The advent of the internet as a global communication mechanism has sparked internet and computer related legal dilemmas at home and abroad. Legal and IT experts are today faced with complex and difficult questions surrounding topics such as privacy, intellectual property rights and copyright. Internet is an important tool for collecting knowledge and information. For that reason, it is viewed as a basic right for all human beings. Infringement of these rights has further given rise to cybercrime, privacy concerns digital insecurity and defamation issues. Governments are today grappling with ways of addressing these concerns (Sembok, 2003, pp.241-312).
From the dawn of the internet technology up to now, the world has witnessed numerous developments in computer resources. Technologies like the internet, smart phones, and palm pilots, have generated a new wave of crime. This perspective of crime entails increased strategies at criminals’ disposal to carry out offenses, together with widespread locations within which the criminal activities can take place. For instance, property crimes no longer entail a face-to-face interaction between the fraudster and the victim. Earlier, criminal activities used to be undertaken by way of breaking into victims’ premises and parting with their valuables. Times have changed. Today, fraudsters carry out property crimes from the comfort of their premises and homes against individuals who live abroad via computer technology (Wilson and Kunz, 2004, pp. 1-146).
Internet crimes pose a disheartening task for lawmakers and enforcers since they are very sophisticated crimes. IT and legal experts ought to have a workforce trained in computer science forensics as well as Information Technology to satisfactorily look into internet crimes. On top of that, state agencies need to amend and draft legislations that deter internet crimes as well and spell out appropriate penalties for such offenses. The frequency of internet crimes is likely to rise with the continued improvements in the field of Information Technology (Wilson and Kunz, 2004, pp. 1-146).
It is imperative that Oman and states situated within the Asia-Pacific region develop carry out an assessment of the situation and guidelines for moves that can deter cases of malicious invasions of privacy, confidentiality and availability of internet data and systems, as well as computer-based crimes like fraud, forgery, violations intellectual property rights and child pornography. In addition, potential threats to important infrastructure and national interests born by the utilization of the internet for criminal and terrorist operations are of urgent attention (Martana, 2008, pp.125-138).
The harm that businesses, individuals and governments realize in states where the use of internet is high, is increasing in scale and significance. When users begin to lose confidence in online transactions, the opportunity costs may become heavy. In Oman and the entire Asian region, the challenges rest in the general lack of awareness of issues revolving around information security, the ever increasing sophistication of information systems, the rising capacity and access of ICT, and the transition feature of the communication networks (ITA, 2011, P.1).
Oman and the surrounding states within the region do not have appropriate legal and regulatory mechanism to address these challenges (UNECE, 2007, PP.39-67). Even in cases where there is increased awareness and where legislation may be there, the capacity to utilize formation security apparatus together with the relevant steps, as well as to safeguard against, spot and respond appropriately, to cyber offenses, is very low (KPMG International, 2011, pp.2-14). For that reason, reports of cyber offenses may reflect only a small proportion of their incidence, resulting in an urgent need for more accurate approximation of the prevalence of cybercrime (ITA, 2011, P.1).
Privacy violation is one of the most complex legal dilemmas in Information Technology. Privacy invasion occurs when an individual or group of people use a computer or a network computer and knowingly access and examines without consent information such as employment, credit, or any form of personal or financial information relating to any other person (FATF, 2010, pp.1-12). In this perspective, examination of information is treated as privacy invasion when the offender views the information after the period of time when the offender is fully aware or supposed to know that he is not consented to view the information stored in the computer system or internet network (Sembok, 2003, pp.241-312).
In a bid to safeguard privacy and personal information and data, the Oman government put in place the Information Security Management Framework. This is part of the Information Technology Authority (ITA) standards framework, whose aim is to safeguard the information assets, from unauthorized entry and modification or alteration by a third party. This includes storage, processing and transit. The ITA also attempts to protect the deprivation of service to allowed users or the offering of service to unauthorized users, including strategies needed to spot, record and counter these threats. The scheme establishes a secure and structured working condition, protecting information and information assets. Further, it deters an information security incidence from taking place (ITA, 2011, P.1).
Oman does not have any privacy or data protection legislation. This mandate is handled collaterally by several Royal Decrees. Organizations operating in the country develop their own data protection rules and regulations, drawn from the European standards. However, they lack backing legislations. The only applicable internet privacy legislation is Article 43 of The Electronic Transfer Law. This law governs protection of private data. While this law is solely meant for e-commerce transactions, it offers some protections and penalties against unauthorized access to this information (Said, 2011, pp. 1-12).
In UK, the main law governing privacy issues is the Data Protection Act. The Act replaced a similar one of 1984. It was put in force as the country’s domestication of the European Union Data Protection Law. This was a milestone attempt by European Union to ensure that the laws governing data protection of member states are brought into greater harmony with respect to the convenient implementation of laws founded on commonality of standards. Apart from safeguarding individual data, the Directive seeks to aid the conclusion of domestic market in the EU by necessitating the unrestricted movement of private data within member states (Goold and Raab, 2011, pp.1-105).
Business transactions may be relayed and recorded in databases of institutions such as hospitals, banks and shopping malls. This invaluable information contained in electronic communications and databases can be accessed by unauthorized individuals or organizations if not properly guarded (Stevens, 2013, pp1-32). In Asian countries and abroad, there are conditions under which privacy violations can be admissible. This can partly be owed to rising security concern and counter-terrorism operations. When a government agency is involved in investigations surrounding security matters, they are left with no choice but to overlook legal issues such as privacy.
The internet has sparked the emergence of online education and training. As a result, academic institutions and lawmakers have come up with the Concept of Acceptable Use and Privacy. Acceptable use can be described as the policies that are put in place by an institution relating to the utilization of online resources and computer-related information. One of the most controversial aspects of acceptable use is the degree of privacy that individuals are guaranteed in while going about their online activities (Mpofu, 2005, pp.1-12).
In some institutions, all e-mail communication may be monitored. Online courses usually generate a lot of email traffic among the parties involved. In organizations where e-mail may be scrutinized, users may be concerned of what they write or say online. This affects the quality of online communication. In most academic institutions, it is not easy to tell whether e-mail is scrutinized. What is clear is that most institutions of higher learning state that they reserve the right to do so (Mpofu, 2005, pp.1-12).
An individual’s entitlement to privacy is not explicitly guaranteed by organizations in most cases. However, protection from government invasion needs to be implicitly guaranteed. With the widespread use of online resources and transactions, the right to an individual’s privacy has progressed beyond private property since the internet is currently a self-regulated medium. This state allows the internet to advance without the confines of legislation, but it also gives room for problems since there are few precise guidelines that need to be adhered to (Mpofu, 2005, pp.1-12).
Most Internet organizations gather users’ personal information as they navigate through their websites. Privacy proponents assert that collection of users’ private information goes against individuals’ privacy rights. However, online marketers and sales advertisers argue that, by storing the likes and dislikes of online clients, e-commerce firms can improve service delivery. For instance, if a client purchases a ticket from Dubai to Muscat, the travel website might record this transaction (Knizek and Beranek, 2013, pp. 1-18).
The Oman Sultanate is mandated to safeguard the rights of copyright custodians. In 1996, the country enforced rules safeguarding copyrights in the Royal Decree No. 47/96. This was later on revised by the Royal Decree No. 37/00 in 2000. The identified copyrighted resources particularly include programs and database systems. The country’s copyright legislation bars duplication of computer programs without consent. Individuals or organizations caught with pirated software risk being penalized as per the provisions of the state’s copyright rules. In addition, all unlawful duplicates of computer programs together with the materials used for unlawful duplication shall be confiscated in accordance with the law. An OMR 2000 fine may also be imposed on the offender, and a jail term not exceeding 2 years (Said, 2011, pp. 1-12).
In UK, these rights have a statutory foundation, found in the Copyright, Design and Patients Act 1998. Each category of work has a corresponding copyright protection, but ideas are not covered. Each class of work has been accorded its own rank in the legislation. In UK, the copyright law is a complicated topic, since the concept started in the 15th century, and is presently anticipated to govern a broad range of materials such as computer programs and artistic works (Charlesworth, 2003, pp. 1-79).
Safeguarding of copyright covers original artistic, literary, musical and dramatic works, together with films, typographical arrangements and sound recordings. There is no standardized registration procedure for copyright works. As such, by merely recording or documenting the work, for instance by creating a webpage, it will bring about copyright protection. The contents of a website will thus be wholly subject to protection regardless of whether it contains the © symbol. Copyright safeguards the expression of an idea but cannot be employed to safeguard the idea itself (Mpofu, 2005, pp.1-12). Thus copying the texts of a fictional tale will amount to infringement but simply using the basic idea behind the tale does not give rise to infringement Matwyshyn, 2013, p.155-227).
The original copyright owner or custodian is guaranteed the exclusive right to undertake several activities relating to the work, like copying, distributing the copies to others as well as making adaptations of the works. The right to undertake such roles may be licensed or bestowed on others. Copyright infringement takes place when an individual or group undertakes these roles without the consent of the copyright custodian. Copyright works will conventionally be availed subject to a license spelling out the terms and conditions under which the work may be utilized (Mpofu, 2005, pp.1-12).
From a legal standpoint, a license may be categorized as either a unilateral grant of permission by the licensor to use the literary works in specified ways, or a contractual agreement between the licensee and the licensor. Within the online environment, such license agreements are usually known as click-wrap licenses. Legal acceptance of the user is realized by an indication of his consent to the stated terms and conditions by putting his mouse pointer on the specified icon or button and clicking on it. The existing culture of openness shown by majority of internet subscribers, especially technically complicated first adopters, has also catapulted the development of alternative licensing schemes designed to necessitate information sharing, instead of constraining its use through copyright (UNECE, 2007, pp.39-67).
In the software sector, the LINUX operating system was developed cooperatively based on licensing scheme in which anybody was allowed to copy and modify the work, on condition that any work product that is drawn from the original work must also be licensed at no charge. This popular scheme has come to be referred to as open source licensing. The term open source is use in broad contexts. However, it mainly depicts a software creation model and/or a licensing scheme. As a software development methodology, groups and associations of computer programmers or code writers contribute to the scripting of the source code for a software, like LINUX, which is in thereafter made available under an ‘open source’ licensing model (UNECE, 2007, pp.39-67).
There are a broad range of open source licenses, but they have commonalities in characteristics. To begin, a license is free to redistribute the program. Secondly, a licensee should be granted entry to the source code, the program’s scripting language, and the machine code. Also, there ought to be no discriminatory license conditions regarding the program’s utilization. Finally, there should be no imposition of collateral or constrains on the license (UNECE, 2007, pp.39-67).
Besides the open source, schemes have also been developed for public domain materials, in which the legal custodian of the copyright issues out his copyright over the material and grants free re-use redistribution and adaptation. Whereas open source licensing makes use of present copyright rules to necessitate the widespread distribution, utilization and establishment of source code, public domain programs and information gets rid of the operation of the copyright rules altogether (UNECE, 2007, pp.39-67).With regard to fair use doctrine, limited reproduction of copyrighted works for the objectives of criticism, educating and teaching scholarly research does not amount to an infringement of copyrights. In theory, all these factors are always regarded, but in practice, the last factor is the most significant in the arrival of a conclusion as to whether a particular use is fair (Diotalevi, 2003, pp.1-3).
The doctrine of fair use rarely comes under sharp criticism in Africa and the Arab world. The relevant copyright laws usually deals with the problem on the surface, thereby making it hard for one to figure out exactly which matters will be treated as fair dealing and fair practice but does not give in details what shall be treated as fair dealing or fair practice. The absence of precise legislative guidelines on fair use has made it harder for universities and colleges to develop fair use procedures and policies that have legal foundations. In spite of the legal provisions, copyrights are in general hard to enforce, as there are still no mechanism for monitoring the magnitude of its occurrence (Mpofu, 2005, pp.1-12).
In 2010, the Oman Sultan established the National Data Centre (NDC), in collaboration. It was mandated to provide sufficient levels of trust, privacy and confidentiality of personal information stored in government-owned information systems. The latest legislation governing this legal issue is the Cyber Crime Law The second chapter of the Cyber Crime Law concerns breach of security and secrecy of information systems. Further, it increases punishments for hacking, should one be caught misusing personal data. However, there is no additional elaboration on the penalties (Said, 2011, pp. 1-12).
In UK, the Data Protection Act 1998, guards against unauthorized access of any confidential information system and security breach. The act is a local implementation of the EU Data Protection Directive 1995. Sadly, the Act already looks outdated with respect to the utilization of contemporary data systems. However, some challenges have been ironed out with a significant level of practicality by the Information Commissioner’s Office majorly with regard to risk or benefit evaluation (Charlesworth, 2003, pp. 1-79).
- 1.Integrity and Authentication
Most legal questions posed relating to security issues relate to integrity and authentication as well as confidentiality. Paper and ink documents are hard to modify or alter without leaving traces of evidence. The changes made to an electronic data, as opposed to pen and paper documents, cannot be spotted easily. The ease of changing a document makes it hard to understand in the various ways a document has been modified and the time of its alteration. For instance, an electronic contract may be modified or changed by either party at some point after sealing the agreements. Electronic signatures have been created to counter such security concerns and give a substantive level of legal assurance when communicating and making contracts via a computer medium (Mpofu, 2005, pp.1-12).
Within the traditional context, security techniques have for a long time been employed to make safeguard security and confidentiality of pen and paper documents. The traditional steps taken to safeguard the security of pen and paper documents entailed locking offices, filing cabinets, installing alarm systems to detect unauthorized access into an organization’s premises. Depending on the type of documents to be safeguarded, there are different levels security approaches may be employed, ranging from bank vaults to safeguard money or bonds to merely a filing cabinet to keep records (Mpofu, 2005, pp.1-12).
Both people and commercial organizations have reasons for desiring to keep the confidentiality of certain information. Organizations will always include the confidentiality clauses in the contract agreements with their employees if there is worry about disclosure of the firm’s secrets to the public and rivals. In some careers, professionals spell out confidentiality requirements as part of the professional obligations of the employees. A case in point is the non-disclosure of health information of patients by doctors. Government authorities are also obliged to safeguard confidential information as a matter of showing respect to individuals and organizations (Mpofu, 2005, pp.1-12).
Piracy and Online Counterfeiting
The advent of the internet has given counterfeiters and pirates with a new avenue for selling their products and services through auction sites, email marketing and stand-alone e-commerce websites. The internet technology also poses a challenge to the deterrence of unauthorized use of protected works and the law of copyright as a way of rewarding and acknowledging the growth and developments in creative content investments. Software piracy, especially the use of illegally copied programs, is widespread in academic institutions. If proper regulatory measures are not put in place, employees and students will use any readily available software for going about their scholarly endeavors. For that reason, organizations need to sensitize their employees on the ways of detecting pirated programs.
The Sultanate of Oman regards piracy and counterfeiting as forgery in Article 12 of the Cyber Crime Law. In it, any individual that the IT infrastructures in the undertaking of piracy offenses by modifying and altering the features of such information or programs with the objective of using it as legit, which is acknowledged in a computer-based information system, so as to reap benefit or cause damage to the original owners, if caught, will be imprisoned for a duration not below one year, and not beyond three years. An additional penalty of not below OMR 1,000 and not above OMR 3,000 will also be exacted on such a person. The same penalty will be exacted to any individual who intentionally uses the counterfeited or pirated computer-based information system (Said, 2011, pp. 1-12).
In UK, the Digital Economic Act, 2010 spells out measures of curbing piracy and counterfeiting. These measures include: web blocking, warning to suspected infringers and other stern measures that may be deemed necessary to contain the crime. The UK government also came up with the Initials Obligations Code, allowed under section 11 of the Act. Under this code, an internet service provider is allowed to send a warning letter to any client detected downloading copyright material freely. If the client goes on with the infringing activity, two follow-up letters would be sent. Upon reception of the third letter, the client’s download history could be released to the owners of the copyrighted materials, allowing them to take legal action against the infringer, after receiving a court order to do so. The accused customer is allowed to file an appeal for 20 pounds, which is refundable if the appeal is successful (Ward, 2013, pp. 1-7).
Human Trafficking and Modern Slavery
With the advent of the internet, human traffickers have come up with ways of using it to recruit new human trafficking victims, basically from social media sites like Facebook and Twitter. Human Trafficking agents explore and try to befriend their victims via the online platform. They groom them for a friendship, make appointments for a meeting, and when the opportunity presents itself, the victim will be trafficked. In developing countries, the risks that come with the use of social media are not widely explored, resulting in a higher rate of victimization of children. One of the leading victim states in human trafficking is Indonesia (Major, 2012, pp.1-13).
In Oman, the Law of Human Trafficking covers human organs, which are any biotic organ of the human body or component of that organ, and the entire human body. Article 23 of the Law of Human Trafficking, Royal Decree No. 126/2008, states that any individual, who sets up a website or transmits data on the information system and knowingly facilitates trafficking of the human organs or the entire human body, shall be jailed for duration not below three years and not beyond ten years. This penalty will be accompanied with a fine not less than OMR 1,000 and not exceeding OMR 50,000 (Said, 2011, pp. 1-12).
In UK, several laws and policies have been set up, including the new human trafficking offenses as well as establishment of UK Human Trafficking Centre. In 2013, the government drafted the Modern Slavery Law. The Modern Slavery Act will make legislation simple and tighten punishments for slave drivers. It also allows the judiciary to limit activities where potential victims may be at peril. This legislation has provisions for pursuing more traffickers, disrupting their activities and bringing them to justice (Beard and Lipscombe, 2014, pp. 1-27).
Like other types of online contents, the comments posted on social media platforms are instantly available and, once posted, incapable of true deletion. Owing to this phenomenon, it is very important to exercise utmost care in what you post, especially concerning third parties. Defamation claims based on online contents are nowadays on the rise, and are treated by courts in the same way as those that involve the traditional mainstream media. Unlike other forms of online defamatory allegations involving anonymous posts, defamation taking place via the social media is most likely to be attributed to an actual person. This further increases the chances of liability for posting such defamatory statements (Stone and Canfield, 2012, pp. 1-9).
There is an urgent need of developing holistic integrated policy framework regionally and internationally to foster effective and beneficial use of ICT applications in Oman and the Asia-Pacific regions. Sound education programs need to be developed at all levels so as to create awareness on the various legal implications that come with the ushering in of ICT (UNECE, 2007, pp.39-67).To combat cybercrimes, stakeholders should invest in creating awareness on information security at the national and regional levels. Policies need to be put in place at the national and regional level that is consistent with the already existing or developing international legal instruments. Further, all key players in the ICT sector should come up with an effective regional mechanism for averting cybercrime and enhancing protection against, detection of, and responses to, cybercrime. To efficiently achieve this, governments must increase the capacity of carrying out national investigations, as well as assisting with trans-national investigations (UNECE, 2007, pp.39-67).
To effectively manage ICT security risks, an individual or organization should invest in firewalls so as to shield the organization’s data and virtual private networks from malicious programs and unauthorized access to the firm’s data. When communicating via a computer medium, parties to an online transaction should ensure that the message sent and received between them will reach their destination unaltered. They should also authenticate that the other entity to a transaction is who he/she claims to be. The mechanism used to achieve this may vary, ranging from the use of Personal Identification Numbers or Passwords, to biometric systems like retinal scans or cryptography and thumbprints. Digital signatures are therefore worth investing in (UNECE, 2007, pp.39-67).
Boyd, R., Ho, T., and Eisenberg, L., 2013. Computer Crimes. American Criminal Law Review,
[e-journal] 50, p.681. Available at: < http://www.ebscohost.com > [Accessed 20 May 2014]
Beard, J., and Lipscombe, S., 2014. Human Trafficking: UK Responses. Standard Note, [e-
journal], pp. 1-27. Available at: < http://www.parliament.uk > [Accessed 28 May 2014]
Charlesworth, A., 2003. Legal Issues Relating to the Archiving of Internet Resources in the UK,
EU, USA and Australia. Joint Information Systems Committee, [e-journal] 1, pp.1-79.
Available at: < http://www.jisc.com > [Accessed 28 May 2014]
Diotalevi, N.R., 2003. An Education in Copyright Law: A Primer for Cyberspace. Electronic
Journal for Academic and Special Librarianship, [e-journal] 4(1), pp.1-3. Available at: <
http://www.ebscohost.com > [Accessed 5 May 2014]
FATF., 2010. Money Laundering Using New Payments. Financial Action Task Force Report, [e-
journal], pp.1-12. Available at: < http://www.fatf-gafi.org > [Accessed 20 2014]
Goold, B., and Raab, C., 2011. Protecting Information Privacy. Equality and Human Rights
Commission Research Report, [e-journal] 69, pp.1-105. Available at: <
http://www.equalityhumanrights.com > [Accessed 28 May 2014]
ITA., 2011. Oman Efforts in Identifying Internet-Related Public Policy Issues. Information
Technology Authority Sultanate of Oman, [e-journal], p.1. Available at: < http://
www.files.wcitleaks.org/publics > [Accessed 20 2014]
Knizek, J., and Beranek, L., 2013. The Use of Contextual to Detection of Fraud on Online
Auctions. Journal of Internet Banking and Commerce, [e-journal] 18(3), pp.1-18.
Available at: < http://www.arraydev.com >[Accessed 20 May 2014]
KPMG International., 2011. Cybercrime- A Shocking Challenge for Governments. Issues
Monitor, [e-journal] 8, pp.3-24. Available at: < http://www.kpmg.com/global >
[Accessed 20 May 2014]
Major, M.M., 2012. Technology and Human Trafficking. University of Idaho, [e-journal], pp.1-
13. Available at: < http://www.vandals.uidaho.edu > [Accessed 20 May 2014]
Matwyshyn, M.A., 2013. The Law of the Zebra. Berkeley Technology Law Journal, [e-journal]
28, pp.155-227. Available at: < http://www.ebscohost.com > [Accessed 20 May 2014]
Mortaza, M., and Ashrafi, R., 2008. Use and Impact of ICT on SMEs in Oman. The Electronic
Journal of Information Systems Evaluation, [e-journal] 11(3), pp. 125-138. Available at:
< http:// www.ejise.com > [Accessed 20 May 2014]
Mpofu, S., 2005. Ethics and Legal Issues in Online Teaching. Commonwealth Learning, [e-
journal], pp.1-12. Available at: http://www.coi.org > [Accessed 20 May 2014]
Sembok, T.M.T., 2003. Ethics of Information Communication Technology (ICT). Regional Unit
for Social and Human Sciences in Asia and the Pacific, pp.241-312. Available at: <
http://www.unescobkk.org > [Accessed 20 May 2014]
Said, B.Q., 2011. Issuing the Cyber Crime Law. Royal Decree No.12/2011, [e-journal], pp.1-12.
Available at: < http://www.qcert.org > [Accessed 28 May 2014]
Stevens, R., 2013. Regulation and Consumer Protection in a Converging Environment. BDU
Regulatory & Market Environment, [e-journal], pp.1-32. Available at: <
http://www.itu.int > [Accessed 20 May 2014]
Stone, P.L.C., and Canfield, M., 2012. Legal Issues in Social Networking. Institute of Continuing
and Legal Education, [e-journal] pp.1-9. Available at: < http://www.ebscohost.com >
[Accessed 20 May 2014]
Ward, P., 2013. Digital Economy Act 2010: Copyright. Standard Note, [e-journal], pp.1-7.
Available at: < http:www.legislation.gov.uk > [Accessed 28 May 2014]
Wilson, P., and Kunz, M., 2004. Computer Crime and Computer Fraud. Montgomery Criminal
Justice Coordinating Commission, [e-journal], pp.1-146. Available at: < http:// www.
Montogomerycountymd.gov > [Accessed 20 May 2014]
UNECE., 2007.Information and Communication Technology Policies and Legal Issues for
Central Asia. United Nations Guide for ICT Policymakers, [e-journal], pp.39-67.
Available at: < http://www.unece.org/ict > [Accessed 20 May 2014]
Below is the PDF sample of the above Copy.