Melissa Lukings | Faculty News | Spring 2020 | NEXUS Magazine | The Faculty of Law | UNB

Global Site Navigation (use tab and down arrow)

Faculty of Law
UNB Fredericton

Back to NEXUS Magazine

Melissa Lukings is helping to bridge the gap between the cybersecurity and legal worlds

Third-year student Melissa Lukings is collaborating with Dr. Arash Habibi Lashkari—Assistant Professor in the Faculty of Computer Science and Research Coordinator at the Canadian Institute for Cybersecurity (CIC)—on a series of articles on Canadian cybersecurity law for IT World Canada. The ten-part compilation, titled Understanding Canadian Cybersecurity Laws, is intended to help bridge the knowledge gap between the nuanced world of computer science, IT, and cybersecurity and the equally (but differently) nuanced world of law and legal education specific to Canada.

“Cybersecurity is such a rapidly developing area,” said Lukings, “most people in the cybersecurity field don't come pre-equipped with that solid legal background and knowledge base to pull from. At the same time, the people in the legal world are working to interpret and apply laws to a content and medium that we are, for the most part, relatively unfamiliar with.”

Their goal for the article series is to translate the fundamental building blocks of Canadian cybersecurity-related laws into something that is equally accessible and educational for those working and researching in the legal world, the cybersecurity and IT field, in businesses and organizations, as well as for the general public.

In her first year of law school, Lukings attended the 2019 International Humanitarian Law Conference, which examined the interaction between cybersecurity and international humanitarian law. Dr. Habibi Lashkari was one of the panelists at the conference.

“I asked Dr. Habibi Lashkari a question relating to blockchain technology and it ended up sparking a really great conversation. I suppose he hadn’t expected to encounter those kinds of questions with a group of law students. I shared my own experience with cryptocurrency and data mining—we basically ‘nerded out’ on the subject. So, we had this excellent conversation which helped to highlight some of the glaring knowledge gaps that exist between the cybersecurity and the legal worlds.”

According to Lukings, these mutual gaps in understanding made functionally combining the two academic worlds quite difficult. 

“Having a background in law, following a BA in linguistics, didn’t provide me with the background, or even the terminology, to be able to apply the law to the complex nuances of the cybersecurity field. Similarly, Dr. Habibi Lashkari has a huge wealth of knowledge in cybersecurity and computer science but did not have the legal background or terminology to be able to identify the gaps in the law relating to cybersecurity or which needed extra legal attention to adequately apply to this growing field.”

The pair connected again over LinkedIn and Lukings accepted a research assistant position with Dr. Habibi Lashkari to produce a collection of articles for the collaborative series (generally one every six weeks) which is being released through IT World Canada and published online. They are already over half-way through their journey, having released seven articles through the IT World Canada blog.

Their first two articles, The Foundations and Privacy and access to information, the Acts, break down the Canadian legal landscape, providing the basics of legislation, including specific statutes which apply to governmental bodies, and the Common Law. 

“We started with the basics; how is Canadian law set up? What is criminal law? What is tort law? What is private information? What are the Privacy and Access to Information Acts? What is the idea behind regulating relationships, which Acts apply, and why?”

Their third article, Privacy protection in the modern marketplace – PIPEDA, examines the Personal Information Protection and Electronic Documents Act (PIPEDA) and how it relates to government, businesses, and individuals. Lukings and Dr. Habibi Lashkari also discuss the real-world implications of PIPEDA concerning the evolving landscape of virtual meetings and online classes brought about by the COVID-19 pandemic.

Article 4, Interpersonal Privacy and Cybercrime - Criminal Code of Canada, defines and discusses “cybercrime” under the labels of cyber-dependent crimes; cyber-enabled crimes; and computer-supported crimes. These crimes are then further subcategorized into specific offences including hacking, possession of “hacking tools,” denial-of-service (DoS) attacks, distributed denial of service (DDoS) attacks, botnets, malware, phishing, identity theft and identity fraud, and criminal copyright infringement.

“Insert Something Clever Here” - Canada’s Anti-Spam Legislation spotlights Canada’s Anti-Spam Legislation (CASL), first defining ‘spam,’ then exploring attacks such as remote code execution (RCE), remote access Trojan (RAT), and large-scale spamming botnet attacks. The article discusses consent requirements for commercial electronic messages, exemptions to CASL, and non-compliance. 

The sixth article in the series, Peer-to-Peer Privacy Protection – “Intrusion Upon Seclusion” and the Protection of Intimate Images, highlights the common law tort of intrusion upon seclusion and the relatively new criminal offences relating to cyberbullying and the sharing of intimate images. Lukings and Dr. Habibi Lashkari breakdown the landmark Ontario Court of Appeal case, Jones v. Tsige (2012 ONCA 32), which recognized the new tort, allowing victims of certain privacy breaches to have the right to sue in civil court for invasion of privacy, called “intrusion upon seclusion.” They also discuss the implications of the recent law which criminalized the non-consensual distribution of intimate images following two highly publicized Canadian suicides which occurred following cases of extreme cyberbullying.

The seventh article in the series, Deep, Dark and unDetectable Canadian Jurisdictional Considerations in Global Encrypted Networks, explores the cross-jurisdictional nature of the Dark Web/Dark Net and the dual issues of encryption and anonymization, which make it virtually impossible to detect and trace illegal activities or transactions completed over the Dark Web/Dark Net. For the non-techies among us, this article also starts out by categorizing online content as being either “Surface,” “Deep,” or “Dark” content, outlines the TOR method of encryption, and explains the very fine, but highly important, distinction between the Dark Web and the Dark Net.

The pair will release the final three articles in the series by the end of the upcoming Winter semester and have plans to continue their work after this series is complete. Visit IT World Canada to read these fascinating and timely blog posts.

Continue reading this issue of NEXUS