CyberLawNet.com - Powered by Yip Tse & Tang, Solicitors & Notaries 葉謝鄧律師行

Virus Attack and Distributed Denial of Service Attack (dDoS)

Book_cover-141x200The attack by virus poses as an imminent danger to on-line financial services. It would result in downtime on the on-line operation and loss towards customers' data and more important loss of the providers' goodwill and business. Besides, it may generate legal liability towards the financial services providers, stock brokers or financial institutions are all alike. Malicious virus like Kournikova, Melissa and I Love You are real threats to on-line trading businesses. The viruses can tie up computer networks and crashed e-mail servers resulting to downtime of the businesses and hence huge losses. The on-line merchants are potentially liable for losses owing to consumers or businesses visitors to the web-sites. That is why in recent years, security and legal liability have become one of the major areas of concern to system administrators and business managers. Cyberinsurance can also serves as a way to mitigate the risk among on-line merchants. However, cyberinsurance is far from being a mature product in the cyberspace world. According to Marsh Inc., a leading cyberinsurer for e-business insurance have given a rather comprehensive list on risks of e-businesses. Damage, theft, loss of service remain to be the leading items of concern of e-business participants.


Typical policies and procedure on managing software

The following is sourced for the Hong Kong Institute of Education and is a typical set of polices and procedures on managing software within an organisation as part of the software asset management. Business managers is made aware that there had been criminal prosecutions by the Customs & Excise Department on possession of pirated software copies against companies in Hong Kong. Therefore, having a software asset management policy is a must for each and every enterprise using software in their day-to-day business operation:

  • Appoint a compliance officer or an officer responsible for managing software assets to oversee and to act as a focal point for matters related to SAM and intellectual property;

  • Promulgate internal instructions in respect of the proper management and use of computer software to ensure that each staff member clearly understands the requirements;

  • Ensure general awareness of all staff members to use only authorized software;
    Acquire software legitimately;

  • Keep software licences;

  • Keep software inventory up-to-date;

  • Maintain and implement proper procedures for installing and distributing software;

  • Conduct periodic software asset audit; and

  • Confirm proper licensing and authorization for all software used.

  • What is Software Asset Management?

    The amendments to the Copyright Ordinance introduced in 2001 criminalised the possession of pirated software by business corporations, including non-profit-making organisations and schools. Because of that, many enterprises has formulated a software asset management policy and practice in order to ensure the the full observance of the law and compliance of the software licence agreements.


    Internet2

    Internet2® is a consortium being led by 200 worldwide universities working in partnership with industry and government to develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow's Internet. Internet2 is recreating the partnership among academia, industry and government that fostered today's Internet in its infancy. The primary goals of Internet2 are to:

  • Create a leading edge network capability for the research community

  • Enable revolutionary Internet applications

  • Ensure the rapid transfer of new network services and applications to the broader Internet community
  • The JUCC (Joint Universities Computer Centre) has established a 45 Mbps Internet2 connection through HARNET (Hong Kong Academic and Research Network) to the United States. This Internet2 link is shared by all the 8 JUCC member institutions. After thorough testing, the connection was finally established in late Oct 2002.

    The academics and researchers from the tertiary institutions in Hong Kong have alreadystarted many Internet2 collaborative research activities with their overseas peers. Examples include

  • Atmospheric research

  • Distance learning projects using videoconferencing technology

  • Bioinformatics databases

  • Grid Computing

  • Telemedicine
  • In addition, the HARNET Internet2 connection has been enhanced to support advanced networking features. For example, the next generation network protocol, IPv6, is currently supported together with IPv4. HARNET has also been enhanced to support IP multicast, which allows effective point-to-multipoint network communications.

    More information on Internet2 can be found at: http://www.jucc.edu.hk/Internet2


    Experimenting the use of Internet2 by academia

    Internet2 is a consortium being led by 200 worldwide universities working in partnership with industry and government to develop and deploy advanced network applications and technologies, accelerating the creation of tomorrow's Internet. Internet2 is recreating the partnership among academia, industry and government that fostered today's Internet in its infancy. The primary goals of Internet2 are to:

  • Create a leading edge network capability for the research community

  • Enable revolutionary Internet applications

  • Ensure the rapid transfer of new network services and applications to the broader Internet community
  • The JUCC (Joint Universities Computer Centre) has established a 45 Mbps Internet2 connection through HARNET (Hong Kong Academic and Research Network) to the United States. This Internet2 link is shared by all the 8 JUCC member institutions. After thorough testing, the connection was finally established in late Oct 2002.

    The academics and researchers from the tertiary institutions in Hong Kong have alreadystarted many Internet2 collaborative research activities with their overseas peers. Examples include

  • Atmospheric research

  • Distance learning projects using videoconferencing technology

  • Bioinformatics databases

  • Grid Computing

  • Telemedicine
  • In addition, the HARNET Internet2 connection has been enhanced to support advanced networking features. For example, the next generation network protocol, IPv6, is currently supported together with IPv4. HARNET has also been enhanced to support IP multicast, which allows effective point-to-multipoint network communications.

    More information on Internet2 can be found at: http://www.jucc.edu.hk/Internet2


    Theft of Online Game Weapons


    elaw120x120
    A few years ago, young people in Hong Kong have begun to be attracted by online games. Many games are fighting or war programs offering virtual weapons which can be purchased by players. The weapons have a money value. The higher level a player attained in the game with your virtual weapon, the more monetary value your weapon is worth.

    Beginning in 2003, there are increasing number of complaints regarding virtual weapons being stolen from online game players' account. According to the police's report, some complaints refer to online gaming accounts being misused thus accumulating large sums to the victims' monthly bills. From the police's enquiry, there are several ways in which the culprits could have stolen the virtual weapons or misuse the accounts. These methods may in fact be criminal in nature and the culprits may therefore be subject to criminal prosecution:-

  • Social Engineering - victims could have revealed their user ID or passwords to their online game partners or even to close friends thus allowing their accounts to be abused by the culprits. The related offence can be : unauthorised access to computer through telecommunications.

  • Plug-ins - Some victims revealed that they have downloaded plug-in programs for online games so that the game can be set at "auto play" mode. These plug-ins are often downloaded from unknown sources and some may contain hacking program such as Trojan Horse. Hacking amounts to unauthorised access to computer, access to computer with dishonest intent and criminal damage

  • Hong Kong Law Firm provides legal information for Free

    Yip, Tse & Tang, a Hong Kong law firm reputable on providing legal services to the mass market is dedicated to offer FREE legal information and materials on-line. Legal information belongs to the public domain and people should be allowed free and easy access to it," says Thomas Tse, IT Partner of the firm.

    InternetSolicitor.com was set up by Yip, Tse & Tang, Solicitors and launched in 1999. It is constituted by partners and solicitors of Yip, Tse & Tang and aims achieving the mission. As early as 1997, the firm set up the award-winning Chinese law portal www.solicitor.com.hk. In 2004, the firm set up another law portal www.8989.com.hk in order to provide multi-media law contents on the Internet. Both web-sites are FREE for access and use. @eLaw.com.hk is also one of it. Offical website of Yip, Tse &Tang, solicitors is at www.ytt.com.hk.

    In 2000, Yip, Tse & Tang was selected by the ITS Department, HKSAR Government as a Reference Case on use of e-commerce on professional services


    Technology Court in High Court of Hong Kong

    Source: Judiciary, HKSAR Government

    For the Benefit of the Legal Profession and Court Users

    With a view to enhancing the efficiency and effectiveness of court support services, the Judiciary is pleased to introduce the first Technology Court in Hong Kong.

    The Technology Court is a direct response to the changing needs of court services today. Court users and the legal profession will be able to take advantage of the new courtroom technologies now in place to facilitate the conduct of proceedings.

    Fully Integrated Courtroom Technologies

    The Technology Court is equipped with user-friendly features and facilities, including video conferencing, multimedia presentation of evidence, electronic documentation and exhibits handling, and enhanced interpretation services-all integrated into a centrally controlled network. Moreover, a customised projection system has also been installed at the court lobby so that proceedings may be broadcast to interested parties who cannot be accommodated in the trial court.

    Video Conferencing

    With the aid of video conferencing facilities, not all witnesses are required to be in court to give evidence. The facilities provide court users with a convenient and less expensive option for taking evidence from overseas witnesses. Parties to the proceedings can save the time and expense of travelling overseas.

    Multimedia Presentation of Evidence

    The Technology Court enables the presentation of evidence by way of a multimedia platform, incorporating audio, video, and digital signals with graphics, text, film, and computer animation. The components of the multimedia platform include an electronic whiteboard, a visualiser, projectors with motorised projection screens, personal computers with LCD monitors, audio and video players and recorders for a variety of formats (including CD, VCD, DVD, MD and MP3), and a fully integrated sound system.

    Electronic Whiteboard: On-screen Annotation

    An electronic whiteboard or a touch-screen LCD monitor used together with markup software will allow parties to annotate electronically on documents displayed on screens in the courtroom. Notes or other explanatory markings will then be captured, stored or printed for circulation or court records.

    Visualiser: Image Capture and Display

    A visualiser is a document camera capable of capturing and displaying images of hardcopy documents, physical objects, or negatives. Such images can be instantaneously broadcast on in-court display screens or saved in the computer for further annotation using the electronic whiteboard or touch-screen markup facilities

    Electronic Documentation and Exhibits Handling

    All data is safely stored in a central data bank that handles common multimedia and file formats and is fully indexed for instantaneous retrieval of information. Data protection is strictly observed and access to data is restricted to the parties concerned.

    Enhanced Interpretation Services

    The system can cater for multilingual or multi-dialect consecutive interpretation through dedicated channels, enabling a defendant to select his preferred language.

    Other Features

    The Technology Court provides Digital Audio Recording and Transcription Services and allows the examination of vulnerable witnesses via Closed Circuit Television. It is also wired to facilitate real-time court reporting and transcription services.Application for the Use of Facilities.

    A formal application has to be made before the level of court where the case is heard or tried. The court may from time to time prescribe and revise the charges levied for the facilities.


    Electronic Time Stamping

    Hongkong Post is partnering with The Chinese University of Hong Kong on providing e-timestamping service for the Internet and e-commerce community. Electronic Time-Stamping (e-TS) is a secure online notary mechanism, which certifies that a set of data has existed and has not been altered since a specific point in time. It serves as a trusted third party witnessing the existence and particulars of electronic data.

    Regardless of the format and the content, any electronic data can be timestamped. e-TS can be applied to online business transactions, e-mails, secure messaging, intellectual property protection and other time-sensitive services.

    A FREE trial to create your own timestamping is available online now. You can visit in Hongkong Post website www.hongkongpost.gov.hk or click www.e-timestamping.com to have a free trial and get more details.


    New Usage of e-Cert : Online securities trading at KGI

    KGIKGI, one of the largest equity and futures brokerages in Hong Kong, has adopted e-Cert in its online securities services. You can now enjoy a more secure online trading environment by using e-Cert to place orders, amend or cancel buy/sell order instructions, enquire order status, etc. With e-Cert, your online identity cannot be easily faked by others. In addition, confidential data such as password and financial information are well protected during online securities transactions.

    It is easy to get started. Once you have successfully applied a KGI online securities trading account, you can register to use e-Cert to login at www.kgieworld.com. Just associate your HKID number to KGI online securities trading account to finish the registration.

    By trading with e-Cert at KGI, you can enjoy the following privileged offers:

  • Free real time snapshot market data - EasyQuotes (Hong Kong) (100 quotes/month)

  • KGI's online futures clients can enjoy FREE real time quotes & Intelligent Market Strategies services.

  • Hongkong Post's new root certificateadmitted to Microsoft Root Certificate Program

    Hongkong Post's new root certificate ("Hongkong Post Root CA 1") was admitted to the Microsoft Root Certificate Program

    Starting from April 2004, Hongkong Post's new root certificate ("Hongkong Post Root CA 1") was admitted to the Microsoft Root Certificate Program, in addition to the old root certificate ("Hongkong Post Root CA") which had already been admitted in July 2003. The program aims at protecting Microsoft customers from security issues related to the use of public key infrastructure (PKI) certificates. This means that Internet Explorer and Outlook Express users of Windows XP and Windows 2003 will now trust certificates issued by Hongkong Post under the two root certificates.

    Users on platforms before Windows XP can also pick up and install the two Hongkong Post root certificates to their operating systems when they perform the Windows Update at URL, http://windowsupdate.microsoft.com. Please note that Root Certificate Update is not a critical update and users need to explicitly click-open the optional Windows 98/ME/NT/2000 Update list to include the Root Certificate Update.

    The admission of Hongkong Post to the Microsoft Root Certificate Program is a solid proof of the trustworthiness of the Hongkong Post CA System and e-Cert.


    聯合國兒童基金會 www.unicef.org.hk
    四川的災民正活於水深火熱之中,您的捐贈能為他們解決燃眉之急,請捐款支持。
    [電話] 2833-6139
    [捐款] 匯豐:567-354014-005  [捐款] 中銀:012-875-1-081085-5
    -------------------------------------------------------------------------------------
    救世軍 www.salvation.org.hk
    四川大地震救災行動四川7.8級大地震,大量民房倒塌,無數平民被活埋,請即捐款協助災民渡過難關。
    [電話] 2783-2333
    [捐款] 匯豐 580-149649-001  [捐款] 中銀 012-878-1-061887-6
    -------------------------------------------------------------------------------------
    香港世界宣明會(四川地震救援) www.worldvision.org.hk
    中國三十年來最嚴重地震,地震災民等待救援。請即網上捐款或查詢捐款詳情。
    [電話] 2394-2394
    [捐款] 匯豐:018-554444-001
    [捐款] 中銀:012-883-0-002666-2


    Curbing forgery of Hong Kong smart identity cards

    It was reported that in a joint operation in early 2004, the police forces in Macao and Zhuhai uncovered a cross-boundary criminal syndicate specialized in forging documents, and among the articles seized were some high-quality forged Hong Kong smart identity cards.

    The Hong Kong Government has been very concerned about and have attached great importance to cross-boundary criminal activities of forgery syndicates. Well-established communication mechanism is in place for the law enforcement agencies to maintain close liaison and exchange information with the relevant Mainland, Macao and overseas authorities as well as representatives of consulates in Hong Kong on issues of mutual concern, including cross-boundary criminal activities of forgery syndicates. As for the case concerned, original intelligence indicated that the target of operation would not involve any forged Hong Kong identity documents and, therefore, the law enforcement agencies were not invited to participate in the operation. However, upon learning about the case, the Immigration Department (ImmD) had liaised with the relevant Mainland and Macao enforcement agencies and obtained relevant information for appropriate follow-up actions.

    As soon as forged Hong Kong smart identity cards were uncovered early 2004, ImmD has, in collaboration with the relevant Mainland enforcement agencies, been investigating the cases actively. The Government does not preclude that criminal syndicates are involved but further details cannot be disclosed while investigations are underway. However, there is no evidence to suggest that the alleged criminal syndicate was involved in cases of forged smart identity cards found in Hong Kong in the past.

    Forged Hong Kong smart identity cards seized by the law enforcement agencies in early 2004 were of poor quality and defects could be spotted easily. As for the forged identity cards seized later, they are of better quality. Nevertheless, the forgers are unable to grasp the anti-forgery features which are unique to the smart identity cards, such as :

  • optical variable ink,
  • multiple laser image,
  • kineprint that enables images to change colours when viewed at different angles, and
  • high-quality laser engraved photograph on polycarbonate card body.
  • According to the Government, it is not difficult for the general public to differentiate between a genuine card and a fake one under careful scrutiny. To prevent the public and employers from being deceived, ImmD has strengthened publicity in this respect. Apart from producing posters and pamphlets for public reference, it has held talks for banks, property management companies, construction companies and law enforcement agencies. A hotline (2824 1551) has also been set up to facilitate enquires by the public and employers.


    Internet and Email Scams

    Sometime in 2004, the Hong Kong Police managed to get hold of a Nigerian who have succeeded in cheating a lawyer employed at a leading Hong Kong law firm. The scam is widely known at “Nigerian Scam”. The police commented that it is hardly believable that someone could have been cheated in that way.


    elaw120x120
    The power of the Internet has made it all too easy for these scams to flourish. The perpetuators can send thousands of emails without cost and then wait for someone to response. Sometimes, you may even receive the same messages by different email accounts you use.

    Those looking for big business or easy big money (often falsely claimed to be having millions of US dollars) are often tempted by these scams. The scam messages sounds that you can get big money easily. If you are really tempted to take part it will inevitably make you lost money.

    These scams often reach your business email box unsolicited and pretend to be highly confidential and private. They are typically known as "Nigerian Scam" or “Lotto Scams”. The tactics are the same although the “stories” may be different.

    The “Westpac Bank Scam” is extremely dangerous because it will extract your ebanking details by posing as the valid Westpac Internet Banking site. Recently, perpetrators has begun the same scam with the St George Bank. In Hong Kong, quite a number of faked bank sites were discovered by the Hong Kong Monetary Authority. All pretended to be sites licensed to practiced in Hong Kong.

    The Lotto Scam

    The Lotto Scam will send you an email announcing that you are the lucky winner of a lottery win, which could exceed 1 million US dollars, even though you have not participated before. The senders claim to be the lawful lottery companies and of course these claims are false and the emails are also false.

    The following are instances pretending to be coming from the following lottery companies:

  • International UK Lotto.
  • Lottery La Primitiva from Madrid.
  • Lottery Winners International even involves Bill Gates!
    I
  • nternational Lottery Netherlands.
  • Net Lottery International
  • Overseas Stakes Lotto International scam
  • If you respond, an application form will be sent to you for your filling. The blanks will seek information about your bank account or ask you to pay a sizable sum of money to cover security, insurance, or administration costs. When they have obtained your information and your money, you would no longer hear from them.


    Foreign legislations on digital signatures

    Examples of foreign legislation concerning the effect and validity of digital signatures includes:

    United States:

  • Uniform Electronic Transactions Act (UETA)
  • Electronic Signatures in Global and National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq.
  • England and Wales

  • Electronic Communications Act 2000


  • Decided cases

    Despite the fact that Hong Kong has introduced the Electronic Transactions Ordinance in 2001, there has been no decided case relating to the validity and use of digital signatures.

    There are limited number of court decisions in foreign countries talking about the effect and validity of digital signatures or their related legislation:

  • re Piranha, Inc., 2003 WL 21468504 (N.D. Tex) (UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).

  • Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir., 2002)http://www.emlf.org/Resources/cloud.pdf (E-SIGN does not apply retroactively to contracts formed before it took effect in 2000. Nevertheless, the statute of frauds was satisfied by the text of E-mails plus an (apparently) written notation.)

  • Sea-Land Service, Inc. v. Lozen International, 285 F.3d 808 (9th Cir., 2002) http://www.admiraltylawguide.com/circt/9thsealandlozen.pdf (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)