Botnets are compromised or hijacked computers.
With botnets still representing a rapidly growing threat to Internet users, various techniques and methods have been and continue being developed in order to reduce the threat that botnets pose to the security of information systems connected to the internet. It turns out, however, that the chances those fighting botnets to be hold legally liable for their actions are not negligible.
A joint report by the Estonia-based NATO Cooperative Cyber Defence Centre of Excellence and the European Network and Information Security Agency (ENISA) was published in the beginning of the week and looked at the legal implications of countering botnets.
In the beginning, the report comprehensively defined botnets as: ?networks of interconnected, remote-controlled computers generally infected with malicious software (compromised or hijacked computers) turning the infected systems into so-called ?bots?, ?robots? or ?zombies?.
The study examined the legal implications of the implementation of anti-botnet techniques, concluding that ?Potential restrictions to technological countermeasures may arise from basically any field of law, including administrative, civil and criminal law?.
In addition, the results of the report showed that traffic monitoring, as well as botnet takedown and takeover techniques, were surrounded by an array of legal concerns, which, if not addressed properly, could invoke the liability of the botnet fighters.
According to authors, personal data protection violations and illegally breaking the confidentiality of communications were primary concerns which related to packet and traffic inspection. In their opinion, unauthorised botnet takeover or takedown might fall under many criminal law provisions.?
The report looked at the various anti-botnet techniques and methods and concluded that court practice regarding botnets in general was very limited and many botnet countermeasures addressed in the study were neither explicitly permitted nor prohibited by the law.
The authors emphasised that if there was to be a dispute in the future, it would be up to the courts to determine the unlawfulness of the act in question. This is why they recommended the following: ?To avoid facing a potential court case, persons or organisations looking to take up anti-botnet activities should seek for appropriate legal advice beforehand?.
The joint CCDCOE-ENISA study also recommended that legislators use their mandate to shape national laws so that they support rather than hinder the fight against botnets.
Source: http://www.neurope.eu/article/anti-botnet-techniques-assessed-against-legal-admissibility
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.