- Email: [email protected]
Norwegian police crack down on computer crime
Vol.
9, No.
12, Page
9
Other areas of computer security confusion, states RRV, For this RRV cites the include "high security area trespass". example of whether or not fire exit doors should be opened in the event of a fire or used as escape routes for persons not directly Fire authorities, working within the high security department. according to RRV, maintain that fire exit doors in computer rooms should be left open for use by employees irrespective of whether or not they are employed within the high security computer area. Police authority rules however stipulate that fire exit doors should be kept locked in the event of a fire "to avoid trespass". One area of public concern, states the report, is the rights of individuals held in police custody. According to RRV, police suspects can be unjustly held in custody overnight, if arrested RRV found that police authorities are after normal office hours. becoming more and more dependent on obtaining information and identification of suspects from the force's central computing Employees of this division work from nine a.m to five division. p.m and computer assistance is not available after office hours. The absence of a night-shift means that innocent people are detained in police custody overnight, states RRV, simply because police are unable to obtain computer confirmation of the person's name and address. Due to a lack of manpower, manual identification is often unobtainable. According to RRV, computer systems operated by the state's customs and patents departments do not contain "effective" mechanisms to deter and prevent unauthorized use by hackers. The vital and often top secret information contained in both systems, says RRV, is readily available to clever hackers. RRV's report concludes by pointing out the "many inadequacies" which exist in Sweden's computer security laws and systems. Major improvements are required before state networks could be "described as safe", the report says.
NORWEGIAN POLICE CRACK DOWN ON COMPUTER CRIME
Norway's Central Criminal Investigation division (CCI), headquartered in Oslo, has launched a major crackdown on computer CII Crime Chief Mr Kaj Erik Tordal told a conference of crime. public and private sector auditors in Oslo in July 1987 that most computer crimes within the Norwegian corporate sector currently go "unreported to the police". Mr Tordal said state and private sector companies are reluctant to declare computer access violations because they are "The problem of industrial afraid of damaging their reputation. espionage in Norway", said Mr Tordal, "is grossly underestimated. It can be only a matter of time before terrorist actions against Tordal is leading a computer systems are carried out", he stated. special task force which is investigating industrial and commercial crimes. Within this context, a high degree of attention is being focused by researchers on computer and espionage violations within the business and financial sectors. Tordal's background and qualifications are ideally suited to He worked as an auditor and legal specialist the task at hand. with the accountancy firm, Peat Marwick, Mitchell and Company.
0 1987 Elsevier CO~P~T~~,~~>~TJj!& slNBrrTBIlllgRlll
No part of this means. (Keadrrs
Science
Publishers
publication
electronic,
mechanical.
m the U.S.A.
B.V.. Amsterdam./87/$0.00
may be reproduced, photocopying.
please see special
stored
recording regulations
+ 2.20
in a retrieval
system,
or otherwIse. listed
or transmitted
without
on back ~ovcr.)
the prior
by any form permission
or bv any
of thr
publishers
Vol.
9, No.
12, Page
10
"Precautions taken by Norwegian companies to protect their data and computer systems are inadequate. The goal of the forthcoming campaign is to draw companies' attention to the risks they have to face and inform them of the best means available to combat such risks", Tordal said. "I believe the programme should fall as heavily on managers as on computer staff. It is unfortunate that many companies prefer to stay quiet when computer crimes are discovered. An employee who steals company secrets is merely sacked and in all probability goes to another company and continues his bad work there." According to Tordal, insurance companies should demand as a prerequisite to paying out claims, that companies notify police of computer or espionage crimes and violations. This would result in a more precise documentation of computer fraud and company crime which in turn would lead to more police action against statistics, "A large number of computer crimes can be avoided by violators. better internal supervision." Company auditors, Tordal said, in liaison with security personnel, should cooperate on a more "beneficial" level to reduce computer and company crime and to make it harder for in-house computer staff to violate system security.
"URGENT" NEED FOR FINNISH SOFTWARE COPYRIGHT LEGISLATION
The Finnish Central Chamber of Commerce (CCC) has called on the government to treat as "urgent" the drafting of new legislation aimed at clarifying regulations for the protection of software developers and computer companies. The CCC is concerned at the lack of adequate and tailor-made laws to regulate software ownership disputes about who owns computer programs - developers or program purchasers. The CCC highlighted important areas of computer-related law According to which were not adequately covered by legislation. the CCC, no law currently exists in Finland to regulate the positions of computer programmers, their employers, or computer program sub-contractors. The question of who owned the actual computer programs remained in dispute, said the CCC, and would remain so until new legislation was introduced. Ironically, a working group established by the Educational The committee's Ministry in 1976 reached the same conclusion. Under the CCC's government report however was never acted upon. computer programs in Finland would be protected in the submission, containing the same intrinsic same manner as book copyright, The CCC is now studying laws requirements and objectives. relating to this area in operation in the US, France, UK, Japan, West Germany, and Sweden. Under the CCC proposals, companies could legally claim copyright on programs designed by computer department staff unless an independent arrangement giving an employee or employees ownership rights to a program design is reached between both Current Finnish copyright laws serve to protect patent parties. or design ownership for up to 50 years after the death of the These rather outdated laws are unsuitable in a patenter/designer. hi-tech environment where even the most sophisticated programs may
9, No.
12, Page
9
Other areas of computer security confusion, states RRV, For this RRV cites the include "high security area trespass". example of whether or not fire exit doors should be opened in the event of a fire or used as escape routes for persons not directly Fire authorities, working within the high security department. according to RRV, maintain that fire exit doors in computer rooms should be left open for use by employees irrespective of whether or not they are employed within the high security computer area. Police authority rules however stipulate that fire exit doors should be kept locked in the event of a fire "to avoid trespass". One area of public concern, states the report, is the rights of individuals held in police custody. According to RRV, police suspects can be unjustly held in custody overnight, if arrested RRV found that police authorities are after normal office hours. becoming more and more dependent on obtaining information and identification of suspects from the force's central computing Employees of this division work from nine a.m to five division. p.m and computer assistance is not available after office hours. The absence of a night-shift means that innocent people are detained in police custody overnight, states RRV, simply because police are unable to obtain computer confirmation of the person's name and address. Due to a lack of manpower, manual identification is often unobtainable. According to RRV, computer systems operated by the state's customs and patents departments do not contain "effective" mechanisms to deter and prevent unauthorized use by hackers. The vital and often top secret information contained in both systems, says RRV, is readily available to clever hackers. RRV's report concludes by pointing out the "many inadequacies" which exist in Sweden's computer security laws and systems. Major improvements are required before state networks could be "described as safe", the report says.
NORWEGIAN POLICE CRACK DOWN ON COMPUTER CRIME
Norway's Central Criminal Investigation division (CCI), headquartered in Oslo, has launched a major crackdown on computer CII Crime Chief Mr Kaj Erik Tordal told a conference of crime. public and private sector auditors in Oslo in July 1987 that most computer crimes within the Norwegian corporate sector currently go "unreported to the police". Mr Tordal said state and private sector companies are reluctant to declare computer access violations because they are "The problem of industrial afraid of damaging their reputation. espionage in Norway", said Mr Tordal, "is grossly underestimated. It can be only a matter of time before terrorist actions against Tordal is leading a computer systems are carried out", he stated. special task force which is investigating industrial and commercial crimes. Within this context, a high degree of attention is being focused by researchers on computer and espionage violations within the business and financial sectors. Tordal's background and qualifications are ideally suited to He worked as an auditor and legal specialist the task at hand. with the accountancy firm, Peat Marwick, Mitchell and Company.
0 1987 Elsevier CO~P~T~~,~~>~TJj!& slNBrrTBIlllgRlll
No part of this means. (Keadrrs
Science
Publishers
publication
electronic,
mechanical.
m the U.S.A.
B.V.. Amsterdam./87/$0.00
may be reproduced, photocopying.
please see special
stored
recording regulations
+ 2.20
in a retrieval
system,
or otherwIse. listed
or transmitted
without
on back ~ovcr.)
the prior
by any form permission
or bv any
of thr
publishers
Vol.
9, No.
12, Page
10
"Precautions taken by Norwegian companies to protect their data and computer systems are inadequate. The goal of the forthcoming campaign is to draw companies' attention to the risks they have to face and inform them of the best means available to combat such risks", Tordal said. "I believe the programme should fall as heavily on managers as on computer staff. It is unfortunate that many companies prefer to stay quiet when computer crimes are discovered. An employee who steals company secrets is merely sacked and in all probability goes to another company and continues his bad work there." According to Tordal, insurance companies should demand as a prerequisite to paying out claims, that companies notify police of computer or espionage crimes and violations. This would result in a more precise documentation of computer fraud and company crime which in turn would lead to more police action against statistics, "A large number of computer crimes can be avoided by violators. better internal supervision." Company auditors, Tordal said, in liaison with security personnel, should cooperate on a more "beneficial" level to reduce computer and company crime and to make it harder for in-house computer staff to violate system security.
"URGENT" NEED FOR FINNISH SOFTWARE COPYRIGHT LEGISLATION
The Finnish Central Chamber of Commerce (CCC) has called on the government to treat as "urgent" the drafting of new legislation aimed at clarifying regulations for the protection of software developers and computer companies. The CCC is concerned at the lack of adequate and tailor-made laws to regulate software ownership disputes about who owns computer programs - developers or program purchasers. The CCC highlighted important areas of computer-related law According to which were not adequately covered by legislation. the CCC, no law currently exists in Finland to regulate the positions of computer programmers, their employers, or computer program sub-contractors. The question of who owned the actual computer programs remained in dispute, said the CCC, and would remain so until new legislation was introduced. Ironically, a working group established by the Educational The committee's Ministry in 1976 reached the same conclusion. Under the CCC's government report however was never acted upon. computer programs in Finland would be protected in the submission, containing the same intrinsic same manner as book copyright, The CCC is now studying laws requirements and objectives. relating to this area in operation in the US, France, UK, Japan, West Germany, and Sweden. Under the CCC proposals, companies could legally claim copyright on programs designed by computer department staff unless an independent arrangement giving an employee or employees ownership rights to a program design is reached between both Current Finnish copyright laws serve to protect patent parties. or design ownership for up to 50 years after the death of the These rather outdated laws are unsuitable in a patenter/designer. hi-tech environment where even the most sophisticated programs may