Genomics: A future Global Privacy and Identity Challenge
(Author - Ullas O Tharakan)
2020 AD: World a better place. Get ready for the ultimate shopping experience, the designer babies. Imagine the fertility Hospital near your lane offer you to manipulate the Gene sequence to get you the perfect baby with intelligence as Einstein, Blue eyes – sort of Tom Cruise killer Looks and the so called perfect shape. Days are not far away, when Designer Babies becomes a reality and Hitler infamy ambition of defining a super human unintentionally finds a place in the Society.
Genome research has given a new dimension to “code” human beings. Humans are not just by chance; they are manipulated to fit the best, defying the Darwin’s Law of Evolution, making it an instant process than a gradual one spread across thousands of years. Entire human gene has already been decoded in the ambitious Human Genome project. In the projected future, going to be closer than we think, Governments and organizations will have has to concentrate to protect people from the negative side of this individual problem, there is a need to demarcate the goods and bad of this unprecedented innovation. Already there has been ban on human cloning world wide, a well-respected step taken by governments worldwide.
With the intense research and the indecorous intention to make business, there could be lot of loopholes, which will affect the humans worldwide. For example, when a Baby is born, he/she will walk out of the maternity with a Human Code CD - a more futuristic form of Birth Certificates. CD will contain the entire Genome code of the baby. This specifies predictive disease list with accurate prediction on likely hood of disease occurrence. Early prediction of disease will be always an advantage as it could help to improve the quality of life and as well as increase the natural lifespan by taking preventive medications.
But what happens if somebody else gets to access to these information. It would be the ultimate disaster for somebody in waiting. Governments need to redefine the existing laws in order to prevent this. The social, ethical and legal issues will have a daunting effect on the individual. Fairness of usage of information will be a big issue. For example Insurance companies can target you for high money and can also deny your qualification for Insurance. Pharmaceutical companies can create customized drugs eventually this being used a one-to-one marketing campaign at a premium cost. Corporate can disqualify you from job because of your predicted future based on genes.
This could lead to Psychological impact, stigmatization, and discrimination due to an individual’s man made genetic differences – the existing ones and the expected ones.
There will be Conceptual and philosophical implications regarding human responsibility, free will vs. genetic determinism, and concepts of health and disease. This will lead to Commercialization of humans design as products including property rights (patents, copyrights, and trade secrets) and accessibility to data and materials needs to be mandated.
In order to make this Genetic experience fruitful and more poised towards humanity governments worldwide should initiate a due diligence. Governments would need to establish a Global Genetic Privacy Protection (GGPP) model to enable a framework for protecting the future human rights violation. Worldwide Health Ministry Departments needs to foray over a period of time for a GGPP model. This model needs to start with these basic aspects:
- Embryonic stage manipulation: Protection of the Genetic Trait Modification
- Gene Selective Manipulation Law
- Human Code access Protection Law (Practices can be extended from the existing HIPPA global laws)
Better, governments worldwide start enacting a law and stop this world moving towards the digital apartheid era preventing the human community from the next privacy disaster in waiting.
Sunday, July 09, 2006
Tuesday, July 04, 2006
CyberLaw : Overview of the Indian IT Act 2000
(Authored by Ullas Tharakan)
In India, the IT Bill 2000 was adopted in October 2000 and is called the Information Technology Act 2000. This act consists of 12 parts and runs into a length of 44 pages.
• Part I of the Act: Outlines the general purpose of the Act, provides definitions for terminologies used within the Act and defines the scope of the application of the Act
• Part II of the Act: In this section, electronic records and electronic signatures are dealt as taken care of. With limited exceptions, electronic records and signatures must be accorded the same treatment as paper records and signatures for purposes of complying with statutory writing, signature, evidentiary and record-keeping requirements. But this does not compel the Government organizations to accept or issue electronic document, if they do not wish to do so. This part addresses the acceptance and use of electronic records and electronic signatures by governmental entities.
• Part III of the Act: This addresses the integrity and authentication of secure electronic records and secure electronic signatures. The concept of a secure electronic record or a secure electronic signature will foster the growth of electronic commerce by providing businesses with assurances that records and signatures which meet the statutory definitions of "secure" records or signatures will be accorded the heightened evidentiary presumptions necessary to make business transactions effectively nonrepudiable.
• Part IV of the Act: This addresses issues of electronic contracting. This Part deals with the form in which an offer and an acceptance may be expressed and legal recognition of contracts formed in an electronic medium. This Part aims to provide increased legal certainty as to the conclusion of contracts by electronic means.
• Part V of the Act: This provides for the appointment and functioning of a Controller for Certifying Authorities who will regulate the issuance of digital certificates by licensed Certifying Authorities.
• Parts VI and VII of the Act: These part addresses the legal issues related to the use of digital signatures. Digital signature technology, which utilizes asymmetric cryptography technology, has been developed to facilitate secure transactions over the Internet and other computer networks. Although the electronic contracting sections of the Act have been drafted to be technologically neutral, these parts have been included to establish rules for the use of the most prominent current technology.
• Part VIII of the Act: Provides for penalties and for their adjudication by an adjudicating officer appointed by the Central Government.
• Part IX of the Act: Provides for the formation, composition, functioning and powers of a Cyber Regulations Appellate Tribunal to which appeal shall lie from the orders of the adjudicating officer. The Civil Court shall not have jurisdiction with reference to the offences set out under this Act. An appeal shall lie to the High Court from the orders of the Cyber Regulations Appellate Tribunal.
• Part X of the Act: Provides criminal penalties for intentional damages or destruction of information systems or data, intentional "trespass" into a system and intentional theft of computer services, tampering with data, interrupting network services and intentionally introducing viruses into computers or computer networks.
• Part XI of the Act: Deals with issues relating to the liability of network service providers.
• Part XII of the Act: Sets out miscellaneous provisions with respect to power to search premises, removal of difficulties, etc.
(Authored by Ullas Tharakan)
In India, the IT Bill 2000 was adopted in October 2000 and is called the Information Technology Act 2000. This act consists of 12 parts and runs into a length of 44 pages.
• Part I of the Act: Outlines the general purpose of the Act, provides definitions for terminologies used within the Act and defines the scope of the application of the Act
• Part II of the Act: In this section, electronic records and electronic signatures are dealt as taken care of. With limited exceptions, electronic records and signatures must be accorded the same treatment as paper records and signatures for purposes of complying with statutory writing, signature, evidentiary and record-keeping requirements. But this does not compel the Government organizations to accept or issue electronic document, if they do not wish to do so. This part addresses the acceptance and use of electronic records and electronic signatures by governmental entities.
• Part III of the Act: This addresses the integrity and authentication of secure electronic records and secure electronic signatures. The concept of a secure electronic record or a secure electronic signature will foster the growth of electronic commerce by providing businesses with assurances that records and signatures which meet the statutory definitions of "secure" records or signatures will be accorded the heightened evidentiary presumptions necessary to make business transactions effectively nonrepudiable.
• Part IV of the Act: This addresses issues of electronic contracting. This Part deals with the form in which an offer and an acceptance may be expressed and legal recognition of contracts formed in an electronic medium. This Part aims to provide increased legal certainty as to the conclusion of contracts by electronic means.
• Part V of the Act: This provides for the appointment and functioning of a Controller for Certifying Authorities who will regulate the issuance of digital certificates by licensed Certifying Authorities.
• Parts VI and VII of the Act: These part addresses the legal issues related to the use of digital signatures. Digital signature technology, which utilizes asymmetric cryptography technology, has been developed to facilitate secure transactions over the Internet and other computer networks. Although the electronic contracting sections of the Act have been drafted to be technologically neutral, these parts have been included to establish rules for the use of the most prominent current technology.
• Part VIII of the Act: Provides for penalties and for their adjudication by an adjudicating officer appointed by the Central Government.
• Part IX of the Act: Provides for the formation, composition, functioning and powers of a Cyber Regulations Appellate Tribunal to which appeal shall lie from the orders of the adjudicating officer. The Civil Court shall not have jurisdiction with reference to the offences set out under this Act. An appeal shall lie to the High Court from the orders of the Cyber Regulations Appellate Tribunal.
• Part X of the Act: Provides criminal penalties for intentional damages or destruction of information systems or data, intentional "trespass" into a system and intentional theft of computer services, tampering with data, interrupting network services and intentionally introducing viruses into computers or computer networks.
• Part XI of the Act: Deals with issues relating to the liability of network service providers.
• Part XII of the Act: Sets out miscellaneous provisions with respect to power to search premises, removal of difficulties, etc.
Smart Tips for Information Security Policy Design Process
(Authored by Ullas Tharakan)
A policy design should follow a well thought of process. The following steps are considered to arrive at the process.
· Choose the policy development team.
· Designate a person or “body” to serve as the official policy interpreter.
· Decide on the scope and goals of the policy.
(Scope should be a statement about what is covered by the policy.)
· Decide on how specific should be the policy.
All people affected by the policy should be provided an opportunity to review and comment on the policy before it becomes official.
· Unrealistic for large organizations.
· Often difficult to get the information out and ensure people read it.
· Incorporate policy awareness as a part of employee orientation.
· Provide refresher overview course on policies once or twice a year.
While creating the policies and processes, one must keep in mind that policies should be:
· Be implementable and enforceable.
· Be concise and easy to understand.
· Be a balance of protection with productivity.
· Be updated regularly to reflect the evolution of the organization.
Policies should:
· State reasons why policy is needed.
· Describe what is covered by the policies - whom, what, and where.
· Define contacts and responsibilities to outside agencies.
· Discuss how violations will be handled.
Determining Level of Control
· Security needs and culture play major roles.
· Security policies MUST balance level of control with level of productivity.
· If policies are too restrictive, people will find ways to circumvent controls.
· Technical controls are not always possible.
· Must have management commitment on level of control.
(Authored by Ullas Tharakan)
A policy design should follow a well thought of process. The following steps are considered to arrive at the process.
· Choose the policy development team.
· Designate a person or “body” to serve as the official policy interpreter.
· Decide on the scope and goals of the policy.
(Scope should be a statement about what is covered by the policy.)
· Decide on how specific should be the policy.
All people affected by the policy should be provided an opportunity to review and comment on the policy before it becomes official.
· Unrealistic for large organizations.
· Often difficult to get the information out and ensure people read it.
· Incorporate policy awareness as a part of employee orientation.
· Provide refresher overview course on policies once or twice a year.
While creating the policies and processes, one must keep in mind that policies should be:
· Be implementable and enforceable.
· Be concise and easy to understand.
· Be a balance of protection with productivity.
· Be updated regularly to reflect the evolution of the organization.
Policies should:
· State reasons why policy is needed.
· Describe what is covered by the policies - whom, what, and where.
· Define contacts and responsibilities to outside agencies.
· Discuss how violations will be handled.
Determining Level of Control
· Security needs and culture play major roles.
· Security policies MUST balance level of control with level of productivity.
· If policies are too restrictive, people will find ways to circumvent controls.
· Technical controls are not always possible.
· Must have management commitment on level of control.
Subscribe to:
Comments (Atom)