European E-Signatures Solutions on the Basis of PKI Authentication Technology

This chapter presents systems of certification authorities and registration authorities and other supporting servers and agents that perform certificate management, archive management, key management, and token management functions. These activities that support security policy by monitoring and controlling security services, elements and mechanisms, distributing security information, and reporting security events are examined with the main focus on PKI authentication technology.

Controlling Electronic Intrusion by Unsolicited Unwanted Bulk Spam

The ordinary and uncomplicated Spam menace is made possible by technological advances which enable the sender to dispatch millions if not billions of commercial messages without significant monetary cost and without wasting time. The present review will focus on fundamentals, exploring what has already been done and suggesting avenues of improvement. The chapter promotes basic approaches of handling Spam depending on the actions and choices of the receiver. The anti-Spam campaign needs effective enforcement powers and should be able to use all available technological know-how. As the vagaries of enforcement are presented, the role of the Internet Service Providers and advertisers is envisaged.

RFID Technology and its Impact on Privacy

The present chapter explores privacy issues posed by the use of RFID systems and applications. The existing legal framework for data protection is analyzed in order to discover how general privacy safeguarding principles should be applied in the case of RFIDs, with special focus on the main areas which are going to experience widespread use of such applications. The structure of the chapter is based on a chronological order which follows the consecutive phases of contact and interaction between the individual and the RFID tag. The implementation of a tag to a product or in the human body establishes the first point of contact of the individual with the RFID tag. This stage of data processing is examined in the first part of the chapter. In more particular, this part deals with the application of general principles of fair processing, such as information transparency, the debate about the necessity to require the prior consent of the individual (possible opt-in and opt-out solutions) and the precondition of a clearly defined purpose of the data processing. The symbiosis of the person with the tag is examined in the second part. Indeed, privacy concerns are equally significant during the phase of processing of personal information, even if processing is conducted lawfully, either based on the legal ground of the individual’s consent or justified on another legal basis. The requirement of data quality and the obligation to secure the RFID system against unauthorized interceptions or alterations of data by third parties constitute essential guarantees of fair data processing. Privacy protection in the activation phase of the tag is also ensured by the obligation to inform the tagged individual every time a reading takes place and by the right to verify the accuracy of the tag data, whether stored from the beginning or added at a later date. Finally, the last part of the chapter examines the legal regime of separation between the person and the tag. This phase refers to the termination of the processing either by act of the data subject or by act of the RFID system controller. The focus is given to the exercise of the right to object to the processing of personal data through RFID devices. In this context practical solutions, such as the “tag kill” or “tag sleep” command should be taken into consideration in order to the make the exercise of the right to object feasible.

Criminal Sanctions Against Electronic Intrusion

The international dimension of intrusion is discussed in this chapter along with the different legislative approaches adopted by various countries leading to the development of computer specific-legislation concerning electronic intrusion in a rather homogeneous style approach. The integrity of information and computer systems is presented and the misuse of devices, the illegal interception of data transfer and the illegal access to computer systems are bounded so to demonstrate the responsibility of providers or users.

Surveillance of Employees' Electronic Communications in the Workplace

The use of Information and Communication Technologies in the workplace is constantly increasing, but also the use of surveillance technology. Electronic monitoring of employees becomes an integral part of information systems in the workplace. The specific software which is used for monitoring electronic communications is, however, intrusive and infringes upon the employees’ right to privacy. The issue of surveillance of employees’ electronic communications is subject to different approaches in various jurisdictions. The most comprehensive protection to employees is afforded in the EU, however, there are still ambiguities concerning the balancing of interests between employers and employees.

Cyberproperty in the United States

During the past three decades, the growing importance of computing technology to modern society has led to regular calls in the United States for new and stronger forms of legal protection for computer equipment. Legal reforms in the United States have included the passage of laws targeting unauthorized access to computer systems, laws regulating online advertising, new criminal provisions related to identity theft, and copyright reforms protecting private interests in digital files. One of the most interesting and controversial legal developments, however, has been the acceptance by some courts of a new modification to an old common law property interest. Under the theory of cyberproperty, the owners of computer chattels have been granted the right to prohibit non-damaging contact with their systems. Essentially, cyberproperty amounts to a right to exclude others from network-connected resources (Wagner, 2005). The right is analogized to a right to exclude others from real property. Many legal scholars in the United States have supported the creation of a cyberproperty right, arguing in law review articles that this development is justified (Bellia, 2004; Epstein, 2003; Epstein, 2005; Fairfield, 2005; Hardy, 1996; McGowan, 2003; McGowan, 2005; Wagner, 2005; Warner, 2002). Other scholars, including myself, have argued against cyberproperty doctrine, claiming that it is dangerously overbroad and ill-suited to the nature of the networked environment (Burk, 2000; Carrier & Lastowka, 2007; Hunter, 2003; Lemley, 2003; Madison, 2003; O’Rourke, 2001; Quilter, 2002; Winn, 2004). This chapter has two parts. The first part explains the doctrinal evolution of cyberproperty in the United States. In the first part of this chapter, I provide an overview of the seminal cases that led up to the California Supreme Court’s decision in Intel v. Hamidi (2003). Though the Hamidi case was a landmark decision for trespass to chattels on the internet, the issue of cyberproperty in the United States remains largely an open question. In the second part of this chapter, I examine and criticize what I see as the theoretical foundations of cyberproperty. Cyberproperty grows out of two confusions. First, it is based on the strange belief that exclusion of a party from access to a computer can be easily analogized to the exclusion of a person from access to land. Second, many proponents of cyberproperty have confused the operation of computer code with the power of the law. This reasoning is based on Professor Lawrence Lessig’s claim that “code is law.” Both of these foundations of cyberproperty theory are suspect. Computer chattels are very much unlike land. Even if we apply standard law and economic principles to computer networks, we find that private interests in computer systems are unlike standard property interests. Also, code is unlike law in many ways. In fact, almost all cyberlaw scholars who reference the “code is law” equation do so in order to criticize the equation of code and law, not endorse it. Thus, the theoretical foundations of cyberproperty doctrine in the United States seem to be both easily identified and easily criticized. Despite this, as stated earlier, it is possible that cyberproperty doctrine will continue to develop in the United States and elsewhere.

How Much is Too Much? How Marketing Professionals can Avoid Violating Privacy Laws by Understanding the Privacy Principles

A marketeer’s point of view is presented in this chapter. Although legal restrictions safeguard processes and restrict annoying intrusive techniques, protecting customers, it can be argued that responsible privacy practices in the marketing profession will add value for consumers. As businesses compete with greater intensity to provide the customer with control over areas such as product offerings, services provided, and account management, privacy standards, being an important part of the customer-company relationship, formulate the grounds upon which businesses compete to provide greater customer control.

Intrusion in the Sphere of Personal Communications

In this chapter the limits for the sphere of personal communications are set. Different understandings of the “right to be alone” or “the right to respect for private and family life” are provided. The significance of the information privacy is pointed out and the right to informational self-determination is deciphered. Having presented the substrate for personal data protection, a legal synopsis of the aforementioned subject is the concluding part of the chapter, with emphasis on data retention.

Security of Alternative Delivery Channels in Banking

To sustain competitive advantages, financial institutions continuously strive to innovate and offer new banking channels to their customers as technology creates new dimensions to their banking systems. One of the most popular such diversification of channel is electronic banking (e-banking). Information assurance is a key component in e-banking services. This chapter investigates the information assurance issues and tenets of e-banking security that would be needed for design, development and assessment of an adequate electronic security infrastructure. The technology terminology and frameworks presented in the chapter are with the view to equip the reader with a glimpse of the state-of-art technologies that may help towards learned and better decisions regarding electronic security.

Spam and Advertisement

A significant problem of our times, accelerated by the advances in technology, is the plethora of commercial Internet messages usually defined as spam, while the equivalent in classic television emission is the frequent and uncontrollable advertisement. Advertisement, perceived as an expression and factor of the economy, is legitimate and desirable. However, abusive advertising practices cause multiple damage: invasion in our private communication space, homogenisation of morals and customs leading to globalized overconsumption. Variations and cloning of spam and advertisement include spim, distributed instant messaging using bulk SMS’s over mobile telephone networks or the web, wireless attacks and penetration, targeted unsolicited online harassment and others.