Cyber Law and Policy

This blog is full of posts about cyber-crimes; I thought it is a good idea to cover the reaction of governments and other relevant authorities.

The increase in our interaction with the web across the globe has caused more and more criminal activities to take place as hackers look for ways to exploit this growth of users. This has led to several new attempts to curb these attacks and provide solutions to online problems that arise. National laws continue to address cyber-crime issues, but further and greater cooperation between states is the best way to decrease and solve crimes that cross national borders.

Internet Governance is an umbrella term that groups state, private, and technical solutions that are provided for online crimes. An increasing number of Governments have started to take the trend of virtual life seriously and are beginning to consider such users as ‘online citizens’. In fact, in a changing and increasingly virtual world, governments are reconnecting with the citizens directly to their homes. With a growing portion of our time spent online the concept of the cyber-citizen is now established and recognized by business, government, and society.

However, we are still learning and figuring out how to recognize and identify this concept lawfully. For now we only have a broad idea about how online behaviour will be governed by a network of national laws and how the breach of the latter will be punished.

From the war between QQ and 360

As my last blog mentioned, it come out to be a frame-up that 360 Company pointed QQ for Cyber Espionage in Sep, but this was not the settlement, but just a beginning.
The war started here. When the public was struck in a panic and concerned about their privacy security after the invention of 360 privacy protector, 360 company soon designed (which is thought premeditated) another software named Koukou BaoBiao(QQ Guard) intended to take charge of QQ IM software, namely to blocks off the advertisement of QQ, speed up QQ, shut off some automatic service such as QQ music, QQ Show and so on. These advertisement and services are the main way to earn profits from its users for Tencent. Of course, Tencent Company was unhappy about this so-called QQ Guard and here comes the highlight of this war!
On 3 Nov, QQ pops out a window to all the users, announcing that they have made a very difficult decision: in case QQ users’ desktop become the campaign field between 360 and Tencent, QQ will automatically stop running on computers installed with 360’s software. This announcement soon became the hottest topic and almost everyone on Internet was talking about it. This is in China because up to 70% of computers are installed with both 360 and QQ. Soon afterwards, other big companies involved in to help compromise or to get a share from the chaos. The complaints from the public were so unbearable that authority had to take action to involve it, and finally these two companies reached a compromise that QQ will live with 360 unless 360 withdraw QQ Guard software. Until then did the war come to a gentle stop, but no one can predict whether it is an ending or just the silence before another war breaking out.
From all this, it is difficult to definitely distinguish the two companies from the bad or good. Each company reacts to this commercial event for the sake of his own benefit, no matter how just or rightful it might appear to be. The motive of this event is hidden deeply and there are various implications from the public. For instance, because of the cooperating relationship between 360 and Microsoft, it is guessed that this entire event is a conspiracy to trap QQ so as to benefit MSN. This sounds reasonable as the moment QQ claimed to be incompatible with 360, a large number of QQ users got annoyed and signed up MSN, saying that they can still communicate without QQ. On the contrary, 360 claims highly that what it did is all for justice, for the security of personal computer. Since it is impossible to mention all history about these two companies, what I will talk about in the following is the reaction and influence to the public.
Not everyone is graduated from Information System, nor take the Module IS1103. So the majority is not quite aware of the commercial or technological aspects, nor can they tell the truth of this event. Therefore people conceive the event by their own benefits and at some degree, by intuition or their own preference. As we can see, the first time when QQ was suspected of cyber spying, the majority supported 360 and felt disappointed to QQ. Other Internet Companies take this opportunity to get a share or as a revenge. Then when it is found to be a frame-up some become hesitated and did not know who to believe.
Subsequently when QQ pops out windows, claiming incompatibility with 360, the public got angry and felt that QQ was actually threaten the users that if you want to use QQ, then there is no way for you to install 360’s software. This is really controversial and raised a lot of comments from both unknown and IS experts. Here the public got annoyed.
“It’s ridiculous! Have you ever heard that Maldonado refuse to sell food to those who has eaten KFC? Have you heard that iphone will shut down automatically if it found any Nokia mobile phone nearby?” Some joked in the format of QQ’s announcement: “The Water Supply General Company has made a difficult decision: in case the users’ house become the water pool with electricity, Water Company refuse to supply water to those who uses electricity from State Electric Power Corporation.”
Some experts stood out, stating that it was the absence of the law that made such a war happening. To some extent the action of QQ is illegal because it violates the rights of consumers to choose.
Latter, when it is said that the motive of 360 might be to bring profits to MSN, the public start to again hesitate and realize both the two companies are not worthy of trust. But it is argued that each of the two companies hired writers to write for their own benefits.
Now reflecting on the whole event, 360 benefits while QQ suffers by losing trust and support from the public. This is mainly because 360 managed to take advantage of public opinions and meet the need of users successfully. From the beginning, 360 claims to be pass justice, and latter, it actively put out QQ guard in the name of protecting computer security. On the contrary, QQ is the underdog and react passively. At first, when it is suspicious of committing cyber spying, it did not counter or explain quickly confidently but appear to be guilty. (Maybe it is really guilty. Who knows?) Then for the QQ guard, when QQ’s benefit was at stake, Tencent Company did not think about the users’ benefits at first place. Instead it violated the users’ rights for its own benefit by disability of compatibility. This is the main reason why it lost the war. To consider the users’ benefit at first place is the lesson to learn.
Well, despite the losses for each company, this war has positive influence on the public and the whole internet environment in China. The status of Tencent is being doubted. Although it is still the largest company, there is no way for it to make a monopoly and no way to violate the rights of user. In addition, as a result of the involvement of authority, the law is on the way to be carried out so that it would be clearer about what is illegal and the environment of ICT will be more harmonious.

Cyber Espionage: chatting tools contain spying software?

What if you come to know that msn or facebook is packed with malicious software, and is now spying your computer without your knowledge or consent, just like what ghost net did? Well, I’m not just scaring you! QQ, The most popular social networking software in China is now suspected of committing cyber espionage!

Things started with a new software called 360 Privacy Protecter, designed by 360 Company. This software aims to check the security of private documents on personal computer, namely whether documents on this computer are being spied, by what kind of software. What astonished all is that as soon as this software was out in market, a large number of users claimed that QQ is involved and badly suspected of spying their personal documents such as Office documents, chatting record documents etc.


QQ is the most widely-used chatting software, designed by Tencent Company. Till 2010, it enjoyed quite a large number of customers (more than one billion, even larger than that of MSN), thus making Tencent the largest Internet Company In China. It’s not an exaggeration to say that where there is Internet, there is QQ. It has almost become part of Chinese’s daily life, just like MSN to English-speaking countries. However, 360 is a relatively small company, aiming to provide free software such as 360 Security Manager, 360 anti-virus software, to protect security of PC.

As soon as 360 pointed out QQ’s cyber spying, it became a headline new related to  internet issues and the fierce war between these two companies broke out. QQ responded that 360 mistook the legal function of scanning as spying, and only picked holes in QQ on purpose, out of its jealousy to the large number of QQ’s comsumers; while 360 claimed that QQ’s cyber espionage action disappointed all the users and would sooner or later lose the trust of the public. A lot of evidence seems to provide support to 360’s accusation, such as many users receive 2~3 spam mails every month, as some QQ users stated.

As the war went further, the fact seems to be a deliberate frame-up because 360 Privacy Protector will take any program named QQ as spying software. However, this war is far more than a funny joke. What is alarming to us is not laughter but deep concern about the security of our privacy.

For us ordinary users, when we take advantage of those so-called secure software or browsing those so-called safe sites, we are in fact not really aware of what the function of the software may be packed with, and not even informed of what the websites might do with our personal information. Moreover, many sites like Facebook, msn, gmail, renren, require our personal information to be true. When we finally let our information out, we do not even have the slightest idea about which site sold out our personal information! Under these circumstances, as an ordinary Internet user, what should we do to protect our privacy? How should we prevent it? Most of the time, it’s impossible for us to go through every privacy rule before browsing every website. And it is not convenient for us to make up too much fake information for those social networks such as facebook, which might result in a lot of inconvenience when communicating with our friends and relatives. In contrast, the disclosure of our information seems to bring no harm other than those annoying mails and other irritations. After comparison, it seems that the benefit of disclose our privacy exceeds its cost and risk. But is the cost totally inevitable? is there any possibility to  reduce the risk?

Well, in my opinion, it is the responsibility of those websites to inform the users and keep their words. On the other hand, the law should be passed to punish those who let out the users’ privacy. The most important is that for us ordinary users, try best to hold on to our own information. It’s your own choice to determine how much to share.

Internet Monitoring over Kids (to be continued) …..

The internet has become a wonderful resource for kids. They can use it to read school reports, communicate with friends and play interactive games. Internet has become more and more a linking bridge for kids with the big world outside. Unfortunately, that bridge could involve huge potential hazards. For example, an 8-year-old kid might do an online search for “Lego.” But with just one missed keystroke, the word “Legs” is entered instead, and the child may be directed to a slew of websites with a focus on legs — some of which may contain pornographic material.

What will happen to that kid in such scenario? It will obviously have bad impact on him. And who knows through time, if there is no in time prevention and action from his parents, to what extent those risks will affect his development of characteristics.

Therefore, it has become a huge phenomenon in our society nowadays that parents need to be aware the interactions of their kids on the Internet, who they meet, and what they share about themselves online. Just like any safety issue, parents take advantage of resources to protect their kids and keep a close eye on their activities. That is the reason why there are now more and more tools available especially for monitoring kids.

However, such way of protection can’t be simply the all-in-one solution for potential risks. For many teens, text messages or cell phone calls are the primary form of communication with their friends. Then how parents will monitor them? Waiting for new monitoring tools developed in the industry to keep on monitoring their kids? Well, that would be the equivalent of a parent in days past surreptitiously picking up the extension in another room to eavesdrop on a child’s conversation.

Parents should take in consideration their inability to keep up with the time in terms of technology while allowing your children to be exposed too many kinds of new technology so that children outpace them by leaps and bounds. Thus is not only doing parents a disservice – it’s doing one to their children as well. Kids may know their way around the social Web and cell phones better than their parents, but they haven’t fully developed their interpersonal and social skills in a way that allows them to handle the issues that will inevitably come up.

I believe the best way that parents could support their children is to help them learn and grow on her path to independence, which includes staying informed on all trends, both technology and otherwise. Parents who can’t be bothered to figure out what that “tweet thing” is all about or what “sexting” is should not think this is a badge of honor to wear proudly, as if it makes them more mature somehow. It should be a signal that the world has surged ahead and they’ve been left behind in its wake.

Parents should not make this a socio-economic issue, either. If they can’t afford a computer or cell phone, then neither can your child. However, he or she may have access to them at friends’ houses or at school or even access to them via your public library. Many public libraries offer free computer classes, too. The children could even take one together. Let the lack of technology comprehension guide kids to a learning experience that helps them both, instead of being an issue where their children are left unsupervised because their parents don’t know what they are doing.

Yes, in a world plenty of risks of cyber bullying, sexting and other dangerous behaviors, monitoring tools do show their efficiency in protecting kids. That claim may be true to a point, but is keeping track of each chatting passage, reading each and every text message the best way to counteract these behaviors? For that matter, should parents be spying on their kids to this extent at all? Is this level of spying the right way to parent, though? There are alternates of course: Parents could educate their children instead, do spot checks to keep them on their toes, friend them on Facebook and elsewhere across the Web, and keep the computer in a public area of the home.

Parental spyware, however, should be turned to as the last alternative.

Banned? I can climb over it!

It is a globally acknowledged fact that Internet censorship in China is indeed strict to the extent that even some well-known and universally-recongnized social networking sites are forbidden, such as Facebook, Twitter and Youtube. Even in Baidu, the largest searching website in China, words related to so-called sensitive issues are banned in order to create a harmonious society.  What’s more, the government established the Golden Shield Project, often referred to as the Great Firewall of China (GFW),and began operations in 2003. This project is an initiative to monitor and control all the information that is supposedly “anti-government”.

However, as the Chinese proverb says “while the priest climbs a post, the devil climbs ten”., people in China still manage to access these banned websites by ‘climbing the wall’. What is ‘wall-climbing’? Well, wall-climbing is a metaphor for browsing blocked websites with the help of particular software. These software can change different proxy services and provide anonymous IP address in order to access the websites blocked in that area (e.g. Firefox autoproxy    add-on,tor, blackVPN,Freedur).

The Ultimate Proxy: Tor

But these softwares bring out not only ethical but also political issues. On one hand, with these software, some pornographic and violent websites are within reach to the public, and free accesses are provided to some illegal download. Anonymity provides convenience to Chinese citizens but also brings benefits to hackers. On the other hand, it becomes a hot topic when USA supported Falun Gong, an organization against Community party, to develop more such software because Chinese can bring profits to USA by browsing USA websites via these applications. This issue has led to a controversial relationship between China and America.

Having said all the above, if you are living in country with strict Internet censorship, will you mind ‘climbing walls’?

Cybercrime today

Our blog has thus far only focused on specific types of cybercrime activities and on incident-based arguments, but through this post we attempt to give a more generic overview and cover the state of cybercrime today.

This blog post is inspired from the following video which reveals some shocking statistics about cybercrime.

The numbers shown on the video are definitely not negligible, and they keep increasing every year. The number of cybercrimes each year has grown exponentially since the first attacks several decades ago, but it is apparent that our initiatives taken to counter these deeds are not keeping up with the pace.

Today cybercrimes not only affect individuals but also corporations, financial institutions and governments. These attacks cause losses in the form of data, information, money, necessities (like electricity), and so on. And these losses are massive. As (dramatically) exemplified by the video: the information stolen from an ATM within 24 hours costs a million dollars; computer crime has cost America 8 billion dollars over the past 2 years; in 2008, 1 trillion dollars were lost in businesses because of cyber-attacks.

How did we allow such huge problems to arise? Or did everything happen before we could even realize it? I think the second statement is more correct. Internet is often defined by words like anonymity, speed, low-cost, connectivity, no border constraint, mass coverage and so on, and these are the qualities that have made us blind all this while. Moreover, the Internet wasn’t designed with security in mind. Only later did such issues crop up.

Recently, international police (INTERPOL) took initiative to intervene in this ever-growing computer security business (which, as of today, is estimated to have a value of 105 billion dollars according to McAfee) and set some rules. Authorities have slowly begun to realize that cyber-attacks can have real and dramatic consequences on nations and economies, and , what’s worse, these consequences will only grow in magnitude with time. At the anti-crime conference held on 18th September 2010, Ronald K. Noble, secretary general of INTERPOL, asserted that “We have been lucky so far that terrorists did not — at least successfully or at least of which we are aware — launch cyberattacks”.

Indeed, in my opinion the first step to fight cyber attacks is to set up solid international rules and regulations, and constant monitoring of internet activities just like we do in real world. While some of this is already happening, we still have a long way to go.

Criteria to Judge a Cybercrime

During Tutorial 3 ,  we had a deeper discussion on Bungle’s case, who ‘raped’  someone virtually on cyber space. Regarding the question “should anyone suffer real world consequence “, we had a heated debate which resulted in no correct answer on either side. Finally, the tutor summarized that those who held the view that Bungle should not suffer real world consequence are judging a crime by the ‘consequence’ of an action, while the other side, who stuck to the opinion that Bungle should be punished for what he had done, was in view of ‘activity’.  This discussion led us to take it more seriously on how we should judge a cybercrime.

The case serves as a hook to discuss about the criteria of judging a cybercrime, while two sides of the view are indeed very typical and represents two theories—–motive consequentialism and negative consequentialism. The former theory defines an act on the basis of its motive. Namely, according to this theory, an action is not considered wrong if the motive to make the decision to act is good. Therefore Bungle should be punished. Conversely, the later theory focuses solely on the consequence of an act. That is to say, an act with a bad consequence is regarded wrong even if the motive to act is good. In this case, Bungle should not suffer real world consequence because no one is harmed in real world.

Even in defining traditional crime, there is still inconsistency between these two theories. Most of the time, negative consequentialism is more acceptable because the consequence of an act is usually more obvious and visible than the motive to do it.  But in certain circumstances, the laws give preference to motive consequentialism for the sake of justice, for example: the distinction between murdering and justifiable homicide, which may share the same consequence but different motives.

Similarly, both motive consequenctialism and negative consequentialism should be applied flexibly in establishing the legislation of cybercrime. However, cybercrime varies from traditional crime mainly because it is all happened in a virtual world and the consequence in real world cannot be easily judged, for instance, stealing money through i-banking leads to a great influence in real world, while raping the avatar in cyber space does not cause real harm to the user. But it is still not proper to say that unless a valid consequence is done in real world, we cannot regard it as a cybercrime. Stealing other’s personal information or a company’s documents is usually considered illegal even though sometimes it does not harm the victim in real life if the information-thief does not take advantage of these information to do sins.

Well, cybercrime is a newly-born issue, which is inevitable with the development of computing and ICT. Unlike traditional crime, it does not have such a long history of trial and error to test the rationality and feasibility. Fortunately, the criteria and system of traditional crime lends a mass of reference to that of cybercrime when being compare carefully. After all, there is still a long way to go before we make criteria of cybercrime perfect.

Wang Jun

Internet Monitoring over Kids …

Safe Computer Kids – Internet Monitoring

The video shows a recent problem, which started approximately two decades ago, about children growing up with computers and having easy access to the Internet from anywhere and at anytime. The issue seems so complicated that even parental monitoring is not possible every time.

Moreover, with the computer at their disposal, it is easier for kids to meet strangers online especially if the computer is placed in the kid’s bedroom. The kid gets complete privacy to do whatever he wishes. And it gets easier to plan out something notorious or dangerous.

Parental check is so far considered as the biggest solution to this issue. It is the parent’s job to make sure what the child is doing while surfing the web. Parents take out some time to discuss what new findings they have made through the web. At the end of the day, preventing their child from cyber crime is in their hands.

This clip reminds me of the Ryan’s case that the professor mentioned in the first day of our class. Not only Ryan, but probably many other kids might have been saved from cyber crime if their parents turned to such ICT softwares earlier.

However, Are those ICT softwares appropriate tools to protect kids from cyber crime?

I start to wonder whether this is a great solution and if all parents use it to check on their children,how will the kids react ? Is it acceptable and legal to give parents the rights to keep track of their kids online activities on a daily basis ? I myself believe “No”  and that is another kind of crime, privacy violation.