Ian Walden

Crime and Security in Cyberspace

As we have become dependent on the internet, as the ‘network of networks’, so we have become vulnerable to criminal and terrorist networks that use cyberspace as a means to undermine and circumvent state control. Protecting against those that wish to attack the integrity, confidentiality and availability of systems, and the data they process, is primarily an issue of implementing appropriate security measures. But how do governments react to such threats against social and economic stability? This article examines recent inter-governmental harmonisation initiatives addressing the suitability of the criminal code, the adequacy of law enforcement powers to investigate cyberspace activities and the need for greater transnational co-operation. Such reforms challenge some traditional conceptions of state control and authority and can be seen as threatening existing rights and interests.

Harmonising Computer Crime Laws in Europe

As the ‘Information Society’ emerges, the European economy and its citizens have become dependent on computers and communication networks. However, with the ravages of the viruses MyDoom and MS Blaster still being felt around the world, the vulnerability of computer systems and networks to criminal crime, as well as potentially terrorist activity, is still fresh in our minds. There is no agreed definition of what constitutes a ‘computer crime’. A computer may constitute the instrument of the crime, such as in murder and fraud; the object of the crime, such as the theft of processor chips; or the subject of the crime, such as ‘hacking’ or ‘cracking’. The involvement of computers may challenge traditional criminal concepts, such as fraud, as well as facilitating particular types of crime, such as child pornography. This article is concerned with the computer as the subject of the crime and with laws that have been established to specifically address activities that attack the integrity of computer and communications networks, such as the distribution of computer viruses. This article examines various initiatives to harmonise substantive criminal law to address the threat of computer integrity crimes, focusing specifically on a draft Council Framework Decision on ‘attacks against information systems’. Consideration is given to the impact the Decision may have when transposed into UK law, through an amendment of existing legislation, the Computer Misuse Act 1990.

Anonymising Personal Data

224 1 Dr Ian Walden is a senior lecturer in the Centre for Commercial Law Studies, Queen Mary, University of London. This article is based upon research funded by IMS Health Limited. However, the opinions expressed within are solely those of the author. 2 [2000] 1 All ER 786. 3 [1999] 4 All ER 185. 4 Directive 95/46/EC ‘on the protection of individuals with regard to the processing of personal data and on the free movement of such data’, OJ No. L 281, 23.11.1995, p. 31. 5 Supra n. 1, at 799a. International Journal of Law and Information Technology, Vol. 10 No. 2 Oxford University Press 2002

EDI and the Law

Electronic Data Interchange (EDI) is a new mode of business communication, replacing standard paper documentation, such as invoices and purchase orders, with structured electronic messages: “computer-to-computer transmission of data in structured forms” [DEC]. In essence, it is paperless trading.

Ensuring Competition in the Clouds: The Role of Competition Law?

This article examines the potential applicability of competition law to the cloud computing sector, as well as assessing its suitability as a regulatory regime. It then considers alternative legal mechanisms, specifically measures to promote open standards and interoperability in the context of public procurement, as well as a data portability right as a demand-side measure. Despite being early days, the article argues that these latter mechanisms are likely to have a more significant impact on competition in the cloud computing sector than intervention using traditional competition measures.

Addressing the Data Problem: The Legal Framework Governing Forensics in an Online Environment

This article considers some of the problems raised by data for law enforcement agencies investigating network-based crime. It examines recent legislative measures that have been adopted in the UK and other jurisdictions to address some of these problems of criminal procedure and the extent to which such measures achieve an appropriate balance between inevitably conflicting interests.

Press Regulation in a Converging Environment

With the Leveson Inquiry, the Royal Charter and a forthcoming revision of the Communications Act 2003, the need to re-design the existing regulatory framework for the press in a converging media environment is becoming increasingly apparent. This contribution considers the need for a regulatory scheme for the press and the difficulties of preserving freedom of expression while protecting and balancing other fundamental rights.

Communication service providers: Forensic source and investigatory tool

This article examines recent developments in the criminal law in the UK and Europe that address the role of CSPs as a forensic source and investigatory tool. Substantial new powers have been granted to law enforcement agencies to enable them to effectively utilise CSPs in the fight against criminality that, as well as generating controversy in terms of those that use communication services, also impose a substantial burden on CSPs.

Forensic investigations in cyberspace for civil proceedings

This article considers some of the legal issues raised when private entities are seeking forensic data from Internet‐based activities for the purpose of civil proceedings. It focuses on the identification of potential defendants and the obtaining of evidence in the course of its transmission. Existing law, legislative proposals and case law are examined in terms of appropriately balancing the rights of the claimant, defendant and third‐party communication providers.This article considers some of the legal issues raised when private entities are seeking forensic data from Internet‐based activities for the purpose of civil proceedings. It focuses on the identification of potential defendants and the obtaining of evidence in the course of its transmission. Existing law, legislative proposals and case law are examined in terms of appropriately balancing the rights of the claimant, defendant and third‐party communication providers.