제 2015-2 호 제 89 호 2015 년 2 월호
목차
I 국내입법동향
Ⅱ 해외입법동향,,,..
참고문헌 https://www.congress.gov/114/bills/hr234/bills-114hr234ih.pdf https://www.congress.gov/bill/114th-congress/house-bill/234/all-info http://technical.ly/baltimore/2015/01/22/ruppersberger-cispa-cybersecurity-bill/ http://www.nationaljournal.com/tech-edge/cispa-cybersecurity-bill-returns-20150109 https://www.eff.org/deeplinks/2015/01/eff-statement-president-obamas-cybersecurity-legislative -proposal https://www.aclu.org/blog/national-security-technology-and-liberty/cybersecurity-doesnt-havemean-sacrificing-privacy http://www.zdnet.com/article/white-house-just-endorsed-controversial-cispa-measures-two-year s-after-veto-threat/ http://piratetimes.net/exclusive-a-sneak-peek-at-cispa-2015/
조항주요내용안전조치를침해하여정보시스템의전체또는일부에고의로권제3조정보시스템에대한한없이접근하고사안이경미하지않은경우에는회원국은적어불법접근도형사처벌되도록필요한조치를취해야한다. 정보시스템의기능의중대한방해나장애가고의로권한없이컴퓨터데이터의입력, 전달, 손상, 삭제, 침해, 변경, 은닉또는접근제4조시스템의불법접근불능 ( 사용불능 ) 으로야기되었고사안이경미하지않은경우회원국은형벌로처벌하도록필요한조치를취해야한다. 정보시스템의컴퓨터데이터의삭제, 손상, 침해, 변경, 은닉또는제5조데이터의불법접근접근불능이고의로권한없이발생하고경미한사안이아닌경우에는적어도형벌로처벌하도록필요한조치를취해야한다. 기술적수단을이용하여컴퓨터데이터의저장매체인정보시스템으로부터방출되는전자파를포함하여정보시스템에있거나정보시스템으로부터또는정보시스템내부에서비공개컴퓨터데이터제6조데이터의불법가로챔의전달을권한없이가로채는행위는그것이고의로권한없이발생하고사안이경미하지않은경우적어도형사처벌하도록필요한조치를취해야한다. 제3조내지제6조에규정된범죄를범하기에적합한 a) 특히제3조내지제6조의범죄를범하기위해서유인하거나준비되어있는컴퓨터프로그램, b) 컴퓨터시스템전체또는그일부에접근을가능하게하는컴제7조범행도구퓨터패스워드, 접근코드또는유사한데이터를다음각호의수단들을제작, 판매, 사용목적의취득, 수입, 배포또는그밖의이용은그것이고의로권한없이행해지고경미한사안이아닌경우에는회원국은형사처벌하도록필요한조치를취해야한다. 1. 제3조내지제7조의범죄를위한교사또는방조는처벌되도제8조교사, 방조및미수록하여야한다. 2. 제4조와제5조의범죄는미수로처벌되도록하여야한다. 제9조제재 1. 회원국은제3조내지제8조의범죄가효과적이고적절하고위 축적인형사제재로서위하되는것을확보하도록필요한조치를취해야한다. 2. 제3조내지제7조의범죄는경미하지않은경우에는적어도최저 2년이내의자유형으로위하되도록조치를취해야한다. 3. 특히정보시스템을손상하도록유인하거나준비된제7조제1 항의수단을이용하여상당한수의정보시스템이손상되고제 4조와제5조의범죄가고의로행해진경우적어도 3년의자유형으로처벌되도록회원국은필요한조치를취해야한다. 4. 다음각호의경우제4조와제5조의범죄는최고 5년의자유형을처벌되도록회원국은필요한조치를취해야한다. a) 범죄들이기본결정 2008/841/JHA에서규정한범죄단체와관련하여거기에언급된형량에도불구하고범해진경우, b) 중대한손해가야기된경우또는 c) 주요기반시설의일부에해당하는정보시스템에대해범해진경우. 5. 제3자의신뢰를얻을목적으로다른사람의개인관련데이터를남용하여정당한 ID소유자에게손해를야기한행위는국내법과일치하게제4조및제5조의범죄의범행시가중적정상으로분류될수있도록회원국은조치를취해야하며, 이경우가중적정상이이미국내법에서다른범죄에해당하지않아야한다.
참고자료 http://www.bmjv.de/shareddocs/downloads/de/pdfs/gesetze/ge-korruptionsbekaempfung.pdf? blob=publicationfile 등 2) ENISA 의 위협과자산에관한가이드라인 에따르면자산 (asset) 이란추상적재산 ( 처리또는명성 ), 가상의자산 ( 예를들어데이터 ), 물리적자산 ( 케이블, 설비등 ), 인적자산, 자금등가치있는모든것을말한다. 3) 여기서 위협 이란 ENISA 에따르면 데이터에의무권한접근, 파괴, 폭로, 변경을통하여자산에불리하게영향을주는잠재성을가진상황이나사건 을말한다. 4) http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-thematic-la ndscapes/threat-landscape-of-the-internet-infrastructure/detailed-mind-map-for-internet-infrastructur e-assets/at_download/file
5) http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-thematic-landscapes/th reat-landscape-of-the-internet-infrastructure/threat-mind-map/at_download/file 6) 현재의모범사례로는라우팅을위한인적자원 ( 관리자및운영자 ), DNS, 서비스거부공격, 시스템설정, 서비스거부를위한 Essential Addressing Protocols 등이다. 7) DIRECTIVE 2009/140/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic
communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services 8) DIRECTIVE 2009/140/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services 9) http://tools.ietf.org/html/rfc4949
참고자료 http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-them atic-landscapes/threat-landscape-of-the-internet-infrastructure/iitl http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-them atic-landscapes/threat-landscape-of-the-internet-infrastructure/iitl/at_download/fullreport 10) 1 건강정보를포함한개인정보보호 2 빅데이터 3 EU 법적프레임의역할 4 환자의안전및정보의투명성 5 헬스케어시스템에서모바일헬스의역할 6 상호호환성 7 배상 8 책임 9 연구및혁신 10 국제협력 11 모바일헬스에대한인터넷기업의접근
참고자료 https://ec.europa.eu/digital-agenda/en/news/mhealth-europe-preparing-ground-consultation-re sults-published-today 등
참고자료 결정원문 : http://freifunkstattangst.de/files/2015/01/ag-charlottenburgbeschluss.pdf 결정해설 : http://www.offenenetze.de/2015/01/16/erfolg-fuer-freifunk-vor-dem-ag-charlottenburg/ 관련기사 : http://www.zdnet.de/88216328/abmahnung-abgewiesen-gericht-raeumt-privatem-wlan-betreiber-providerrechte-ein/ http://freifunkstattangst.de/2015/01/15/erster-gerichtlicher-erfolg-fuer-freifunk/ 11) 방해자책임 (Störerhaftung) : 방해자책임 이란어떠한방식으로상당한원인을제공하여제 3 자의위법한권리침해 ( 행위방해자 ) 나침해의유지 ( 상태방해자 ) 에기여한경우에인정되는독자적인민사책임의한유형으로점검의무를요건으로한다. 점검의무는침해의제거나장래침해의예방조치를내용으로하며, 일반적으로방해자가권리침해를인식한경우에인정되며, 점검의무의범위는방해자의기대가능성에따라정해진다. 점검의무위반시그법적효과는침해제거및침해예방청구의대상이되고, 만일소송이제기된경우소송비용과소송전변호사비용을부담해야한다. 방해자책임은물권법상방어청구권에근거를두고있으며, 방해자가제 3 자의위법한침해에공동행위자나방조자또는교사자로책임을지지않는경우에비로소적용된다. 하지만권리침해를통지받은후의도적으로이에대한조치를지체없이취하지않으면불법행위 ( 주로방조자 ) 가인정되어손해배상책임을부담할수있다. 독일판례는 지체없이 를약 2 주간으로보고있다.
[1] 국회 (http://www.assembly.go.kr) 참고웹사이트 [1]https://www.congress.gov/114/bills/hr234/BILLS-114hr234ih.pdf [2]https://www.congress.gov/bill/114th-congress/house-bill/234/all-info [3]http://technical.ly/baltimore/2015/01/22/ruppersberger-cispa-cybersecurity-bill/ [4]http://www.nationaljournal.com/tech-edge/cispa-cybersecurity-bill-returns-20150109 [5]https://www.eff.org/deeplinks/2015/01/eff-statement-president-obamas-cybersecurity-legislat ive-proposal [6]https://www.aclu.org/blog/national-security-technology-and-liberty/cybersecurity-doesnt-hav e-mean-sacrificing-privacy [7]http://www.zdnet.com/article/white-house-just-endorsed-controversial-cispa-measures-two-y ears-after-veto-threat/ [8]http://piratetimes.net/exclusive-a-sneak-peek-at-cispa-2015/ [9]http://www.kantei.go.jp/jp/singi/it2/pd/dai13/siryou1.pdf [10]http://www.heise.de/newsticker/meldung/IT-Sicherheitsgesetz-Kritik-an-Aufruestung-Warnun g-vor-nationalem-alleingang-2499554.html [11]http://www.heise.de/newsticker/meldung/IT-Sicherheitsgesetz-Kritik-an-Aufruestung-Warnun g-vor-nationalem-alleingang-2499554.html [12]http://www.bitkom.org/files/documents/Stellungnahmelang_BITKOM_ITSIGv3.pdf. [13]http://www.heise.de/newsticker/meldung/IT-Sicherheitsgesetz-Kritik-an-Aufruestung-Warnun g-vor-nationalem-alleingang-2499554.html [14]http://www.bmjv.de/SharedDocs/Downloads/DE/pdfs/Gesetze/GE-Korruptionsbekaempfung. pdf? blob=publicationfile [15]http://www.bmjv.de/SharedDocs/Downloads/DE/pdfs/Gesetze/GE-Korruptionsbekaempfung. pdf? blob=publicationfile [16]https://www.huntonprivacyblog.com/files/2015/01/joe_20150106_0043.pdf [17]http://www.out-law.com/en/articles/2015/january/cnil-issues-new-standards-for-call-recordin g-and-monitoring-in-french-workplaces-/ [18]http://www.cnil.fr/documentation/deliberations/deliberation/delib/326/ [19]http://fringelaw.com/recording-telephone-conversations-workplace-france/ [20]http://curia.europa.eu/juris/document/document.jsf?text=&docid=160561&pageIndex=0&d oclang=de&mode=req&dir=&occ=first&part=1&cid=17282 [21]http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-t hematic-landscapes/threat-landscape-of-the-internet-infrastructure/iitl [22]http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-t hematic-landscapes/threat-landscape-of-the-internet-infrastructure/iitl/at_download/fullrep ort [23]http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-t hematic-landscapes/threat-landscape-of-the-internet-infrastructure/iitl [24]http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/enisa-t hematic-landscapes/threat-landscape-of-the-internet-infrastructure/iitl/at_download/fullrep ort [25]https://ec.europa.eu/digital-agenda/en/news/mhealth-europe-preparing-ground-consultatio n-results-published-today [26]http://freifunkstattangst.de/files/2015/01/AG-CharlottenburgBeschluss.pdf [27]http://www.offenenetze.de/2015/01/16/erfolg-fuer-freifunk-vor-dem-ag-charlottenburg/ [28]http://www.zdnet.de/88216328/abmahnung-abgewiesen-gericht-raeumt-privatem-wlan-betr eiber-providerrechte-ein/ [29]http://freifunkstattangst.de/2015/01/15/erster-gerichtlicher-erfolg-fuer-freifunk/