Legal aspects on computer security

Legal aspects on computer security

- Criminal law - Intellectual property rights: patents and trade secrets - Personal integrity regulations

BrB 4 kap 9 c Den som olovligen bereder sig tillgång till en uppgift som är avsedd för automatiserad behandling eller olovligen ändrar, utplånar, blockerar eller i register för in en sådan uppgift döms för dataintrång till böter eller fängelse i högst två år. Detsamma gäller den som olovligen genom någon annan liknande åtgärd allvarligt stör eller hindrar användningen av en sådan uppgift. Anyone who, without permission, accesses information that is intended for automated processing, or who without permission changes, deletes, blocks or adds such information to a register shall be convicted of computer hacking and sentenced to a fine or imprisonment not exceeding two years. The same applies to anyone who, without permission, by any other similar measure severely disrupts or prevents the use of such information.

BrB 9 kap 1 Den som medelst vilseledande förmår någon till handling eller underlåtenhet, som innebär vinning för gärningsmannen och skada för den vilseledde eller någon i vars ställe denne är, dömes för bedrägeri till fängelse i högst två år. För bedrägeri döms också den som genom att lämna oriktig eller ofullständig uppgift, genom att ändra i program eller upptagning eller på annat sätt olovligen påverkar resultatet av en automatisk informationsbehandling eller någon annan liknande automatisk process, så att det innebär vinning för gärningsmannen och skada för någon annan. Lag (1986:123). Also he who provides incomplete or incorrect information, or changes a program or recording, or in any other way without permission manipulates the results of automatic data processing, or any other similar automatic process, in a way that profits the offender and harms somebody else, shall be convicted of fraud.

BrB 14 kap 1 2 st: Med urkund avses 1. en handling som upprättats till bevis eller annars är av betydelse som bevis och som har en utställarangivelse och originalkaraktär, 2. en elektronisk handling som upprättats till bevis eller annars är av betydelse som bevis och som har en utställarangivelse som kan kontrolleras på ett tillförlitligt sätt An urkund is 1. a document created to contain evidence or otherwise is of significance as evidence, and which contains the name of the issuer, and also displays original character, 2. an electronic document created to contain evidence or otherwise is of significance as evidence, and which contains the name of the issuer, and where this name can be controlled in a reliable manner

2. an electronic document created to contain evidence or otherwise is of significance as evidence, and which contains the name of the issuer, and where this name can be controlled in a reliable manner Digital signatures yes! Emails no! (This is why Public Key infrastructure (PKI) is so important!)

Patents: requirements for protection The patentability requirements Novelty (art. 54-55 EPC) Inventive step (art. 56 EPC) Obvious to a person skilled in the art? Yes no inventive step, not patentable No inventive step, patentable Industrial application (art. 57 EPC) Made or used in some kind of industry (broad interpretation) i.e. practical use Sufficiency of Disclosure Clear and Concise Claims Reproducible 7

EU directive 2016:38 on trade secrets protects information that: is secret, has commercial value because it is secret, and has been subject to reasonable steps to keep it secret

EU regulation 2016/679: General Data Protection Regulation (GDPR) GDPR protects personal data. "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer s IP address."

GDPR regulates how personal data can be collected, stored, used, and spread. Particularly sensitive information: ethnicity, religion, medical condition, sexual preference, gender, political preferences, and criminal information.

Some news in GDPR: - Right to erasure a right to be forgotten in digital media - Data portability: A person shall be allowed to transfer their personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller. - Consent: valid consent must be explicit for data collected and for the purposes of using the data

A security company has, together with representatives from the gas industry, developed a technical solution to prevent persons from filling gas without paying. The solution is based equipping petrol stations with special cameras to photograph the license plate of all the cars driving in to refuel. The license plate number is sent to a central database containing information on vehicles that has previously refueled without paying. If the car's registration number is in the database the motorist must pay in advance to get fuel. If a person refuels without paying the registration number recorded by the camera is transmitted to the central database.

Lag (1998:112) om ansvar för elektroniska anslagstavlor Law on responsibility for electronic bulletin boards Om en användare sänder in ett meddelande till en elektronisk anslagstavla ska den som tillhandahåller tjänsten ta bort meddelandet från tjänsten eller på annat sätt förhindra vidare spridning av meddelandet If a user sends a message to an electronic bulletin board, the service provider remove the message from the service or otherwise prevent the further spreading of the message