Have you signed your electronic contract?

The ease with which business can be transacted over the Internet raises various issues, not least among which are writing and signature requirements. While it has been established that an electronic record is a functional equivalent of writing, the position appears to be less clear with regard to electronic signatures. This paper examines the signature requirement as it applies to electronic contracts, in particular the form of electronic signature that can serve the functional equivalent of a handwritten signature for the purpose of the English Statute of Frauds 1677 and its various re-enactments. Reference will be made to legislation, the relevant UNCITRAL Model Laws and UN Conventions as well as to the substantial body of case law on paper contracts for analytical and comparative purposes.     

The legal classification of identity-based signatures

Identity-based cryptography has attracted attention in the cryptographic research community in recent years. Despite the importance of cryptographic schemes for applications in business and law, the legal implications of identity-based cryptography have not yet been discussed. We investigate how identity-based signatures fit into the legal framework. We focus on the European Signature Directive, but also take the UNCITRAL Model Law on Electronic Signatures into account. In contrast to previous assumptions, identity-based signature schemes can, in principle, be used even for qualified electronic signatures, which can replace handwritten signatures in the member states of the European Union. We derive requirements to be taken into account in the development of future identity-based signature schemes.     

E-Government users’ privacy and security concerns and availability of laws in Dubai

The purpose of the study was to review privacy and security concerns and their impact on e-government adoption in Dubai. The research analyzed the literature on e-government, security and privacy concerns of e-government adoption and the legislative provision relating to privacy and security protection. A survey on e-government user concerns on privacy, security and ease of use was also carried out. The data for the survey in this research were collected from 190 respondents in Dubai. The results of the analysis revealed that perceived security, privacy and perceived ease of use were important constructs in e-government adoption. The analysis of legal framework showed that the Federal Constitution, the Penal Code, the new Data Protection Act and the Computer Crime Act could be used to address various privacy and security concerns. Thus, it is important that the policy makers facilitate an appropriate awareness campaign of the existence of both information privacy and security to attract more participation towards the e-government services.     

The inadequate legislative response to e-signatures

This article examines the two most influential international initiatives on electronic signatures (UNCITRAL’s 1996 Model Law on Electronic Commerce and the 1999 EU Electronic Signature Directive). It considers whether the legislative approaches in Australia and the United Kingdom based on these initiatives are helpful in deciding whether lower level signature methods such as simple email messages are likely to satisfy a legal requirement for a signature. The conclusion reached is that they are unhelpful. The article goes on to consider whether legislative amendments based on UNCITRAL’s 2001 Model Law on Electronic Signatures or the 2005 UN Convention on the Use of Electronic Communications in International Contracts would improve the identified weaknesses. It concludes that such an update would clarify some issues, but that overall it will not solve the difficulties. The article ends with a brief speculation on the likely attributes of a more helpful approach.     

Globalization and regulatory change: The interplay of laws and technologies in E-commerce in Southeast Asia

Electronic commerce has brought about business and technological changes globally, and these global changes have given rise to major legal reforms across nations. In the fast-changing global digital economy, states need strategies to maintain competitiveness of their markets while simultaneously ensuring the secure and effective use of technologies involved in conducting electronic transactions. This paper examines how the use and recognition of electronic signatures are regulated in Southeast Asia – the region that has shown the most significant growth in global e-commerce in past few years. Based on a comparative analysis of the laws of four representative ASEAN member states – namely Singapore, Thailand, Malaysia, and Vietnam, this paper argues that there is a regional trend towards adopting more liberal and technology-neutral standards for electronic signatures. Electronic signature regulation in Southeast Asia is now built upon limited technological neutrality (or the so-called “two-tiered” approach) as a shared regulatory understanding, but this approach is operationalized differently in each state due to distinctive national contexts. Within the common legal framework, each state has developed its own system of control and management with respect to higher-level signatures (using advanced technologies). The principle of technological neutrality, a concept originally developed for the regulation of technologies in response to the liberalization of telecommunications market, has been the central theme of discussions on the e-transactions policy-making scene. As the author shows, in the process through which states localize the global standards of technological neutrality, ASEAN as a vehicle of regulatory change has played an essential role in translating this principle to the national context.     

Mistaken identity,identity theft and problems of remote authentication in e-commerce

The problem of mistaken identity in e-commerce transactions brings together seemingly unrelated issues: privacy, network security, digital signatures – and classic contract law. Combining an academic exercise with the practical implications of the insecurity of the Internet, this paper draws some unexpected conclusions regarding cases of mistaken identity and exposes flaws in popular legal arguments on the subject. Problems of mistaken identity must be analysed afresh with a number of factors in mind: the more widespread use of fictitious identities in on-line transactions, the higher incidence of identity theft and the greater difficulty of authenticating the other transacting party. The trend to preserve the privacy of Internet users indirectly clashes with efforts to ensure transactional security in e-commerce. An indispensable prerequisite of the latter is the ability to identify the other party to the contract. The problem of mistaken identity is not new – but it assumes a different scale in e-commerce transactions.     

利用黑客技术提高网络安全性的研究

文章首先分析了互联网的安全现状,阐述了目前网络存在的一系列安全问题,然后着重分析了特洛伊木马、拒绝服务、WEB欺骗等黑客的主要应用手段以及其攻击方法,在此基础上,对利用黑客及黑客技术在构建网络安全体系和网络安全管理法制化建设方面的问题进行了研讨。最后,提出了黑客现象的社会控制及其有利利用。深入了解黑客及黑客技术,做到知己知彼,化害为利对于保证和促进网络安全的健康发展肯定是十分有益的。     

构建新型校园安全防控体系的思考

学校安全是公共安全的重要组成部分,学校安全保卫工作事关师生人身安全和学校的财产安全,事关教育改革、发展、稳定大局。由于校园由封闭型向半封闭型、开放型的发展,校园人数的增多,保卫组织不健全,管理制度不落实等原因,造成校园的暴力型犯罪、火灾、爆炸、中毒等安全问题呈上升蔓延趋势。构建新型的校园安全防控系统,建立校园安全工作的长效机制是当前各级政府、学校亟待研究和解决的新课题。     

Patching the patchwork: appraising the EU regulatory framework on cyber security breaches

Breaches of security, a.k.a. security and data breaches, are on the rise, one of the reasons being the well-known lack of incentives to secure services and their underlying technologies, such as cloud computing. In this article, I question whether the patchwork of six EU instruments addressing breaches is helping to prevent or mitigate breaches as intended. At a lower level of abstraction, the question concerns appraising the success of each instrument separately. At a higher level of abstraction, since all laws converge on the objective of network and information security – one of the three pillars of the EU cyber security policy – the question is whether the legal ‘patchwork’ is helping to ‘patch’ the underlying insecurity of network and information systems thus contributing to cyber security. To answer the research question, I look at the regulatory framework as a whole, from the perspective of network and information security and consequently I use the expression cyber security breaches. I appraise the regulatory patchwork by using the three goals of notification identified by the European Commission as a benchmark, enriched by policy documents, legal analysis, and academic literature on breaches legislation, and I elaborate my analysis by reasoning on the case of cloud computing. The analysis, which is frustrated by the lack of adequate data, shows that the regulatory framework on cyber security breaches may be failing to provide the necessary level of mutual learning on the functioning of security measures, awareness of both regulatory authorities and the public on how entities fare in protecting data (and the related network and information systems), and enforcing self-improvement of entities dealing with information and services. I conclude with some recommendations addressing the causes, rather than the symptoms, of network and information systems insecurity.     

企业海外并购的国家安全审查风险及其法律对策

国家安全审查是对企业海外并购影响最大的贸易保护措施。近年来,数个国家对其外资监管法律进行了修改,其共性是建立或完善外资并购国家安全审查制度。这种对国家安全审查的关注和强调已经成为中国企业海外并购所面临的最大法律风险。从国家安全审查的法律实践中可见两个明显趋势:国家安全概念的扩张与审查过程中政治考量因素的增加,但中国企业应将政治风险与政治因素转换为法律层面的问题,合理进行并购申报,并通过东道国诉讼程序、WTO规则、双边投资保护协定等多种法律手段维护自身利益,减少贸易保护主义对海外并购的危害。     

Predicting and Preventing the Theft of Electronic Products

The research presented within this paper was conducted as part of a 2-year project (Project MARC) to develop and render operational a mechanism to assess the risk of theft of electronic products. Clarke and Newman (Secured goods by design - a plan for security coding of electronic products. London: Department of Trade and Industry, 2002) proposed the use of two checklists—one to measure vulnerability, the other to measure security—as a means of categorising products according to their vulnerability to theft. Consultation with key stakeholders yielded the common view that such a mechanism was worth pursuing, but that it must reflect the language of those who would use it. An extensive consultation with stakeholders from ten European member states ensued. Participants were asked to rate a range of electronic products in terms of vulnerability and security, and to explain their ratings. Their responses were used to develop two checklists that incorporate a variety of factors, weighted according to the frequency with which they were expressed. The crime vulnerability checklist developed within this paper is judged fit-for-purpose as a provisional measurement but we urge caution in relation to the security checklist.

Social Media and Medicolegal Death Investigation: Logged in…To the Morgue

Social media (SM) represent a global consumer phenomenon with an exponential rise in usage within the last few years. The various applications and websites are relatively easy and fast to access, and the number of users increases continuously. SM are an incredible source of freely available, public information about their users. The purpose of this study is to provide information about the usefulness of SM in forensic practice. The electronic database of the Cook County of Medical Examiner's Office (“CCMEO”) in Illinois was searched for investigative narratives that included specific SM keywords, in the period from August 2014 to January 2018. A total of 48 cases met the study's criteria. Among these, “Facebook” has been found to be the most helpful SM for medicolegal investigation purposes. Information obtained by SM can play an important role in forensic practice since it can be used to clarify certain aspects of the medicolegal death investigation, with particular regard to time and manner of death.     

Expert systems for medical diagnosis: A study in technology transfer

Expert systems continue to evolve for specific applications in medical diagnosis. This is necessary because the influx of new information is so massive that the expert systems must be specialized. The research methodology for this study was based on the usage patterns of expert systems in clinical pathology with data obtained at 94 US medical schools from 202 medical-school-based clinical pathologists. The study showed the link between the use of expert systems in medical schools and within the professional medical community. Initial education in medical schools and ongoing communications through residency programs, post-doctoral fellowships and clinical usage at university hospitals with the goal of technology transfer between medical schools and physicians, seem to represent the future for this valuable diagnostic technique.     

Trust in the proposed EU regulation on trust services?

A few months after ICRI's 20th anniversary conference the European Commission adopted on 4 June 2012 a draft regulation “on electronic identification and trusted services for electronic transactions in the internal market”. The proposed legal framework is intended to give legal effect and mutual recognition to trust services including enhancing current rules on e-signatures and providing a legal framework for electronic seals, time stamping, electronic document acceptability, electronic delivery and website authentication. Yet, this draft Regulation provokes many questions with regard to the implicit “trust” concept on which it is based. Starting from their experience in the EU FP7 uTRUSTit project (Usable Trust in the Internet of Things: www.utrustit.eu) and in other ICRI research projects, Jos Dumortier and Niels Vandezande have analyzed the proposed legislative text of the European Commission and wrote a few critical observations. Although obviously not presented at the conference in November 2011, it seemed worthwhile to add this contribution to its proceedings.     

Avoiding the internet of insecure industrial things

Security incidents such as targeted distributed denial of service (DDoS) attacks on power grids and hacking of factory industrial control systems (ICS) are on the increase. This paper unpacks where emerging security risks lie for the industrial internet of things, drawing on both technical and regulatory perspectives. Legal changes are being ushered by the European Union (EU) Network and Information Security (NIS) Directive 2016 and the General Data Protection Regulation 2016 (GDPR) (both to be enforced from May 2018). We use the case study of the emergent smart energy supply chain to frame, scope out and consolidate the breadth of security concerns at play, and the regulatory responses. We argue the industrial IoT brings four security concerns to the fore, namely: appreciating the shift from offline to online infrastructure; managing temporal dimensions of security; addressing the implementation gap for best practice; and engaging with infrastructural complexity. Our goal is to surface risks and foster dialogue to avoid the emergence of an Internet of Insecure Industrial Things.     

Roadmap to solving security and privacy concerns in RFID systems

This paper focuses on privacy and security concerns in Radio Frequency IDentification (RFID) systems and paves the way towards a roadmap for solving security and privacy concerns in RFID systems. RFID systems have captured much interest around the World. The technology has many advantages and applications in a real world situation. Examples of such scenarios will be discussed in this paper.This paper reviews privacy and security concerns within the context of the advantages the technology offers and reviews solutions to overcome the privacy and security challenges. However, this research found that many proposed technological solutions are not “bullet proof” and policy regulations have to be employed as well. Few such RFID policies have been proposed. However, this paper argues that users/consumers of RFID systems should be given the mandate to have control over their products and systems and in order to fully address solution to the security concerns.     

利用数字水印技术构建电子政务安全的模型探讨

随着计算机信息技术的飞速发展,电子政务在政府实际工作中已经发挥了越来越重要的作用,但随之而来的安全问题也显得越来越突出,构建安全的电子政务业务网就越发显得迫切。本文总结了传统电子政务安全模型,分析了数字水印技术,并给出了一种基于数字水印技术的电子政务业务网的安全模型和实现过程。     

A comprehensive micro unmanned aerial vehicle (UAV/Drone) forensic framework

In the early 1990s, unmanned aerial vehicles (UAV) were used exclusively in military applications by various developed countries. Now with its ease of availability and affordability in the electronic device market, this aerial vehicular technology has augmented its familiarity in public and has expanded its usage to countries all over the world. However, expanded use of UAVs, colloquially known as drones, is raising understandable security concerns. With the increasing possibility of drones' misuse and their abilities to get close to critical targets, drones are prone to potentially committing crimes and, therefore, investigation of such activities is a much-needed facet. This motivated us to devise a comprehensive drone forensic framework that includes hardware/physical and digital forensics, proficient enough for the post-flight investigation of drone's activity. For hardware/physical forensics, we propose a model for investigating drone components at the crime scene. Additionally, we propose a robust digital drone forensic application with a primary focus on analyzing the essential log parameters of drones through a graphical user interface (GUI) developed using JavaFX 8.0. This application interface would allow users to extract and examine onboard flight information. It also includes a file converter created for easy and effective 3D flight trajectory visualization. We used two popular drones for conducting this research; namely, DJI Phantom 4 and Yuneec Typhoon H. The interface also provides a visual representation of the sensor recordings from which pieces of evidence could be acquired. Our research is intended to offer the forensic science community a powerful approach for investigating drone-related crimes effectively.     

互联网电子身份管理模式及法律保障

在分析电子身份管理制度构建需应对挑战的基础上,剖析我国网络实名制的发展瓶颈,构建基于我国国情的互联网电子身份管理模式,探讨该模式可能引起的运作机制、信息安全保障、个人隐私权保护和法源依据等问题,并提出相应的法律保障建议。