The
need to monitor business schools
Business
education, it seems, is good business. Judging by the large numbers
of eager young hopefuls that can be seen thronging these institutes
that offer courses of study in subjects such as business administration,
accountancy and marketing, demand for professional qualifications
that help to gain employment in the private sector is booming. Like
the private tutorial colleges that have mushroomed all over the
island, business colleges too have sprung up rapidly throughout
the city and beyond in recent years to meet a requirement that had
hitherto not been adequately provided for.
This, undoubtedly,
was in response to the growth of the private sector after the liberalisation
of the economy in the late 1970s, a growth that picked up momentum
in the 1980s and which by the 1990s, had created a thriving business
community.
Just as much
as private enterprise operating in a free market economy require
a vibrant and a quality financial press, to provide participants
the information required to function in such an environment, the
business community requires the services of good training institutes
to provide it with people armed with the necessary professional
qualifications.
The rapid growth
in business education and the increase in the number of such schools,
in much the same way that outfits offering 'computer courses' and
'IT classes' have sprouted in recent years, naturally creates concern
about the quality of the training they provide, as reported elsewhere
in this newspaper.
This is particularly
so because of the sensitive nature of the product they sell - namely
education - and the high fees they charge. Education is not just
like any other consumer product or commodity. A sound education
is a highly sought after attribute and one that opens many doors
that would otherwise remain closed. Undoubtedly there are business
schools that provide an excellent service and a quality education
on par with that provided abroad, given the fact that we do have
qualified professionals who have opted to remain here or have returned
after acquiring higher qualifications. But there are also schools
that obviously are not up to acceptable standards and run by greedy
businessmen out to make a fast buck by exploiting impressionable
youth.
It is here
that the need for maintaining high standards and for effective monitoring
come in. Right now there does not appear to be a proper mechanism
to ensure that all business schools provide quality education and
maintain high standards such as prescribed student-teacher ratios.
Students complain that the classroom reality is different from that
which is advertised by some outfits.
It is heartening
to note that the Tertiary and Vocational Education Commission is
going to introduce standards and provide accreditation to business
schools and other institutes of vocational education. What is alarming,
however, is the attitude of the authorities which don't seem to
be prepared to use the powers at their disposal to fulfil their
mandate to ensure quality tertiary and vocational education. The
authorities concerned have taken no steps to ensure that business
colleges maintain proper standards. Even more alarming is the admission
by the authorities that students are being exploited by private
institutes. To say that the TVEC is "lean" and lacks resources
to implement the law, is a lame excuse.
It is up to
the authorities and the corporate sector to make sure these colleges
and institutes provide quality education. The success of the private
sector depends at least partly on the quality of the products that
emerge from these colleges, especially now that the economy is being
opened up to the vagaries of globalisation, international capital
flows and unbridled foreign competition.
Computer crimes - (Part 2)
By Kalinga Indatissa
(Continued from last week)
Chapter 1 of the proposed Computer Crimes Bill identifies the
following acts as offences:
Clause 2) Whoever
does any act, with the intention of securing for himself or for
any other person access to:
a) any computer;
or
b) any computer
programme, data or information in that computer or any other computer,
knowing or having reason to believe that he is not authorised to
secure such access shall be guilty of an offence.
Clause 3) Whoever
does any act, with the intention of securing for himself or for
any other person, access to:
a) any computer;
or
b) any computer
programme, data or information in that computer or any other computer,
knowing or having reason to believe that he is not authorised to
secure such access and with the intention of committing any other
offence under this or any other law for the time being shall be
guilty of an offence.
A careful examination
of the two clauses above shows that they introduce the concept of
"Hacking" offences. In the first offence defined under
Clause 2, the mere act on the part of a person to gain access would
amount to an offence. The prosecution must establish the "actus
reus" of the offence which is the act itself and in addition
that the accused knew or had reason to believe that he had no authority
to secure access.
Clause 3 seeks
to introduce a more serious offence. Under this clause the prosecution
must establish that the accused gained access with the knowledge
or - when he was placed in such circumstances that he had reason
to believe he had no authority to gain access to the computer. In
addition it must be established that he did so with the intention
of committing an offence defined either under the Computer Crimes
Law or under any other law.
It is interesting
to note that the terminology in both these clauses do not require
the prosecutor to prove that actual access has been completed. What
is necessary is to establish that the accused did some act towards
obtaining access.
Clauses 4 to
6 of the proposed legislation introduce the following offences:
Clause 4 -
Whoever intentionally causes a computer to perform any function
with the knowledge or having reason to believe that he has no authority
to cause the computer to perform such function, shall be guilty
of an offence.
Clause 5 -
Whoever intentionally causes any computer to perform any function
with the knowledge or having reason to believe that he has no authority
to cause the computer to perform such function, with the intention
of committing any other offence under this or any other law for
the time being in force, shall be guilty of an offence.
Clause 6 -
Whoever intentionally causes a computer to perform any function
with the knowledge or having reason to believe that he has no authority
to cause the computer to perform such function, and by so doing:
A) Impairs
the operation of any computer or the reliability of any data or
information in any computer or computer programme;
B) Makes any
deletion of or addition or alteration to, any programme, data or
information;
C) Denies or
hinders access to any person who is authorised to access any computer,
computer programme, data or information;
D) Enables
access to any person who is not authorised to access any computer,
computer programme, data or information;
E) Denies or
hinders access to any computer, computer programme, data or information;
F) Enables
access to any computer, computer programme, data or information;
G) Copies or
acquires the substance, meaning or purport of or makes use of in
any other manner, any programme, data or information or any part
thereof;
H) Moves any
programme, data or information to a different location in the storage
medium in which it is held or to any other storage medium;
I) Causes any
programme, data or information to be output from the computer in
which it is held, by display or any other manner;
J) Makes use
of a computer service involving computer time, data processing or
the storage or retrieval of data;
K) Intercepts,
diverts or otherwise tampers with any computer programme, data or
information or any part thereof;
L) Listens
to or records the functions of a computer;
M) Introduces
any false information to any computer, computer programme, data
or information;
N) Introduces
to any computer or computer programme any material in any form whatsoever,
which is forbidden to be distributed, circulated or published under
any law, shall be guilty of an offence.
The above clauses
deal with the concept of Computer Misuse. In order to prosecute
a criminal under clauses 4 and 5 it is essential that the intention
on the part of the criminal is established. In clause 5 it is necessary
that the function referred to therein should have been caused with
the intention of committing an offence.
Unauthorised
access
Clause 7 of the Bill
identifies the act of causing a computer to perform a function without
lawful excuse an offence. Under this clause the act becomes an offence
where damage is caused to an individual or an institution.
Clause 8 of
the Bill makes it an offence to buy, sell, trade in or deal in any
manner with data or information that had been obtained consequent
to the commission of an offence under the Act.
Clauses 9 and
10 of the Bill introduce two kinds of offences that are very significant.
Under clause 9 it would be an offence to reveal confidential information
that would enable an intruder to gain access to a programme. There
are a number of services provided through the computers which are
restricted to an identified few people. E-mail is an example of
one such service.
The service
provider would provide the client or the customer with a log in
or an access number or a password. If information relating to such
confidential matters is disclosed to a third party such a party
could have access to the programmes. Any person who commits a breach
of confidentiality would be guilty of an offence under this clause.
Under clause 10 of the Bill, enhanced punishment is provided for
persons who misuse computers after begin placed in a position of
trust.
Clause 11 of
the Bill provides enhanced punishment for those who commit offences
under the Act, and whereby national security and the national economy
are adversely affected. Clauses 12 to 14 of the Bill identify the
offences of attempt, abetment and conspiracy.
A comparison
of the above Chapter of the proposed Computer Crimes Bill with the
corresponding laws of the UK and Singapore would reveal that the
Sri Lankan Bill contains greater details in the identification of
the offences.
Investigations
Computer crimes are highly technical offences. Hence it is
important that any legislation relating to computer crime contains
adequate provisions to cover the aspect of investigations. Investigations
into computer related crime requires a great deal of skill and expertise.
Absence of provisions, which enable the investigations to be carried
out effectively and efficiently would render the entire law meaningless.
Part 2 of the
proposed Bill contains detailed provisions relating to investigation
of offences. Clause 16 of the Bill indicates that the provisions
of the Code of Criminal Procedure Act, No. 15 of 1979 would apply
regarding the investigations. This Act contains the procedural law
relating to detection, investigation and hearing of offences.
Clause 18 of
the Bill has made the Inspector General of Police responsible for
the investigations. However, considering the advanced knowledge
that the investigators would require, the Bill proposes to appoint
a team of experts to assist the Police in their investigations.
These experts are to be appointed by the Inspector General of Police
in consultation with the Computer and Information Technology Council
of Sri Lanka established under the Science and Technology Act, No.
11 of 1994. Experts appointed accordingly will hold office for a
period of three years and are eligible for re-appointment.
The role of
an expert is a limited one. He begins to get involved at the request
of the Police. However, the introduction of experts to be involved
in the investigations could be considered as an extremely important
step in the development of the law. This concept ensures that the
skilled task of analysing a computer is done only by a person who
has the competence to perform an efficient detection. It also ensures
that the computer hardware and software is not damaged.
It is relevant
to note that the Bill does not empower the police officers to analyse
or access a computer upon the detection of an offence. This job
is solely for the experts. The introduction of the concept of experts
to the computer crime regime can be considered as a very important
step. Especially since their involvement would protect the available
evidence and also since it would defeat any subsequent objection
raised regarding the competency of the investigators to handle matters
relating to Information Technology.
The Police
are granted power under the Bill to gain entry to any place or premises
where an offence has been committed and to launch an investigation.
They are also given the power to seize and take into their custody
any computer or any other device that may have been used in the
commission of an offence.
However, Clause
20 of the proposed Bill states that no such device or computer should
be seized if such seizure would prejudice the ordinary course of
legitimate business of the person who owns the computer.
The Bill has
conferred additional powers relating to detention of suspects. Ordinarily
a suspect could be detained by the Police upon his arrest and such
suspect has to be produced before a Magistrate before the expiration
of a period of 24 hours. There are exceptions to this ordinary rule
if specific statutory provisions have been made. Clause 22 of the
proposed Bill states that upon the arrest of a suspect who is suspected
of having committed an offence under this Act, such a suspect should
be produced before a Magistrate's Court within 24 hours of his arrest.
After producing the suspect, the Police could move for further detention.
If the application of the Police is accompanied by a certificate
of a police officer not below the rank of a Superintendent of Police
to the effect that further detention is required, the Court could
authorise such detention for a period not exceeding another 48 hours.
This provision would facilitate the investigators to complete their
investigation. The proposal to incorporate this provision was made
in view of the serious difficulties that may arise in conducting
an investigation that requires a high degree of technical skill.
Clause 22 of
the Bill provides that the scope of the Extradition Law, No. 8 of
1977 has been extended to include computer crimes committed under
the proposed Act. Accordingly, after the enactment of the Law, extradition
of a foreign national from Sri Lanka to a Commonwealth country or
to a Treaty State would become possible.
Admissibility of evidence
Upon the
detection
of an offence and upon the conclusion of the investigations
the next step in any system would be to commence the prosecution
in Court. The objective of the prosecutor would be to produce evidence
before the Court and move the Court to hold that the accused is
guilty of the offence as charged.
The judiciary
places due reliance on the evidence produced and the final determination
of the court would be based on such evidence. In most jurisdictions
evidentiary laws have been passed many years ago and at a time,
probably the draftsmen of such legislation did not envisage the
development of Information Technology.
One of the
biggest problems facing a large amount of countries is that the
existing Law of Evidence in their respective jurisdictions would
not be broad enough to encompass the modern types of evidence seen
in the realm of Information Technology. In most jurisdictions data
on magnetic media or computer generated information or computer
files do not fall into the existing definitions.
Documentary evidence
The nature
of the evi
dence that is sought to be led in a computer related offence
could be equated to documentary evidence that is led in Court. The
traditional perception of documentary evidence continues to be a
document/book/record/register/handwriting and/or a signature that
is written. In most instances the Rules of Evidence require the
Primary Evidence of a document has to be led in Court. Secondary
Evidence is permitted only in certain identified circumstances.
In computer
related offences, the evidence available could be either data in
magnetic media or information generated through the computer or
specific passwords and proof of codes or sometimes the "back
up" system. Unfortunately the Rules of Evidence in most jurisdictions
refuse to recognise the above category of evidence and such refusal
could be considered as a serious drawback on the development of
the Law. Over the years the use of the Internet has increased. Many
people enter upon electronic commercial contracts. Daily electronic
fund transfers take place. The above examples show that the Internet
is fast becoming an essential element in the lives of the people.
In all the above instances any person who is affected by the activities
of a criminal should have adequate protection legally. Absence of
such protection would operate as a deterrent for others to use the
Internet and computers
.
In all the instances referred to above, if a party proceeds to Court
in the event of a violation, such party is required to adduce evidence
of such violation. The failure to consider such evidence as evidence
falling within the ambit of the traditional interpretation would
be a serious drawback in such an instance. Accordingly, this could
be considered as a major legal issue that requires immediate appreciation.
Hearsay Rule
Another
problem that
has to be resolved would be the approach to the evidence produced
by a computer in view of the Hearsay Rule. According to the Hearsay
Rule, the courts would not permit a witness to repeat as evidence,
anything said to him by an outsider if the outsider is not called
as a witness. In such circumstances the court will have to consider
the purpose for which such evidence is proposed to be led. If the
purpose is to establish the truth of the contents of such a statement,
the evidence will not be allowed. If the evidence is being led for
the purpose of proving that such a statement was made and not the
truth of its contents, then the statement will be permitted.
If the Hearsay
Rule is to be applied to computer evidence in its full force, it
will not be possible in most instances to lead any evidence in respect
of computer crimes since the Rules of Evidence would require the
person making the entries to give evidence. On most occasions the
person making the entries may be the accused. Then the question
arises as to how such a situation should be countered.
The relevant
statutory provision relating to the admissibility of computer evidence
are to be found under the provisions of the Police and Criminal
Evidence Act of 1984 and of the Criminal Justice Act of 1988. Accordingly,
computer generated documents and computer print outs are admissible
if created or received by a person in the course of a trade, business,
profession or other occupation or as the holder of a paid or unpaid
office. It is also necessary that the information was supplied by
a person who had personal knowledge of such information.
Section 69
of the Police and Criminal Evidence Act of 1984 was interpreted
in the case of Director of Public Prosecutions Vs. McKeown 1997
1 WLR 295. The Respondents in this case were prosecuted for having
violated section 5 (1) of the Road Traffic Act of 1988 by driving
vehicles after consuming liquor in excess of the legal limit. At
the time of the incident, the respondents had been tested by the
Lion Introximeter which is a breathalyser device. The instrument
was considered as a computer within the meaning of section 69 of
the Police and Criminal Evidence Act of 1988.
The original
Magistrate's Court convicted the accused on the evidence given by
the Police Constable who stated the manner in which the test was
conducted and the procedure adopted. He also stated that he had
no reason to doubt the accuracy of the results produced by the device.
Consequent to the convictions the accused appealed to the Divisional
Court of the Queen's Bench. The court quashed the convictions on
the basis that the accuracy of the computer generated information
was in doubt since the material suggested that the device was not
functioning properly at all relevant times.
Defective
device
It transpired before the House of Lords that the clock of the
device was approximately one and a half hours slow. Lord Hoffman
was of the opinion that section 69 of the 1988 Act should not be
taken too literally. Even though the time stated in the print out
may not be correct, the question that had to be answered was whether
the failure or the defect in the device would affect the production
of the document or affect the accuracy of the contents.
In the above
case it was held by Lord Hoffman that the error in the clock display
had nothing to do with the question whether the computer itself
was operating smoothly. Accordingly, it was held by the House of
Lords that the conviction by the Magistrate's Court should be permitted
to stand.
The approach
in McKeown is welcome. Consequent to this judgement the defence
in criminal action cannot take undue advantage of a possible technical
defect that may surface in a computer or any other device.
|