing is knowing what data you have and what levels of protection are required to keep the data both confidential and safe from loss.

4. Scale down the data

Keep only the data you need for routine current business, safely archive or destroy older data, and remove it from all computers and other devices (smart phones, laptops, flash drives, external hard disks).

5. Lock up!

Physical security is the key to safe and confidential computing. All the passwords in the world won’t get your laptop back if the computer itself is stolen. Back up the data to a safe place in the event of loss.

Sensitive personal data.

In this Act “sensitive personal data” means personal data consisting of information as to—

  • the racial or ethnic origin of the data subject,
  • his political opinions,
  • his religious beliefs or other beliefs of a similar nature,
  • whether he is a member of a trade union
  • his physical or mental health or condition,
  • his sexual life,
  • the commission or alleged commission by him of any offence, or
  • any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

Regulation of Trans-border data flows

The regulation of data flows across national and regional borders under the data privacy laws of dozens of countries and international and regional regulatory instruments is the topic of my new book entitled Transborder Data Flows and Data Privacy Law, which will be published in May by Oxford University Press. European Data Protection Supervisor Peter Hustinx was kind enough to write a foreword to the book.

The subject is too complex to discuss in detail here, but I can share the gist of some of my conclusions:

Regulation of transborder data flows has spread far beyond its original roots in Europe and now includes many countries in Africa, Asia and Latin America as well.

The adequacy approach typified by the EU Directive has been and is likely to remain the most influential model, though other ones—such as the accountability approach—have emerged in recent years.

Technological developments—particularly the growth of the Internet—and globalization raise important questions about transborder data flow regulation. For example, does it make sense anymore to distinguish between “transborder data flows” and any other kind of online data processing, given that data flows on the Internet without regard to national borders?

The types of data transferred across borders have also changed over time. There is now much more data containing information about identifiable persons (i.e., personal data) being transferred than ever before as well as more sharing of personal data between governments—often for law enforcement purposes.

Providing protection to personal data as they are accessed and transferred around the world has attained considerable economic importance and private-sector instruments—such as contractual clauses and internal corporate rules and policies—are increasingly used for this purpose.

There is a need for greater transparency about how data are transferred internationally and for greater interoperability between regulatory approaches.

Regulation tends to focus too much on applying local standards to personal data transferred outside national borders, rather than on the global implications of restricting transborder data flows.

A major theme of the book is the tension between regulation of transborder data flows and other legal requirements. As such regulation has spread, it has increasingly led to conflicts with legal obligations in other areas. Moreover, other important interests—such as freedom of expression and ensuring the free flow of data—are sometimes not sufficiently taken into account.

There is also a disproportionate relationship between the increasing flood of personal data now being transferred online and the limited possibility to enforce transborder data flow regulation by traditional legal means.

Where is the regulation of transborder data flows headed?

The number of countries enacting it will continue to grow and agreement on an international treaty dealing with the subject is highly unlikely, given the different approaches taken in different countries.

However, countries could take certain steps to produce an improved regulatory framework. For instance, if they are going to enact such regulation, then governments should themselves comply with it, which is often not the case. Transborder data flow regulation will continue to spread around the world and to create conflicts with other requirements, which companies and other organizations will have to come to terms with as a permanent feature of the global privacy landscape.

UNIT III

Register for more!