Security Manager Gets Into Spirit of the Law

By Jude Thaddeus, Computerworld |  Business

Having been so uncomplimentary about lawyers a few weeks back, I've decided that it's time I knew more about the law -- at least the law as it affects our IT department. So I've been doing a bit of research into the Byzantine mess of rules and regulations that surrounds our everyday work.

It's hard stuff. My respect for lawyers is growing, if they can put up with a career full of documents of this complexity. Mind you, they probably say the same about IT.

The Law in Two Acts

This Week's Glossary

Carnivore: An e-mail surveillance system the FBI created and has proposed attaching to Internet service provider networks to monitor suspicious e-mail and Internet traffic. The tool is a version of a commercial Windows 2000 application that has been customized to intercept and view only the e-mail, Web browsing activity or other Internet traffic of a person named in a court order. But Carnivore must scan all the packets moving over a network to find those it wants to examine, which has alarmed privacy activists.

Cryptonomicon, by Neal Stephenson (Avon Press, 1999). A sprawling, intellectual, gripping thriller, with its roots firmly set in the insanities that surrounded the use of cryptography in World War II. Can you explain how tattooing a dead butcher, dressing him in a wet suit and dropping him into the Mediterranean helped the war effort? The book spans 50 years, four continents and a surprisingly large amount of computer security. Riveting stuff. Baltimore Technologies PLC's Web site includes information on security tools ranging from the UniCERT certificate manager to MIMEsweeper scanning software.

Apart from the issues of inappropriate e-mails and monitoring that I discussed last week, there are two legal worries at the back of my mind at the moment: the Regulation of Investigatory Powers Act (RIPA) and the Data Protection Act (DPA).

These laws are specific to the U.K., but security managers around the world face a patchwork of similar laws. For example, the RIPA debate is broadly similar to the Carnivore debate that's been going on in the U.S. Carnivore is the FBI's (apparently successful) attempt to enforce monitoring of e-mail traffic by installing "black box" devices at Internet service providers. RIPA takes a similar approach in the U.K. but goes quite a bit further.

At heart, RIPA is the British government's attempt to extend its powers of surveillance to cover the Internet. The previous law, the Interception of Communications Act, became law in 1985, when few foresaw the rise of mass e-mail and the Internet.

Join us:






Answers - Powered by ITworld

Ask a Question