MI 14 - 02 E-BUSINESS AND IT LAW

MI 14 - 02
E-BUSINESS AND IT LAW

Q.1 Discuss the law relating to instantaneous communications and formation of
Contracts.
The new unified Contract Law of the People's Republic of China (hereinafter referred to as the new Contract Law) was adopted at the Second Session of the Ninth National People's Congress on 15 March 1999 and came into force on 1 October 1999. Simultaneously, the Economic Contract Law of the People's Republic of China (hereinafter referred to as the Law on Economic Contracts), the Law of the People's Republic of China on Economic Contracts Involving Foreign Interests (hereinafter referred to as the Foreign Economic Contract Law) and the Law of the People's Republic of China on Technology Contracts (hereinafter referred to as the Technology Contract Law), the three laws collectively referred to as the three former contract laws, were abrogated.
Structurally, the new Contract Law is divided into three parts - General Provisions, Specific Provisions and Supplementary Provisions - with 23 Chapters featuring 428 Articles. The first part - General Provisions - has 8 Chapters: General Provisions; Conclusion of Contracts; Effectiveness of Contracts; Performance of Contracts; Modi-fication and Assignment of Contracts; Termination of the Rights and Obligations of Contracts; Liability for Breach of Contracts; Miscellaneous Provisions. The second part - Specific Provisions - contains 15 Chapters dealing with 15 types of contract: Sales; Supply and Use of Electricity, Water, Gas or Heating; Donation; Loans; Lease; Financial Lease; Hired Works; Construction Projects; Transport; Technology; Storage; Warehousing; Mandate; Commission Agency; Intermediation. The Supplementary Provisions contain one Article on the effectiveness of the new Contract Law and provides for the abrogation of the three former Contract Laws.
In drafting the new Contract Law, the Chinese legislators referred extensively to the UNIDROIT Principles of International Commercial Contracts.1 Many Articles of the new Contract Law, in particular those in the chapter on General Provisions, are similar in spirit to the UNIDROIT Principles. From a practical point of view, it seemed insufficient to have only general provisions without specific rules to deal with concrete cases, and this is why specific provisions were included to regulate different kinds of contract
Q.2 Explain the FSTC systems. Also mention their advantages.

The FSTC shall engage in various activities in order to promote fuzzy systems as a viable technology, including but not limited to the following: recommend candidates to the Awards Committee for the CIS Pioneer Award in Fuzzy Systems area and the Technical Field Award, nominate papers for Best Paper Awards to the Awards Committee from papers published in the Transactions on Fuzzy Systems, propose special sessions to the CIS-sponsored conference organizers, participate in paper reviews and selection for CIS-sponsored conferences and publications, promote IEEE Senior Members and Fellows program, collaborate on production of tutorials, and book series with the Multimedia Committee, maintain the Committee’s website, facilitate local chapters activities and organize specialized workshops or meetings. The FSTC will assist in soliciting conference proposals and actively work with the organizers of CIS sponsored conferences to ensure their technical excellence.


Q.3 Discuss the U.N model law on Carriage of Goods.
The commentary by the drafters of Part Two of the Model Law states:
"In preparing the Model Law, the Commission noted that the carriage of goods was the context in which electronic communications were most likely to be used and in which a legal framework facilitating the use of such communications was most urgently needed. "
Q.4 Explain the following Cyber crimes:
(a) Computer crimes.
(b) Indecency.

(a) Computer crimes.

The international nature of the Internet means that any attempt to deal with Internet-related crime will always be complicated by questions of jurisdiction. Laws vary from country to country and UK police have no power to intervene directly against criminal material on computers in another country or against criminals operating in another country.

Efforts to combat problems such as extreme hardcore porn, racist hate crime or malicious attempts to interfere with computer systems depend upon co-operation between law enforcement agencies in different countries and, vitally, upon the voluntary co-operation of the Internet industry. The UK has recently established a National High Tech Crime Unit to deal with technology related crimes that run across conventional police boundaries and require specialist investigation skills.

This section outlines avenues that are open in London for dealing with computer crime and internet-related crime.

Illegal or offensive material on websites, newsgroups, chatrooms etc
Hacking and other computer crimes
Offensive e-mails
Viruses

Illegal or offensive material on websites, newsgroups etc.

UK police can only take direct action where material falls within their jurisdiction. In the case of the Metropolitan Police this generally means Greater London, although certain specialist Met units have a national remit. It often happens that offensive websites reported to us turn out to be based in another country. However, if:

the people who created the material are in the UK
or if the material has been published from or downloaded onto computers in the UK
or if it might be evidence of offences committed in the UK
or if it might be evidence of crimes committed by UK citizens travelling abroad
then it may be a matter for The Met or for another UK force.

It has to be stressed that the police can only act against material that breaks the law.
There is a great deal of material on the Internet that might cause offence but which is not technically illegal. If you want to report illegal material then you should follow the procedure below.

In 1996 major Internet firms in the UK came together with the police to establish the Internet Watch Foundation (IWF) to act as a focus for removing illegal material from the Internet. It provides a hotline service to enable Internet users to report material they believe may be illegal. The IWF assesses the material and then notifies the service provider and the police.


Reporting illegal internet material through the IWF

The IWF is only able to deal with material that falls into the following three categories:
Child Pornography located anywhere in the world
Adult material that would breach the Obscene Publications Act, but only if the offending site or service is hosted or registered in the UK.
Criminally racist material - but only if it is physically hosted in the UK

Hacking and other computer crime

The Metropolitan Police Service Computer Crime Unit deals with crimes such as hacking and virus writing. They can be contacted by calling the

The Computer Crime Unit is part of the Specialist Crime operational command unit within the Met's Specialist Operations Command. The Computer Crime Unit works together with other specialist units, both within the Metropolitan Police and at a national and international level.

Offensive e-mails

If you are concerned about "spam" or general unwanted e-mail, do not automatically assume that it is coming from where it seems to come from. There are various ways in which "spammers" can give false addresses.

Police can generally only assist in criminal matters and there is little that they can do in relation to general "spam", such as commercial advertising and campaign mailing, especially if it turns out that it originates from another country. Your internet service provider may be able to provide advice on identifying the origin of e-mail and on selectively blocking messages.

If someone is exploiting personal information about you in order to send you unwanted e-mail they may be breaching data protection laws. In the UK the authority responsible for overseeing data protection laws is the Information Commissioner.

If you feel you are in danger as a result of threatening or offensive e-mails, please contact your local police station. If you think you are the victim of a stalker then be careful not to destroy evidence that might be useful to police. Keep copies of e-mails on disk and print out hard copies. Do not delete the original. For more advice see our section on Advice to victims of stalkers

Viruses
Please do not try to notify us of viruses. There are three main reasons for this:
A great many virus alerts are hoaxes - the forwarding of hoaxes in the belief that they are real has become such a problem that it is now sometimes classified as a type of virus in itself!

If you e-mail us and you really do have a virus then you may be passing that virus on to us. The IT industry and law enforcement agencies around the world have established systems to alert each other about genuine virus threats.

Only if you are an IT systems manager and you believe that a possible virus may be part of an attempt to hack or otherwise misuse your system should you contact us direct. (See section on "Hacking, computerised fraud and other computer crime")

If you are a computer user and you think you may have a virus you should contact your systems administrator if you have one. If you are a lone user then you can obtain information (and in some cases submit reports) through the websites of major anti-virus software companies (see below).


Q.6 Briefly explain the importance of firewall

The main purpose of a firewall is to control access to or from a computer for security purposes.

A firewall is a software program, hardware device, or a combination of both that monitors the information coming through the Internet connection into your computer. The firewall will only let information in that you asked for. A firewall will also monitor information going out from your computer to the internet. It will only let information out that you say can go out.





A firewall protects your network from unwanted Internet traffic. The primary functions of a firewall are to let good traffic pass through while ‘bad’ traffic gets blocked. The most important part of a firewall is its access control features that distinguish between good and bad traffic

When installed, a firewall exists between your computer(s) and the Internet. The firewall lets you request web pages, download files, chat, etc. while making sure other people on the internet can not access services on your computer like file or print sharing. Some firewalls are pieces of software that run on your computer. Other firewalls are built into hardware and protect your whole network from attacks.

Everyone connected to the Internet should be running some sort of firewall. Programs can be downloaded on the Internet that can scan huge ranges of IP address for vulnerabilities like file sharing services. These programs are easy to download and run. Almost no network knowledge is needed to use these programs to exploit or harm your computer. Any kind of firewall will keep you safe from these types of attacks.

Software Firewall
Software firewalls are programs that run on your computer and nestle themselves between your network card software drivers and your operating system. They intercept attacks before your operating system can even acknowledge them. Many free firewalls of this type exist on the Internet. Here are some free firewalls

Simple NAT firewall

The firewalls that are built into broadband routers and software like Microsoft ICS are very simple firewalls. They protect your LAN by not letting anyone figure out how to ‘directly’ talk to any of the computers on your LAN. This level of protection will keep out almost all kinds of hackers. Advanced hackers may be able to take advantage of certain inadequacies of NAT based firewalls, but they are few and far between.

Firewalls with stateful packet inspection

The new trend in home networking firewalls is called stateful packet inspection. This is an advanced form of firewall that examines each and every packet of data as it travels through the firewall. The firewall scans for problems in the packet that might be a symptom of a ‘denial of service’ (dos) attack or advanced attacks.

Most people are never subject to these types of attacks, but there are some areas of the Internet that invite these kinds of attacks. Most often, these attacks come from being involved in certain kinds of competitive on-line gaming or participating in questionable mIrc channels.


Q.7 Explain the digital signature with example.

Exchanging documents over the Internet is common in e-commerce. Such documents often contain sensitive information—for example, legal contracts, information concerning technological innovation, financial transactions. To prevent hackers from intercepting and reading e-commerce documents traveling through e-space, you must encrypt those documents. If you want your documents to be truly secure, however, you must sign them digitally. A digital signature on an e-commerce document serves as a guarantor of data origin, integrity, and nonrepudiation. When a customer digitally signs an online purchase order, for example, the merchandiser—through the document's digital signature—can identify the customer who originated the order, can verify that no one tampered with the contents of the order in transit, and has proof that a particular customer made a specific order.

Digital signatures have been with us since 1976, when Diffie and Hellman introduced the digital signature as an application of public key cryptography. Only recently, however, have businesses and governments started to use digital signature technology to protect sensitive documents on the World Wide Web. In September 1998, President Bill Clinton and Irish Prime Minister Bertie Ahern digitally signed an intergovernmental e-commerce document that is the world's first such document to use digital signature technology. Microsoft used digital signature technology to develop Authenticode technology, which secures Web-downloadable codes.

As the need for digital signature technology grows, several software companies, including Entrust Technologies and Network Associates, have delivered commercial security software that lets users employ digital signatures to secure e-commerce documents. In this article, I'll explain digital signature technology. I'll also discuss some currently available digital signature software products and offer guidelines to help you plan your company's digital signature solution

What Is a Digital Signature?

Digital signature technology grew out of public key cryptography. In public key cryptography, you have two keys: a private key and a public key. When you send a document to someone, you use your private key to sign the document. When recipients receive the signed document, they use the sender's public key to authenticate the document.

Figure illustrates the digital signature process. Suppose you want to send a digitally signed document to John. After you create the document, you pass it through a message hash algorithm. The algorithm generates a hash of the document that is a checksum of the contents of the document. You then encrypt the message hash with your private key. The result is a digital signature. You append this digital signature to the document to form a digitally signed document, then send it to John.

When John receives the document, he passes the document contents through the same message hash algorithm that you used, and creates a new hash. At the same time, John uses your public key to decrypt your digital signature, thereby converting the signature to the original hash. John then compares the newly generated hash and the original hash. If the hashes match, John can be sure that the document he received is really from you and that no one altered it during transmission. If the hashes don't match, John knows that tampering or a transmission error changed the document contents.

The most commonly used message hash algorithms are Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1). MD5 can produce a 128-bit hash, and SHA-1 can produce a 160-bit hash. The hash algorithm is a one-way function that generates a one-way hash. Therefore, no one can derive original document contents from a message hash. The chance that two documents will have the same hash is almost zero. For example, the possibility that MD5 will output the same hash for two different documents is 1/2128. (2128 translates into about 1,500 documents for every square meter of the earth's surface.)