On 13 August 2001, www.ft.com reported on the Russian hacker Dmitry Sklyarov, who faces trial in the USA for allegedly violating new copyright legislation. He was detained by FBI agents on his way back to Moscow from a hackers' conference in Las Vegas, where he had explained how to circumvent a security system on software sold by the US company Adobe. His Moscow-based company, Elcomsoft, sold a program that broke Adobe's code which prevented users copying documents published in Adobe format. Sklyarov's detention caused outrage across the cyber community, and special Internet sites and banners proclaiming 'Free Dmitry Sklyarov' and attacking Adobe were rapidly created. Adobe was surprised by the outcry and asked the US authorities to drop the charges. However, prosecutors have resolved to pursue the case, which will be a pioneering test for the 1998 Digital Millennium Copyright Act (DMCA), which makes it illegal to evade copyright-protecting technology.
Sklyarov has been released on bail, but faces a fine of up to $500,000 if found guilty. Elcomsoft argues that its program highlighted weaknesses in Adobe's security, and was not designed to allow infringement of copyright. The mainstream Russian media have followed the case extensively, and the interior ministry has said that it will not prosecute Sklyarov on his return. In the USA, libertarian groups such as the Electronic Frontier Foundation (EFF) have also argued in his defence. The case has other implications that could paradoxically lead to the potential for widespread computer damage from hackers. There is a long-standing tradition within the US technology community of 'white-hat hackers' whose hobby is finding security weaknesses within computer systems used in business applications, then publicizing them to allow computer companies to plug the security holes. Internet legal experts have expressed concern that advances in technology, together with legislation such as DMCA, is granting copyright holders too much power.
Data protection
The UK's Data Protection Act 1984 (and later amendments) focuses on the information that companies hold on customers and how individuals can access it and ensure it is correct. Although of course this act pre-dates the Internet, the principles involved are exactly the same. More detail about the implications of recent changes in the Data Protection Act is available at www.dataprotection.gov.uk. Basically, there are eight key principles of good practice enshrined in the Act which can be summarized as follows:
Data must be:
1 fairly and lawfully processed;
2 processed for limited purposes;
3 adequate, relevant and not excessive;
4 accurate;
5 not kept longer than necessary;
6 processed in accordance with the data subject's rights;
7 secure;
8 not transferred to countries that do not have adequate protection.
The Information Commissioner's Office has produced four free introductory seminars to help both individuals and organizations that hold personal information (data controllers) to understand the Data Protection Acts. Each seminar consists of a voice-over recording accompanied by a power-point presentation. The seminars can be downloaded from www.dataprotection.gov.uk/seminars. htm.
CPExchange (www.cpexchange.org) offers an independent and open standard that allows approved customer data to be shared between disparate computer systems. This means that different areas of an organization, reliant on separate data sources and even whole computer systems, are able to obtain an integrated picture of customer information that complies with data collection criteria to be used for marketing purposes.
No comments:
Post a Comment