New Technologies in International Law / Tymofeyeva, Crhák et al.

from e.g., CCTV cameras. It can be assumed that camera owners would not want their images to be available everywhere, but security flaws result in images being made available to the public. Is or should it be against the law to use such information? This will of course depend on the country in question, but one can probably agree that if it is used for research purposes or to enhance the security of an organisation such use should not be considered illegal. However, the line is a fine one and such a framing of Article 3 should be considered problematic. Very similar arguments can be made on the grounds of man-in-the-middle attacks. This type of attack occurs when an attacker intercepts a conversation between two parties, either to eavesdrop or pose as one of them. Mobile devices are particularly vulnerable, as attackers can introduce false information like bogus certificates during secure connection attempts. This can result in users being redirected to unsecured sites or being deceived by fake encryption keys in a key exchange process. 687 It’s obvious that the act could constitute illegal interception, but it could be argued that if the transmission was made publicly available by accident, or if the attacker was inadvertently placed in the middle, then it could not be considered “intentional”. Data and system interference can be addressed as one. Indeed, the problems are similar enough. Firstly, the lack of definition of data should be pointed out. This may have been due to the low level of awareness at the time regarding, for example, the importance of metadata. 688 Secondly, and most importantly, there is no indication of the methods by which the infringements in question may be carried out. This gives a great deal of scope for law enforcement agencies, which must demonstrate a very high level of technical expertise to adequately scale down unwanted behavior. Finally, one can add the problematic nature of the phrases ‘inputting’ and ‘transmitting’, which in themselves are not usually contrary to the law. This may lead to further complicating the application of this provision. For the second time, it must be stated that, unfortunately, DC does not provide material for a comparative analysis of these provisions. This is because they have been practically rewritten without any significant modification to the content of the DC. 4. Misuse of device Article 6 BC, which statutes a standard prohibiting the production and use of hacking devices and software, has been widely criticized since the BC = adoption. 689 Nothing to the criticism needs to be stated as of today, except perhaps the fact that the number of such tools, including within the open-source movement, has increased Shodan From the Perspective of Industrial Control Systems’ (2020) 8 IEEE Access ; Genge B, Enăchescu C, ‘ShoVAT: Shodan-based Vulnerability Assessment Tool for Internet-facing Services’ (2016) 9 Secur. Commun. Netw. 2698. 687 Oriyano SP and Shimonsky R, ‘Mobile Attacks’ in Oriyano SP and Shimonsky R, Client-Side Attacks and Defense (Elsevier, 2013), p. 238. 688 This remark is due to the fact that despite the existence of metadata in the general consciousness, see above all the standard: IPTC7901 from the year 1979 accessed 22 October 2023. THe importance of metadata has been brought up to public attention only few years back. 689 Baron R, ‘A Critique of the International Cybercrime Treaty’ (2002) 10 CommLaw Conspectus 263, pp. 271–273.

164