The need to monitor business schools
Business education, it seems, is good business. Judging by the large numbers of eager young hopefuls that can be seen thronging these institutes that offer courses of study in subjects such as business administration, accountancy and marketing, demand for professional qualifications that help to gain employment in the private sector is booming. Like the private tutorial colleges that have mushroomed all over the island, business colleges too have sprung up rapidly throughout the city and beyond in recent years to meet a requirement that had hitherto not been adequately provided for.

This, undoubtedly, was in response to the growth of the private sector after the liberalisation of the economy in the late 1970s, a growth that picked up momentum in the 1980s and which by the 1990s, had created a thriving business community.

Just as much as private enterprise operating in a free market economy require a vibrant and a quality financial press, to provide participants the information required to function in such an environment, the business community requires the services of good training institutes to provide it with people armed with the necessary professional qualifications.

The rapid growth in business education and the increase in the number of such schools, in much the same way that outfits offering 'computer courses' and 'IT classes' have sprouted in recent years, naturally creates concern about the quality of the training they provide, as reported elsewhere in this newspaper.

This is particularly so because of the sensitive nature of the product they sell - namely education - and the high fees they charge. Education is not just like any other consumer product or commodity. A sound education is a highly sought after attribute and one that opens many doors that would otherwise remain closed. Undoubtedly there are business schools that provide an excellent service and a quality education on par with that provided abroad, given the fact that we do have qualified professionals who have opted to remain here or have returned after acquiring higher qualifications. But there are also schools that obviously are not up to acceptable standards and run by greedy businessmen out to make a fast buck by exploiting impressionable youth.

It is here that the need for maintaining high standards and for effective monitoring come in. Right now there does not appear to be a proper mechanism to ensure that all business schools provide quality education and maintain high standards such as prescribed student-teacher ratios. Students complain that the classroom reality is different from that which is advertised by some outfits.

It is heartening to note that the Tertiary and Vocational Education Commission is going to introduce standards and provide accreditation to business schools and other institutes of vocational education. What is alarming, however, is the attitude of the authorities which don't seem to be prepared to use the powers at their disposal to fulfil their mandate to ensure quality tertiary and vocational education. The authorities concerned have taken no steps to ensure that business colleges maintain proper standards. Even more alarming is the admission by the authorities that students are being exploited by private institutes. To say that the TVEC is "lean" and lacks resources to implement the law, is a lame excuse.

It is up to the authorities and the corporate sector to make sure these colleges and institutes provide quality education. The success of the private sector depends at least partly on the quality of the products that emerge from these colleges, especially now that the economy is being opened up to the vagaries of globalisation, international capital flows and unbridled foreign competition.


Computer crimes - (Part 2)
By Kalinga Indatissa
(Continued from last week)
Chapter 1 of the proposed Computer Crimes Bill identifies the following acts as offences:

Clause 2) Whoever does any act, with the intention of securing for himself or for any other person access to:

a) any computer; or

b) any computer programme, data or information in that computer or any other computer, knowing or having reason to believe that he is not authorised to secure such access shall be guilty of an offence.

Clause 3) Whoever does any act, with the intention of securing for himself or for any other person, access to:

a) any computer; or

b) any computer programme, data or information in that computer or any other computer, knowing or having reason to believe that he is not authorised to secure such access and with the intention of committing any other offence under this or any other law for the time being shall be guilty of an offence.

A careful examination of the two clauses above shows that they introduce the concept of "Hacking" offences. In the first offence defined under Clause 2, the mere act on the part of a person to gain access would amount to an offence. The prosecution must establish the "actus reus" of the offence which is the act itself and in addition that the accused knew or had reason to believe that he had no authority to secure access.

Clause 3 seeks to introduce a more serious offence. Under this clause the prosecution must establish that the accused gained access with the knowledge or - when he was placed in such circumstances that he had reason to believe he had no authority to gain access to the computer. In addition it must be established that he did so with the intention of committing an offence defined either under the Computer Crimes Law or under any other law.

It is interesting to note that the terminology in both these clauses do not require the prosecutor to prove that actual access has been completed. What is necessary is to establish that the accused did some act towards obtaining access.

Clauses 4 to 6 of the proposed legislation introduce the following offences:

Clause 4 - Whoever intentionally causes a computer to perform any function with the knowledge or having reason to believe that he has no authority to cause the computer to perform such function, shall be guilty of an offence.

Clause 5 - Whoever intentionally causes any computer to perform any function with the knowledge or having reason to believe that he has no authority to cause the computer to perform such function, with the intention of committing any other offence under this or any other law for the time being in force, shall be guilty of an offence.

Clause 6 - Whoever intentionally causes a computer to perform any function with the knowledge or having reason to believe that he has no authority to cause the computer to perform such function, and by so doing:

A) Impairs the operation of any computer or the reliability of any data or information in any computer or computer programme;

B) Makes any deletion of or addition or alteration to, any programme, data or information;

C) Denies or hinders access to any person who is authorised to access any computer, computer programme, data or information;

D) Enables access to any person who is not authorised to access any computer, computer programme, data or information;

E) Denies or hinders access to any computer, computer programme, data or information;

F) Enables access to any computer, computer programme, data or information;

G) Copies or acquires the substance, meaning or purport of or makes use of in any other manner, any programme, data or information or any part thereof;

H) Moves any programme, data or information to a different location in the storage medium in which it is held or to any other storage medium;

I) Causes any programme, data or information to be output from the computer in which it is held, by display or any other manner;

J) Makes use of a computer service involving computer time, data processing or the storage or retrieval of data;

K) Intercepts, diverts or otherwise tampers with any computer programme, data or information or any part thereof;

L) Listens to or records the functions of a computer;

M) Introduces any false information to any computer, computer programme, data or information;

N) Introduces to any computer or computer programme any material in any form whatsoever, which is forbidden to be distributed, circulated or published under any law, shall be guilty of an offence.

The above clauses deal with the concept of Computer Misuse. In order to prosecute a criminal under clauses 4 and 5 it is essential that the intention on the part of the criminal is established. In clause 5 it is necessary that the function referred to therein should have been caused with the intention of committing an offence.

Unauthorised access
Clause 7 of the Bill
identifies the act of causing a computer to perform a function without lawful excuse an offence. Under this clause the act becomes an offence where damage is caused to an individual or an institution.

Clause 8 of the Bill makes it an offence to buy, sell, trade in or deal in any manner with data or information that had been obtained consequent to the commission of an offence under the Act.

Clauses 9 and 10 of the Bill introduce two kinds of offences that are very significant. Under clause 9 it would be an offence to reveal confidential information that would enable an intruder to gain access to a programme. There are a number of services provided through the computers which are restricted to an identified few people. E-mail is an example of one such service.

The service provider would provide the client or the customer with a log in or an access number or a password. If information relating to such confidential matters is disclosed to a third party such a party could have access to the programmes. Any person who commits a breach of confidentiality would be guilty of an offence under this clause. Under clause 10 of the Bill, enhanced punishment is provided for persons who misuse computers after begin placed in a position of trust.

Clause 11 of the Bill provides enhanced punishment for those who commit offences under the Act, and whereby national security and the national economy are adversely affected. Clauses 12 to 14 of the Bill identify the offences of attempt, abetment and conspiracy.

A comparison of the above Chapter of the proposed Computer Crimes Bill with the corresponding laws of the UK and Singapore would reveal that the Sri Lankan Bill contains greater details in the identification of the offences.

Investigations
Computer crimes are highly technical offences. Hence it is important that any legislation relating to computer crime contains adequate provisions to cover the aspect of investigations. Investigations into computer related crime requires a great deal of skill and expertise. Absence of provisions, which enable the investigations to be carried out effectively and efficiently would render the entire law meaningless.

Part 2 of the proposed Bill contains detailed provisions relating to investigation of offences. Clause 16 of the Bill indicates that the provisions of the Code of Criminal Procedure Act, No. 15 of 1979 would apply regarding the investigations. This Act contains the procedural law relating to detection, investigation and hearing of offences.

Clause 18 of the Bill has made the Inspector General of Police responsible for the investigations. However, considering the advanced knowledge that the investigators would require, the Bill proposes to appoint a team of experts to assist the Police in their investigations. These experts are to be appointed by the Inspector General of Police in consultation with the Computer and Information Technology Council of Sri Lanka established under the Science and Technology Act, No. 11 of 1994. Experts appointed accordingly will hold office for a period of three years and are eligible for re-appointment.

The role of an expert is a limited one. He begins to get involved at the request of the Police. However, the introduction of experts to be involved in the investigations could be considered as an extremely important step in the development of the law. This concept ensures that the skilled task of analysing a computer is done only by a person who has the competence to perform an efficient detection. It also ensures that the computer hardware and software is not damaged.

It is relevant to note that the Bill does not empower the police officers to analyse or access a computer upon the detection of an offence. This job is solely for the experts. The introduction of the concept of experts to the computer crime regime can be considered as a very important step. Especially since their involvement would protect the available evidence and also since it would defeat any subsequent objection raised regarding the competency of the investigators to handle matters relating to Information Technology.

The Police are granted power under the Bill to gain entry to any place or premises where an offence has been committed and to launch an investigation. They are also given the power to seize and take into their custody any computer or any other device that may have been used in the commission of an offence.

However, Clause 20 of the proposed Bill states that no such device or computer should be seized if such seizure would prejudice the ordinary course of legitimate business of the person who owns the computer.

The Bill has conferred additional powers relating to detention of suspects. Ordinarily a suspect could be detained by the Police upon his arrest and such suspect has to be produced before a Magistrate before the expiration of a period of 24 hours. There are exceptions to this ordinary rule if specific statutory provisions have been made. Clause 22 of the proposed Bill states that upon the arrest of a suspect who is suspected of having committed an offence under this Act, such a suspect should be produced before a Magistrate's Court within 24 hours of his arrest. After producing the suspect, the Police could move for further detention. If the application of the Police is accompanied by a certificate of a police officer not below the rank of a Superintendent of Police to the effect that further detention is required, the Court could authorise such detention for a period not exceeding another 48 hours. This provision would facilitate the investigators to complete their investigation. The proposal to incorporate this provision was made in view of the serious difficulties that may arise in conducting an investigation that requires a high degree of technical skill.

Clause 22 of the Bill provides that the scope of the Extradition Law, No. 8 of 1977 has been extended to include computer crimes committed under the proposed Act. Accordingly, after the enactment of the Law, extradition of a foreign national from Sri Lanka to a Commonwealth country or to a Treaty State would become possible.
Admissibility of evidence

Upon the detection
of an offence and upon the conclusion of the investigations the next step in any system would be to commence the prosecution in Court. The objective of the prosecutor would be to produce evidence before the Court and move the Court to hold that the accused is guilty of the offence as charged.

The judiciary places due reliance on the evidence produced and the final determination of the court would be based on such evidence. In most jurisdictions evidentiary laws have been passed many years ago and at a time, probably the draftsmen of such legislation did not envisage the development of Information Technology.

One of the biggest problems facing a large amount of countries is that the existing Law of Evidence in their respective jurisdictions would not be broad enough to encompass the modern types of evidence seen in the realm of Information Technology. In most jurisdictions data on magnetic media or computer generated information or computer files do not fall into the existing definitions.
Documentary evidence

The nature of the evi
dence that is sought to be led in a computer related offence could be equated to documentary evidence that is led in Court. The traditional perception of documentary evidence continues to be a document/book/record/register/handwriting and/or a signature that is written. In most instances the Rules of Evidence require the Primary Evidence of a document has to be led in Court. Secondary Evidence is permitted only in certain identified circumstances.

In computer related offences, the evidence available could be either data in magnetic media or information generated through the computer or specific passwords and proof of codes or sometimes the "back up" system. Unfortunately the Rules of Evidence in most jurisdictions refuse to recognise the above category of evidence and such refusal could be considered as a serious drawback on the development of the Law. Over the years the use of the Internet has increased. Many people enter upon electronic commercial contracts. Daily electronic fund transfers take place. The above examples show that the Internet is fast becoming an essential element in the lives of the people. In all the above instances any person who is affected by the activities of a criminal should have adequate protection legally. Absence of such protection would operate as a deterrent for others to use the Internet and computers
.
In all the instances referred to above, if a party proceeds to Court in the event of a violation, such party is required to adduce evidence of such violation. The failure to consider such evidence as evidence falling within the ambit of the traditional interpretation would be a serious drawback in such an instance. Accordingly, this could be considered as a major legal issue that requires immediate appreciation.
Hearsay Rule

Another problem that
has to be resolved would be the approach to the evidence produced by a computer in view of the Hearsay Rule. According to the Hearsay Rule, the courts would not permit a witness to repeat as evidence, anything said to him by an outsider if the outsider is not called as a witness. In such circumstances the court will have to consider the purpose for which such evidence is proposed to be led. If the purpose is to establish the truth of the contents of such a statement, the evidence will not be allowed. If the evidence is being led for the purpose of proving that such a statement was made and not the truth of its contents, then the statement will be permitted.

If the Hearsay Rule is to be applied to computer evidence in its full force, it will not be possible in most instances to lead any evidence in respect of computer crimes since the Rules of Evidence would require the person making the entries to give evidence. On most occasions the person making the entries may be the accused. Then the question arises as to how such a situation should be countered.

The relevant statutory provision relating to the admissibility of computer evidence are to be found under the provisions of the Police and Criminal Evidence Act of 1984 and of the Criminal Justice Act of 1988. Accordingly, computer generated documents and computer print outs are admissible if created or received by a person in the course of a trade, business, profession or other occupation or as the holder of a paid or unpaid office. It is also necessary that the information was supplied by a person who had personal knowledge of such information.

Section 69 of the Police and Criminal Evidence Act of 1984 was interpreted in the case of Director of Public Prosecutions Vs. McKeown 1997 1 WLR 295. The Respondents in this case were prosecuted for having violated section 5 (1) of the Road Traffic Act of 1988 by driving vehicles after consuming liquor in excess of the legal limit. At the time of the incident, the respondents had been tested by the Lion Introximeter which is a breathalyser device. The instrument was considered as a computer within the meaning of section 69 of the Police and Criminal Evidence Act of 1988.

The original Magistrate's Court convicted the accused on the evidence given by the Police Constable who stated the manner in which the test was conducted and the procedure adopted. He also stated that he had no reason to doubt the accuracy of the results produced by the device. Consequent to the convictions the accused appealed to the Divisional Court of the Queen's Bench. The court quashed the convictions on the basis that the accuracy of the computer generated information was in doubt since the material suggested that the device was not functioning properly at all relevant times.

Defective device
It transpired before the House of Lords that the clock of the device was approximately one and a half hours slow. Lord Hoffman was of the opinion that section 69 of the 1988 Act should not be taken too literally. Even though the time stated in the print out may not be correct, the question that had to be answered was whether the failure or the defect in the device would affect the production of the document or affect the accuracy of the contents.

In the above case it was held by Lord Hoffman that the error in the clock display had nothing to do with the question whether the computer itself was operating smoothly. Accordingly, it was held by the House of Lords that the conviction by the Magistrate's Court should be permitted to stand.

The approach in McKeown is welcome. Consequent to this judgement the defence in criminal action cannot take undue advantage of a possible technical defect that may surface in a computer or any other device.


Back to Top  Back to Business  

Copyright © 2001 Wijeya Newspapers Ltd. All rights reserved.
Webmaster