Computer Information Is an Object of Legal Relationship
Date: October 29, 2003Source: Computer Crime Research Center
By:
... an organization/person that is the owner of information; source - an organization/person that supplies information; infringer - a separate organization/person that are after information. Attitude of these groups to importance of the same information can be different. For example:
• important operative information, like list of orders for the current week or production schedule, can be of high value for user, whereas it is less important for source (e.g. customer) or infringer;
• personal information, like medical, is of high value for a source (a patient, or a doctor), rather than for user or infringer;
• information used by management with purpose of working out and taking decisions, e.g. info about market development prospects can be significantly more valuable for infringer, rather than for source or its holder who has already carried out analysis of these data.
The given importance categories are noteworthy and can be applied to any information. It is also adjusted with existing principle of information distribution according to privacy levels. Level of privacy is administrative or legislative measure. It is adequate to a measure of the person's responsibility for use or loss of the concrete secret information that is regulated by special document considering state, strategic, commercial, official or private interests. Such information can be of state, military, commercial, official or private secret.
The total amount or statistics of unclassified data in all can fall within secret information. In similar, the summary data of one level of privacy can fall within information of higher level. In order to avoid such situations, a differentiation of access to information according to functional attributes is used widely. In case of an identical level of importance, processed information is divided according to functions and authorities of users which are established by administration (owner of information).
Until recently, IS in AS was understood narrowly. It was exclusively a danger of its unauthorized reception during its processing and storage. Today IS is interpreted also as a security of actions when this information is used. Basic distinctions of expanded interpretation are very important unlike traditional. Computer facilities are even more often used for automated management, unauthorized changes of planned algorithms and technologies can cause serious consequences.
In conclusion it is necessary to note, that problem of criminal counteraction in sphere of computer technologies, undoubtedly, is related to general problem of IS. It also concerns a feature of computer information as object of legal relationship. Special attention should be focused on public relations, arising from information property right. Such feature affects attributes of information as a subject of illegal infringements. Thus, it is necessary to define ways and means of IS, rights and duties of subjects of information relations that arise from use, accumulation, processing and protection of information.
Practice testifies that not only confidential (secret) information should be protected. Unfortunately, open information, is exposed to unauthorized modifications (e.g., modifications of control commands). It can lead to outflow or loss of secret information, errors in functions of AS owing to incorrect data reception, which cannot be found out by user.
Main principles of state IS policy in Ukraine first of all are:
(a) observance of interests balance of a personality, a society and the state;
(b) their mutual responsibility; unity of approaches for IS maintenance;
(c) complexity, completeness and continuity of measures in IS;
(d) openness of legal acts and normative documents in sphere of IS which do not bear State secret;
(e) coherence of legal acts for organizational-administrative maintenance and normative documents concerning technical protection of information with corresponding international agreements of Ukraine;
(f) obligatory technical protection of State and other, defined by law, secret;
(g) confidential information that is the property of the state;
(h) open information, important for the state, irrespective of where the specified information circulates, and also open information, important for the person and a society if the given information circulates in public authorities and local governments, the National Academy of Sciences, Armed forces, other military formations, law-enforcement bodies, state enterprises, institutions and offices;
(i) subjects of information relations fulfill, at own discretion, all requirements concerning technical protection of secret information, belonging to the state, and open information, important for the person and a society if last circulates beyond scope of public authorities and local governments, state enterprises, institutions and offices;
(k) assignment of responsibility for organization and realization of state policy in sphere of technical protection of information on a specially authorized central enforcement authority;
(l) hierarchy of organizational structures of IS system and management of their activity within authority determined by laws;
(m) methodical management of specially authorized central enforcement authority in sphere of IS;
(n) coordination of actions and differentiation of fields of organizational structures in system of information technical protection with other IS systems and IS maintenance, as a component of national safety.
Analysis of Ukrainian legal documents shows that state policy in IS field is defined by priority of national interests. The policy has an object to make information related threats impossible. It is carried out by fulfillment of regulations specified in legislation and regulations of the Concept of technical protection of information, and programs of IS development and other separate projects.
[1] V. Krylov, Information computer crimes, Moscow: 1976, p.27.
[2] M. Ahramenko, Problems of socially dangerous behavior criminalization with use of information processing systems, Minsk: 1996, p.7.
[3] N. Winner, Cybernetics society, Moscow: Soviet Radio, 1958, p.31.
[4] V. Golubev, Problems of crimes and bank technologies, Corporate systems: 2002, #3, p.78.
[5] V. Golubev, Legal personality of information relationship participants as an object of legal protection, Information technologies and information security, Scientific works digest, Ministry of Internal Affairs of Ukraine High School of Law, Zaporizhzhya: 1999, Issue 3, #1, p.3.
[6] A. Trusov, Court proving based on cybernetics, Problems of cybernetics and law, Moscow: 1976, p.20.
[7] R. Lantsman, Use of cybernetics possibilities to make criminalistic expert examinations and some problems of proving in court: Abstract, Moscow: 1970, p.18.
[8] R. Belkin, Crime detection: problems, tendencies and perspectives. General and particular theories, Moscow: 1987, p.63; N.Klimenko, P.Bilenchuk Logical and mathematical methods in criminalistics, Kyiv: 1988, p.12; D.Turchin, Theoretical principles on traces in crime detection, Vladivostok: 1983, p.79.
[9] R. Belkin, Course of criminalistics: three volumes, Lawyer, Moscow: 1997, Volume 1: General theory of crime detection, p.119.
[10] R. Kaluzhny, D. Prokofieva, Problems and prospects of legal provision for protection information with limited access, that is not State secret”, Legal, normative and methodological maintenance of information security system in Ukraine, Kyiv: 2000, p.27, 2001, #3, p.178.
Add comment
Email to a Friend
