Computer Policy and Law
Computer policy and law program was created in 1996 by Cornell University in its office of information technologies. In July 2002, a summer seminar was held in Ithaca where the covering topics included copyright, privacy, service-provider liability, and the USA/PARTRIOT Act, and other topics included the basics of law, technology, and policy making process. The seminar addressed all the covering policies in order to build a strong and sound CPL. In addition to its annual seminar, CPL has offered dozens of presentations and workshops on campuses and at the conferences since 1996. CPL also runs a web page featuring a unique and widely respected internet resource: a database of links to campus technology policies from nearly eight hundred institutions.
These policies are categorized both by type of institution and by type of policy. The policy database is a part of reply to one of CPL’s most frequently received requests. There are three reasons why it is hard to create technology policies for campuses. One of the reasons is that the use of computers and networks has increased enormously in terms of quantity and quality. The second reason is the dynamic nature of the technology. The technology is changing now and then. Finally, the law itself is not keeping up with the current issues of technology (computer policy and law 3).
CPL work is still needed, and due to its past success and future importance, EDUCAUSE agreed to cosponsor the program with Cornell University. Computer policy and law program since then has changed its name to EDUCAUSE/Cornell institute for computer policy and law or ICPL with a new administrative structure carrying all the activities of CPL along with new ones. Within EDUCAUSE, the ICPL program has continued to be one of the principal focal points for campus policy discussions especially as legal issues affects IT policy practice.
Anticipated activities for the ICPL include an annual seminar, a series of recurrent workshops, various sessions presented at professional or association meeting, an actively managed online community and a series of publicly available commentaries in diverse formats addressing specific policy topics. EDUCAUSE has continued to sponsor ICPL jointly with Cornell, but logistical, financial and management responsibility for the program has moved to EDUCAUSE. The role of IT-related policy in colleges and universities has grown in both importance and scope. It now encompasses a more diverse set of actors, entities and issues than before and it legal context has evolved and therefore, ICPL needs to accommodate this growth and evolution.
The target audiences for the seminar are specialist in and advocates for IT-related policy in high education. Some of these individuals will be in directly relevant jobs with formal titles such as IT policy officer, but many will be individuals whose work and professional interests lead them to seek a venue where they can meet with other like minded people to explore issues in campus policy and law and how they affect campus it practice. Many participant in the seminar are expected to attend its annual 2-3 day session regularly, so that the seminar continues its traditional role as a well established venue board, reflective and practical thinking about evolving campus IT policy issues. The target audience for the workshops are senior IT and other campus staff who find that IT policy development, implementation and administration have become a substantial part of their jobs. In some cases, they will have taken new jobs where policy thoughtfulness is important, and other cases their existing job will have expanded so as to require it. In the steady state, there will be two or three workshops each year, perhaps held in conjunction with other EDUCAUSE gathering.
The content of workshops will be similar from session to session. In general, participant will attend a workshop only once, if they become interested in more expansive thinking about policy, they might become seminar participants. The target audience for session is campus staff, generally outside IT organizations that are already involved in policy work and anticipate that the scope of their work is growing to include IT-related policy issues. The sessions will be standardized presentations at conferences focused on higher education but not on information technology. Attendees of these conferences are unlikely to attend full or multi-day events entirely devoted to IT policy, but might well find IT focused policy sessions useful at a conference they were attending. The target audience for the community is all who have been mentioned above plus individuals throughout higher education and related organizations who simply want to keep current with curr3nt thinking and problems in IT policy and law.
The community will comprise an actively managed online discussion forum akin to the existing ICPL mailing list but embodying enhanced threading, archiving and research functionality. This will further be complemented by various mechanisms for more formal material ranging from blogs to webinars and media-rich presentations. The commentary will comprise written and visual materials exploring current or imminent campus policy issues and challenges. They will include analyses, essays, toolkits, case studies and other materials in formats ranging from traditional papers to video. In some cases these will be prepared by EDUCAUSE staff and in other cases by participant in the community. The commentary will then be made available within the community and to diverse outside audiences using various existing and ad hoc mechanisms within EDUCAUSE or outside.
The above changes have been endorsed by EDUCAUSE and Cornel leaders through a revision of the 2002 agreement between EDUCAUSE and Cornel. The revised agreement streamlines the administrative structure of ICPL, creating a director role, redefining the steering committee and charging them to designate conveners for various ICPL activities and to maintain or create appropriate advisory and consultative groups.
Cyberspace can be described as the electronic medium of computer interconnections, in which online or internet communication usually takes place. In the current usage, the term cyberspace is used to stand for the global network of interdependent information technology infrastructures, computer processing systems and telecommunications networks. This term is mostly used to describe anything that may be associated with the internet and the diverse internet culture. This means that cyberspace deals with all the information exchanged through the internet. Cyberspace has drawn attention to influences of culture through new advanced technologies: it is not just used as a communication tool but can also be referred as a social destination, and is culturally important in its own right. Cyberspace can be seen as providing new opportunities top reshape the society and culture through some hidden identities or it can be seen as without border to communication and culture.
The law that rules the cyberspace has not yet caught up fully with the evolvement of the cyberspace (Owens 211). The law of cyberspace is concerned with four crucial issues. The three issues include defamation, copyright, privacy and trademark. Defamation can be explained as the term for making false statements or allegations about someone. Copyright law is used to govern the right to protect and use original works containing information or artistic expressions. Trademark law is used to govern the right to protect and use unique words or symbols that identify the owner’s good or services. Cyber-privacy is mostly defined by the services used by individuals. Whatever agreements individuals agree to when they sign up for a service usually signs away their right to privacy.
In other cases, reasonable expectation of privacy is may not be reasonable if the behaviors or communications in question were knowingly exposed to public awareness. These four issues mentioned above have posed challenges for the cyberspace law particularly with respect to determining liability. In order to understand law in cyberspace, you have first to understand how the “information superhighway” works and how information flows in the internet. The electronic transmission or exchange of information between two parties requires at least two computers, one for sending information and the other one receiving information. However, a third party is usually involved and is referred to as cyber vendors.
The computers of these cyber vendors store information placed there by the cyber vendor, by someone working on the cyber vendor’s behalf, or the cyber vendor’s customers. In most large systems, the amount of information or data flowing onto and off of the cyber vendor’s computer is so copious that the cyber vendor is simply unable to keep track of it all. Cyber vendors’ business role involves providing their customers or clients with access to information and with places to post information so that others can see it. Defamation can occur in cyberspace when someone posts defamatory statements in an area within a cyber vendor’s computer to which the cyber vendor’s customers have access to. Copyright infringement can occur in cyberspace when someone other than the copyright owner places copyrighted information in a public area within the cyber vendor’s computer.
Trademark infringement can occur in cyberspace when someone uses another’s trademark to market their goods or services with the cyber vendor’s “electronic mall”. The question for the law is whether the cyber vendor is liable if someone is defamed or if someone’s copyright or trademark is infringed by information placed on a cyber vendor’s computer without the cyber vendor’s prior knowledge. The challenge for the law in determining liability is due to the fact that cyber vendors did not even exist until a few years ago.
Copyright law generally gives the copyright owner the entire right to make copies of a work. Copies include electronic copies and copyrighted work includes electronic works. There are four different categories of copying which include copies of less than the whole thing, paraphrases so long as they are close enough, manual copies as well as mechanical copies and personal copying as well as business copying. A major requirement in copyright law is that the work be original in order to have copyright protection (CyberSecurity Act of 2009). The work must be independently conceived by its creator. Fair use of others information allows us to use a limited amount of copyrighted material for your educational use. Trademark law and cyberspace involves four issues namely domain name, Meta tags, framing and deep hyper linking.
The cyberspace trademark issue that continues to get the most press is the domain name controversy. The domain name is identical or confusingly similar to trademark or service mark of the complainant has rights and respondent has no rights or legitimate interests in the domain name. Meta tags are codes which are contained within websites and are used to provide a description of the website. These tags are embedded in the source code of the website. They are put so that they can assist the search engines in accurately identifying what the website relates to. The Meta tags are divided into two, the description tag which contains a description of the web page and the keyword tag which contains relevant associated keywords. Framing is whereby each frame is divided into several frames where each frame is used to display different content. Hyperlink is a reference to a webpage or document on the internet.
Defamation can be described as the intentional infringement of another person’s right to his good name. it is wrongful and intentional publication of words or behavior concerning someone else, which has the effect of negatively affecting that person’s status, good name, or reputation in the society. Libel is a form of written defamation and slander is an oral defamation. The primary difference of the two is that in libel, damages are presumed whereas in slander actions, unless the slander falls into a certain category, called slander per se, the plaintiff must prove actual or quantifiable damages. The law of defamation places a heavy burden on the defendant, all that a plaintiff has to prove, in a defamation action is the publication of the defamatory matter.
The burden then lies on the defendant to prove his innocence. The law of defamation attempts to create a workable balance between two equally important human rights, the right to freedom of expression and the right to an unimpaired reputation. In a cyber society, both of these interests are increasingly important. Protection of reputation is even considered more important in an advanced technological society, since one may not even encounter an individual or organization other than through the medium of the internet. Cyber defamation need not necessarily directed against an individual victim, but it could be harmful to the whole society.
Privacy is one of the most contentious issues arising in cyberspace. Privacy is of extreme importance to not only an individual person but also corporations and governments. Currently, privacy of the individual person has acquired critical relevance (Chander 10). Cyber- privacy is a huge concern for civilians and especially for companies because of the potential for crime. Some of the crimes which attack cyberspace privacy include malware, denial of service attacks and computer viruses. All of these crimes fall under the category of fraud, identity theft, phishing scams and information warfare. The cyber-privacy project attempts to raise public awareness and promote the education of cyber privacy to prevent crimes from happening (Flaherty 3). It is important that the government should legislate about privacy in cyberspace. Websites must mandate to follow strict guidelines on various issues concerning individual privacy.
Websites must give a crystal clear notice to the citizen that they are collecting information, what is the kind of information being collected and for what purpose as and also how the collected information about citizen would be utilized. Individuals should also be given a choice to state as to whether the information being collected should be used for any other purpose by the said website except for the purpose of completing the transactions I may be doing with it. Cyber law should also give the facilities of reasonable access to individuals. Once a person gives his information on the websites he must have the right to access the said information collected on him by the website and in addition, he should also have a reasonable opportunities to make any collections of the said information or of any errors as also the choice of deleting any or the entire data of information on him collected by the said website. It is also essential for all websites, portals and companies to ensure that the collected information relating to individuals should be handled to rule out unauthorized access of the same or its theft.
Reputation can be managed and can be influenced by the things we do, but can not be designed or decided upon by the owner. Reputation therefore, can be said that it is earned. If you want to manage reputation, privacy and your security to any extent, you have to think about people around you. To manage your reputation online there are five things you should do. The five things include understanding, being social, conversing, listening and creating content (Hatoff 102). The first part of understanding your online reputation is by discovering what the websites in the internet equates with you. Through the search engines, you will be able to understand what people will find about you if they conduct a more thorough online search of you. Whether your initial search results are bad, good or ugly, set your privacy settings to private, delete dormant online profiles and treat what you do online as public, immediate and permanent.
As part of good online reputation management, you need to be listening out for where your name is mentioned. Listening can be done through alerts like those offered by the Google alerts. These alerts will help you to continually understand your online reputation, but also bring to your attention potential issues as well as opportunities to engage, create and network. One of the most effective ways to boost your online reputation is by using social media. Many people think that most popular social media sites are for kids and college students. That is a total misconception. Social media channels are excellent platforms for giving information about you and incase of a business you give information to your existing customers, attracting new customers and understanding the competition (Halpern 16). Because social media channels are so reachable, it is very important that everyone who is connected to you professionally is cognizant of what they put on their personal pages.
Not only are all your accounts on the social media channels searchable but they tend to come up high in the search engines ranking. Social media generates naturally acquired back-links, social recommendations and enhancements that score highly on Google, so as to make sure you are being social. Incase you want to build your business reputation using the social media, you should encourage your customers to check out your social media accounts on a regular basis to keep abreast of what is new in your business (Burkhardt 24). Social media allows you to position yourself to the world as a subject matter expert (SME). By continually promoting discussions and answering questions, leaving comments, posting blog articles and supplying fresh links to new stories, you are demonstrating that you are an expert in you particular niche and that other people can feel comfortable coming to you for valuable information, the valuable content is picked up by search engines. If you can position yourself as SME, it will not only add to your positive online presence, but it will become a wonderful marketing tool for you as well. Conversations you engage yourself in social websites may enhance your online reputation in the short term, but leave little lasting impact.
There is no better way to improve your online reputation than by creating content such as a blog, podcast, video or photo album. Provided it is tagged with keywords, along with a SEO-friendly title and relevant description, it will score highly when someone types your name into Google or any other social website. Blogging in particular is an effective way to document your thoughts, network and create a community of fans. There are offline benefits to creating content as people recognize that it takes planning, creativity and commitment. When you are dealing with your online reputation, remember to always be proactive and vigilant. It is crucial that your online presence be surrounded by positive, high-quality content. The more positive content you contribute online, the stronger your reputation will be.
Insufficient security measures at any level may cause resources to be damaged, stolen or become a liability to the campuses. Therefore, responsive actions may be taken. For instance, if a situation is deemed serious enough, computers posing a threat will be blocked from the network access. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users (Gollmann 317). The term computer security can be used to stand for the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The strategies and methodologies of computer security often differ from most other computer technologies because of its somewhat elusive objective of preventing unwanted computer behavior instead of enabling wanted computer behavior.
The technologies of computer security are based on logic. As security is not necessarily the primary goal of most computer applications, designing a program with security in mind often imposes restrictions on that program’s behavior. There are two key security elements which should be put in place in any campus network. The two elements include logical security and physical security. In logical security, computers should have the most recently available and appropriate software security patches, commensurate with the identified level of acceptable risk (Connolly 38). For example, installation that allows unrestricted access to resources must be configured with extra care to minimize security risks. Adequate authentication and authorization functions must be provided, commensurate with appropriate use and the acceptable level of risk.
Attention must also be given not only to large systems but also to smaller computers which, if compromised could constitute a threat to campus or off campus resources, including computers maintained for a small group or for an individual’s own use. Physical security is an old computer security axiom that if a cracker has physical access to a computer, then he has complete access to the software and data on that computer. In physical security, appropriate controls must be employed to protect physical access to resources, commensurate with the identified level of acceptable risk. These may range in scope and complexity from extensive security installations to protect a room or facility where server machines are located, to simple measures taken to protect a user’s display screen.
Many campuses have installed the wireless LANs networks. To connect to the campus network, network users can use a wireless network interface card (NIC) or a wireless adapter. This will allow the user to communicate with other stations connected to the network. Security breaches to campuses networks have increased. Hacking and rouge access points are the major security threats of wireless LANs. Hacking can be described as the act of gaining access to an IT system illegally. This is usually done by clever programmers who exploit loopholes and vulnerabilities in the IT system. Rogue access points in a wireless LAN can lead to attacks such as eavesdropping. Leaving a wireless access point open may be convenient but it also make users to be susceptible to attacks. Leaving a rogue access point open also posses another risk to the user in that the user can forced by an attacker to connect to another access point and be controlled by the attacker.
To prevent the above, some form of encryption is needed between the client and the access point to increase security. This will help to evade threats such as evil twin attacks. To maintain security in campuses, there are services which are used to report and identify potential security problems. These services include intrusion detection systems (IDS), network scanning and aggressive IP distribution. Applications must be designed and computers must be used so as to protect the privacy and confidentiality of the various types of electronic data they process, in accordance with applicable laws and policies. Users who are authorized to obtain data must ensure that it is protected to the extent required by law or policy after they obtain it. For instance, when sensitive data is transferred from a well-secured mainframe system to a user’s location, adequate security measures must be in place at the destination computer to protect this downstream data. Technical staff assigned to ensure the proper functioning and security of campus electronic information resources and services are not permitted to search the contents of electronic communications or related transactional information except as provided for in the campus electronic communication policy.
Compliance means conforming to a rule such as a specification, policy, standard or law. For IT organizations, IT compliance includes internal best practices/gold standards and external governance mandates. The IT organization initiates internal IT compliance standards to build consistent and predictable network, while the IT industry often imposes external mandates to advance the technology. Organizations appreciate best practices as a way to standardize the network, but they decry the increased workload for auditing and reporting, often delaying implementation of IT compliance until required by an upcoming periodic audit. Infoblox eliminates these problematic catching up periods and keeps organizations in full compliance year round. Infoblox delivers IT compliance management in a box.
With a solid understanding, of all network infrastructure elements, their holistic behavior, configurations and changes. Infoblox enables compliance in the easiest and most efficient way possible. Instead of being reactive, users receive a list of violations for remediation, and simple one-click reporting verifies compliance. Over 4,000 of the world’s top organization have embraced infoblox IT compliance management to solve their compliance issues. There are five best practices steps for successfully implementing compliance across the network infrastructure. When an organization follows the best practices, the amount of time and resources saved can be enormous. The infoblox compliance solutions make it easy to following the five-step process. Infoblox allows you to:
(a) Easily define standards- IT team must understand and define the pertinent internal or external standards and the impact on the network infrastructure
(b) Deploy standards- since standards are unique and have different requirements, different devices will have different policies, so the IT team must assign the right policies to the right devices
(c) Provide proactive monitoring- the first configuration is normally correct, but modifications over time often cause the violations, so organizations must continuously monitor settings against standards.
(d) Take action with fast remediation- if there is a violation, correcting the problem right away provides more value and security instead of waiting until the yearly audit.
(e) Automated and built-in reports- External mandates require audits and proof of compliance, which can be time consuming for IT organizations.
Infoblox enables organizations to successfully implement and manage compliance standards quickly and more cost-effectively than the tradition manual processes. With embedded automation, intelligence, proactive monitoring and pre-built reporting. Infoblox provides fast time to value for both internal best practices and external compliance mandates. A key component of compliance is providing control and detailed auditing capabilities. With user-defined roles and detailed tracking across network change, DNS, DHCP and IP address management, users can verify the proper procedures and management are in place to show control for any audit requirements. Key infoblox capabilities include embedded expertise, ease of deployment, proactive monitoring, remediation, reporting, control and tracking and auditing.