Old Wine With a New Label : Rights of Data Subjects under GDPR
International Journal of Advanced Research in Computer Science, ISSN No. 0976-5697, Volume 8, No. 7, July – August 2017
I. INTRODUCTION With about 46 per cent of the world’s population having access to it, the Internet has emerged as most popular medium of free expression, and as tool for conducting free trade and the use of smart devices. This propensity to use the Internet for various applications has thus resulted in the generation of a large volume of personal data online including (but not limited to) the name, address, mobile number, date of birth, email address, geographical location, health record of the user, among other things. This data has a high potential of secondary use which necessitates the protection of privacy and confidentiality of this personal data both at residence and in motion across the borders.[1] [2] [3] European Union Directive 95/46/EC (The Directive) [4] remained the basic instrument for protection of data privacy for over 20 years in European Union (EU) recognizing privacy as a fundamental human right.[5] However, the practical implementation of the Directive across the EU states and the seminal decisions of Court of Justice of European Union (CJEU) raised several issues regarding an understanding and need for individual rights to protection on the Internet in EU.[6] This, in turn, triggered the process of reform in the Data Privacy Protection Framework, leading to enactment of the General Data Protection Regulation (GDPR)[7], which is slated to usher in reforms and changes in the EU Data Protection Framework. The scope of this essay is to discuss whether the GDPR signifies any improvement over the current directive in terms of the Right of Individual Data Subjects.
|
Critical Analysis of Divergent Approaches to Protection of Personal Data
International Journal of Advanced Research in Computer Science, ISSN No. 0976-5697, Volume 8, No. 7, July – August 2017
I. INTRODUCTION The number of Internet users in the world has increased by 826 per cent, from 16 million in 1995 to 3,270 million in the last 15 years, accounting for about 46 per cent of the world population.[1]. The Internet has emerged as a preferred medium of expression of free speech, conducting trade and business, and running daily errands like controlling multipurpose home devices, thereby generating large volumes of personal data. This data includes names, addresses, mobile numbers, dates of birth, emails, geographical locations, and health records like the BMI and can aid in advertising for marketing purposes. Internet users access the Internet through an ‘Internet Service Provider’ (ISP), who provides infrastructure, allowing users to access the Internet and user-generated content. This big data, which has been disclosed voluntarily or incidentally through interactive means (for example, Online Surveys) or technological (for example, Cookies) has a high potential for secondary uses. The right of privacy in general is “the right of the individual to be left alone; to live quietly, to be free from unwarranted intrusion to protect his name and personality from commercialisation.” [2] [3] The protection of privacy and confidentiality of this personal data at the residence and in motion within and across the borders is a cause for concern, [4] [5] [6] [7] more particularly in the developed economies like the European Union (EU) and the US. The EU and US have adopted divergent approaches [8] [9] [10] [11] to this issue. The scope of this essay is to critically analyse these comparative but divergent approaches for protecting privacy. II. THE EUROPEAN UNION APPROACH The basic premise of the EU privacy protection approach is embodied in the EU Directive 95/46, [12] recognising privacy as a fundamental human right as demonstrated by the repetition of the term ‘fundamental right and freedom’ 16 times in the Directive. Para 10 of the adoption statement of the Directive states,
|
Enough Law of Horses and Elephants Debated…, …Let’s Discuss the Cyber Law Seriously
International Journal of Advanced Research in Computer Science, ISSN No. 0976-5697, Volume 8, No. 5, May-June 2017
I. INTRODUCTION The ‘Internet’ has today become an essential part of our lives and revolutionised the way communication and trade take place far beyond the ambit of national and international borders. It has, however, also allowed unscrupulous criminals to misuse the Internet and exploit it for committing numerous cybercrimes pertaining to pornography, gambling, lottery, financial frauds, identity thefts, drug trafficking, and data theft, among others [1]. Cyberspace is under both perceived and real threat from various state and non-state actors [2] [3] [4]. The incidence of cyber-attacks on information technology assets symbolises a thin line between cybercrime and cyber war, both of which have devastating outcomes in the physical world [5] [6]. The scenario is further complicated by the very nature of cyber space, manifested in its anonymity in both space and time, and asymmetric results that are disproportionate to the resources deployed, and the fact that the absence of international borders in cyber space makes it impossible to attribute the crime to a tangible source [7]. In the context of these characteristics of cyberspace, ‘the transnational dimension of cybercrime offence arises where an element or substantial effect of the offence or where part of the modus operandi of the offence is in another territory’, bringing forth the issues of ‘sovereignty, jurisdiction, transnational investigations and extraterritorial evidence’; thus necessitating international cooperation [8]. The evolution of cybercrimes from being simple acts perpetrated by immature youngsters to complex cyber-attack vectors through the deployment of advanced technology in cyberspace has necessitated the development of a distinct branch of Law, The Law of Cyberspace. However, the question of whether ‘the law of cyberspace’ can evolve into an independent field of study or would remain just an extension of the criminal laws of the physical world in the virtual world has become the subject of an interesting debate among legal and social science scholars. The scope of this essay is to critically analyse and compare traditional crimes with cybercrimes to assess if a new set of laws is required for tackling crimes in cyberspace or otherwise. II. THE CYBER-ZOO: THE ELEPHANT VERSUS THE HORSE AS SYMBOLS OF CYBERSPACE REALITIES In his poem, ‘The Blind Men and the Elephant’, John Godfrey Saxe describes the dilemma of six blind men while trying to describe the elephant (which) “in (this) sense represents reality, and each of the worthy blind sages represents a different approach to understanding this reality. In all objectivity, and in line with the poem of John Godfrey Saxe, all the sages (blind men) have correctly described their piece of reality, but fail by arguing that their reality is the only truth.” [9] To quote, “And so these men of Indostan, In the context of this article, cyberspace can be compared with the elephant, which is understood and described differently by different stakeholders in the realms of sociology, criminology, law, technology, and commerce, among other disciplines. However, each of the stakeholder largely ignores the perspective of the others while also understating or overstating the complexity inherent in the physical and virtual processes manifested through the interplay of ‘technology with technology’ and ‘technology with humans’ in virtual space, which, in turn, is not constrained by the barriers of geography, culture, ethnicity and sovereignty of state, but still has manifestation in the physical world. A few legal scholars have also explored the concept of the cyber elephant for determining the principles needed to regulate cyberspace [11].
|
A Review of International Legal Framework to Combat Cybercrime
International Journal of Advanced Research in Computer Science, ISSN No. 0976-5697, Volume 8, No. 5, May-June 2017
I. INTRODUCTION Information Societies have high dependency on the availability of information technology which is proportional to security of cyber space [1] [2]. The availability of information technology is under continuous real and perceived threat from various state and non-state actors [3]. The cyber-attack on availability of information technology sits on a thin line to be classified as cybercrime or cyber war having devastating effects in the physical world. The discovery of ‘cyber-attack vectors’ like Stuxnet, Duqu, Flame, Careto, Heart Bleed etc. in the recent past only demonstrates the vulnerability of the confidentiality, integrity and availability of information technology resources [4] [5]. The scenario is further complicated by the very nature of cyber space manifested in anonymity in space and time, rapidity of actions resulting in asymmetric results disproportionate to the resources deployed, non-attribution of actions and absence of international borders [6]. By virtue of these features, ‘the transnational dimension of cybercrime offence arises where an element or substantial effect of the offence or where part of the modus operandi of the offence is in another territory’, bringing forth the issues of ‘sovereignty, jurisdiction, transnational investigations and extraterritorial evidence’; thus necessitating international cooperation [7]. In this essay, international efforts and their efficacy in combating cybercrimes would be analysed. II. INTERNATIONAL LEGAL FRAMEWORKS Although several bilateral and multilateral efforts have been attempted to combat cybercrime, the European Union remains at the forefront in creating a framework on cybercrime [8] [9] [10] [11]. Going beyond the European Union by inviting even non-member States, incorporating substantial criminal law provisions and procedural instruments, the Council of Europe Convention on Cybercrime (the Convention) [12] puts forth ‘instruments to improve international cooperation’ [13]. The Convention makes clear its belief ‘that an effective fight against cybercrime requires increased, rapid and well-functioning international cooperation in criminal matters’ [14]. As on December 2016, 52 States have ratified the Convention and 4 States have signed but not ratified. As of July 2016, the non-member States of Council of Europe that have ratified the treaty are Australia, Canada, Dominican Republic, Israel, Japan, Mauritius, Panama, Sri Lanka and US. The Convention is today the most important and acceptable international instrument in global fight to combat cybercrime [15] [16] [17] thereby limiting the scope of discussion to the Convention for the purpose of this essay.
|
Risks and Opportunities provided by the Cyber- Domain and Policy- Needs to address the Cyber- Defense Sandeep Mittal, I.P.S.,*
International Research Journal On Police Science. ISSN: 2454-597X, Issue 1&2, December 2016 Introduction The term ‘Cyber Domain’ has been used widely by various experts, sometimes interchangeably with ‘Cyber Space’, to imply – “the global domain within the information environment that encompasses the interdependent networks of information technology infrastructures, including the internet and telecommunication networks” (Camillo & Miranda, 2011). Today it has become “the fifth domain of warfare after land, sea, air and space and its a challenge to have a common definition of cyber Domain” but for the purpose of this essay the definition given above would suffice. Any entity, whether it is a Nation State or an Enterprise, who operates in cyber domain need to maintain confidentiality, integrity and availability of its deployed resources. The dynamics of cyber domain is complex and complicated in time and space. The humans, machines, things and their interaction is evolving continuously to pose risks and opportunities in the cyber domain. The risk to someone becomes opportunity for the other. In this essay, the ‘risks presented by’ and ‘opportunities available in’ the cyber Domain would be identified, discussed and analyzed to consider key strategic policy elements to defend the cyber domain. Risks and Opportunities in Cyber Domain The ‘very low cost efforts’ giving asymmetric results coupled with anonymity in space and time makes the cyber domain attractive (Cyber Security Strategy of UK, 2009) for use by various actors for malicious objectives. This faceless and boundary less domain is highly dynamic and throwing surprises with rapidity and having the potential of causing damages (real and virtual) which are disproportionate to the resources deployed. Let us have a look at various realms in terms of risks associated with them.
|
Reputational Risk, Main Risk Associated with Online Social Media Sandeep Mittal, I.P.S.,*
The Indian Journal of Criminology & Criminalistics, Volume 35 (2) July – Dec. 2015 Abstract Social media is undoubtedly a revolution in the business arena blessing the organizations with the power to connect to their consumers directly. However, as the saying goes nothing comes without a cost; there is cost involved here as well. This article examines the risks and issues related to social media at the time when the world is emerging as a single market. Social networking and online communications are no more just a fashion but an essential feature of organizations in every industry. Unfortunately, inappropriate use of this media has resulted in increasing risks to organizational reputation threatening the very survival in the long-run and necessitating the management of these reputational risks. This article attempts to explore the various risks associated with social media. The main aim of this study is to particularly focus on reputational risks and evaluate it’s intensity from the perspectives of public relations and security staff of an organization. The article is structured to firstly explain the concept of social media followed by identification of various social media risks and the analysis of reputational risk from perspectives of public relations and organizational security staff. The article then based on the analysis provides various recommendations in order to help the contemporary organizations to overcome such risks and thus, enhance their effectiveness and efficiency to gain competitive advantage in the long-run. Keywords: Reputational Risk, Online Social Media, OSM Security, OSM Risk, Organizational Reputation, Cyber Security, Information Assurance, Cyber Defence, Online Communication. Introduction With changing times, the concept of socializing has been transforming. Globalization and digitalization to a large extent are responsible for the same. With internet, it is possible to stay connected with people located in various regions of the world. One such medium of socializing is the social media. In todays time, online social media services have been one of the most vibrant tools adopted not only by individuals but also corporate and government organizations (Picazo-Vela et al., 2012). Corporates in fact have been abiding social media extensively as it is one of the cheapest ways of communicating with the masses. The importance of social media can be understood from the fact that at present there are more than 100 million blogs that are highly operational and connect people from across the world (Kietzmann et al., 2010). Further there has been a surge in social media members for websites like Facebook or Twitter with over 800 million active users in Facebook in 2012 and 300 million users of Twitter (Picazo-Vela et al., 2012). In spite of being a very powerful mode of communication it is subjected to a large number of risks.
|
Role of Perception, Collaboration and Shared Responsibility among various Stake-holders in Critical Infrastructure Risk Management Sandeep Mittal, I.P.S.,*
Indian Journal of Criminology, Volume 42 (1) & (2) January & July 2014 Introduction The well-being of a nation depends on its critical infrastructure and how secure and resilient it is to sustain the services to its citizen and maintain normal life and activity. In today’s world the critical infrastructure is so widely distributed in time and space that the entire process of establishing, maintaining, securing and making it resilient involve a number of stake holders like the governments at the federal, state and local levels; specialised technical organizations in public and private sectors; private vendors, security agencies and last but not the least the citizens or the society. Each one of them has to play a role in close collaboration with other stakeholders. Moreover the critical infrastructure is increasingly becoming more dependent on cross- sectorial processes governed by technology and humans. All of them closely interact with each other, e.g., the humans interact with humans, humans interact with technologies, and this interactive process is highly complex, complicated and biased due to their cultural values, judgements and perceptions which in turn are dynamic in space and time(Ramamurthy, 2012). In this essay, we would examine how the process of building the security and the resilience in critical infrastructure can be achieved through a collaborative approach and neutralising the cultural perceptions. The Collaborative Approach to Critical Infrastructure and Cultural Perception Let us have a look at the case study of a disturbing incident regarding a Critical Infrastructure facility in the southernmost State of India, Tamilnadu viz., the public agitation against the Nuclear Power Project at Koodankulam.The Nuclear Power Corporation of India under Department of Atomic Energy, Government of India was in the advance stage of commissioning two 100 MW nuclear power reactors in a coastal village of Tamilnadu at a cost of about GBP 1600 Million. E-mail ID:mittals.ips@gmail.com Recently one of the reactors had started producing the electricity at commercial scale. These reactors are under planning and construction for more than a decade but there are repeated public uproars regarding the safety of these nuclear power plants, more vigorously after the Fukushima Nuclear Disaster in Japan. Offlate, the ‘safety-concerns’ regarding the commissioning of this critical-infra-structure project have itself taken the shape of a ‘security-threat’ to this critical-infrastructure project, due to disturbed perception dynamics of various stakeholders the local community which went berserk posing serious threat to the critical-infrastructure including long time disruptions to the critical operations necessitating intervention by police authorities to diffuse the situation as per the rule of the law. The Tamil Nadu Police did an extremely trying job of restoring the peace and public order in an outstanding professional manner while maintaining, at the same time,utmost restraint, patience and respect for the human rights of the agitators. This is when the ‘safety-fear’ became the ‘security-threat’ to critical infrastructure itself…The following narrative based on information gathered from various sources would explain the scenario. “On September 11, 2011 the protestors began an indefinite fast. Efforts were made by police and administration to peacefully settle the issue. Group of senior Ministers (15th September, 2011), Hon’ble Union Minister (20th Sep-2011), Hon’ble Chief Minister of Tamil Nadu (22nd September, 2011), Hon’ble Prime Minister of India (7th October, 2011) met with representatives of the protestors. On 22ndSeptember, 2012 a resolution was passed by the State Cabinet to halt work at KKNPP till fears of people are allayed.On 13th October, 2011, during local body election campaign, the protestors laid siege to KKNPP and blocked all roads.The protestors later withdrew on Oct 16thOctober, 2011 and the local body elections were conducted peacefully. A Central Committee conducted several rounds of discussions with representatives of protestors and concluded that the plant was safe. A State Committee also examined the safety aspects and concluded that the nuclear plant was safe.On 18th March, 2011 work was fully resumed at KKNPP with police security.Declaration of the prohibitory order under Sec.144 Cr.P.C. was challenged by 3 public interest litigations in Writ Petitions No.7520, 7633 and 7634/12 before the Division Bench of the Hon’ble High Court of Judicature at Madras wherein the order was passed on 26th March, 2012 by the Hon’ble High Court upholding the prohibitory, and is reproduced in part as follows,
|
Understanding the Human Dimension of Cyber Security Sandeep Mittal, I.P.S.,*
Abstract It is globally realized that humans are the weakest link in cyber security to the extent that the dictum ‘users are the enemy’ has been debated over about two decades to understand the behavior of the user while dealing with cyber security issues.Attempts have been made to identify the user behavior through various theories in criminology to understand the motive and opportunities available to the user while he interacts with the computer system. In this article, the available literature on interaction of user with the computer system has been analyzed and an integrated model for user behavior in information system security has been proposed by the author. This integrated model could be used to devise a strategy to improve user’s behaviour by strengthening the factors that have a positive impact and reducing the factors that have a negative impact on information system security. INTRODUCTION Most of the system security organizations work on the premise that the human factor is the weakest link in the security of computer systems, yet not much research has hitherto been undertaken to explore the scientific basis of these presumptions. The interaction between computers and humans is not a simple mechanism but is instead a complex interplay of social, psychological, technical and environmental factors operating in a continuum of organizational externality and internality.1 This article tries to examine various aspects of interaction between humans and computers with particular reference to the ‘users’.The taxonomy adopted for understanding who is actually a user is based on the available literature.
|
Perspectives in Cyber Security, the future of cyber malware
 Sandeep Mittal, I.P.S. Introduction The term ‘Malware’ has become a fashionable word to throw around now days. However, it should not be thought of something very sophisticated only. In this paper, we would give a brief definition and description of the term ‘malware’ and the related concepts including the evolutionary and historical time line. The concept of the future of ‘malware’ would be dealt with from four perspectives which may be dependent upon one another at least at some point in space and time. The first being the ‘malware design’ as the malware experts are using increasingly complex designs, taking the ‘malware’, to the scale of ‘war- grade- weapon’ in the recent past. The second important perspective is the ‘terrain’ of the cyber domain where the malware operates or is deployed. The third important perspective would be the ‘technologies’ that are used to detect these malware. As the malware are becoming ‘multiplatform’ and complex, the technologies have to keep pace with the evolution of malware. However, it is made clear at the outset that this paper deals only with the basics of issues raised and technical details have been kept to the minimum, being beyond the scope of present work.
|
The Issues in Cyber-Defence and Cyber-Forensics of the SCADA Systems
 Sandeep Mittal, I.P.S. Abstract As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
|
A Strategic Roadmap for Prevention of Drug Trafficking through Internet July- Dec., 2012,Volume XXXIII, NO.2, pp: 86- 95. Sandeep Mittal, I.P.S. Abstract The ‘World Wide Web (WWW)’ or popularly known as the ‘Internet’ has become an essential part of our professional and personal lives. It has revolutionized communication and trade beyond the control of National and International borders. Therefore, the prevention of trafficking of drugs through World Wide Web is the emerging evil and remains a global challenge for Law Enforcement Agencies. The problem of understanding ‘Trafficking of Drugs through Internet’ has been compared with the problem of elephant and the five blind men. A Typical modus operandi of drug trafficking through internet and operation of Internet Pharmacies has been identified on the basis of Indian case -studies. Based on the Indian experience, a Strategic Roadmap for prevention of drug trafficking through Internet has been prepared. The obstacles to the implementation of Strategic Roadmap have been identified and solutions proposed within the existing system of Criminal Justice Administration. Finally, the process of evaluation of the proposed Strategic Plan has been proposed by author.
|
TRAINING AND DEVELOPMENT OF SUBORDINATES – A CHALLENGE BEFORE POLICE LEADERSHIPProceedings of XXXII All India Police Science Congress , Chandigarh 27 – 29 November, 2000
Sandeep Mittal, I.P.S. After passing out of the Police Academy, I was posted as Assistant Superintendent of Police Incharge of a subdivision. I have the privilege of serving in the communally sensitive areas of Tamilnadu like Maniyachi, Sivakasi and Tuticorin mainly in rural areas which were training grounds for me to learn the basic field policing. Immediately after I joined the Maniyachi Subdivision, the Tuticorin District witnessed communal tension due to caste conflicts. While deployed on Law and order duty, I tried to find out the reasons for the communal clashes and the “police response” to it. Here it would be suffice to say that the origin of caste clashes is deep rooted and there is little that police can do under the present circumstances mainly due to attitude of police towards public and vice-versa. It was almost impossible for the police to obtain the timely intelligence on communal elements mainly because the local officers had not developed good rapport with the public. Another realisation was that due to continuous deployment of men on Law and order duties, their training is neglected. There-fore, the main challenge before the Police-Leadership is training and development of subordinates so as to improve the system of policing and widen the police base among the public and winning their support.
|
Dr. Sandeep Mittal, IPS 
0 comments on “Articles”