- Email: [email protected]
R v Shephard, house of lords, 16 December 1992 (unreported)
~,(~,~< ..: . . .
THE CO~'t~{Y[E~( ~ ~ W
the threat of hacking and viruses, change has been slow in coming. The public continues to focus its attention on drugs and street crimes. The fact that criminals are increasingly targeting computers has proven of little interest to either the public or the US Congress and the state legislatures. EDUCATION: Courses on technoethics are lacking in many US schools, businesses, and government agencies. Much of the impetus, in many cases where these are being taught, is the result of fear of greater regulation. However, many in management continue to show little or no interest in technoethics; leaving a void in this area. JUDICIARY: Much of America's current judiciary grew up in the precomputer revolution era. They often do not fully grasp the harm that hackers and other computer criminals can wreak on business and government. Their views are reinforced by the press, which depicts hackers as benign pranksters in search of fun and games. But this judicial perception is changing as a computer literate generation of judges comes to the forefront, as well as individuals who
•
•
•
understand the pitfalls and workings of computer technology. This judicial transformation, however, needs more time to make itself felt. TRAINING: Both US business and government have come to recognize that fighting computer crime requires a commitment in both money and resources. Words alone will not suffice. Security and police officials are in dire need of training in computer crime detection and prevention. With the growing problem of hacking, that realization is beginning to sink in, However, America's many social ills and demands make a commitment in this area difficult. PERCEPTION: As management around the world comes to terms with the profound impact of the computer revolution, and the growing value of data as an international commodity, hackers and other computer criminals will increasingly pose a serious threat. The need to change our perception of computer crimes will increasingly become pressing and necessary. REGULATION: There are moves afoot in the US Congress and the federal agencies to impose regulations on both the private and public
'" ~:~ ~i ~! CLSI~,.
sector that would mandate minimum security guidelines. The US Computer Security Act of 1988 already imposes such regulations on federal agencies; similar legislation is expected to expand regulation in most private systems. GLOBAL: The computer revolution knows no boundaries; nor do criminals. Computer viruses, bulletin boards, and hackers are now a global phenomena. Hackers in Asia, Europe, and North America traverse the global electronic pathways at will; preying on both business and government. There appears to be in the US, a growing resignation that federal and state laws alone, in the absence of cooperation from the international community, can accomplish little in the long run.
SUMMARY Hacking, viruses, and other computer crimes are a growing problem the world over. They are a by-product of our computer revolution. As we move into the 21st century, solutions will increasingly be needed. The US should serve to illustrate that international cooperation is needed now. August Bequai, Report Correspondent.
UK COURT RULES ON COMPUTER EVIDENCE R v SHEPHARD, HOUSE OF LORDS, 16 DECEMBER 1992 (UNREPORTED)
iiiiii
was reliable could be provided in two ways - first by seeking oral iiiii evidence or secondly by requiring a written certificate in accordance with the terms of schedule 3, paragraph 8 of the iiii 1984 Act. This certificate was likely to be more reliable if the person signing it was fully familiar with the operation of the relevant computer. But if this was not the case, knowledge of what the iiii computer was required to do might be sufficient. The court appears to be saying that technical expertise can be replaced by the testimony of an experimental operator if the computer is performing mundane tasks. In this case the computer is connected to a central computer which fed in the date, time, customer number and till number. Whether the court was right to define such a processto be "of the simplest kind", and therefore not requiring a computer expert to guarantee the operation, iiii remains to be seen. According to consultant, Michael J L Turner: "this decision has dismantled what had previously been >= considered to be a well balanced set of evidential hurdles. Instead the law will in future follow the dictum 'it's been printed by a computer, so it must be true'. Clearly iiii !!iii! something has gone very wrong in this case. If there is to iiili! be no effective test on the admissibility of computer iiiili iiiiii evidence in future, defence lawyers will have to adduce expert evidence of the reliability of computer documents, iiiiiiii the proper functioning of the computer, it was legitimate for the whenever there is any reason to question their authentiiiiii ii court to infer that it was operating properly and that the testimony city." iii of the store detective was therefore reliable. On further appeal to Editor's note: CLSRwould welcome comment on this decision. ~iiii i!iii!!i! the House of Lords the court held that proof that the computer i!!i~:i
iii The UK Houseof Lords has determined that the evidenceof a nonexpert can be sufficient to authenticate computer evidence sought to be presented by the prosecution in a theft case. The matter i i .arose following the arrest of the defendant in March 1989 for theft of goods from the retail store - Marks and Spencer. The prosecution sought to use till receipts to prove that the goods were stolen. At the original trial, the firm's store detective gave evidence that none of the till rolls relevant to the day in question furnished any evidence of the purchases claimed to have been made by the accused. The latter submitted that the till rolls should not have been admitted in evidence becausethe store detective's testimony failed to satisfy the requirement of Section 69 of the 1984 Act which states: "(1) In any proceedings a statement in a document produced by a computer shall not be admissible as evidence of any fact stated therein unless it was shown... (b) that at all material times the computer was operating properly...." The appellant's main argument was that the store detective was not "a person occupying a responsible position in relation to the operation of the computer" and was therefore not eligible to give testimony as to this question. The Court of Appeal ruled (see case note in 7 CLSR 1991, 183184) that since no evidence was given at first instance to doubt
i
ii i
~iiiiiiiii!i!ii~i~i~iiiiiiiiiiiii!iii~i~iiiiiiiiiiii!i!i~i~iii~i!i!i!iii~i~i~ii!!!i!i!~i~!~i~i~iiii!i!i!i!i~!~i~i~iii!iiii!i!i~i~i~!~i~i~iiiiii!iiiiii~i~i~!~i~iiiiiiiiiiii!i!iii~iiii~i~i~i~i~i~iiiiiiiiiiiiii~i~i~i~iiiii 79
THE CO~'t~{Y[E~( ~ ~ W
the threat of hacking and viruses, change has been slow in coming. The public continues to focus its attention on drugs and street crimes. The fact that criminals are increasingly targeting computers has proven of little interest to either the public or the US Congress and the state legislatures. EDUCATION: Courses on technoethics are lacking in many US schools, businesses, and government agencies. Much of the impetus, in many cases where these are being taught, is the result of fear of greater regulation. However, many in management continue to show little or no interest in technoethics; leaving a void in this area. JUDICIARY: Much of America's current judiciary grew up in the precomputer revolution era. They often do not fully grasp the harm that hackers and other computer criminals can wreak on business and government. Their views are reinforced by the press, which depicts hackers as benign pranksters in search of fun and games. But this judicial perception is changing as a computer literate generation of judges comes to the forefront, as well as individuals who
•
•
•
understand the pitfalls and workings of computer technology. This judicial transformation, however, needs more time to make itself felt. TRAINING: Both US business and government have come to recognize that fighting computer crime requires a commitment in both money and resources. Words alone will not suffice. Security and police officials are in dire need of training in computer crime detection and prevention. With the growing problem of hacking, that realization is beginning to sink in, However, America's many social ills and demands make a commitment in this area difficult. PERCEPTION: As management around the world comes to terms with the profound impact of the computer revolution, and the growing value of data as an international commodity, hackers and other computer criminals will increasingly pose a serious threat. The need to change our perception of computer crimes will increasingly become pressing and necessary. REGULATION: There are moves afoot in the US Congress and the federal agencies to impose regulations on both the private and public
'" ~:~ ~i ~! CLSI~,.
sector that would mandate minimum security guidelines. The US Computer Security Act of 1988 already imposes such regulations on federal agencies; similar legislation is expected to expand regulation in most private systems. GLOBAL: The computer revolution knows no boundaries; nor do criminals. Computer viruses, bulletin boards, and hackers are now a global phenomena. Hackers in Asia, Europe, and North America traverse the global electronic pathways at will; preying on both business and government. There appears to be in the US, a growing resignation that federal and state laws alone, in the absence of cooperation from the international community, can accomplish little in the long run.
SUMMARY Hacking, viruses, and other computer crimes are a growing problem the world over. They are a by-product of our computer revolution. As we move into the 21st century, solutions will increasingly be needed. The US should serve to illustrate that international cooperation is needed now. August Bequai, Report Correspondent.
UK COURT RULES ON COMPUTER EVIDENCE R v SHEPHARD, HOUSE OF LORDS, 16 DECEMBER 1992 (UNREPORTED)
iiiiii
was reliable could be provided in two ways - first by seeking oral iiiii evidence or secondly by requiring a written certificate in accordance with the terms of schedule 3, paragraph 8 of the iiii 1984 Act. This certificate was likely to be more reliable if the person signing it was fully familiar with the operation of the relevant computer. But if this was not the case, knowledge of what the iiii computer was required to do might be sufficient. The court appears to be saying that technical expertise can be replaced by the testimony of an experimental operator if the computer is performing mundane tasks. In this case the computer is connected to a central computer which fed in the date, time, customer number and till number. Whether the court was right to define such a processto be "of the simplest kind", and therefore not requiring a computer expert to guarantee the operation, iiii remains to be seen. According to consultant, Michael J L Turner: "this decision has dismantled what had previously been >= considered to be a well balanced set of evidential hurdles. Instead the law will in future follow the dictum 'it's been printed by a computer, so it must be true'. Clearly iiii !!iii! something has gone very wrong in this case. If there is to iiili! be no effective test on the admissibility of computer iiiili iiiiii evidence in future, defence lawyers will have to adduce expert evidence of the reliability of computer documents, iiiiiiii the proper functioning of the computer, it was legitimate for the whenever there is any reason to question their authentiiiiii ii court to infer that it was operating properly and that the testimony city." iii of the store detective was therefore reliable. On further appeal to Editor's note: CLSRwould welcome comment on this decision. ~iiii i!iii!!i! the House of Lords the court held that proof that the computer i!!i~:i
iii The UK Houseof Lords has determined that the evidenceof a nonexpert can be sufficient to authenticate computer evidence sought to be presented by the prosecution in a theft case. The matter i i .arose following the arrest of the defendant in March 1989 for theft of goods from the retail store - Marks and Spencer. The prosecution sought to use till receipts to prove that the goods were stolen. At the original trial, the firm's store detective gave evidence that none of the till rolls relevant to the day in question furnished any evidence of the purchases claimed to have been made by the accused. The latter submitted that the till rolls should not have been admitted in evidence becausethe store detective's testimony failed to satisfy the requirement of Section 69 of the 1984 Act which states: "(1) In any proceedings a statement in a document produced by a computer shall not be admissible as evidence of any fact stated therein unless it was shown... (b) that at all material times the computer was operating properly...." The appellant's main argument was that the store detective was not "a person occupying a responsible position in relation to the operation of the computer" and was therefore not eligible to give testimony as to this question. The Court of Appeal ruled (see case note in 7 CLSR 1991, 183184) that since no evidence was given at first instance to doubt
i
ii i
~iiiiiiiii!i!ii~i~i~iiiiiiiiiiiii!iii~i~iiiiiiiiiiii!i!i~i~iii~i!i!i!iii~i~i~ii!!!i!i!~i~!~i~i~iiii!i!i!i!i~!~i~i~iii!iiii!i!i~i~i~!~i~i~iiiiii!iiiiii~i~i~!~i~iiiiiiiiiiii!i!iii~iiii~i~i~i~i~i~iiiiiiiiiiiiii~i~i~i~iiiii 79