CYBER SECURITY

LEGAL AND REGULATORY

ASPECTS
Dr. Mona Al-AchKar Jabbour
Professor of Law- Filiere Francophone
Lebanese University
IEEE Lebanon Communications workshop 2010 (IEEE LCW10)
18 Dec 2010

OBJECTIVE

A birds eye view of the outlay of the legal and regulatory

aspects of cyber security

DEFINING CYBER SECURITY

Safety in the cyberspace

Individuals
Entreprises
Governemnts
Inter-state

relations

Rights and obligations

Technology
-(directive

EU 98/84 CE 20 Nov. 1998 protection of Services with

authorized access
like encrypted Channel and services)
protection of security technology

ISSUES OF CYBER SECURITY:

CRIMES AND ASSAULTS -1

Information security
Systems

and information protection

(Continuing disclosures of major data breaches at financial institutions, government

agencies and academic institutions globally )

Critical infrastructure protection

Continuing

releases of malware and the increased sophistication of their

deployments (e.g., Stuxnet)

Cyber defense
National

security
governmental monitoring and filtering (or censorship) of Internet use and
content
Detection System
Cyber war
The cyber-attacks on key infrastructure in Lithuania, Estonia, Georgia and
other countries

Governmental and commercial espionage

ISSUES OF CYBER SECURITY:

CRIMES AND ASSAULTS -2

Cyber crime
online

fraud
identity theft,
child pornography
intellectual property
Money laundering
Cyber Terrorism
Spamming, phishing, spyware, malware.

LEGAL ASPECTS
TRICKY BALANCE

Responses to cyber security challenges:

Human rights values ((privacy, anonymity, freedom of expression
and freedom of association)
- Democracy of the internet and human development goals

(new rights: universel right of access to knowledge)

- Economic interests
(innovation, competition, protection of trade secrets and intellectual
property)

Personal and sensitive data (directive 95/46 EU)

CONTENT OF CYBER SECURITY

REGULATION

E-commerce (defining a framework where e-commerce

operation can develop in trust)
Civil liberties and human rights (racism, child pornography,
slander)
Intellectual property (protection of economic rights)
Illegal content & illegal access
Spamming, spyware and malware

WHO REGULATES THE

CYBERSPACE?

Legislation:
Problematic

situation
Traditional Legislation unable to keep up

Code
-architecture

Standards (user empowerment)

NEW PARADIGMS

International organization : managing techniques of the

internets users behave
Technical regulators (IETF, W3C, ICANN, OECDE, UNESCO,
ISO, OMC (libre echange en matiere de commerce
Legislators and judges have to consider this reality

THE EFFECTIVE MIX

Multilateralism governance
Governments
social

society
private sector
Intergovernmental organizations such as: ITU and UNESCO
Non-governmental bodies such as the Internet Engineering Task
Force (IETF).

RESPONSES TO CROSS-BORDERS
CYBERSECURITY ISSUES

Sovereignty level
National
Regional
International

Economic level

PAVING THE WAY- UNITED NATIONS

1990: 8th UN Congress on the Prevention of Crime

and the Treatment of Offenders (recommendations
concerning cybercrime investigations)
1995: Manual on the Prevention and Control of
Computer Related Crime (examines a wide range of
issues related to crime and technology)
December 2000 and January 2002, the UN adopted
General Assembly Resolutions 55/63 and 56/121 on
Combating the Criminal Misuse of Information
Technologies

INTERNATIONAL REGULATION
Laws enforced through international treaties such as
the Council of Europes Convention on Cybercrime
Laws enforced through the Internet architecture by the
Internet Corporation for Assigned Names and Numbers
(ICANN)..
Unintentional laws enforced through existing
international mechanisms such as the World Trade
Organization (WTO) ..

laws imposed by market power such as Europes

privacy laws and Chinas smut laws ..

KEY INTERNATIONAL
REGULATIONS

Law of 23 janvier 2006 to counter terrorisme

(France)
Patriot Act - USA
Sarbanes-Oxley (SOX), SEC (Securities Exchange Act)
UNGA Resolutions 55/63 and 56/121
the Council of Europe's Convention on Cybercrime.
NASD (National Association of Securities Dealers)
(USA)
Law n 2004-575 of 21 juin 2004 trust in digital
economy (France)

INTERNATIONAL REGULATION 2

directive of the EU on Copyright and other related Rights

in Information Society 2001.
The Australian Co regulatory regimes in the areas of
content regulation (Broadcasting Services ( online
services) Amendment Act 1999 and privacy Act 2000.
the ICANNs Domain name dispute resolution policy
adopted by WIPO and administered by it to resolve
domain name disputes between parties that may belong
to different jurisdictions.

INTERNATIONAL REGULATION 3
THE COUNCIL OF EUROPE (COE) ADOPTED A CONVENTION ON CYBERCRIME 2001

The treaty addresses three sets of issues:

- categories of cybercrime that nations should address in their
criminal codes;
- Principles and measures the authorities governments should
adopt in order to access communications or stored records
for evidentiary purposes;
- the mechanisms for transnational cooperation.

the Budapest Convention has entered into force

in 30 countries, and another 21 countries have
signed it or been invited to accede.
some 100 countries used the Budapest
Convention when developing national cybercrime legislation.

OTHER TOOLS - 1

the Commonwealth of Nations has issued a Model Law

on Computer and Computer Related Crimes,
the ITU draft cybercrime legislation
Under WSIS Action line C5, in 2007, the ITU SecretaryGeneral launched the Global Cybersecurity Agenda to
provide a framework within which an international
response to the growing threats and challenges can be
coordinated and addressed.
Then in 2008, ITU launched the child online protection
initiative.

OTHER TOOLS -2

The national strategies for cyber-security

The European Program for Critical Infrastructure
Protection set forth in a Directive EU COM(2006) 786
The

Program also applied to the European Economic Area.

Action Plan to Combat High-Tech Crime (G8)

The Europol Computer System (TECS)

MILITARY AND DIPLOMATIC RESPONSE

CYBER-WAR

In January 2010, ITU Secretary General Hamadoun Toure

proposition at the World Economic Forum in Davos
NATO issued an experts report, NATO 2020: Analysis and
recommendations of the group of experts on a new
strategic concept for NATO

LEAGUE OF ARAB STATES

Model law Law of Arab emirates to fight IS

crimes adopted by:
Board of ministers of Justice 495/D19 8/10/2003
Board of arab ministers of homeland security.
arrete 417/ 21 du 2004

LEBANON RESPONSE

-law 133
-law 140
du 26/10/
- Law 75
du
1999 e13/4/199 27/10/19
transactio
9 IP
99
n & etelecom
payment

-law 431
du
22/7/200
2 telecom
organizati
on

- Law 659
de
intellectu
4/2/2005- -Draft
al
protectin law- eproperty
g
transactio Institutio
and cyber
consumer ns & e- nal level:
crime
s in Esignature
office
operation
s

Thank you all

moacja@ul.edu.lb