Abstract
To meet demands for increased interconnectivity, efficiency or competitiveness, organizations increasingly rely on technology. This trend creates significant opportunities to improve service delivery and to move into new areas of endeavour. But reliance on an inherently insecure infrastructure exposes organizations to a constantly evolving threat environment. Not only has the nature of the threat changed, so too has the scope of the protection problem. Protection of information systems is now seen as a component of national security. As organizational assets move online, so does the threat. Key sources of threat information are now online, including within the network communications themselves. This puts organizations in a position where they must monitor network communications in order to obtain intelligence, indications and warnings of intrusions and evidence to support criminal prosecution as appropriate. One method of performing this monitoring is through the use of intrusion detection systems (IDS). However, this may involve the monitoring of private communications, which introduces a number of legal (privacy and criminal law) concerns. While existing legislation adequately addresses interception by S&I and law enforcement agencies, they generally fail to address interception of network traffic by other public or private sector organizations. This paper seeks to identify and discuss some of the key legal issues affecting the development of a general legal framework for intrusion detection for network protection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anonymous, “About the CIA”, undated. URL: http://www.cia.gov/cia/information/info.html (25 June 2002)
Anonymous, “Analysis of Provisions of the Proposed Anti-Terrorism Act of 2001 Affecting the Privacy of Communications and Personal Information”, 24 September 2001, Electronic Privacy Information Center (EPIC). URL: http://www.epic.org/privacy/terrorism/ata_an alysis.html
Anonymous, “Critical Foundations: Protecting America’s Infrastructures”, The President’s Commission on Critical Infrastructure Protection, October 1997, Critical Infrastructure Assurance Office. URL: http://www.ciao.gov/resource/pccip/PCCIP_Report.pdf
Anonymous, “How the USA-PATRIOT Act Limits Judicial Oversight of Telephone and Internet Surveillance”, 23 October 2001, American Civil Liberties Union. URL: http://www.aclu.org/congress/1102301g.html
Anonymous, Infragard Frequently Asked Questions. URL: http://www.infragard.net/faq.htm
Anonymous, “List of Minimum and Optional Data to be Retained by Service Providers and Telcos”, Expert Meeting on Cybercrime: Data Retention, The Hague, 28 December 2001 (File No. 5121-20020411LR-Questionnaire). URL: http://www.statewatch.org/news/2002/may/europol.pdf
Anonymous, “Report on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001.2098 (INI)), dated 11 July 2001, presented to the European Parliament. URL (Federation of American Scientists): http://www.fas.org/irp/program/process/rapport_echelon_en.pdf
(Australia) “An Act to prohibit the interception of telecommunications except where authorized in special circumstances or for the purpose of tracing the location of callers in emergencies, and for related purposes”, (the Telecommunications (Interception) Act 1979), Act No. 114 of 1979 as amended. This compilation was prepared on 7 January 2002 taking into account amendments up to Act No. 166 of 2001. URL: http://scaleplus.law.gov.au/html/pasteact/0/464/pdf/TeleInt79.pdf.
Black, J., “Uncle Sam Needs Watching, Too”, published in Business Week Online, 29 November 2001. URL: http://www.businessweek.com/bwdaily/dnflash/nov2001/nf20011129_3806.htm.
Brown, I. and Gladman, B., “The Regulation of Investigatory Powers Bill-Technically inept: ineffective against criminals while undermining the privacy, safety and security of honest citizens and businesses”, undated. URL: http://www.fipr.org/rip/RIPcountermeasures.htm
(Canada) An Act to amend the Criminal Code, the Official Secrets Act, the Canada Evidence Act, the Proceeds of Crime (Money Laundering) Act, and other Acts, and to enact measures respecting the registration of charities, in order to combat terrorism, 24 December 2001 (The Anti-Terrorism Act). URL: http://www.parl.gc.ca/37/1/parlbus/chambus/house/bills/government/C-36/C-36_4/C-36_cover-E.html.
(Canada) An Act respecting the Criminal Law (R.S., c.C-46), updated to 31 August 2001 (The Criminal Code). URL (Department of Justice Canada) http://laws.justice.gc.ca/en/C-46/index.html.
(Canada) An Act respecting the interpretation of statutes and regulations, (R.S. 1985, c.I-21), updated to 31 August 2001 (The Interpretation Act). URL (Department of Justice Canada): http://laws.justice.gc.ca/en/I-21/index.html.
(Canada) An Act to establish the Canadian Security Intelligence Service (R.S., C-23), updated to 31 August 2001 (the Canadian Security Intelligence Service Act). URL (Department of Justice Canada): http://laws.justice.gc.ca/en/C-23/index.html
(Canada) An Act to extend the present laws of Canada that protect the privacy of individuals and that provide individuals with a right of access to personal information about themselves (R.S. 1985, c.P-21), updated to 31 August 2001 (the Privacy Act). URL (Department of Justice Canada): http://laws.justice.gc.ca/en/P-21/index.html
Canadian Oxford Dictionary, Oxford University Press, 1998.
(Council of Europe) Convention on Cybercrime (ETS 185), opened for signature at Budapest, 23 November 2001. URL: http://conventions.coe.int/Treaty/en/Treaties/Word/185.doc.
(Council of Europe) Explanatory Memorandum to Convention on Cybercrime, dated 8 November 2001. URL: http://conventions.coe.int/Treaty/en/Reports/Html/185.htm
Data Protection Working Party, “Opinion 7/2000 On the European Commission Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000 COM (2000) 385”, dated 2 November2000. URL: http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp36en.pdf.
(European Parliament) Anonymous, “Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronics communications sector”, document reference /*COM/2000/0385 final - COD 2000/ 0189*/. URL: http://europa.eu.int/eur-lex/en/com/pdf/2000/en 500PC0385.pdf
EU Press Release “Action by the European Union following the attacks on 11 September”, MEMO/01/327 dated 15 October 2001. URL (RAPID-The Press and Communication Service of the European Commission): http://europa.eu.int/rapid/start/welcome.htm.
Geist, M., “Shift to more workplace privacy protection”, dated 28 June 2002, Globe and Mail newspaper (online version). URL: http://www.theglobeandmail.com/servlet/ArticleNews/printarticle/gam/20020628/EBGEISY
Gellman, B., Washington Post staff writer, “Cyber Attacks by Al Qaeda Feared”, 27 June 2002, Washington Post (online version). URL: http://www.washingtonpost.com/wp-dyn/articles/A50765-2002Jun26.html
Hayes, Ben, “EU anti-terrorism action plan: legislative measures in justice and home affairs policy”, Statewatch post 11.9.01 analyses: No. 6: URL: http://www.statewatch.org/news/2001/oct/analy6.pdf.
Johnston, Steven R., “The Impact of Recent Privacy and Data Protection Legislation on the Sharing of Intrusion Detection Information”. In W. Lee, L. Me, A. Wespi (Eds.), Proceedings of Recent Advances in Intrusion Detection 2001 (RAID 2001), pgs. 150–171, Springer-Verlag, Berlin Heidelberg, 2001.
Joint Doctrine Encyclopedia, dated 16 July 1997. US Department of Defense Joint Electronic Library. URL: http://www.dtic.mil/doctrine/joint_doctrine_encyclopedia.htm
Lee, S.C. and Shields, C., “Tracing the Source of Network Attack: A Technical, Legal and Societal Problem”, published in the proceedings of the 2001 IEEE Man, Systems and Cybernetics Information Assurance Workshop, pages 239–246. URL: http://www.ai.usma.edu/Workshop/2001/Authors/Submitted_Abstracts/paperW1C1(09).pdf.
Pruitt, S., IDG News Service, “FBI gets new Web searching powers”, dated 31 May 2002, Computerworld Magazine (online version). URL: http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,71599, 00.html
Reuters, “Spain passes law to regulate Internet content”, dated 27 June 2002. Posted to SiliconValley.com. URL: http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3556967.htm
Sommers, P., “Intrusion Detection Systems as Evidence”, as presented at the First International Workshop on the Recent Advances in Intrusion Detection, 14–16 September 1998, Louvain-le-Neuve, Belgium. URL: http://www.raid-symposium.org/raid98/Prog_RAID98/Full_Papers/Sommer_text.pdf.
Stephenson, P., “The Application of Intrusion Detection Systems in a Forensic Environment”, extended abstract, as presented at the Third International Workshop on the Recent Advances in Intrusion Detection, 2-4 October 2000, Toulouse, France. URL: http://www.raid-symposium.org/raid2000/Materials/Abstracts/47/47.pdf.
(United Kingdom) Regulation of Investigatory Powers Act 2000, Chapter 23, 28 July 2000. URL: http://www.legislation.hmso.gov.uk/acts/acts2000/20000023.htm
(UK) An Act to give the Security Service the function of acting in support of the prevention and detection of serious crime, and for connected purpose (1996 Chapter 35), dated 18 July 1996 (the Security Service Act 1996). URL: http://www.legislation.hmso.gov.uk/acts/acts1996/1996035.htm
(UK) An Act to amend the Terrorism Act 2000; to make further provision about terrorism and security; to provide for the freezing of assets; to make provision about immigration and asylum; to amend or extend the criminal law and powers for preventing crime and enforcing that law; to make provision about the control of pathogens and toxins; to provide for the retention of communications data; to provide for implementation of Title VI of the Treaty on Eurpean Union; and for connected purposes (2001 Chapter 24), 14 December 2001 (the Anti-terrorism, Crime and Security Act 2001) URL: http://www.legislation.hmso.gov.uk/acts/acts2001/10024-a.htm
(United States) United States Code Collection, Legal Information Institute, Cornell Law School. URL: http://www4.law.cornell.edu/uscode/.
(United States) An Act to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes, dated 26 October 2001, (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT Act of 2001). URL: http://www.epic.org/privacy/terrorism/hr3162.pdf.
(United States) United States Supreme Court, Record of Opinion, “Katz v. United States, 389 US 347 (1967)”, decided 18 December 1967. Summary of opinion available at FindLaw http://findlaw.com/US/389/347.html.
Weinstein, L. and Neumann, P.G., “PFIR Statement on Government Interception of Internet Data”, published by People for Internet Responsibility (PFIR), dated 7 September 2000, available at http://www.pfir.org/statements/interception.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Johnston, S.R. (2002). Development of a Legal Framework for Intrusion Detection. In: Wespi, A., Vigna, G., Deri, L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol 2516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36084-0_8
Download citation
DOI: https://doi.org/10.1007/3-540-36084-0_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00020-4
Online ISBN: 978-3-540-36084-1
eBook Packages: Springer Book Archive