Hi everyone,
I would like to provoke discussion concerning
all the common fields between cybersecurity and its legal aspects. It is
interesting for me because of special reason: many, many years ago ;-) apart
from computer science on Technical University, I’ve also managed to graduate
from law faculty at Warsaw University and I am certified legal counsel.
I recommend to review:
I expect you are more than me prepared to such discussion from technical / technological point of view and this is why I am really interested in your opinions in following subjects:
- Would you agree with this article, that these are the aspects you need to understand?
- Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
- What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
- Do you find legal tools useful in ensuring cybersecurity?
- Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
- What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
Thank you for all the answers in advance,
best regards.
Hello. Very good article according to the situation in politics today.
ReplyDelete1. Would you agree with this article, that these are the aspects you need to understand?
I do not know do I need to understand them but I am sure that lots of people need to understand them. In my opinion the very base aspect is to understand that the weakest point of every cyber security system is a human. Even the best security system can be break if a users will not behave according to a basic rules.
2. Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
Meybe the defence rule? Similar to a rule in the USA that allow to protect your home against intruders? Well people have to understand that they can and I think in the future they will have to protect them selves against cyber crimes.
3. What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
You ask about a IT terms and staffs like this? :) I do not think it is the good idea. I do not want to hear a lawyer babbling staff about things that not belongs to me. I do not want to discredit a think. I just point that to understand this field no need to use a very strict terms. Take a look at the city offices. They have to use a common language to explain all to everyday people.
4. Do you find legal tools useful in ensuring cybersecurity?
I am afraid that exclude each other. Lets assume that every system have their flaws. If you know how to change it to be a more secure by making some improvements, according to low, you are breaking it. You can not make any changes and not breaking the law. Only Open source philosophy allows you to make them. For example rooting iPhone you are breaking the law.
5. Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
Honestly I do not know any legal tools to solve cyber security. The base reason is that if you want to know how they do this you have to know all illegal methods. The break in to the system is illegal itself so if you do some investigation you have to be as illegal as criminals. The worse is that in Poland White Hackers was treated the same as criminals. They were put in the same line. You could not practice cyber security because you were treated the same. It changes lately. This is a good sign.
6. What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
Wow. This question is so high I do not know I can answer it :)
I do not think there is a one perfect way. The reason is simple. Web is evolving so fast that today's techniques will be outdated tomorrow. There are some base rules but one rule is always true. The weakest point is human...
Take a look at the rumours about the break in to the Trump's election security. No one know who really did it. Some say it Russians, some say someone else. But there is one thing that should force us to think. No one knows who really did it. There is no proof of this. Good hackers were never caught even today.
If you want secure system there is a one perfect way :)
Unplug form internet and remove all USB an any other connections. And even though some people knows that this is not enough :)
Good day.
Glad to read such good answer about the security basics.
DeleteRafał, thank you for interesting answers. 6th question is my serious subject of research, but it was very nice to read something less serious in this respect ;-)
Delete1. Would you agree with this article, that these are the aspects you need to understand?
ReplyDeleteI understand these aspects very well since my master degree project was about the computers security this subject is close to me. This article shows really just basic informations and for people who doesn’t know to much about IT it is still probably hard to understand. The average person don’t understand what the denial of service is. But I agree that a majority of companies does not think about IT security, but every one of them store personal data and other data that should be protected.
2. Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
Well one sentence from article says it all - consider external solutions. If you don’t employ IT person who knows about security you should either employ such person or use external company to take care of it. Person from nowhere will not secure company as it should be secured.
3. What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
I think that first of all understand all terms, jargon and how it works. How works the network, what are the internet protocols, how private data is secured. How private data should be secured in order to not have legal problems because of it, how to avoid leak of personal data, what are possible attacks and hot to avoid them. Basically they have to know a lot to really work on IT cases.
4. Do you find legal tools useful in ensuring cybersecurity?
I think that this is important, because if you provide system or if you are administrator you take responsibility of security, and in case of attack or leak of informations you are in charge of not securing them correctly. This is huge deal and you can go to jail. People like that need to know legal tools and responsibilities that they are taking.
5. Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
I have never used any legal tools and hopefully I will never have to. Of course we had some classes about that but to be honest it was very basic staff that nobody uses, real hackers have to work a lot.
6. What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
Well it is huge subject to talk about. Specialists have different opinions about it, and probably we can not agree on one way that is the best to protect data. We see that there are Anonymous groups that get very highly secured data and it is not so hard for them.
Ad. 6 - it is not a matter of discussions between specialists, but I am thinking of proposal of such consultancy including taking responsability for such advice in respect of "optimal configuration". This is a real need and that is why - as lawyer and also IT specialist - I am interested in looking for practical solutions.
DeleteMarta – thank you for this short and interesting article. Nowadays we shop online. We work online. We play online. We live online. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important. Security and safety challenges rank among the most pressing issues of modern times. Challenges such as, cyber-crime, terrorism, and environmental disasters impact the lives of millions across the globe. These issues also rank high on the agenda of politicians, international organizations and businesses. They also feature prominently in the public conscience and in governmental policies. In the current, interconnected world, security challenges are becoming increasingly complex. Facilitated by developments as globalization and the spread of networked and hyper-connected technologies, new safety and security challenges arise and impact local, national, regional and international levels, which dramatically increases their complexity and scale. As such, solutions to contemporary security challenges require a wide array of actors operating on multiple levels of governance.
ReplyDeleteThank You Marta for very interesting article.
ReplyDeleteWould you agree with this article, that these are the aspects you need to understand?
From time to time this is crucial to educate about real legal aspects in the IT. The lack of knowledge in this important field may result in expose to the great risk. However very deep legal knowledge can result in high reducement in products development.
Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
You could be focused on legal procedures in computer science but even in this aspect you can be overwhelm by number of problems and escalations.
What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cyber-security problems?
In huge cases all problems starts with question: "what if...?".
Do you find legal tools useful in ensuring cyber-security?
To be honest I always try to negotiate and reduce to minimum all legal inquires...
Have you got any experience with cases, where legal tools were used to solve cyber-security problems? If yes: what was the result? If not: can you imagine and describe probable situation?
Adversaries in most cases got huge advantage in attacks on small companies. They attacks are equipped in many different strategies, lots numbers, they try to be invisible and after aggression it is difficult to catch each attack source. In many cases reporting all problems and systematic resolving problems is only reliable way to resolve all trobuleing issues.
What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
Huge reliable army of peoples who now the goal.
Piotr, thank you for some impressions in my research in answer to question 1.
DeleteMarta, thank you for an interesting article. I do agree with ZC that nowadays we do everything online, therefore ensuring cyber-security has become a really burning issue.I think that as IT specialists we should all gain some knowledge with regards to legal aspects and procedures related to our field of interest and research. Unfortunately I don't have any experience when it comes to situations which required using legal steps to solve cyber-security problems.
ReplyDeleteWould you agree with this article, that these are the aspects you need to understand?
ReplyDeleteYes, I would agree that we should understand aspects mentioned in this article. Cyber security is crucial and everyone in company should know how to avoid risk. It may bring serious damages to the company otherwise.
Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
I think that not respecting cyber security may be harmful not only in legal aspects. Who would trust a company that can't take care about their data and data of their customers? It is also really bad in aspects of company reputation.
What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
I think that lawyers have to understand terms and how systems works in general. Detailed technical knowledge is not needed in my opinion.
Do you find legal tools useful in ensuring cybersecurity?
I think it depends. Usually people do not think about legal tools when they use software etc for private. It is different in a case of commercial use so ensuring cyber security is crucial.
Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
No I have never experienced a situation where legal tools where used to solve cybersecurity problems. Probably it can be used in case of stealing the data and publishing it. If there was just one owner of this data it would be easy to prove that someone crack it.
What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
It is a difficult question as I am not a specialist in legal terms and tools. I think that this should be solved with cooperation of IT people and lawyers.
Hello Marta,
ReplyDeletethanks for interesting and short paper :) couple days after wanna cry ransomware attack.
Regarding for the first question I have to agree with this thesis but in my opinion we can add there some additional points. Most important is understanding between security polices and staff and contractors (in article: Ensure that policies and guidance are easy to understand and readily available for all staff and contractors.) Most of people does not like security policies and think about people responsible for cyber security hat they are not doing their job - they just interfere in the "my" work sometimes.
Most important aspect is internal security and know how protection. If any confidential correspondence or project leaves company systems it can starts the end of company.
Lawyer does not need to know anything. His role is to understand what client (person responsible for security) needs and prepare / or validate policies and security requirements to be inline with country and international law. Unfortunately a lot of cyber attack comes from regions where the law does not reach ... To be honest we have to focus on human consciousness. If our staff and contractors understand risks we are pretty safe because most of cyber attacks finish succesfully by their errors.
I don’t agree lawyer doesn’t have to know anything. It never works like this. When I want to solve a problem and to give really good legal advice, I have to search for information and to know subject as particularly as I am able to. That means always good cooperation with the client and specialists responsible for specific data, in this case technological – hardware and/or software ones. Honestly, indeed I am thinking about serious research in this respect – looking for optimal configuration.
DeleteThank you for a short and eloquent article. I will also agree with the previous speakers that our lives and our activities are moving more and more into the Internet. The main legal problem in my opinion appears in that the person of citizenship P can commit an offense in the state of P1 acting to the detriment of an institution that is within the territory of the State P2. This situation generates some serious legal aspects. One of them is the difference of the laws of the individual states. I'm not an expert in this field, but I feel this situation is causing a lot of problems. It is difficult for me to answer whether the combination of IT and legal knowledge is so important. I see another problem here. Law must be stable and computer science is developing very fast. Obviously, you need to look at the legal acts because 20 years ago they are not always up to date. However, I also agree that the weakest link in the system is a person, and probably the best solution is proper education so that people are aware of the dangers,
ReplyDeleteWould you agree with this article, that these are the aspects you need to understand?
ReplyDeleteYes in general I do agree. What we should specifically keep in mind that cybersecurity ins not only IT operations issue but whole organization.
Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
Legal obligations are one thing but in terms when more and more busies models are relaying on data processing or governance companies should be paying more attention to cybersecurity
What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
Do you find legal tools useful in ensuring cybersecurity?
I could not find single appliance of legal tools in assuring cybersecurity
Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
unfortunately I do not have such expirience
What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
As not a legal expert it is hard for me to imagine legal tools that could have any significant impact on data protection or cybersecurity within organization. As author of the article mentioned tic-boxed policies should be avoided.
Marta, thank you for this article. I am not an expert in the subject, but I feel enlightened by it in some sense. I'll try to answer at least some of your questions:
ReplyDelete1. Would you agree with this article, that these are the aspects you need to understand?
Yes, If I'd ran a company this would be definitely a field I should be familiar with. This issue is too serious just to rely on outsourced law advice or a security provider. What is more, as the article stated, security is based on the awareness of every company member who has access to the system(s).
2. Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
I have no idea. I think that only a person who is in charge in a company, where there are systems exposed to cyber attacks, could fully answer this question.
3. What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
Cezary Góralski wrote basically eveything I had in mind about it, so I won't repeat his words :)
4. Do you find legal tools useful in ensuring cybersecurity?
If we consider legislation as "legal tools", then yes. But this legislation should be practical, made with caution and based on real-world experiences.
5. Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
No, I have never experienced such cases.
6. What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
The cooperation between lawyers and IT sector should be very flexible. Without turning a bling eye to some "illigal" but canny actions made by qualified people, it won't work. But those people have to be provided with very good motivation to focus on the final, legal aspect of the undertaking. Whether it would be money or other value.
Hey! The law is not my strong domain. The questions are quite general, but I will say that he is aware of the importance of law and technology in some court cases. I never had contact with the combination of law and technology. Only with the creation of the store rules www but you are about the "real" situations.
ReplyDeleteWould you agree with this article, that these are the aspects you need to understand?
ReplyDeleteI agree that the basic aspect of the security of every company (but not only company, even our private cybersecurity) is an understanding. Good example might be phishing emails, that are still a popular way of an attack. Even if the knowlegde of them seems to be widespread, such incidents still happen.
Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
For sure the cooperation between IT security team and the legal department. As I am not a security specialist, it is difficult to me to propose valuable aspects and solutions, but usually a good cooperation between specialist improves existing procedures.
What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
An engaged lawyer should gain broad technical knowledge about the network details, types od attacks and threats. If the situation takes place in a specific company, then also the knowledge about particular solutions applied inside the network might be used.
Do you find legal tools useful in ensuring cybersecurity?
As I do not work with the cybersecurity on the daily basis I do not feel fully competent to write about it, but I have an impression, that the law does not follow the cyberworld. It is not changing as fast as the technology reqiures it.
Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
Not at all. I think, that when the company has educated employees, good security team and proper procedures such situations are rather rare for the ordinary user. It is even difficult to me to imagine how the situation could look like.
What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
That is a tough question. The specialists in the area can probaly answer it. I think it might look different for the different companies and situations.
1. Would you agree with this article, that these are the aspects you need to understand?
ReplyDeleteI have to admit this article is quite vague. It contains basic information and does not provide any particular activities. However, it puts stress on an issue, on which many companies simply don't care enough.
2. Are there any other aspects (not only legal), which need to be taken into consideration in this subject, instead or additionally?
Maybe some kind of a broader view of a situation?
3. What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
It is really hard for me to show such cases. First of all they should get involved in IT.
4.Do you find legal tools useful in ensuring cybersecurity?
I don't find it useful. Most of the violators are not caught. Most of them come from other countries. I think there is a need to tighten up international legislation.
5. Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
I haven't. It is hard to imagine such situations. It depends on many initial variables and assumptions.
6. What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
Maybe cooperation between IT specialists and lawyers. It seems that such meetings are not popular. I am not really interested in this topic, however, I have not heard about it.
Hi, everybody,
ReplyDeleteI would like to thank you for all the answers. As I can see, there is a lot of opinions that achieving extremely good protection is extremely difficult, maybe even mission impossible. I hope the future shall bring us more optimistic data in this respect, and I'll keep my research anyhow :-) Good night!
Marta
Would you agree with this article, that these are the aspects you need to understand?
ReplyDeleteI can't argue with that, educating people is a key factor.
Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
Money, of course. Hackers doesn't care about law. Most of them are safe, behind firewalls and so on. Companies should understand that it's very important to invest into IT security.
What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
Wow, I can hardly answer this question. I'm not a lawyer and this topic is quite large.
Do you find legal tools useful in ensuring cybersecurity?
No, most of them are useless vs hackers.
Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
Jail is a good tool, even though most of the time it's not valuable.
What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
Legal tools are far from being usefull. I can barely see a value in legal tools in a war against cyber crime. This is very similar to fighting with burglars and so on.
1. Would you agree with this article, that these are the aspects you need to understand?
ReplyDeleteYes, I agree with it. Moreover there are mentioned few important issues that are very often forgotten.
2. Are there any other aspects (not only legal), which need to be taking into consideration in this subject, instead or additionally?
I would like to propose considering ethical issues. Maybe it was touched a bit by responsibility issue but not in general.
3. What are technological issues which a lawyer needs to understand, when he wants to be helpful in solving cybersecurity problems?
I think that all methods of cyberattacks are very important for lawyers. If you know the method you can avoid cybersecurity problems because you know how to prevent it.
4. Do you find legal tools useful in ensuring cybersecurity?
Yes, of course. How else to deal with hackers and crackers? Only legal tools can help us to keep order.
5. Have you got any experience with cases, where legal tools were used to solve cybersecurity problems? If yes: what was the result? If not: can you imagine and describe probable situation?
Yes, I have. It was a case of impersonating someone’s personality. As a result, the scammer was stopped.
6. What is the most optimal configuration of technological and legal tools to achieve extremely tight protection?
In my point of view they should work together. Otherwise, we would have a lot of security problems.