Computer information has to be protected as a proprietary
Very few things can be done without collecting, integrating, generating or having an access to information. M. Winner defined information as “an indication of contents taken from the environment when adapting ourselves and our feelings to it. Obtaining and using information allows us live and survive in the surrounding world . In other words, information is a way of perceiving those or other things.
Computer information is that transmitted, processed and stored by using computers. It can be transferred in space, stored in time, sent to another person or computer and subjected to other operations.
According to V.Krilov, computer information presents data, knowledge or programs stored in the computer or on the machine carrier and intended for using in the computer or for their controll, - an element of information system that can be identified and has an owner who provides rules of its application” .
O.Trusov thinks that information reflects things and events in the human conscience without any interconnection . Hence information is interpreted as a thing in itself. According to R.Lantsman, information distinguishes one event from another or characterizes its various conditions .
Some serious methodological mistakes can occur when defining information as that reflected in the user’s conscience but not connected with it. However, juridical literature often identifies information with reflection  or denies any interconnection between reflected things and human conscience . It is wrong.
The above wordings allow tracing gnoseological roots and origination of “information” in the science of crime detection. As to the process of proving changes in the environment, R.Belkin thinks that information on an event results from its reflection there . It should be noted that changes in the environment are the reflection that might be not a piece of information if a person does not require it as a feature of the reflected object resulted from its interaction with other ones. Therefore, the feature of this reflected object is a fact that exists beyond and independently of the human conscience. The fact being the basis of information is called a base fact or potential information. It is always displayed on a particular carrier that can present any material body.
When considering information as an object of protection, it should be noted that information is a result of the reflection and processing of the environmental variety in the human conscience. It also presents data on things, natural phenomena and activities of other people. It is necessary to protect information that a person exchanges with another one through the computer. Not only privileged information should be protected but also non-secret one. The loss and leakage of data can cause grave consequences. Many examples can prove it. Crimes committed in automated systems of banking and commerce structures have gained in wide scope. According to foreign experts, the loss inflicted by computer crimes is ranged from $170 million to 41 billion.
On July 5, 1994, Ukraine’s Parliament passed the law “On protection of information in automated systems” . It provides rights of owners for protecting information that is processed in the automated system.
Any decision on protecting information should be taken due to its value. However, the process of estimating data remains quite subjective in spite of various attempts to formalize it by using methods of information theory and decision analysis. The significance of information should be taken into consideration when valuing it. There are four categories of data importance:
1) Vital information is required for the organization performance^;
2) Important data can be replaced or restored but the process of restoring them is very hard and expensive^;
3) Useful information is hard to restore but the organization can effectively operate without it^;
4) Inessential data are not required for the organization.
In practice, it is quite difficult to refer information to one of these categories because it can be used by many organization departments and applied to different categories of importance. The value and importance of information can be changed depending on how a user and potential violator treat it.
There are some definitions of groups connected with processing information: owner – either an organization or person keeping data^; source – either an organization or person providing information^; violator – either an organization or person obtaining information in an illegal way. All of them can consider information in a different way. For example:
• Important operative information such as a current order list or production schedule can be of a high value for a user but not for a source or a violator^;
• Personal information, for example, medical one, can be more valuable for a source than for a user or violator^;
• Information used by authorities to develop and make decisions, for example, on market opportunities can be valued by a violator but not by a source or owner that has already finished analyzing it.
The above categories of significance can be applied to any information. They also conform to the current principle of dividing information into levels of secrecy. The secrecy level is an administrative or legislative measure adequate to that of a person’s liability for the circulation and loss of particular secret data and regulated by a special document taking into account national, strategic, commercial, official or private interests.
The practice shows that not only confidential information should be protected. Illegal modification of non-secret information (for example: control instructions) can cause the leakage or loss of related secret one as well as automated system malfunctions.
As a result, non-secret information can become confidential one. Similarly, data of a definite secrecy level can become those of a higher one. An access to information should be differentiated according to the functional characteristic to avoid such situations. The same importance information processed in the data processing system is divided in accordance with the user’s functional duties and powers established by the organization authorities – an owner of information.
To the utmost, the safety of information in automated systems (AS) has been exclusively considered as a danger of obtaining it in an illegal way when processing and storing it in AS. Today the safety can be interpreted as a security of actions fulfilled by using information. Fundamental distinctions of this interpretation in contrast to the traditional one are very important because electronic computers are widely used for the automated control over information systems and processes where unauthorized modifications of planned algorithms and technologies can cause serious consequences.
Historically, the traditional object of property right is a material one. Information is not a material object because it reflects the reality in human conscience (true or false). Further, information can be incarnated into material objects.
As a non-material object, information is inseparably linked with a material carrier. It presents a human cerebrum or books, floppies or other computer storage devices.
From the philosophical standpoint, information can be regarded as an independent abstract substance. In this case, we will be not able to store or transfer it without any material carrier.
Therefore, information as an object of property right can be copied by using a material carrier. The material object of property right cannot be copied. In fact, when considering two analogous things, we can notice that they have the similar structures but materially different molecules. When information is copied, it remains the same (including unchanged knowledge, semantics).
Information as an object of property right can be easily transferred to another subject of property right without violating it. When a material object is moved to another subject of property right, its first owner loses it and his property rights are infringed.
The danger of copying and moving information is aggravated by that it becomes accessible to many other unauthorized subjects (for example, automated systems or networks).
It should be emphasized that information is similar to traditional objects of property right. The property right includes three elements: disposal, right of possession and that of user. The owner of information can dispose of a part of his rights (without losing them) in favor of other subjects, for example, an owner of the information material carrier (possession or use) or a user (use and possession in a way).
The disposal means a sole right (nobody except an owner) to determine who will possess or use information.
The right of possession means to have information as unchanged. The right of user means to apply data in own interests. Thus, information can be also accessible to other users (authorized or unauthorized) in addition to the owner. There is a difficult system of relationships between them. These relations should be regulated and protected because any deviations from them can result in moving information thereby violating property rights. In other words, it is a matter of realizing the property right to information. It means to create a state or private (or state-private) infrastructure that will prevent infringing property rights to information.
This infrastructure forms a chain: law-court-penalty. The law should stipulate the liability and authorities of the property right subject. Every such subject responds for exceeding his authorities and violating property rights of the information owner. Therefore, information should be considered by the law as an object of property right together with traditional material ones.
In 1970-80s, lawyers from advanced foreign countries became interested in the problem of protecting computer information in a legal way. In 1970s, compact and comparatively cheap personal computers computerized economic and administrative activities and allowed many people to be connected to powerful information traffics. As a result, electronic computers were widely used in different spheres of social life (space researching, nuclear power engineering, defense) where their malfunctions could cause people’s deaths and great economic damages. In addition, electronic banks with personal information make an unauthorized access quite dangerous for human rights and freedoms.
After fixing subjects and objects of property right, any related law should regulate relations between them to protect the owner’s rights. Their regulation depends on the specific character of property right objects. Taking into consideration that information is an object of property right, the law should regulate relationships between subjects and objects of property right to prevent the violation of legal owners and users’ rights as well as an illegal processing, modifying, destroying or copying of information.
Ukraine protects its national interests in the information sphere by developing and realizing the related uniform politics^; balancing a demand for free information exchange and allowable restrictions on its distribution^; improving laws on information security^; coordinating the corresponding activity of governmental authorities^; protecting national information resources at the defense enterprises^; developing telecommunication and information means^; perfecting the informational structure of developing IT technologies^; unifying means of searching, collecting, storing and analyzing information to join the global information infrastructure.
According to Ukraine’s normative and legal acts, the priority of national interests establishes the state policy of information security realized by implementing regulations indicated in the legislation, Concept of technical protection of information, program of developing informational protection and other projects.
Its main directions are as follows:
- Normative and legal maintenance^;
- Improvement of current and development/adoption of new normative documents on technical protection of information^;
- Organizational maintenance^;
- Scientific-technical and production activities.
The national policy of informational protection should be realized in the following way:
- Development of corresponding normative and legal acts^;
- Technical protection of information^;
- Certification of home and foreign means of data technical protection^;
- Improvement of the system of training appropriate technical experts.
The analysis of laws regulating social information relations in Ukraine allows asserting that our country takes necessary steps against computer crimes along with measures to stimulate the development of infrastructure on the base of the latest technologies. Ukraine’s President Decree “On measures to develop national global information network Internet and provide wide access to it in Ukraine” of July 31, 2000, as well as Chapter 16, Ukraine’s Penalty Code, “Crimes committed by using electronic computers, their systems and networks” can be cited as an example of it.
It can be concluded that the system of informational protection should be adequate to potential threats. Therefore, when planning it, the value of a particular piece of information and the circle of delinquent persons interested in obtaining it should be known.
1. N.Winner Cybernetics society. – M.: Soviet Radio, 1958. – P.31.
2. V.Krylov Information computer crimes. – M., 1976. – P.27.
3. A.Trusov Court proving based on cybernetics // Problems of cybernetics and law. – M., 1976. P.20.
4. R.Lantsman Use of cybernetics possibilities to make criminalistical expert examinations and some problems of proving in court: Abstract. – M., 1970. – P.18.
5. R.Belkin Crime detection: problems, tendencies and perspectives. General and particular theories. – M., 1987. – P.63^; N.Klimenko, P.Bilenchuk Logical and mathematical methods in criminalistics. – K., 1988. – P.12.
6. D.Turchin Theoretical principles on traces in crime detection. Vladivostok, 1983. – P.79.
7. R.Belkin Course of criminalistics: three volumes. – M., Lawyer, 1997. – Volume 1: General theory of crime detection. – P.119.
8. Ukraine’s law “On protection of information in automated systems” (Article 2).
^macro[showdigestcomments;^uri;Computer information has to be protected as a proprietary]