Transcript ******* 1

Chapter 8: Laws, Ethics, and Safeties
in Information Technology Usage
Contents
Information Technology Laws
Ethics in IT Usage
Computer Crimes
Safety Protections in IT Usage
Future Trends in Safety Protections
Act on Computer Crime
B.E.2550
The act consists of 30 sections and divided
into 3 major parts
4 sections (Generalization and Definitions)
Part 1 Crime involved with Computers
(13 sections)
Part 2 Competent Official (13 sections)
Generalization and
Definitions
Section 1 This act is called the
“Act on Computer Crime B.E.2550”
Section 2 Enforcement: within thirty days from
publication in the Government Gazette
Section 3 Definitions: “Computer system”,
“Computer data”, “Traffic data”, “Service
provider”, “User”, “Competent official”, and
“Minister”
Section 4 The execution of the act by the Ministry
of Information and Communication Technology
Part 1
Crime involved with computers
Illegally access computer system/
computer data
Illegally disclose another person data
Illegally intercept and transmit in
computer system
Damages, destroys, alters, modifies, or
adds to whole or part of computer data
of another person with authorization
Part 1
Crime involved with computers (cont.)
The action without authorization causes
suspension, deceleration, obstruction, or
interference with computer system of
another person
Forging or altering its sources, sends
computer data or electronic mail to
interfere normal usage
Disposes or disseminate specific designed
program for the commission of the
offence
Part 1
Crime involved with computers (cont.)
Input, into computer system, forged
computer data cause injury to another
person or the public/ nation security or
public panic/ terrorism
Any service provider intentionally supports
or consents to commit the offence under
his control
Part 1
Crime involved with computers (cont.)
Inputs to which the public can access
photograph of another person in a manner
likely to impair reputation, to expose, or to
shame of other person
Covering the committing an offence outside
the Kingdom by Thai people, or an alien
Part 2 Competent Official
Authority of an official
Investigate the authorization
Exercising an official power
Responsibility of service provider
Performance of the duties under the Act
Electronic Transactions Act
B.E.2544
The Act shall apply to all civil and
commercial transactions performed by
using data message, except the
transactions prescribed by a Royal Decree
to be excluded from this Act wholly or
partly.
Electronic Transactions Act
B.E.2544
Definitions









“transaction”
“electronics”
“electronics transaction”
“information”
“data message”
“electronic signature”
“information system”
“electronic data interchange”
“originator”









“addressee”
“intermediary”
“information”
“certificate”
“signatory”
“relying party”
“State agency”
“Commission”
“Minister”
Electronic Transactions Act
B.E.2544
Chapter 1 Electronic Transactions
Chapter 2 Electronic Signature
Chapter 3 Service Business Relating to
Electronic Transactions
Chapter 4 Electronic Transactions in the
Public Sector
Chapter 5 Electronic Transactions Commission
Chapter 6 Penalties
Intellectual Property
Intellectual Property (IP) refers to creations of the
mind which includes
 literary, artistic and scientific works
 performances of performing artists,
phonograms and broadcasts
 inventions in all fields of human endeavor
 scientific discoveries
 industrial designs
 trademarks, service marks, commercial names
and designation
Intellectual Property
Intellectual Property Law in Thailand
 Thai law provides protection for various types
of intellectual property.
 The protection against unfair competition
and all other rights resulting from intellectual
activity in the industrial, scientific, literary or
artistic fields.
 IP: Patents, Trade marks, Designs, Copyright
COPYRIGHT ACT B.E. 2537
Definitions









“author”
“copyright”
“literary work”
“computer program”
“dramatic work”
“artistic work”
“musical work”
“audiovisual work”
“cinematographic work”
“sound recording”
“performer”
“broadcasting work”
“reproduction”
“adaptation”
“communication to
public”
 “publication”






COPYRIGHT ACT B.E. 2537
 The Copyright work by virtue of this Act means a
work of authorship in the form of literary, dramatic,
artistic, musical, audiovisual, cinematographic,
sound recording, sound and video broadcasting
work or any other work in the literary, scientific or
artistic domain whatever may be the mode or form
of its expression.
 Copyright protection shall not extend to ideas or
procedures, processes or systems or methods of
use or operation or concept, principles, discoveries
or scientific or mathematical theories.
Fair Use
 reproduction for use in the library or another
library
 reasonable reproduction in part of a work for
another person for the benefit of research or
study
 research or study of the computer program
 use for the benefit of the owner of the copy of
the computer program
 comment, criticism or introduction of the work
with an acknowledgement of the ownership of the
copyright in the computer program
Fair Use
 reporting of the news through mass media with
an acknowledgement of the ownership of
copyright in the computer program
 making copies of a computer program for a
reasonable quantity by a person who has
legitimately bought or obtained the program from
another person so as to keep them for
maintenance or prevention of loss
 use of the computer program as part of
questions and answer in an examination
Fair Use
 reproduction, adaptation, exhibition or display for
the benefit of judicial proceedings or
administrative proceedings by authorized officials
or for reporting the result of such proceedings
 adapting the computer program as necessary for
use
 making copies of the computer program so as to
keep them for the reference or research for public
interest
Ethics in IT Usage
Information Privacy
Information Accuracy
Information Property
Data Accessibility
Computer Crimes
Illegally access computer system/computer
data
 Spyware
 Sniffer
 Phishing/Spoofing
Spyware
Spyware is an application that follows or
tracks the user’s data.
Advertising pop up window without the
user’s request
 Track or hack password to simulate the
user’s account/login account
 Block the user’s account
Sniffer
Sniffer is a computer software or hardware
that can intercept and log traffic passing
over a digital network and stole/hack
username/password for access to the
system or data.
Phishing/Spoofing
 Phishing is the attempt to acquire security
information such as usernames, passwords,
and credit card details by masquerading as a
trustworthy entity in an electronic
communication.
 Communications purporting to be from popular
social web sites, auction sites, banks, online
payment processors or IT administrators are
commonly used to lure unsuspecting public.
Phishing/Spoofing
 Phishing emails may contain links to websites
(malware).
 Phishing is typically carried out by email
spoofing or instant messaging, and it often
directs users to enter details at a fake website
whose look and feel are almost identical to the
legitimate one.
Destroy/Obstruct the
computer system/computer data
 Malicious code: Virus computer, Worm, Trojan,
Exploit, Hoax
 Denial of Service (DoS)
 Virus spreading to interrupt the network traffic
 Flooding packet switching/Fault torrent
 Destroy by delete user account or user data
 Shutdown server
 Brake on the defect of system software
Computer Crimes (cont.)
Spam mail
Hacking tool
Malign data posting
Malicious editing data/photo to
injure another person or
disseminate without permission
Safety Protections in IT Usage
1) Spyware protection
 Do not click hyperlink or advertising pop up
 Beware to download unknown software
 Unsubscribed the untrusted e-mail
Safety Protections in IT Usage
2) Sniffer protection




Secure Socket Layer (SSL)
Secure Shell (SSH)
Virtual Private Network (VPN)
Pretty Good Privacy (PGP)
Safety Protections in IT Usage
3) Phishing protection
 Check/Confirm information with the bank
when received banking e-mail
 Do not open the untrusted e-mail
Safety Protections in IT Usage
4) Virus computer protection
Install scan virus software into computer
system
Check and repair the missing of the operating
system
Carefully check and open only reliable e-mail
Safety Protections in IT Usage
5) Denial of Service (DoS) protection
Use filtering packet on router to filter data
Install TCP SYN Flooding software for hacking
protection
Do not open unused port, such as FTP
Using Tripwire program
Install Hot spares server
Install backup network system
Safety Protections in IT Usage
6) Spam e-mail or Bomb e-mail protection
Do not subscribe untrusted newsletter/website
Determine the number of maximum sending
e-mails per time
Determine the maximum size of e-mail for
sending and receiving
Determine keyword for blocking unwanted
e-mail by specify keywords/subjects
Check the existing of an e-mail before sending
Safety Protections in IT Usage
7) Illegally access protection
Using firewall
Check authorization for login the system
Check the permission card
Record check in and check out
Keep tracking the using behavior in the
system
Determine the different authorization level
for each user
Future Trends in Safety
Protections
 Regulate the encryption of notebook
computer in the organization
 Encryption the data in smartphone as
same as doing in notebook computer
 Law reform for personal data protection
 Protect the exploit program or worms to
enter the gap of the smartphone system
Future Trends in Safety
Protections
 The increasing of the attack to Voice of IP
(VoIP)
 The dangerous gap of Zero-Day in operating
system or software
 Increase the importance of Network Access
Control (NAC) in the organization