INFORMATION SECURITY REGULATION IN INTERNATIONAL CONTEXT
University of Pennsylvania (UNITED STATES)
About this paper:
Appears in: EDULEARN10 Proceedings
Publication year: 2010
Page: 2572 (abstract only)
Conference name: 2nd International Conference on Education and New Learning Technologies
Dates: 5-7 July, 2010
Location: Barcelona, Spain
Abstract:During the last fifteen years, rapid expansion of information technology has transformed our world. Three sets of transformative changes are underway, placing stress on existing legal systems. First, novel applications, such as social networking websites engage in new levels of information gathering and datamining. These innovative technologies bring with them new types of harms and exacerbate existing categories of harms the law must address.
Second, as humans, especially children, interact with these technologies, they begin to relate to each other, society and themselves differently. Governing these new technology-mediated humans may require modifying existing paradigms of regulation and considering developmental context more carefully. For example, some research on teens seems to point to the first generation of users who self-define at least in part around their technology use. Attitudes with respect to computers and “hacking” are also in a state of evolution internationally.
Meanwhile, third, new technologies have doctrinally challenged law, highlighting existing gaps and incompatibilities across bodies of law, both within countries and internationally. Particularly with regard to data protection and information security law, much uncertainty exists. For example, the line of where acceptable use of computer networks ends and intrusion or “hacking” begins presents numerous uncertainties across legal systems. In the United States in particular, courts are currently struggling with answering the question of when a student or employee who is allowed to access a computer network exceeds the scope of the contractual authorization. In other words, courts are split on the question of the relationship between that contract and the crime or civil wrong of computer intrusion. Three recent cases serve as useful case studies. One case involves an adult who posed as a teenager on MySpace in an alleged case of cyberbullying that was followed by the suicide of a teen, and two involve allegations of information misappropriation done by “disloyal” employees. Looking to these cases, a need to harmonize contract and computer intrusion law appears pressing.
This paper examines these three sets of transformative changes in international context. It presents conclusions regarding potentially fruitful avenues for crafting clearer legal lines for authorized access to information and harmonizing computer intrusion law.
Keywords: information security, privacy, law.