The following article presents a resume of the most important institutes in the USA, in particular focusing on the two National Acts dealing with Computer Law. Then it is reported how the Italian law order disciplines the use of computer and the acts which someone could commit on the net.
America, in particular in the U.S.A. the legislation in the field of computer security has been the first regulation in the world which introduced a safeguard of the “users “.
In fact in 1987 the United States Congress has passed the “Computer Security Act ” which is considered the first and basilar act in the” technology era”: as we can see in the legal text, “the Congress has enact that improving the security and privacy of sensitive information in Federal computer systems is in the public interest, and hereby creates a means for establishing minimum acceptable security practices for such systems, without limiting the scope of security measures already planned or in use”. Then, it reports an inventory with specific purposes such as:
- The assignation to the National Bureau of Standards (NBS) responsibility for developing standards and guidelines for Federal computer systems, including responsibility for developing standards and guidelines needed to assure the cost-effective security and privacy of sensitive information in Federal computer systems, drawing on the technical advice and assistance (including work products) of the National Security Agency, where appropriate;
- to require establishment of security plans by all operators of Federal computer systems that contain sensitive information;
- to require mandatory periodic training for all people involved in management, use, or operation of Federal computer systems that contain sensitive information.
This act has provoked first a lot of consensus, then several critics which pushed through a new measure like the E-Government Act of the 2002, especially the title III named “Federal Information Security Management Act of 2002” (FISMA) which has surely recognized the importance of information security to the economic and national security interests of the United States.
This act has brought attention within the federal Government to cyber security and explicitly emphasized a “risk-based policy for cost-effective security.”FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency’s information security program and report the results to Office of Managements and Budgets (OMB): the latest report has said that there were spent over 98. Billion dollars for Agency costs.
Analysing this measure, we can report its topics:
- Inventory of information systems
- Categorize information and information systems according to risk level
- Security controls
- Risk assessment
- System security plan
- Certification and accreditation
- Continuous monitoring
All of them attend to an appropriate tutorship, which does not fully satisfy and which is not immune from criticism: the security experts Bruce Brody, a former federal chief information security officer, and Alan Paller, director of the research for the SANS Institute , have described FISMA as a well-intentioned but fundamentally flawed tool, and argued that the compliance and reporting methodology mandated by FISMA measures security planning rather than measuring information security. Past federal chief technology officer Keith Rhodes said that FISMA can and has helped government system security but that implementation is everything, and if security people view FISMA as just a checklist, nothing is going to get done.
All this is referred to another legal order, but now I want to focus on the comparison between the US law and Italian law.
The first regulation we have goes back to the 21st century, in particular with the law decree 196/2003 which imported many rules in the field of:
- Data security;
- Electronic documents security;
- Information Systems Security;
- Intellectual property security;
- Securing the Transmission;
The law decree is really clear and foresees that only the “personal data” should be protected by law, but which are these data? “any information relates to a person natural or legal person, entity or association, directly or mediated (art. 4, letter. b.) “.
The security is at the center of this Codex but it is not static, rather a dynamic notion.
From these regulations correspond 3 different types of liability:
- for the civil one, there is the article n°15 and following: “Obligation to award damages caused if you do not try have taken all appropriate measures to avoid it”;
- for the administrative one there are the articles from 161 to 166 several types of administrative sanctions with financial penalties from five hundred to hundred and eighty thousand euro;
- for the criminal one, there is the article 169: “Offense of failure to adopt security measures,
stop up to two years or a fine of ten thousand fifty thousand euro”;
There are also in our criminal “Codex” some informatic office as: Art. 491 bis “Forgery of electronic documents”; Art. 615 ter “Unauthorized access to a computer or telecommunications system”; Art. 615 quinquies “Diffusion of programs designed to damage or disrupt a computer system”; Art. 617 sexies “Forgery, alteration or suppression of the contents of computer or electronic communications”.
So deep and frustrated can be sometimes the differences between the “Land of Freedom” and our “penisola”, not only considering the geographical division, but It is necessary to underline that the Italian law has a weak tutorship in computer security: yes, there are some criminal rules which could take someone to jail or to pay a huge amercement, but the problem is in the organisation: I mean, the juridical doctrine feels the necessity of the creation of a “Bureau” able to protect users from potential abuse, in addition to providing measures of behavioural standards in the use of computers and the internet.
The arguments in favour are for sure the economic impact of computer security in the land and the daily development of technology that makes us always to expose to new hazards.
We have to consider also one important thing: how could it be possible if the past Governments in the last years have always cut the public financing to the technology systems for school, public internet stations and many other things that the people could perceive as useful for their work and the general environment.
Yes, in the past they gave Pads for those have a Public appointment and now we are poor in Wi-Fi station.
In Europe, for example, Sweden has one Internet router each street lamp.
If we want to make like them, probably it will broke one another scandal of bribe.