A Duty of Care in Cyberspace and how it relates to cyber terrorism
The internet continues to play a very significant role throughout the world and its demand is expected to increase in all areas, from banking, to telecommunications, to entertainment and to power. Furthermore, it is critical to other essential structures such as health and security. While this service remains important, it is still compounded by a number of insecurities and exposed to attacks from cyber terrorists or zombies. The main challenge is that today’s internet can effectively be attacked by a Distributed Denial of Service (DDoS) attacks that are always from unsophisticated sources. Contractual liability in the cyber attacks is unavailable to the victims of DDoS. Henderson (2002) asserts this by demonstrating that “although software manufacturers attempt to waive essentially all liability in shrink-wrap and other contracts, it is at least theoretically possible for a purchaser to demand contractual protection for any damage caused by faulty programming”. The biggest challenge is that most cases of DDoS attacks involve instances where the victims had no previous form of association with the attackers.
This has the compound effect of complicating the aspect of contractual liability. Restatement (Third) of Torts: General Principles (Discussion Draft 1999) explains that “[a]n actor is subject to liability for negligent conduct that is a legal cause of physical harm.” Cyber attacks in whatever form causes physical attacks. Henderson (2002) defines physical harm in the context of cyber attack as “that term used to include both personal injury and property damage.”
Confronting the threat posed by attackers and zombies to the internet security of critical infrastructure still remains a challenge.
The international efforts to combat cyber terrorism
While a number of legislations and security guidelines have been put into use, they still fall short of the minimum internet safe security levels (Verton, 2002). These include Health Insurance Portability and Accountability Act of 1996 (HIPAA) that regulate the health sector and Gramm-Leach-Bliley Act (GLBA) of 1999 that seeks to regulate our financial sector that remains highly exposed to the attackers. Described as technologically neutral, these legislations require additional security measures to effectively address the threat of cyber attacks. Other efforts to combat cyber terrorism include the formation of the multi-agency National Infrastructure Protection Center (NIPC), headed by the FBI and are responsible for the “national critical infrastructure threat assessment, warning, vulnerability, and law enforcement investigation and response entity.” Henderson (2002).
The admissibility and acquisition of evidence related to computer crime
The admissibility and acquisition of evidence related to computer crime is still as complicated and controversial as the crime itself. According to the Draft Restatement (Third) of Torts (1999), “[a]n actor is negligent if, without excuse, the actor violates a statute that is designed to protect against the type of accident the actor’s conduct causes, and if the accident victim is within the class of persons the statute is designed to protect.” This means that the plaintiffs, in their attempts to make a strong case, are most likely to point out at the aspect of negligence. Computer Fraud and Abuse Act (1994 & Supp. V 1999) expounds that “it is not a defense to liability that damage would not have occurred but for the malicious, and indeed criminal and actions of a third party, where those actions were foreseeable in that the conduct of a defendant can lack reasonable care insofar as it can foreseeably combine with or bring about the improper conduct of the plaintiff or a third party.”
A Critique the problem of cyber terrorism and international and local efforts to combat it
The problem of cyber terrorism is indeed real and capable of causing damage to our critical infrastructure. Compared by Henderson (2002) to “a car is recalled on account of an unpredictable yet frequent tendency to lose control, it would be negligent to knowingly continue to drive the vehicle without having it serviced.” Internet continues to be used globally despite the numerous insecurities. Most of the computer systems within our critical infrastructures and personal computers remain knowingly insecure. This is due to our failure to install software patches that would shield our systems from attackers.
References
Henderson, S. E. (2002). Suing the insecure?: A duty of care in cyberspace. New Mexico Law Review, 32(1), 11-25. Web.
Restatement (Third) Of Torts: General Principles § 3 (Discussion Draft 1999). Web.
The Computer Fraud and Abuse Act (as amended 1994 and 1996). Section 1030. Fraud and related activity in connection with computers.
Verton, D. (2002). Critical infrastructure systems face threat of cyber attacks. Computerworld, 36(2), 8.