Digital Society and Computer Ethics
8.1 Digital Society and Computer Ethics
Digital Society
There is no doubt that Information
communication technology (ICT) plays a vital role in this digital era that
helps everyone (the individuals, businesses and organizations) for information
exchange in an effective and efficient manner. With the advancement in
information and communication technology, almost everything has changed and
continues to do so from its original form to this stage of artificial logical
form. Evidently, the Internet has created an enormous impact in every sector of
human life. The way and mode of happening or conducting various activities has
drastically changed. Whatever we do or wherever we go, we notice the changes
brought to us by the Internet. Now, it is difficult to piece the sector that is
aloof from the Internet. The ICT innovations continue to redefine and
restructure our society, economy, culture and everything- our lifestyles with a
scale and speed never imagined or noticed before.
A society is a group of individuals or a large
social group sharing the same spatial or social territory, typically subject to
the same political authority and dominant cultural expectations. Digital
society is the consequence of the adoption and integration of information and
communication technology by the modern societies in their day to day
activities, culture and lifestyles. It is not limited/bound to any geographical
boundary. Digital society true to its nature depends on three stakeholders such
as society, technology and content. Mobile and cloud technologies, Big Data and
the Internet of Things (IoT) offer unimaginable opportunities. They ease the
improvement of citizens' lives and efficiency to many areas: health services,
transportation, energy, agriculture, manufacturing, retail and public
administration. Similarly, they can also improve the governing process by
helping the policy-makers to make better decisions inclusive of citizens.
Likewise, the internet has considerable potential to promote democracy,
cultural diversity and human rights, say for example, freedom of expression and
right to information. Digital society opens up new ways to transparency,
participation and innovation. Just look around, you will find anyone and
everyone engaged in interaction with one another in digital space.
Many advanced concepts of Digital Society
(Smart Town, Smart City, Smart Villages and many other smart and advanced
services) are now in a process to become a part of our life. The importance of
technologies in society is taking strong roots. Similarly, its interaction has
led to the development of Digital Society as a field of study. For this reason
digital society is considered as an interdisciplinary research area. As a
result, many universities around the world have already begun the study of
Digital Society as a course in undergraduate and graduate level. No doubt,
Digital Literacy is the backbone of digital society. It includes Computer
Literacy, Network Literacy, Web Literacy, Internet Literacy. Media Literacy,
Multimedia Literacy etc.
POINTS TO REMEMBER
A Digital Society is an interdisciplinary
research area and a kind of progressive society formed as a result of
adaptation and integration of advanced technologies into the society and
culture.
Stakeholders of Digital Society:
Digital society depends on the following
stakeholders or component:
·
Society: It includes a group of individuals living in
a community in a particular geographical area/territory.
·
Technologies: It includes software technology,
communication technology, database technology , network technology, multimedia
technology etc.
·
Content: It includes data, information, knowledge,
documentation etc.
Challenges of Digital Society
We continue to move towards Digital Nepal.
However, there are many issues acting as a barrier to stop or slow down the
creation of a digital society. Following are some of the challenges:
·
Lack of proper
co-operation, coordination and collaboration among the stake-holders.
·
Little or no proper
planning of digital product uses and their applicability in common people.
·
Unavailability and
shortage of skilled manpower.
·
Limited fund and
budget for the work.
·
Lack of policy
implementation.
·
Little or no
infrastructure.
·
No encouraging
initiatives from the government authorities.
·
Less involvement of
common people into the agenda.
Computer Ethics
Information revolution has altered many
aspects of our daily life activities of education, business, employment,
medicine, security, transportation, entertainment, and so on. Consequently, ICT
has affected the community life and family life. Similarly, it has
Impacted on human relationships, education, careers, freedom etc in both good
and bad ways. No wonder, computer and information ethics can be understood as
that branch of applied ethics. It studies and analyzes such social and ethical
impacts of ICT.
Ethics are a structure of standards and
practices that influence how people lead their lives, it is not desirable to
strictly follow these ethics. However, it forms the basic norms for the benefit
of everyone. Ethics do not have the force of laws. They indicate what is right
or wrong. Ethics reflects society's views about what is right and what is
wrong. One may wonder if ethics has anything to do with computers. Of course,
one needs ethics to know how and for what to use a computer.
On turning to the history of computers, we
notice that the term computer ethics was first coined by Walter Maner, a
professor at Bowling Green State University.
Computer ethics are a set of moral standards that govern the
use, development and management of information and communication technology.
Such is the society's views about the use of computers. Privacy concerns,
intellectual property rights and effects on the society are some of the common
issues of computer ethics.
Ethics deals with placing a 'value' on acts
according to whether they are “good” or “bad”. When computers first came for
use in society at large, the absence of ethical standards about their use and
related issues caused some problems. However, as their use became widespread in
every aspect of our lives, discussions in computer ethics resulted in some kind
of a consensus. Today, many of these rules have been formulated as laws, either
national or international. Computer crimes and computer fraud are now common
terms. There are laws against them, and everyone is responsible for knowing
what constitutes computer crime and computer fraud.
POINTS TO REMEMBER
Computer ethics deals with the procedures, values
and practices that govern the process of consuming computing technology and its
related disciplines without damaging or violating the moral values and beliefs
of any individual, organization or entity.
Various national and international
professional societies and organizations have produced a code of ethics
documents to give basic behavioral guidelines to computing professionals and
users. They include:
·
Association for
Computing Machinery
ACM Code of Ethics and Professional Conduct
·
Australian Computer
Society
ACS Code of Ethics
ACS Code of Professional Conduct
·
British Computer
Society
BCS Code of Conduct
Code of Good Practice (retired May 2011)
·
Computer
Ethics Institute
Ten Commandments of
Computer Ethics
·
IEEE
IEEE Code of Ethics
IEEE Code of Conduct
·
League of Professional
System Administrators
The System Administrators' Code of Ethics
The commandments of computer ethics have been
defined by the Computer Ethics Institute.
·
Do not use a computer
to harm other people.
·
Do not use a computer
to interfere with other people's work.
·
Do not spy on another
person's computer data.
·
Do not use a computer
to steal information.
·
Do not spread
misinformation by using computer technology.
·
Do not use or copy
software for which you have not paid.
·
Do not use other
people's computer resources without authorization or proper compensation.
·
Do not claim ownership
on a work which is the output of someone else's intellect.
·
Think about the social
consequences of the program you develop.
·
Use a computer in ways
that show consideration and respect.
Assignment 1
1.
Define the term
Digital Society and list out the different stakeholders of digital
society.
2.
What do you mean by
Computer Ethics? What are the commandments of computer ethics?
Concept of Information Security
8.2 Concept of Information Security
Information Security has become increasingly
important at a time when information has been recognized as a key asset by many
organizations. The rapid advancement of Information and Communication
Technology (ICT) and the growing dependence of organizations on IT
infrastructure continuously intensify the interest in this discipline.
Organizations pay increasing attention to information protection because the
impact of security breaches today has a more tangible, often devastating effect
on business.
Information security, sometimes abbreviated to
infosec, is a set of practices intended to keep the data secure from
unauthorized access or alterations, when it is being stored and when it is
being transmitted from one machine or physical location to another. As knowledge
has become one of the 21st century's most important assets, efforts to keep
information secure have correspondingly become increasingly important. Threats
to information and information systems may be categorized and a corresponding
security goal may be defined for each category of threats. A set of security
goals, identified as a result of a threat analysis should be revised
periodically to ensure its adequacy and conformance with the evolving
environment. The currently relevant set of security goals may include
confidentiality, integrity, availability, privacy, authenticity &
trustworthiness, non-repudiation, accountability and auditability.
POINTS TO REMEMBER
Information security refers to the processes and
methodologies which are designed and implemented to protect print, electronic,
or any other form of confidential, private and sensitive information or data
from unauthorized access, use, misuse, disclosure, destruction, modification,
or disruption.
Information security is a constantly growing
and evolving field with many areas of specialization ranging from network and
infrastructure security to testing and auditing. Information security prevents
the inspection, recording, modification, disruption, or destruction of
sensitive information like account details or biometrics. From a business
perspective, security disruptions interrupt workflow and cost money while
damaging a company's reputation. Organizations need to allocate funds for
security and ensure that their personnel are equipped to detect and deal with
the threats from different sources.
Information security performs four important
roles:
·
Protects the
organization's ability to function.
·
Enables the safe
operation of applications implemented on the organization's IT systems.
·
Protects the data the
organization collects and uses.
·
Safeguards the
technology the organization uses.
Information security vs. Cyber security
Information security differs from cyber
security in terms of scope and objectives. There often arises confusion
regarding these two terms- many using them interchangeably, and some defining infosec
as a subcategory of cyber security. However, information security is, in fact,
the broader category covering many areas : social media, mobile computing, and
cryptography, as well as aspects of cyber security. It is also closely related
to information assurance, which involves preserving information from threats like
natural disasters and server malfunctions.
Cyber security exclusively covers threats
involving the internet; therefore, it often overlaps with information security.
Information can be either physical or digital, and only online information
falls under the category of cyber security. Cyber security that deals with raw
data is not classified as information security.
Information security principles
The basic principles/components of information
security are CIA triad (confidentiality, integrity, and availability) and are
interchangeably referred to in the literature as security
attributes/properties, security goals, fundamental aspects, information
criteria, critical information characteristics and basic building blocks.
Confidentiality
Confidentiality refers to preventing the
disclosure of information to unauthorized users. Preserving restrictions on
access to your data is important. Doing so secures your proprietary information
and maintains your privacy, Every piece of information that an individual holds
has value, especially in today's world. From bank account statements, personal
information, credit card numbers, trade secrets to legal documents, almost
everything requires proper confidentiality.
Any failure to maintain confidentiality, as a
result of an accident or an intentional breach, can have severe consequences
for businesses or individuals, who often cannot undo the damage. For example, a
compromised password is a breach of confidentiality. Once it has been exposed,
there is no way to make it secret again. Passwords, encryption, authentication,
and defence against penetration attacks are all techniques designed to ensure
confidentiality,
Integrity
Integrity refers to maintaining data in its
correct form- preventing it from improper modification either accidentally or
maliciously. In other words, in information security, data Integrity means
maintaining and assuring the accuracy and completeness of data over its entire
lifecycle. Many of the techniques that ensure confidentiality will also protect
data Integrity. In doing so, a hacker cannot ever change the data beyond their
normal access. Alongside, there are other tools that provide a defence of
integrity in depth: checksums can help you verify the data integrity and
version control software and frequent backups can similarly help you to restore
the data to a correct state.
Availability
Availability is the mirror image of
confidentiality. While you need to make sure that your data cannot be accessed
by unauthorized users, you also need to ensure that it can be accessed by those
with proper permission. Ensuring data availability means matching the network
and computing resources to the volume of the data access you expect
implementing a good backup policy for disaster recovery purposes. In other
words, availability refers to having a reliable access to information by
authorized users as and when they need it. This often requires collaboration
between departments, such as development teams, network operations and
management. An example of a common threat to availability is a denial of
service (DoS) attack, where an attacker overloads or crashes the server to
prevent the users from accessing a website.
Now, let's take a look at other key terms in
Information Security - Authorization, Authentication, and Non-repudiation
processes and methods- some of the main controls aimed at protecting the CIA
triad.
To make information available or
accessible/modifiable to those who need it can be trusted with it (for
accessing and modification), the organizations use authentication and
authorization. Authentication is proving that a user is the person he or she
claims to be. That proof may involve something the user knows (such as a
password), something the user has (such as a "smartcard"), or
something about the user that proves the person's identity (such as a
fingerprint). Authorization is the act of determining whether a particular user
(or computer system) has the right to carry out a certain activity, say for
example, reading a file or running a program. Users must be authenticated
before carrying out the activity they are authorized to perform. Security is
strong when the means of authentication cannot later be refuted-the user cannot
later deny that he or she performed the activity. This is known as
non-repudiation.
Information security policy
Creating an effective security policy and
taking steps to ensure compliance is a critical step to prevent and mitigate
security breaches. To make your security policy truly effective, update it in
response to changes in your company, new threats, conclusions drawn from
previous breaches, and other changes to your security posture. Make your
information security policy practical and enforceable. It should have an
exception system in place to accommodate the requirements and urgencies that
arise from different parts of the organization. Among other things, information
security policy should include:
·
A statement describing
the purpose of the infosec program and your overall objectives
·
Definitions of key
terms used in the document to ensure shared understanding
·
An access control
policy, determining who has access to what data and how they can establish
their rights
·
A password policy
·
A data support and
operations plan to ensure that the data is always available to those who need
it
·
Roles and
responsibilities of all the concerned when it comes to safeguarding the data,
including those who is ultimately responsible for information security
One important thing to keep in mind is that,
in a world where many companies outsource some computer services or store data
in the cloud, your security policy needs to cover more than just the assets you
own.
Information security measures
As should be clear by now, just about all the
technical measures associated with cyber security touch on information security
to a certain degree, it is worthwhile to think about infosec
measures in a big-picture way:
·
Technical
measures: It includes the
hardware and software that protects the data from encryption to
firewalls.
·
Organizational
measures: It includes the
creation of an internal unit dedicated to information security, along with
making infosec part of the duties of some staff in every department.
·
Human
measures: It includes providing
awareness training for the users on proper infosec practices.
·
Physical
measures: It includes
controlling access to the office locations and, especially, data centers.
Assignment 2
1.
What do you mean by
information security? List out the major components of information
security.
2.
List out the
information security measures.
Concept of Cyber Crime
8.3 Concept of Cybercrime
Technology has become a powerful, abuse prone
tool and platform for criminals to use it for illegal activities worldwide.
Criminals somehow identify a few technical loopholes offered by cyberspace.
They have outpaced expectations, giving rise to a large number of threats by
exploiting the digital technology to serve/fulfil their objectives.
Cybercrime is any type of criminal activity
that takes place primarily on cyberspace or Internet involving a computer,
networked device or a network. Some examples include spamming, identity theft,
hacking, phishing etc. Cybercrime represents an extension of existing criminal
behaviour using the Internet along with some novel illegal activities. Most of
the cybercrimes are found carried out for financial benefit. However, some
cyber crimes are carried out against computers or devices intending to damage
or disable them, while others use computers or networks to spread malware,
illegal information, images or other materials. Some cyber crimes do
both.
Cybercrime can include many types of
profit-driven criminal activity, including ransomware attacks, email and
internet fraud, identity fraud as well as attempts to steal financial account,
credit card or other payment card information. Cybercriminals may also target
an individual's private information as well as corporate data for theft and
resale. Rarely, cybercrime aims to damage computers for reasons other than
profit. These could be political or personal.
The ubiquity of internet connectivity has
increased the volume and pace of cybercrime activities because the criminal no
longer needs to be physically present while committing a crime. The internet's
speed, convenience, anonymity and lack of borders make cyber crime easier to commit.
Cybercriminal activity may be committed by
individuals or small groups with relatively little technical skill or by highly
organized global criminal groups that may include highly skilled developers and
others with relevant expertise. To further reduce the chances of detection and
prosecution, cybercriminals often choose to operate in countries with weak or
nonexistent cyber laws. Cybercriminals include everyone from the lone user
engaged in cyberbullying to state-sponsored actors. Cybercrimes generally do not
occur in a vacuum; they are, in many ways, distributed in nature. That is,
cybercriminals typically rely on other actors to complete the crime.
Cybercriminals use various attack vectors to carry out their cyber attacks and
are constantly seeking new methods and techniques for achieving their
goals, while avoiding detection and arrest.
POINTS TO REMEMBER
The Council of Europe Convention on Cybercrime,
to which the United States is a signatary, defines cybercrime as a wide range
of malicious activities, including the illegal interception of data, system
interferences that compromise network integrity and availability, and copyright
infringements.
Types of Cybercrime
·
Hacking: The process of identifying and exploiting the
weaknesses in computer systems and/or computer networks is called hacking. A
hacker is a person with the knowledge of computer programming and computer
security who finds and exploits the weakness in computer systems and/or
networks. Hackers are classified according to the intent of their actions.
There are mainly three types of hackers.
o
Black Hat Hacker: Hackers who use their computer expertise to
break into systems and steal information illegally are called black hat
hackers. Black hat hackers are also known as crackers.
o
Grey Hat Hacker: Gray hat hackers fall between white and black
hats on the moral spectrum. A former black hat hacker who turns away from crime
to a white hat hacker and helps fight cyber crime is called a grey hat
hacker.
o
White Hat Hacker: A hacker who is a cyber defender and
specializes in testing the security of information systems is called white hat
hacker. They will attempt to hack into a company's network and then present the
company with a report detailing the existing security holes and how those holes
can be fixed. White hat hackers are also known as ethical hackers.
·
DDOS
(Distributed Denial of Service) Attacks: These are used to make an online service unavailable and take
the network down by overwhelming the site with traffic from a variety of
sources. Large networks of infected devices known as Botnets are created by
depositing malware on the users' computers. The hacker then hacks into the
system once the network is down.
·
Identity
Theft: This cybercrime
occurs when a criminal gains access to a user's personal information to steal
funds, access confidential information, or participate in tax or health
insurance fraud. They can also open a phone/internet account in your name, use
your name to plan a criminal activity and claim government benefits in your
name. They may do this by finding out the user's passwords through hacking,
retrieving personal information from social media, or sending phishing
emails.
·
Credit
card fraud: An attack that occurs
when hackers infiltrate the retailers' system to get the credit card and/or
banking information of their customers, Stolen payment cards can be bought and
sold in bulk on darknet markets, where hacking groups have stolen mass
quantities of credit cards profit by selling to lower-level cybercriminals who
profit through credit card fraud against individual accounts.
·
Cyberstalking: This kind of cybercrime involves online
harassment where the user is subjected to a plethora of online messages and
emails. Typically cyberstalkers use social media, websites and search engines
to intimidate a user and instil fear. Usually, the cyberstalkers know their
victim and scare the person for their safety.
·
Cyber
Extortion: It concerns a crime
involving an attack or threat of an attack coupled with a demand for money to
stop the attack. One form of cyber extortion is the ransomware attack, in which
the attacker gains access to an organization's systems and encrypts its
documents and files; or anything of potential value, making the data
inaccessible until a ransom is paid, usually in some form of cryptocurrency,
such as bitcoin.
·
Cryptojacking: Cryptojacking is the unauthorized use of
someone else's computer to mine cryptocurrency without the victim's knowledge
or consent. Hackers do this by either getting the victim to click on a
malicious link in an email that loads cryptomining code on the computer, or by
infecting a website or online ad with JavaScript code that auto-executes once
loaded in the victim's browser.
·
Cyberbullying: Cyberbullying refers to all kinds of online
harassment, including stalking, sexual harassment, doxing (exposing
someone's personal information, like their physical address, online without
their consent), and fraping (breaking into someone's social media and
making fake posts on their behalf).
·
Cyberespionage: A crime involving a cybercriminal who hacks
into systems or networks to gain access to confidential information held by a
government or other organization. Attacks may be motivated by profit or by
ideology. Cyberespionage activities can include every type of cyberattack to
gather, modify or destroy data, as well as using network-connected devices,
like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted
individual or groups and monitoring communications, including emails, text
messages and instant messages.
·
Social
Engineering: Social engineering is
a tactic used by cyber criminals that uses lies and manipulation to trick
people into revealing their personal information. Social engineering attacks
frequently involve very convincing fake stories to lure victims into a trap. It
involves criminals making direct contact with you usually by phone or email.
They want to gain your confidence and usually pose as a customer service agent
so you’ll give the necessary information needed. Cybercriminals will find out
what they can do about you on the internet and then attempt to add you as a
friend on social accounts. Once they gain access to an account, they can sell
your information.
·
Distributing
Prohibited/Illegal Content:
Cybercrime involves criminals sharing and distributing inappropriate content
that can be highly distressing and offensive. Offensive content can include,
but is not limited to, porn videos, videos with intense violent and videos of
criminal activity. Illegal content includes materials advocating
terrorism-related acts and child exploitation material. This type of content
exists both on the everyday internet and on the dark web, an anonymous network.
Assignment 3
1.
Define cybercrime.
List out different types of cybercrime.
2.
What is hacking? What
are different types of hacker?
Malicious Software and Spam
8.4 Malicious Software and
Spam
Malicious software, in short known as malware,
is the software used or created to disrupt the computer operation, gather
sensitive information, or gain access to private computer systems. It can
appear in the form of code, scripts, active content, and other software.
Malware is a general term used to refer to a variety of forms of hostile,
intrusive, or annoying software.
Malicious software generally travels with data
travellers, email, or any mode of transferring the data from one end to
another. Some of them possess the ability to stay hidden and replicated. Such
software is very dangerous as they make their copies. And, these copies get
activated whenever the system is rebooted. Some of the malicious software spread
themselves independently while others do so through dependence.
Many early infectious programs, including the
first Internet Worm, were written as experiments or pranks. Today, malware is
used primarily to steal sensitive personal, financial, or business information
for the benefit of others. Malware is sometimes used broadly against the
government or corporate websites to gather the guarded information, or to
disrupt their operation in general. However, malware is often used against
individuals to gain personal information such as social security numbers, bank
or credit card numbers, and so on.
POINTS TO REMEMBER
Malicious software, in short known as malware, is
the software used or created to disrupt computer operation, gather sensitive
information, or gain access to private computer systems.
Different Types of Malware
·
Computer
Virus: A computer virus is
malicious software which self-replicates and attaches itself to other
files/programs. Computer viruses spread like biological ones. It is capable of
quiet execution of its worst when the host program/file is activated. Viruses
can be transmitted as attachments to an email note or in a downloaded file or
present on a disk. Computer virus can be thought of as an abbreviation of “Vital Information Resources Under Seize”. All computer viruses are man made- most
commonly-known form of malware and most severely destructive. Viruses copy
themselves to other disks to quickly pass on to other computers. They can do
anything from erasing the data on your computer to hijacking your computer to
attack other damaging systems, send spam, or host and share illegal content.
Viruses may also perform other actions, like creating a backdoor for later use,
damaging files, or even damaging equipment.
The examples of computer virus include: Memory-Resident Virus,
Program File Virus, Boot Sector Virus, Stealth Virus, Macro Virus, Email Virus
etc.
·
Worm: Computer worm is a self-replicating malware
that does not alter files but duplicates itself. The trouble of worms is to
spread and infect as many computers as possible. They do so by creating copies
of themselves on infected computers, which then spread to other computers via
different channels. It is common for worms to be noticed only when their
uncontrolled replication consumes system resources, slowing or halting other
tasks. It uses a network to send copies of itself to other nodes (computers on
the network). It may do so without any user intervention. It does not need to
attach itself to an existing program.
·
Trojan
Horse: Trojan Horse is a
malware that neither replicates or nor copies itself , but causes damage or
compromises the security of the computer. Trojan Horse must be sent by someone
or carried by another program and may arrive in the form of a joke program or
software of some sort. It has the appearance of having a useful and desired
function i.e. it appears legitimate. After gaining the trust, it secretly
performs malicious and illicit activities when executed. Hackers make use of
Trojan horses to steal a user's password information, destroy data or programs
on the hard disk. It is hard to detect. Examples of Trojan Horses include
Remote Access Trojans (RATS), Backdoor Trojans (backdoors), IRC Trojans
(IRCbots), Keylogging Trojans etc.
·
Logic
Bomb: Logic Bomb is a piece
of computer code that executes a malicious task such as clearing a hard drive
or deleting specific files, when it is triggered by a specific event. It is
secretly inserted into the code of a computer's existing software where it remains
passive until that event occurs. The payload of a logic bomb is usually pretty
devastating to the company under attack. It is often a tool used by angry
employees in the IT world. It has a reputation of being associated with
“disgruntled employee syndrome”. A logic bomb doesn't cause much harm
outside of targeting a specific computer or network and IT employees. They are
usually the ones with the access and know-how to implement them. Logic bombs
are not usually programmed to spread to unknown recipients.
The type of action carried out in a logic bomb does have a
non-destructive use as well. It makes restricted, free software trials
possible. After a certain time period, a piece of code embedded in the
software's code causes the free software to disappear or become crippled so the
user needs to pay to continue its use. But since this is a non-malicious,
user-transparent use of the code, it is not typically referred to as a logic
bomb.
·
Zombies: A zombie is a computer connected to a network
that has been compromised by a cracker, a virus or a Trojan. It can be used
remotely for malicious tasks. A cracker (a computer hacker who intends mischief
or harm) secretly infiltrates an unsuspecting victim's computer and uses it to
conduct illegal activities. The user generally remains unaware that his/her
computer has been taken over. He/She can still use it, though it might slow
down considerably. As his/her computer begins to either send out massive
amounts of spam or attack webpages, he becomes the focal point for any
investigation involving his/her computer's suspicious activities. This
technique is useful for criminals as it helps them avoid detection and at the
same time reduce bandwidth costs (as the owners of the zombies will bear the
cost). Zombies are frequently used in denial-of-service attacks (DDoS),
degradation of service attack, for sending spam etc.
·
Phishing: Phishing refers to the sending of emails that
appear to originate from reliable sources but are really intended to trick the
recipient into revealing confidential information. Most phishing attacks begin
when the victim receives an email message in which the sender pretends to be a
bank or another real company organization in order to trick the recipient. The
email contains links to websites prepared by the criminals and with the
appearance of a legitimate website which ask the victim to enter personal data.
Phishing can take advantage of other means of communication as well including
SMS (‘smishing’), VolP (‘vishing’) or instant messaging on social networks.
Cyber criminals also use certain social engineering tricks to alarm recipients,
with warnings and emergency alerts to encourage victims into action. The idea
is to get users to act immediately without stopping to consider potential
risks.
·
Spyware: Spyware is a type of malware installed on
computers that collects your personal information and passes it on to someone
else without your knowledge or consent. The presence of spyware is typically
hidden from the user and can be difficult to detect. They travel on the
internet via emails, software or come with legitimate applications. They are
also called tracking software and once they are installed on the system, it is
hard to stop them and recover the lost data.
Typically, spyware is secretly installed on the user's personal
computer. While the term spyware suggests software that secretly monitors the
user's computing, the functions of spyware extend well beyond simple
monitoring. Spyware programs can collect various types of personal information,
such as Internet surfing habits and sites that have been visited, but can also
interfere with user control of the computer in other ways, such as installing
additional software and redirecting Web browser activity. Spyware is known to
change computer settings, resulting in slow connection speeds, different home
pages, and/or loss of Internet connection or functionality of other programs.
Spyware is also known for installing Trojan viruses.
·
Adware: Adware (abbreviation for Advertising
Supported Software) is a type of malware that automatically delivers
advertisements. Common examples of adware include pop-up ads on websites and
advertisements that are displayed by software. Adware, by itself, is harmless ;
however, some adware may come with integrated spyware such as keyloggers and
other privacy-invasive software. Oftentimes, software and applications offer
“free” versions that come bundled with adware. Adware can also work like
spyware, it is deployed to gather confidential information; basically, to spy on
and gather information from a victim's computer.
·
Ransomware: Ransomware is a form of malware that essentially holds a
computer system locked up while demanding a ransom. The malware restricts the
user from access to the computer either by encrypting files on the hard drive
or locking down the system and displaying messages that are intended to force
the user to pay the malware creator to remove the restrictions and regain
access to their computer.
·
Rootkit: Originally, within the context of UNIX-type
systems, a rootkit was a group of tools belonging to the operating system
itself, such as netstat, passwd and ps, which were modified by an intruder in
order to gain unlimited access to the target computer, without this intrusion
being detected by the system administrator. A rootkit is a malware that alters
the regular functionality of an operating system on a computer in a stealthy
manner. The altering helps the hacker to take full control of the system and
the hacker acts as the system administrator on the victim’s system.
·
Botnet: A bot is a device that has been infected with
malicious software to do something harmful without the user's knowledge. Botnet
is a network of these infected devices that works together under the control of
an attacker. Botnet can be used to conduct phishing campaigns, send out spam or
used to carry out Distributed Denial of Service (DDoS) attacks.
·
Spam: Spam is any kind of unwanted, unsolicited
digital communication, often an email , that gets sent out in bulk to multiple
recipients who did not ask for them. The problems caused by spam are due to the
combination of the unsolicited and bulk aspects; the quantity of unwanted
messages swamps messaging systems and drowns out the messages that recipients
do want.
The most widely recognized form of spam is email spam but the
term is applied to similar abuses in other media as well such as instant
messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs,
wiki spam, online classified ads spam, mobile phone messaging spam, Internet
forum spam, junk fax transmissions, social spam, spam mobile apps, television
advertising and file sharing spam.
Spamming is the act of sending spam to large numbers of
recipients for the purpose of commercial advertising or non-commercial
proselytizing or for any prohibited purpose (especially the fraudulent purpose
of phishing).
POINTS TO REMEMBER
Some common types of malicious software are computer virus, Worm,
Trojan Horse, Logic Bomb, Zombies, Phishing, Spyware, Adware, Ransomware,
Rootkit, Botnet and Spam.
Symptoms of Malware attack
·
Unexpected
Crashes: Crashing your system
or regularly switching to the terrifying blue screen is a major signal/symptom
of something that is utterly wrong. If it is happening in your computer now,
immediately scan your system for infections.
·
Slow
System: When you are not
running any heavy resource applications on your system but it is running slowly
anyway, it may be because your system is infected with a malware.
·
Excessive
Hard Drive Activity: When you see a lot of
hard drive activity even when your computer is idle, this is a symptom of a
potential infection.
·
Strange
Windows: When strange windows
pop up during the booting process, particularly those that warn you of lost
access to various drives on your system, something is wrong.
·
Peculiar
Messages: Troubling dialogue
boxes come up when your system is running and alerts you that various programs
or files will not open; this is also a bad sign.
·
Bad
Program Activity: When your programs go
missing, are corrupted, or start to open themselves without your initiation
and/or when you receive notification that the program is attempting to access
the internet without your command, this is a serious sign that you are the
victim of malware.
·
Random
Network Activity: When your router is
constantly blinking indicating a high level of network activity when you aren't
running any significant programs or accessing high amounts of Internet data,
something might be wrong.
·
Erratic
Email: When you haven't sent
emails but you hear from your contacts that they're getting strange emails from
you, this is a strong indication that your system has been compromised (or your
email password has been stolen).
·
Blacklisting
IP Address: When you receive
notification that your IP address has been blacklisted, consider this as a sign
that your PC is not in good hands i.e. your system has been compromised and is
being used as one tentacle in a far-reaching, spam-sending botnet.
·
Unexpected
Antivirus Disabling: Many malware programs
are designed to disable the antivirus program that would otherwise eradicate
them, so if your antivirus system is suddenly not operating this could be a
sign of a much larger problem.
Assignment 4
1.
Define malicious
software? List out any 10 common malicious software.
2.
List out the symptoms
of malware attack.
Protection from Cyber Crime
8.5 Protection from Cybercrime
Cyber crime, nowadays, has been a crucial
issue to be tackled with. The only way to deal with this issue is the smart use
of information and communication technology. The following preventive measures
can protect you and your computer system from cyber crime.
·
Keep
your computer and software updated: Software development companies often release updates for their
software, and it's a good idea to install these updates when they become
available for your computers. These updates often include fixes that can improve
the security of your system. Newer versions often contain more security fixes
to prevent malware attacks.
·
Use
a non-administrator account whenever possible: Non-administrator accounts usually don't have
the ability to install software. Using “limited” or “standard” user accounts
for day to day computing activities can help prevent malware from getting
installed on your computer and making system-wide changes.
·
Think
twice before clicking links or downloading anything: Phishing scams trick people into opening
emails or clicking on a link that may appear to come from a legitimate business
or reputable source. The link may direct you to a fake website where you are
prompted to enter your personal details or take you to a website that directly
infects your computer with malware. If in doubt, don't click the link. Search
for reviews or information about websites or programs before downloading or
installing anything. Downloads are one of the main ways people get malware, so remember
to think twice about what you're downloading and where you're downloading it
from.
·
Be
careful about opening email attachments or images: You should be wary if a random person sends
you a suspicious email containing attachments or images. Sometimes, those
emails might just be spam, but other times, those emails might secretly contain
harmful malware. You can report those emails as spam to your service providers
so that they can better weed out emails like this in the future.
·
Don't
trust pop-up windows that ask you to download software: While surfing the web, you might come across
sites that show pop-up windows, making you believe your computer has been
infected and asking you to download some software in order to protect yourself.
Don't fall for this trick. Just close the pop-up window and make sure you don't
click inside the pop-up window.
·
Limit
your file-sharing: Some sites and
applications allow you to easily share files with other users. Many of these
sites and applications offer little protection against malware. If you exchange
or download files using these file-sharing methods, be on the lookout for
malware. Malware can often be disguised as a popular movie, album, game, or
program.
·
Use
antivirus/antimalware software: Anti-virus software will protect your device from malicious
software that poses a threat to the system. It will scan your computer to
detect and clean the malware and provide automatic updates to provide enhanced
protection against newly created viruses.
·
Secure
your network: Never broadcast an
open Wi-Fi connection. It's also a great idea to not broadcast your SSID (the
name of your Wi-Fi network). You can still access it with your device; you will
just have to type the SSID and the password manually. You can provide a guest
SSID that uses a different password for your guest.
A firewall prevents malicious attacks by blocking all
unauthorized access to or from a private computer network. A firewall provides
an extra barrier against malware , reducing the chance of attack.
·
Backup
Your Files: It's important to back
up on a regular basis to ensure that you can still retrieve all your valuable
data and files if your computer is infected with malware. This will help
mitigate any damage and ensure that you are not held victim to ransomware
attack.
·
Use
Multiple Strong Passwords:
Too many people continue to use easily-guessed passwords, or the same password
for all of their accounts. It is imperative that you use a strong, unique
password for each of your accounts. Where offered, enable two factors
authentication (2FA) to further secure access to your accounts.
Assignment 5
1.
List out the ways that
can protect you from cyber crime.
Intellectual Properties Right
8.6 Intellectual Properties Right
There is nothing wrong to say, in the present
context, that ‘wisdom is wealth’. This is the era of ‘intellectualism’. Human
intellect is exploring all the fields of knowledge. Considering the
contribution of human intellect in the development of society a need has been
felt to promote, protect, and encourage such a contribution. Consequently, the
concept of intellectual property rights emerged.
Intellectual property (IP) refers to creations
of the human mind such as inventions, literary works, artistic works, symbols,
names, images, designs etc. that are intangible when created and are generally
converted into tangible products for market consumption.
Types of intellectual property
Intellectual property is divided into two
categories: Industrial Property includes patents for inventions,
trademarks, industrial designs and geographical indications. Copyright
covers literary works (such as novels, poems and plays), films, music, artistic
works (e.g. drawings, paintings, photographs and sculptures) and architectural
design. Rights related to copyright include those of performing artists in their
performances, producers of phonograms in their recordings, and broadcasters in
their radio and television programs. Newer forms of the IPs are also emerging
particularly stimulated by the exciting developments in scientific and
technological activities.
Copyright and related rights
Copyright is a legal term used to describe the
rights that creators have over their literary and artistic works. Works covered
by copyright range from books, music, paintings, sculpture and films, to
computer programs, databases, advertisements, maps and technical drawings. A
closely associated field is ‘“related rights” that encompass rights similar or
identical to those of copyright, although sometimes more limited and of shorter
duration. The beneficiaries of related rights are: performers (such as actors
and musicians) in their performances; producers of phonograms (for example,
compact discs) in their sound recordings; and broadcasting organizations in
their radio and television programs.
Patents
A patent is an exclusive right granted for an
invention. Generally speaking, a patent provides the patent owner with the
right to decide how - or whether - the invention can be used by others. In
exchange for this right, the patent owner makes technical information about the
invention publicly available in the published patent document.
Trademarks
A trademark is a sign capable of
distinguishing the goods or services of one enterprise from we of other
enterprises. Trademarks date back to ancient times when artisans used to put
their signature or mark on their products.
Industrial Design
An industrial design constitutes the
ornamental or aesthetic aspect of an article. A design may consist of
three-dimensional features, such as the shape or surface of an article, or of
two-dimensional feature, such s patterns, lines or color.
Geographical indications
Geographical indications and
appellations of origin are signs used on goods that have a specific
geographical origin and possess qualities, a reputation or characteristics that
are essentially attributable to that place of origin. Most commonly, a
geographical indication includes the name of the place of the origin of the
goods.
Trade Secrets
Trade secrets are IP rights on confidential
information which may be sold or licensed. The unauthorized acquisition, use or
disclosure of such secret information in a manner contrary to honest commercial
practices by others is regarded as an unfair practice and a violation of trade
secret protection.
Points to Remember
Intellectual property (IP) refers to creations of
the mind: inventions, literary and artistic works, and symbols, names, images,
and designs used in commerce.
Why should we promote and
protect intellectual property?
There are several reasons that force the
promotion and protection of IPs. First, the progress and well-being of humanity
rest on its capacity to create and invent new works in the areas of technology
and culture. Second, the legal protection of new creations encourages the
commitment of additional resources for further innovation. Third, the promotion
and protection of intellectual property spurs economic growth, creates new jobs
and industries, and enhances the quality and enjoyment of life. An efficient
and equitable intellectual Property system can help all countries to realize
intellectual property's potential as a catalyst for economic development and
social and cultural well-being. The intellectual property system helps strike a
balance between the interests of innovators and the public interests ,
providing an environment in which creativity and invention can flourish , for
the benefits of all.
Intellectual property rights reward creativity
and human endeavor, which fuel the progress of humankind. Some examples: The
multibillion dollar film, recording, publishing and software industries - which
bring pleasure to millions of people worldwide - would not ist without
copyright protection. Without the rewards provided by the patent system,
researchers and inventors would have little incentive to continue producing
better and more efficient products for consumers. Consumers would have no means
to confidently buy products or services without reliable, international
trademark protection and enforcement mechanisms to discourage counterfeiting
and piracy.
Intellectual property rights (IPRs)
IPRs are the rights given to persons over the
creations of their minds. They usually give the creator an exclusive right over
the use of his/her creation for a certain period of time. IPR means
“ownership”. Ownership is important as it draws potential economic benefit for
the owner.
Over the past two decades, intellectual
property rights have grown to a stature from where it plays a major role in the
development of the global economy. In the 1990s, many countries unilaterally
strengthened their laws and regulations in this area, and many others were
poised to do likewise. At the multilateral level, the successful conclusion of
the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)
in the World Trade Organization enhanced the protection and enforcement of IPRs
to the level of Solemn international commitment.
The domain of intellectual property is vast.
Copyrights, Patents, Trademarks and Designs are known to have received
recognition for a long time. Newer forms of the protection are also emerging
particularly stimulated by the exciting developments in scientific and
technological activities.
Intellectual property has increasingly assumed
a vital role with the rapid pace of technological, scientific and medical
innovation that we are witnessing today. Moreover, changes in the global
economic environment have influenced the development of business models where
intellectual property is a central element establishing value and potential
growth. In Nepal several legislations such as The Patent, Design and Trademark
Act 2022 , The Copyright Act 2059, National Intellectual Property Policy 2073
etc. for the protection of intellectual property rights (IPRS) have been passed
to meet the international obligations under the WTO Agreement on Trade-Related
Aspects of Intellectual Property Rights (TRIPS).
Countries have laws to protect intellectual
property for two main reasons. One is to give statutory expression to the moral
and economic rights of creators in their creations and the rights of the public
in access to those creations. The second is to promote, as a deliberate act of
Government policy, creativity and the dissemination and application of its
results and to encourage fair trading which would contribute to economic and
social development.
The convention establishing the World
Intellectual Property Organization (WIPO), one of the specialized agencies of
the United Nations (UN) system of organizations concluded in Stockholm on 14
July 1967 provides that “intellectual property shall include rights relating to
·
literary, artistic and
scientific works,
·
performances of
performing artists, phonograms and broadcasts,
·
inventions in all
fields of human endeavor,
·
scientific
discoveries,
·
industrial
designs,
·
trademarks, service
marks and commercial names and designations,
·
protection against
unfair competition,
·
and all other rights
resulting from intellectual activity in the industrial, scientific, literary or
artistic fields.”
Assignment 6
1.
Define intellectual
property rights. Also list out the different types of intellectual
property.
2.
List out the
legislation passed by Nepal for the protection of IPR.
Digital Signature
8.7 Digital Signature
Digital signatures are like electronic
“fingerprints”. A digital signature is a specific type of e-signature that
verifies the authenticity of the digital messages or documents. A valid digital
signature gives a recipient a very strong reason to believe that the message
was created by a known sender (authentication), and that the message was not
altered in transit (integrity). All digital signatures are e-signature but all
e-signatures are not digital signatures. In the form of a coded message, the
digital signature securely associates a signer with a document in a recorded
transaction.
Digital signatures use a standard, accepted
format, called Public Key Infrastructure (PKI), to provide the highest levels
of security and universal acceptance. Digital signatures use certificate-based
digital IDs to authenticate the signer identity and demonstrate a proof of
signing by binding each signature to the document with encryption. Validation
occurs through trusted certificate authorities (CAs) or trust service providers
(TSPs). Digital signature is a standard element of most cryptographic protocol
suites, and is commonly used for software distribution, financial transactions,
contract management software, and in other cases where it is important to
detect forgery or tampering.
Digital signatures are equivalent to
traditional handwritten signatures in many respects, but properly implemented
digital signatures are more difficult to forge than the handwritten type.
Digital signature schemes, in the sense used here, are cryptographically based,
and must be implemented properly to be effective. Digital signatures can also
provide non-repudiation, meaning that the signer cannot successfully claim they
did not sign a message.
POINTS TO REMEMBER
A digital signature is a mathematical code for
demonstrating the authenticity of digital messages or documents that lets you
sign a document electronically and validates the signer.
Working mechanism of digital
signature
Digital signatures are based on Public Key
Infrastructure. By this mechanism, two keys are generated, a Public Key and
Private Key. The private key is kept by the signer and it should be kept
securely. On the other hand, the receiver must have the public key to decrypt
the message.
For example, a sender wants to send an
encrypted message to the receiver. As stated above, the sender must have a
private key to sign the message digitally. Before encrypting the message using
the private key, an algorithm encrypts the message to be sent by the sender
into a hash value. Then, the sender's private key encrypts this hash value. On
completion of both the processes, the sender's message is said to be digitally
signed.
On the side of the receiver, the digitally signed
message is decrypted with the help of the signer's public key. The public key
decrypts the message and converts it into another hash value. Then, the program
which is used to open the message (e.g., MS Word, Adobe Reader etc.) compares
this hash value to the original hash value which was generated on the sender's
side. If the hash value on receiver's side matches with the hash value
generated on the sender's side, then, the program will allow the message to
open up and displays the message “The document has not been modified since this
signature was applied.” Then the program will not allow the document to
open if both the hash values don't match.
Hash function: A hash function (also called a
"hash") is a fixed-length string of numbers and letters generated
from a mathematical algorithm and an arbitrarily sized file such as an email,
document, picture, or other type of data. This generated string is unique to
the file being hashed and is a one-way function i.e. a computed hash cannot be
reversed to find other files that may generate the same hash value. Some of the
more popular hashing algorithms in use today are Secure Hash Algorithm-1
(SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message
Digest 5 (MD5).
Public Key Infrastructure (PKI): Public Key Infrastructure (PKI) is a set of
requirements that allow (among other things) the creation of digital
signatures. Through PKI, each digital signature transaction includes a pair of
keys: a private key and a public key. The private key, as the name implies, is
not shared and is used only by the signer to electronically sign documents. The
public key is openly available and used by those who need to validate the
signer’s electronic signature. To protect the integrity of the signature, PKI
requires that the keys be created, conducted, and saved in a secure manner, and
often requires the services reliable Certificate Authority (CA).
Certificate Authority (CA): Digital signatures rely on public and private
keys. When you send or sign a document, you need assurance that the documents
and the keys are created securely and that they are using valid keys. CAs, a
type of Trust Service Provider, are third- organizations that have been widely
accepted as reliable for ensuring key security that can provide the necessary
digital certificates. Also, CA validates a person's identity and either
generates a public/private key pair on their behalf or associates an existing
public key provided by the person to that person. Once a CA validates someone's
identity, they issue a digital certificate that is digitally signed by the
CA.
Digital certificate: A digital certificate is an electronic
document issued by a Certificate Authority (CA). It contains the public key for
a digital signature and specifies the identity associated with the key, such as
the name of an organization. The certificate is used to confirm that the public
key belongs to the specific organization. The CA acts as the parantor. Digital
certificates must be issued by a trusted authority and are only valid for a
specified time. They are required in order to create a digital signature.
Advantages and Disadvantages
of Digital Signature
The following are the benefits of digital
signature:
·
Time
saving: Documents sent by the
sender are auto verified and hence recipients do not need to spend their time
on manual verification. Documents are prepared and signed by all the parties in
a very short period of time no matter how far the parties are
geographically.
·
Costs
Saving: Using postal or courier
services for paper documents is much more expensive compared to using digital
signatures on electronic documents.
·
Enhance
Security: The use of digital
signatures and electronic documents reduces the risks of documents being
intercepted, read, destroyed, or altered while in transit.
·
Authenticity: An electronic document signed with a digital
signature can stand up in court just as well as any other signed paper
document.
·
Tracking: A digitally signed document can easily be
tracked and located in a short amount of time.
·
Non-Repudiation: Signing an electronic document digitally
identifies you as the signatory and that cannot be later denied.
·
Imposter
prevention: No one else can forge
your digital signature or submit an electronic document falsely claiming it was
signed by you.
·
Time-Stamps: By time stamping your digital signatures, you
will clearly know when the document was signed.
The following are the disadvantages of digital
signature:
·
Expiry: Digital signatures are highly dependent on
the technology. Because of fast technological advancements, many of these tech
products have a short life.
·
Certificates: In order to effectively use digital
signatures, both senders and recipients may have to buy digital certificates at
a cost from a trusted certification authority.
·
Software: To work with digital certificates, senders
and recipients have to buy verification software at a cost.
·
Law: In some states and countries, cyber laws are
weak or even non-existent. Trading in such jurisdictions becomes very risky for
those who use digitally signed electronic documents.
·
Compatibility: There are many different digital signature
standards and most of them are incompatible with each other and this
complicates the sharing of digitally signed documents.
Assignment 7
1.
Define the following
terms Digital Signature, Hash Value, PKI, Certificate Authority and Digital
Certificate.
2.
List out the merits
and demerits of digital signature.
Concept of Cyber Law in Nepal
8.8 Concept of Cyber Law in
Nepal
This law is commonly known as the law of the
internet. It governs the legal issues of computers, Internet, data, software,
computer networks and so on. These terms of legal issues are collectively known
as cyberspace. In other words, it is a type of law which rules on the Internet
to prevent Internet related crime.
Cyber law is a new and quickly developing area
of the law that pertains to persons and companies participating in e-commerce
development, online business formation, electronic copyright, web image
trademarks, software and data licenses, online financial transactions,
interactive media, domain name disputes, computer software and hardware, web
privacy, software development and cybercrime which includes, credit card fraud,
hacking, software piracy, electronic stalking and other computer related
offenses.
Area of Cyber Law
1.
Electronic
and Digital Signature:
It is a type of security mechanism. To transfer critical data, we need to
encrypt the data by private key (which is only known to encrypter) and decrypt
the data by public key (which is known to both sender and receiver). This type
of security is used to transfer secret emails, fund transferring web pages etc.
2.
Computer
crime: With the fast growing
information technology and advancements on the business organizations, the
internet is becoming the most targeted site of crime. Some commit crime for
money while others sadistically disturb others. This law has emerged to prevent
such types of crimes.
3.
Intellectual
Property: Intellectual property
(IP) refers to the creations of the mind: inventions; literary and artistic
works; designs; and symbols, names, and images, used in commerce. These
properties should be protected by Copyright Law, Trademark Law, Patent Law etc.
4.
Data
Protection and Privacy:
This law is built up for the security of data. One can manage his/her own
database along with the privacy maintained. The government body is protecting
the fundamental rights of privacy of individual. This law is vital to
protecting abusing internet resources.
5.
Telecommunication
Law: Looking back to
history, until a few years back, the internet was a part of telecommunication.
Now-a-days, interestingly, telecommunication has been the part of cyberspace
(computers, internet, data, software, computer networks, cables and so on)
where communication is possible via internet. In order to manage communication
law and for proper use of internet technology, this law has emerged. For
example: VOIP became legal which provides cheap International calls.
Cyber law in Nepal
Cyber Law includes an ample variety of
political and legal issues related to the Internet and other communications
technology, including intellectual property, privacy, freedom of expression and
jurisdiction. Proper cyber law must govern all the cyber activities. Nepal
cannot be isolated from emerging technology and the problems raised by the
technology.
The Electronic Transaction Act, 2063 is
Nepal's first cyber law. It was created in response to the growing usage of the
internet in Nepal. It makes provision for the commercial use of computers and
networks; authorized e-transactions and communication in public and private
sectors; criminalizes different computer related unwanted activities. The bill
deals with issues related to digital signature, intellectual property,
cybercrime, etc. The Act is divided into 12 sections and 80 clauses. This law
keeps an eyeball on issues which are related to computer networks and
cybercrime. It brings cyber criminals for hearing in the court and penalizes
them just like other criminals.
The main provisions included in the law
are:
·
The law covers most of
the issues related with cyber activities and is supposed to forecast to be
landmark legislation for development of IT industry in Nepal.
·
Conducts such as
hacking, deleting data, stealing e-document, software piracy and posting
offensive information are capable of criminal and civil sanctioning under the
new Cyber law.
·
The government can
punish cyber offenders with up to 5 years of imprisonment or a fine of up to
Rs. 2,00,000 or both. However, much depends on the harshness of the crime and
repetition of crime will cause more punishment.
·
The law has tightened
the security for banking transactions through electronic means, which
should boost the economic activities across the Internet via Nepal.
·
It gives legal status
to the information posted on the websites of the government offices, the
government run corporations and local bodies.
·
It has also granted
legal status to the digital signatures sent through the electronic media like
e-banking, e-commerce etc.
·
It paves the way to
provide legal status to online news portals in the country.
·
The law has also made
a new judicial body to listen to complaints, cases and matters concerning cyber
crime.
Assignment 8
1.
Define the term Cyber
Law. List out the areas of Cyber Law.
2.
List out any five
legal provisions included in the cyber law of Nepal.
ICT Policy in Nepal
8.9 ICT Policy in
Nepal
Due to rapid and continuous development of
information and communication technology, it is increasingly at the core of
strategies aimed at securing the goals of sustainable development and
stimulating economic growth in countries around the world. Among others, these
technologies are redefining the way social interaction takes place and public
services are delivered in some fundamental ways. It is precisely along these
lines that the Government of Nepal has placed a great deal of importance on
transformative potential of ICTs and positioning these technologies within the
larger context of its far reaching developmental aspirations premised around
poverty reduction as an overarching goal.
Apart from opportunities, the ever evolving
nature of ICTs also offers a host of challenges namely issues surrounding cyber
security, data protection, privacy and respect for intellectual property rights
etc. Equally important is the need to address the challenges posed by
technological convergence especially from regulatory and governance
perspectives. Taking all these into consideration, The Government of Nepal has
developed “Information and Communication Technology Policy, 2072”.
Vision
To transform Nepal into an information and
knowledge-based society through the use of ICTs.
Mission
To achieve good governance, sustainable
development and objectives of poverty reduction through the use of ICTs
Major Objectives
·
To make ICT accessible
and affordable to all citizens.
·
To achieve sustainable
and inclusive socio-economic development through the use of ICT.
·
To develop and expand
ICT infrastructures.
·
To encourage research
and development of ICT in order to face probable challenges in the
environmental, socio-economical and technological sector.
·
To develop human
resources in the ICT sector and create the opportunities of human resource
development through the use of ICT.
·
To promote good
governance through the use of ICT.
Policy
·
To empower and
facilitate Nepal's participation in the Global Knowledge Society.
·
To transform
Government service delivery regime by promoting transparency, efficiency,
inclusiveness and participation through effective utilization of information
and communication technologies.
·
To promote ICT to
further productivity among the sectors that are key drivers of the national
economy.
·
To create an
innovative, market responsive, highly competitive and well regulated ICT
industry.
·
To help develop ICT
business incubators and promote start-up projects in close coordination with
the private sector through the creation of a supportive ecosystem.
·
To address
gender-based inequalities and promote gender-sensitive measures to encourage
the active participation of women in national and community-based ICT
initiatives.
·
To increase the
competitiveness of farmers in production, processing and marketing of
agricultural products and services through the effective and outcome oriented
utilization of ICTs.
·
To promote a stable,
fair and competitive investment climate to facilitate the development of
e-Trade and E-Commerce activities in the country.
·
To promote the use of
free and open source software as well as open standard in software development
for government agencies.
·
To foster efficient,
inter-operable, secure, reliable and sustainable national ICT infrastructure in
alignment with grass-root needs, and compliant with regional and international
standards.
·
To further streamline
clear strategies and obligations for licensed ICT service provide with respect
to universal access/service goals and Quality of Service (QoS) and ensure
cost-effective connectivity to ICT services such as Internet, E-Commerce and
E-Government services.
·
To promote
cost-effective and qualitative last-mile access technologies for providing
secure access to the internet including commercial and public information
servion,e Government applications by communities (including the disadvantaged
and physically challenged) especially in rural and underserved areas.
·
To create easily
accessible, affordable and innovative public access points under a comprehensive
e-Community/ Village network initiative.
·
To create a favorable
environment for cooperation and partnership in ICT among public and private
sectors, civil society, and between all stakeholders at local, naion regional
and international levels.
·
To increase the
institutional capacity along with infrastructure and human resource dimensions
in public and private educational institutions including schools, colleges/
universities that offer ICT courses and use ICTs for pedagogical purposes.
·
To support local and
indigenous content development as well as applications targeting the capturing,
archiving and dissemination of local and indigenous knowledge content and
information resources as well as the promotion of diverse linguistic and
cultural heritage of Nepal.
Assignment 9
1.
Why do we need ICT
policy? List out its mission and vision.
2.
List out any five
objectives of ICT Policy 2072.
No comments:
Post a Comment