Skip to main content
SpringerLink
Log in

Development of a Legal Framework for Intrusion Detection

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2516))

Included in the following conference series:

Abstract

To meet demands for increased interconnectivity, efficiency or competitiveness, organizations increasingly rely on technology. This trend creates significant opportunities to improve service delivery and to move into new areas of endeavour. But reliance on an inherently insecure infrastructure exposes organizations to a constantly evolving threat environment. Not only has the nature of the threat changed, so too has the scope of the protection problem. Protection of information systems is now seen as a component of national security. As organizational assets move online, so does the threat. Key sources of threat information are now online, including within the network communications themselves. This puts organizations in a position where they must monitor network communications in order to obtain intelligence, indications and warnings of intrusions and evidence to support criminal prosecution as appropriate. One method of performing this monitoring is through the use of intrusion detection systems (IDS). However, this may involve the monitoring of private communications, which introduces a number of legal (privacy and criminal law) concerns. While existing legislation adequately addresses interception by S&I and law enforcement agencies, they generally fail to address interception of network traffic by other public or private sector organizations. This paper seeks to identify and discuss some of the key legal issues affecting the development of a general legal framework for intrusion detection for network protection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anonymous, “About the CIA”, undated. URL: http://www.cia.gov/cia/information/info.html (25 June 2002)

  2. Anonymous, “Analysis of Provisions of the Proposed Anti-Terrorism Act of 2001 Affecting the Privacy of Communications and Personal Information”, 24 September 2001, Electronic Privacy Information Center (EPIC). URL: http://www.epic.org/privacy/terrorism/ata_an alysis.html

  3. Anonymous, “Critical Foundations: Protecting America’s Infrastructures”, The President’s Commission on Critical Infrastructure Protection, October 1997, Critical Infrastructure Assurance Office. URL: http://www.ciao.gov/resource/pccip/PCCIP_Report.pdf

  4. Anonymous, “How the USA-PATRIOT Act Limits Judicial Oversight of Telephone and Internet Surveillance”, 23 October 2001, American Civil Liberties Union. URL: http://www.aclu.org/congress/1102301g.html

  5. Anonymous, Infragard Frequently Asked Questions. URL: http://www.infragard.net/faq.htm

  6. Anonymous, “List of Minimum and Optional Data to be Retained by Service Providers and Telcos”, Expert Meeting on Cybercrime: Data Retention, The Hague, 28 December 2001 (File No. 5121-20020411LR-Questionnaire). URL: http://www.statewatch.org/news/2002/may/europol.pdf

  7. Anonymous, “Report on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001.2098 (INI)), dated 11 July 2001, presented to the European Parliament. URL (Federation of American Scientists): http://www.fas.org/irp/program/process/rapport_echelon_en.pdf

  8. (Australia) “An Act to prohibit the interception of telecommunications except where authorized in special circumstances or for the purpose of tracing the location of callers in emergencies, and for related purposes”, (the Telecommunications (Interception) Act 1979), Act No. 114 of 1979 as amended. This compilation was prepared on 7 January 2002 taking into account amendments up to Act No. 166 of 2001. URL: http://scaleplus.law.gov.au/html/pasteact/0/464/pdf/TeleInt79.pdf.

  9. Black, J., “Uncle Sam Needs Watching, Too”, published in Business Week Online, 29 November 2001. URL: http://www.businessweek.com/bwdaily/dnflash/nov2001/nf20011129_3806.htm.

  10. Brown, I. and Gladman, B., “The Regulation of Investigatory Powers Bill-Technically inept: ineffective against criminals while undermining the privacy, safety and security of honest citizens and businesses”, undated. URL: http://www.fipr.org/rip/RIPcountermeasures.htm

  11. (Canada) An Act to amend the Criminal Code, the Official Secrets Act, the Canada Evidence Act, the Proceeds of Crime (Money Laundering) Act, and other Acts, and to enact measures respecting the registration of charities, in order to combat terrorism, 24 December 2001 (The Anti-Terrorism Act). URL: http://www.parl.gc.ca/37/1/parlbus/chambus/house/bills/government/C-36/C-36_4/C-36_cover-E.html.

  12. (Canada) An Act respecting the Criminal Law (R.S., c.C-46), updated to 31 August 2001 (The Criminal Code). URL (Department of Justice Canada) http://laws.justice.gc.ca/en/C-46/index.html.

  13. (Canada) An Act respecting the interpretation of statutes and regulations, (R.S. 1985, c.I-21), updated to 31 August 2001 (The Interpretation Act). URL (Department of Justice Canada): http://laws.justice.gc.ca/en/I-21/index.html.

  14. (Canada) An Act to establish the Canadian Security Intelligence Service (R.S., C-23), updated to 31 August 2001 (the Canadian Security Intelligence Service Act). URL (Department of Justice Canada): http://laws.justice.gc.ca/en/C-23/index.html

  15. (Canada) An Act to extend the present laws of Canada that protect the privacy of individuals and that provide individuals with a right of access to personal information about themselves (R.S. 1985, c.P-21), updated to 31 August 2001 (the Privacy Act). URL (Department of Justice Canada): http://laws.justice.gc.ca/en/P-21/index.html

  16. Canadian Oxford Dictionary, Oxford University Press, 1998.

    Google Scholar 

  17. (Council of Europe) Convention on Cybercrime (ETS 185), opened for signature at Budapest, 23 November 2001. URL: http://conventions.coe.int/Treaty/en/Treaties/Word/185.doc.

  18. (Council of Europe) Explanatory Memorandum to Convention on Cybercrime, dated 8 November 2001. URL: http://conventions.coe.int/Treaty/en/Reports/Html/185.htm

  19. Data Protection Working Party, “Opinion 7/2000 On the European Commission Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector of 12 July 2000 COM (2000) 385”, dated 2 November2000. URL: http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp36en.pdf.

  20. (European Parliament) Anonymous, “Proposal for a Directive of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronics communications sector”, document reference /*COM/2000/0385 final - COD 2000/ 0189*/. URL: http://europa.eu.int/eur-lex/en/com/pdf/2000/en 500PC0385.pdf

  21. EU Press Release “Action by the European Union following the attacks on 11 September”, MEMO/01/327 dated 15 October 2001. URL (RAPID-The Press and Communication Service of the European Commission): http://europa.eu.int/rapid/start/welcome.htm.

  22. Geist, M., “Shift to more workplace privacy protection”, dated 28 June 2002, Globe and Mail newspaper (online version). URL: http://www.theglobeandmail.com/servlet/ArticleNews/printarticle/gam/20020628/EBGEISY

  23. Gellman, B., Washington Post staff writer, “Cyber Attacks by Al Qaeda Feared”, 27 June 2002, Washington Post (online version). URL: http://www.washingtonpost.com/wp-dyn/articles/A50765-2002Jun26.html

  24. Hayes, Ben, “EU anti-terrorism action plan: legislative measures in justice and home affairs policy”, Statewatch post 11.9.01 analyses: No. 6: URL: http://www.statewatch.org/news/2001/oct/analy6.pdf.

  25. Johnston, Steven R., “The Impact of Recent Privacy and Data Protection Legislation on the Sharing of Intrusion Detection Information”. In W. Lee, L. Me, A. Wespi (Eds.), Proceedings of Recent Advances in Intrusion Detection 2001 (RAID 2001), pgs. 150–171, Springer-Verlag, Berlin Heidelberg, 2001.

    Chapter  Google Scholar 

  26. Joint Doctrine Encyclopedia, dated 16 July 1997. US Department of Defense Joint Electronic Library. URL: http://www.dtic.mil/doctrine/joint_doctrine_encyclopedia.htm

  27. Lee, S.C. and Shields, C., “Tracing the Source of Network Attack: A Technical, Legal and Societal Problem”, published in the proceedings of the 2001 IEEE Man, Systems and Cybernetics Information Assurance Workshop, pages 239–246. URL: http://www.ai.usma.edu/Workshop/2001/Authors/Submitted_Abstracts/paperW1C1(09).pdf.

  28. Pruitt, S., IDG News Service, “FBI gets new Web searching powers”, dated 31 May 2002, Computerworld Magazine (online version). URL: http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,71599, 00.html

  29. Reuters, “Spain passes law to regulate Internet content”, dated 27 June 2002. Posted to SiliconValley.com. URL: http://www.siliconvalley.com/mld/siliconvalley/news/editorial/3556967.htm

  30. Sommers, P., “Intrusion Detection Systems as Evidence”, as presented at the First International Workshop on the Recent Advances in Intrusion Detection, 14–16 September 1998, Louvain-le-Neuve, Belgium. URL: http://www.raid-symposium.org/raid98/Prog_RAID98/Full_Papers/Sommer_text.pdf.

  31. Stephenson, P., “The Application of Intrusion Detection Systems in a Forensic Environment”, extended abstract, as presented at the Third International Workshop on the Recent Advances in Intrusion Detection, 2-4 October 2000, Toulouse, France. URL: http://www.raid-symposium.org/raid2000/Materials/Abstracts/47/47.pdf.

  32. (United Kingdom) Regulation of Investigatory Powers Act 2000, Chapter 23, 28 July 2000. URL: http://www.legislation.hmso.gov.uk/acts/acts2000/20000023.htm

  33. (UK) An Act to give the Security Service the function of acting in support of the prevention and detection of serious crime, and for connected purpose (1996 Chapter 35), dated 18 July 1996 (the Security Service Act 1996). URL: http://www.legislation.hmso.gov.uk/acts/acts1996/1996035.htm

  34. (UK) An Act to amend the Terrorism Act 2000; to make further provision about terrorism and security; to provide for the freezing of assets; to make provision about immigration and asylum; to amend or extend the criminal law and powers for preventing crime and enforcing that law; to make provision about the control of pathogens and toxins; to provide for the retention of communications data; to provide for implementation of Title VI of the Treaty on Eurpean Union; and for connected purposes (2001 Chapter 24), 14 December 2001 (the Anti-terrorism, Crime and Security Act 2001) URL: http://www.legislation.hmso.gov.uk/acts/acts2001/10024-a.htm

  35. (United States) United States Code Collection, Legal Information Institute, Cornell Law School. URL: http://www4.law.cornell.edu/uscode/.

  36. (United States) An Act to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes, dated 26 October 2001, (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT Act of 2001). URL: http://www.epic.org/privacy/terrorism/hr3162.pdf.

  37. (United States) United States Supreme Court, Record of Opinion, “Katz v. United States, 389 US 347 (1967)”, decided 18 December 1967. Summary of opinion available at FindLaw http://findlaw.com/US/389/347.html.

  38. Weinstein, L. and Neumann, P.G., “PFIR Statement on Government Interception of Internet Data”, published by People for Internet Responsibility (PFIR), dated 7 September 2000, available at http://www.pfir.org/statements/interception.

Download references

Author information

Authors and Affiliations

  1. Communications Security Establishment, P.O. Box 9703, Terminal, Ottawa, Canada, K1G 3Z4

    Steven R. Johnston (CISSP)

Authors
  1. Steven R. Johnston
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Zurich Research Laboratory, Säumerstraße 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

  2. Department of Computer Science, University of California at Santa Barbara, Santa Barbara, CA, 93106-5110, USA

    Giovanni Vigna

  3. Centro Serra, University of Pisa, Lungarno Pacinotti 43, 56100, Pisa, Italy

    Luca Deri

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Johnston, S.R. (2002). Development of a Legal Framework for Intrusion Detection. In: Wespi, A., Vigna, G., Deri, L. (eds) Recent Advances in Intrusion Detection. RAID 2002. Lecture Notes in Computer Science, vol 2516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36084-0_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-36084-0_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00020-4

  • Online ISBN: 978-3-540-36084-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation