AGOSTINHO NETO UNIVERSITY: Interview on computer crimes - Doctor Padoca Calado

Agostinho Neto University issued the following announcement on May 31.

In order to understand more about computer crimes, the   UAN Communications Office presents an interview with Professor Mateus Padoca Calado (Padoca), Head of the Computer Department of the Faculty of Sciences of Agostinho Neto University.

What is a computer crime?

PADOCA - There is no consensus definition because of the nature of the offenses and their complexity. Any such crime practiced using computer means against entities or persons with the intention of harming the operating structure or the public image of the wholesaler can be considered. On the one hand we have the use of computer means to commit old crimes, such as fraud, offense to honor, industrial espionage and others in the criminal codes. On the other hand, there were new crimes directed against computer systems, such as invasion and computer espionage, computer sabotage, email infringement, among others.

What is the profile of who uses the new technologies to commit crimes?

PADOCA - A criminal profile can not be given a single profile because of the wide variety of crimes committed with the help of new technologies. A person who uses the internet to do money laundering does not have the same profile as a pedophile who uses this medium to entice his victims.

One word that if there was much when speaking of these problematic is "hacker". Is the "hacker" a criminal?

PADOCA - In this matter there are conflicting and divergent currents of thought. There are people who try to break the security of systems, whether for criminal reasons or intellectual challenge. I understand "hacker" as someone who has great technical ability and an enormous curiosity in testing the limits of security of the systems, without causing damages, therefore without criminal motivation. Their enthusiasm and technical skills can not be taken advantage of, otherwise important innovations or crucial knowledge will be lost in building reliable and secure systems. Hence I find it difficult to see a "hacker" as a criminal. It should be noted that this is only one of the thoughts, with which I identify myself.

What is the scale of computer crime in Angola?

PADOCA: I have no data on that. I believe the size of this type of crime is small. On the one hand, there is no appreciable number of users with the technical expertise needed to perpetrate this type of crime. On the other hand, the culture of using new technologies is still not rooted in companies and society in general. In order to be able to make a correct evaluation it is necessary to know the type of crimes practiced, the policies of operation of the providers and the legal regime of the country.

What crimes are currently being used with the use of information technology?

PADOCA - The most common are: identity theft, pedophilia, slander and defamation, discrimination (dissemination of racial, ethnic or religious information), domain piracy and industrial espionage (stealing of confidential company information).

The benefits of Information Technology are notorious, but there are also inconveniences, right?

PADOCA - The problem is that the increase in crime is proportional to the growth of the Internet. The dependence on information technologies is increasingly inevitable. The opportunities and facilities offered by the Internet such as financial transactions, cultural exchanges, among others, have been increasing the speed and scope of certain tasks, reducing costs. In addition to the benefits, this dependence obviously brings opportunities and prospects for illicit conduct. The growth of technology has been greater than that of legislation, which is clearly worrying.

So how are we in terms of legislation? Is legislation far behind in computer crime?

PADOCA - It is true that many times, due to the very complexity and dynamics of society and, in this particular case, information technology, legislation ends up going a step backwards, that is to say, only after a certain situation has occurred, it is necessary first of all for there to be a certain speed in creating specific legislation for computer crimes in order to avoid the current criminal gap that leaves us in a vulnerable situation. That is, it is up to lawmakers to anticipate that we will not have to deal with the losses, at the risk of discrediting and damaging legally protected assets.

But is it not impossible for the legislator to predict all variants of this type of crime? 

PADOCA: Yes, but the law must warn and anticipate problems that may arise in the future. Therefore, it is important to have general laws that can somehow cover the widest possible spectrum of this type of crime, it is useful to have laws that indicate how the cases for which the specific law is omitted are handled. In the absence of legislation it should be possible to apply the rules of international conventions. A dynamic approach to computer crime is needed. However, it is advisable to adopt an attitude of relative prudence, because it is demagogic and absurd to think that any heavy sanctions can solve the problem requires a pedagogical approach.

In international terms, what do we have the most relevant in this matter?

PADOCA - For example, at the end of 2001, in Budapest, forty-seven countries including South Africa, Japan, Canada, the United States and member countries of the Council of Europe signed an international convention aimed at combating the various forms of computer crime, with the adoption of appropriate legislation and the encouragement of international cooperation. In this convention four types of crimes were classified: crimes against secrecy, integrity and availability of data; digital crimes (forgery and fraud); offenses relating to content (child pornography); and crimes related to intellectual property.

What do you think of the law on computer crimes in force in Angola?

PADOCA - A commendable effort. There must be a response to society and the judiciary must have legal means to sanction behaviors or conduct that are harmful and harmful to human dignity, intellectual property, honor, privacy among many others that are legally non-negotiable. The legislator must be swift in order to prevent situations of injustice and a climate of insecurity in the face of new types of crimes, and aim, in order to avoid dubious interpretations of the law. If we fail in this mission, technology can become the largest partner in the service of crime, favoring impunity.

Do we agree that it is a very complex issue to legislate?

PADOCA - Yes, that is why it is important to bring information technology specialists closer to the legislator, since there is no way to legislate this type of crime without close cooperation between the two.

Some sources say our national police are prepared to handle computer crimes. What is your comment on the subject?

PADOCA -(Laughter). If so, great. I think our police will be more concerned about the basic priorities of the population, that is, common crimes, which is normal. However, our agents must be prepared to combat this type of crime. This preparation can not be restricted in any way to making them mere users of the new technologies. So knowing how to send an e-mail, access files or anything like typing a text in the word processor does not make our cops able to fight crime effectively. It is not enough to train a trained police officer, it is necessary to work with specialists in the area given the technical specificities of this type of crime. In view of this purpose, it is in the interest of a specialized investigative unit for high technology crime to be implemented,

Much has been said in the attempt to hold news providers accountable, such as Club-k for the insulting remarks put by site users. Do you think this accountability is reasonable?

PADOCA -Right is not an area of my specialty. As a citizen and computer scientist, I think it would be a very serious precedent to hold the news provider or anyone else responsible for the offensive or defamatory comments posted on your site by the users. The instantaneousness of the inserted comments does not allow the previous control, can only be done a posteriori, that is to say, only after published is that eventually it can be eliminated. However, the detail that may weigh negatively against the news provider is that it contains somewhere in the "Rules of Participation" (... slander or defamation, will be automatically eliminated), assuming for you a certain level of control over the contents entered by third parties on its site. In view of this premiss, can be held liable for not having prevented the disclosure of defamatory content. More like I said right is not my specialty.

Is it possible to check the comments made by users on this site?

PADOCA - Technically it is feasible to implement mechanisms that prevent the publication of certain contents. However, this may distort the concept behind this service and make people leave comments, which is certainly not their purpose. Moreover, given the right of freedom of expression, is this acceptable?

In this particular case the insulting comments are often placed on the cover of anonymity or false name. This does not preclude any liability of the users? 

PADOCA - At least makes it difficult. Incidentally, anonymity is one of the factors that weigh negatively on crimes related to information technology, as well as instantaneity, the principle of territoriality, among others. However, it is possible to reach the computer used to commit the crime. Those who intend to commit this type of crime use cyber-cafes or any similar, which makes it difficult to be held accountable.

Is there a relationship between instantaneity and anonymity?

PADOCA - With instantaneity, the Internet facilitates risky behavior under anonymity while keeping the identity of its users confidential. This is very appealing when it is intended to be harmful. Criminals hide their true identity, camouflage the electronic track and destroy the evidence of crime thus avoiding accountability for their actions. That is, anonymity is an ideal tool for criminal activity strategy and the Internet offers excellent conditions for its maintenance.

Can the issue of territoriality make it difficult to solve computer crimes?

PADOCA - Yes, it contributes to the already complex legal system. In general, harmful acts committed using the Internet are perpetrated in one country and cause effects in others, and do not require the presence of the offender in the place where the result of their action takes place. It is difficult, if on the one hand we have the question of territoriality and, on the other, of the divergences of the legislation of the different parents, that is, what in one country is considered a crime in another may not be. I think we should have jurisdiction to try crimes that are committed by individuals in the national territory or those that produce their effects or results in the national territory.

What can our companies do to address security issues?

PADOCA - The use of Information Technology necessarily entails risks. All entities that act and use the new technologies can not leave the responsibility only on the side of the legislation, they have to create security mechanisms thus minimizing the vulnerability of their systems. Some companies are aware of threats that may jeopardize their security. For example, frequent use of system protection software. However it is impossible to fully satisfy the security needs.

What contributes so that security issues in our companies are not given enough importance?

PADOCA - I think that there is a serious gap in the awareness of users, I believe that in general they do not act out of malice. Some do not see IT resources as a tangible asset. You have to be careful about how you use information systems. Things as simple as not revealing passwords, not opening suspicious mails, nor attached files, besides having an antivirus, firewall and making updates of the operating system.

How to combat this gap in Angolan companies?

PADOCA - Can be fulfilled if top managers as decision-makers and leaders in business strategy and IT leadership as strategic and technical leaders are aware of the pertinence of the security problem, which often does not happen. It's a cultural issue.

With regard to the security aspect, at what level can one act within companies?

PADOCA - To minimize possible damages, IT leaders must implement mechanisms to ensure the security of systems and information. This involves establishing rules and procedures for access to information, definition of responsibilities, and implementation of logical security. Access permissions must be managed judiciously. Everyone should have access only to the resources and information they need. There must also be an activity recording system at least for sensitive areas. Who did what and when? This is because often the attacks perpetrated in the companies are the responsibility of internal collaborators, present or not.

However this issue is not the exclusive competence of IT leaders, security involves everyone within the company.

If IT crime against companies is vulgar, why are rare cases brought to the attention of the public?

PADOCA - Companies targeted for this type of crime rather than denounce prefer not to do so eventually for fear of negative publicity or encouragement to other criminals as they reveal their weakness. However, this type of behavior distorts the real dimension of the problem and contributes to the aggravation.

What is the role of state-private cooperation in combating computer crime?

PADOCA - In this type of crime, cooperation with a well-defined purpose among various entities can play an even greater role than traditional crimes, given the nature of the technology involved. Although it is not easy, a partnership between the state and private entities is desirable and desirable in order to create a platform of mutual trust that can make a difference in combating this type of crime. The sharing of information between entities is important and should be available to report criminal activities directed against their systems, being careful not to expose their vulnerabilities.

What message can you leave to the managers of our companies?

PADOCA - It is a mistake to regard security as a technological issue. It must always be seen from the perspective of the business. Security is a factor that reveals the care companies have for their resources, whether material, information, or human, and ultimately, to their customers and partners. Therefore it is a competitive advantage. Even because security is not an expense but an investment.

GICD - Office of Scientific Information and Documentation, Rector of Agostinho Neto University, May 31, 2019.

Original source can be found here.