m





   

 
@ Introduction
@ Privacy protection
@ Data protection principles
@ Legal
@ Evidence
@ Collection the evidence
@ Recognizing cyber evidence
@ International Issues in Evidence Collection
@ International Cooperation in Electronic Evidence
@ conclusion
@ Internet banking is one form of online banking, PC direct dial
banking is another. Before internet banking, customers using
direct-dial PC banking needed to use specialized computer
software provided and supported by their depository
institution. More recently, these direct- dial connections are
being replaced by internet connection over which customers
can use their computers and browsers software to connect to
their depository institution`s web site.
á What does  
A store of a large amount of information in a form
that can be handled by a system of the bank.
@ What does Consumer privacy means ?

Consumer privacy, also known as customer privacy, involves the handling

and protection of sensitive personal information that individuals provide in
the course of everyday transactions. This involves the exchange or use of
data electronically or by any other means, including telephone, fax, written
correspondence, and even direct word of mouth. With the advent and
evolution of the World Wide Web and other electronic methods of mass
communications, consumer privacy has become a major issue.
Cont,,,,
Personal information, when misused or inadequately
protected, can result in identity theft, financial fraud, and
other problems that collectively cost people, businesses,
and governments millions of U.S. dollars per year. In
addition, Internet crimes and civil disputes consume
court resources, confound legislators and police
departments, and produce untold personal aggravation
.
|



 


Data Protection has govern by some Acts which give

people the right to access information held about them by
certain organisations. The act governs how such
organisations can use the personal information that they
hold - including how they acquire, store, share or dispose
of it.
Some consumer may want to know how their

personal information is used by their bank

whether it is shared with affiliates of the bank

or other parties
Cont,,,,

Once you go to bank to make account ,, regardless

of whether you are conducting business online or
not. You will get a copy of their policy regarding of
your information which bank will keeps about you,
and also what information , if any, it shares with
other companies.
Cont,,,,

You may have heard that there are some companies

track your Web Browsing habits while at their site, to
understand your interests and then to market
particular service or promotion. So , of course you will
ask your self , whether your bank tracks your browsing
habits if these practices concern you.
Cont,,,,
Some examples of protection

- w 
 is the process of scrambling private
information to prevent unauthorized access. To show that
your transmission is encrypted, some browsers display a
small icon on your screen that looks like a "lock" or a
"key" whenever you conduct secure transactions online.
Avoid sending sensitive information, such as account
numbers, through unsecured e-mail.
Cont,,,,

2-




 
  
 
should be used when accessing an account online. Your
password should be unique to you and you should change it
regularly. Do not use birthdates or other numbers or words that
may be easy for others to guess. Always carefully control to
whom you give your password. For example, if you use a
financial company that requires your passwords in order to
gather your financial data from various sources, make sure you
learn about the company¶s privacy and security practices
 The principles
@ To process the personal data you hold in accordance with
the Seven Data Protection Principles laid down by the
Act. Additional requirements and restrictions apply to the
processing of sensitive personal data. Mainly

. General principle
2. Notice & Choice principle
3. Disclosure principle
4. Security principle
5. Retention principle
6. Data integrity principle
7. Access principle
It provides, among others, that data user shall not process
personal without the consent of the data subject concerned. More
stringent requirements are imposed on the category of µsensitive
personal data.¶ By virtue of this principle, too, the processing of
personal can only be done for a lawful purpose directly related to
data user¶s activity. It also requires that the data processed must
not be excessive (imagine if a bank requires from its customer to
declare the history of his illnesses, a data which is not directly
related and is likely excessive)
It prescribes, among others, that when
collecting personal data, data user shall
properly notify the data subjects as to the
purpose of that collection/ processing, as well
as the related rights of data subject with
regards to that processing.
@ This principle puts forward the
restrictions on disclosure of the personal
data. Which no personal data shall
without the consent of the data subject
be disclosed for other purposes.
Personal data processed for any purpose shall
not be kept longer that is necessary for the
fulfillment of that purpose.
Data user shall take reasonable steps to

ensure that the personal data is accurate,

complete , not misleading and kept up-to-

date
A data subject shall be given access
to his personal data and shall be
able to correct that personal data if
it is inaccurate, incomplete,
misleading.
A data user shall take practical steps to protect the
personal data from any loss, misuse ,
modification, unauthorized or accidental access or
disclosure, alteration or destruction
Legal and Evidence
@ Cyberspace is not only the operation of computers
but also include all the virtual relationships &
transactions that are carried out by those who
enter that world through a computer.

@ Cyberspace does not recognize boundaries.

@ Thus territorial borders have no relevancy in

cyberspace and its activities cannot be subjected
to any one particular jurisdiction with legal
justification
Cont,,,,

@ The offender might be sitting in one country and using a

system situated in another country might commit a crime
in a third country.

@ The legal responses in each of these countries could

vary and the jurisdiction of one particular country may
depend on the legal that is followed therein.

@ Even when a particular country decides to prosecute the

offender, issues like investigating the crime, collecting
evidence from systems in other countries and ensuring
the presence of the offender to stand trial is a real
problem
@ The process of obtaining cyber evidence is termed as
computer forensic.

@ Gathering cyber evidence can be extremely difficult as it

involves cooperation from all parties involved including
victim, investigator, even the judge.

@ Virtual digital records have to be collected , preserved &

produced in court to the satisfaction of the court.

@ Nevertheless, unlike what is commonly thought by the

general public, it is more difficult to remove cyber
information because
· Lost/deleted files may be recovered
· It is a matter of knowing how & where to look for evidence
@ Early reporting by the victim is necessary to enable
efficient collection of evidence .

@ Only properly trained must officers should be allowed to

collect evidence.

@ The common way is to remove all the victim¶s hardware

to be examined offsite.

@ A better way is to copy the evidence needed. This

minimizes disruption to the running of the victim¶s
business
Cont,,,,,

@ Cyber evidence could be physical or logical

· Physical investigators enters the scene of the computer

crime & search for or take custody the relevant computer
hardware & media ±called search & seizure.
· Logical extraction of raw data from any relevant
information source.

@ A warrant might be needed for these purpose to

ensure that the evidence collected is admissible in
court
@ Computers & related evidence range from the
mainframe computer to the pocket-sized personal
data assistant to the floppy diskette, CD or electronic
chip device.

@ Images, audio, text and other data on these media

are easily altered /destroyed
@ Virtual evidence is spread across the cyberspace.
This poses problems to investigators.

@ Example A Russian hacker may use internet to hack

a German computer network to steal money from a
US bank.

@ The investigator might suspect that the evidence to

the crime committed in the cyberspace is stored in a
computer located in another country. Here, the
territorial reach is a problem
Cont,,,,,

@ The usual practice is that, the investigator approaches

the law enforcement agency of the country where the
evidence is located and asked for their consent and help
in seizing the evidence.

@ In US, the law enforcement agencies are advised by the

US Department of Justice that they should only make
direct contact with an ISP provider in another country
only upon
· Prior permission of the foreign government
· Approval of the US Department of Justice
· Clear indication by the other country that such practice is not
objectionable
@ The Council of Europe Cyber Crime Convention has
placed a directive that
· all requests for cross-border preservation of evidence be
allowed
· Parties cooperate /assist each other during investigation.

@ So far, 28 member countries have signed up for this

cooperation.

@ The role of Non Governmental Organization is also

important as some of them are leading in cyber
technologies
@ Cyber data &evidence are not real. They are
intangible
@ In cyber transactions, the conventional method of
preserving data and evidence are not practical in
certain circumstances
@ Certain modifications are required to allow greater
efficiency in data & evidence management
@Thanks for
@Your
@Attention