Que ) What is cybercrime? How do you define it.

OR

Que ) What is cybercrime? Explain in brief about its origin and its impact in the cyber world.

Ans) Cybercrime : Definition and origins of the word

• There are many definitions for cyber crime:  Cyber crime is any illegal behaviour, directed by
means of electronic operations, that targets the security of computers and data processed by them. 
A crime committed using the computer and the internet to steal a person’s identity or sell contraband
or stalk victims or disrupt operations with malevolent programs.  Cybercrime is any criminal
activity which uses network access to commit a criminal act.  Opportunities for the exploitation
have grown due to weakness in information security and exponential growth of the internet. 
Cybercrime may be internal or external.  The term cybercrime has evolved over the past few years
since the adoption of internet connection on global scale.

• Two types of attack are prevalent

1) Techno crime:

• A premeditated act against a system or systems, with the intent to copy, steal, prevent access,
corrupt or otherwise deface or damage parts of or the complete computer system .

• The 24x7 connection to the internet makes this type of cybercrime a real possibility to the engineer
from anywhere in the world, leaving few, if any “finger prints”.

2) Techno-vandalism:

• The acts of brainless defacement of websites and/or other activities, such as copying files and
publicizing their contents, are usually opportunistic in nature.

• The term cybercrime has become notorious due to the word terrorism attached with it that is cyber
terrorism.

• There is often a very thin line between the two terms computer crime and computer fraud both are
punishable.

• Cybercrime differs form most terrestrial crimes in four ways:

a) How to commit them is easier to learn

b) They require few resources relative to potential damage caused.

c) They can be committed in jurisdiction without being physically present in it

d) They are often not clearly illegal

• The term cyber has some interesting synonyms : fake, replicated, pretend, imitation, virtual,
computer generated.

• Cyber means combining forms relating to information technology, the internet and virtual reality.
• This term owes its origin to the word “cybernetics” which deals with information and its use.

• Worldwide cyber terrorists use computer as a tool, target or both for their unlawful act to gain
information which can result heavy loss/damage to the owner of that intangible (vague) sensitive
information.

• This can be done using using methods such as phishing, spoofing , pharming, wire transfer etc.

Que ) Who are cybercriminals? Explain their types

Ans) Cybercriminals:

• Cybercrime involves such activities as child pornography, credit card fraud, cyber stalking,
ignoring copyright, software licensing, software piracy and identity theft etc.

• Cyber criminals are those who conduct such acts. They can be categorized into three groups.

Type 1: Cybercriminals -hungry for recognition

• Hobby hackers • IT professionals • Politically motivated hackers • Terrorist organizations

Type 2: Cybercriminals – not interested in recognition

• Psychological perverts • Financially motivated hackers(corporate espionage) • State sponsored

hacking(national espionage, sabotage) • Organized criminals

Type III: Cybercriminals- the insiders

• Disgruntled or former employees seeking revenge • Competing companies using companies to gain
economic advantage through damage and/ or theft. Thus the typical motives behind cybercrime seem
to be greed, desire to gain power and/or publicity, desire for revenge, a sense of adventure,
destructive mindset and desire to sell network security services

Que ) Give the classification of cybercrime.

Ans) Classifications of cyber crimes: Cybercrimes are classified as follows:

1) Cybercrime against individual

 E-mail spoofing and other online frauds

 Phishing, spear phishing and its various forms such as vishing and smishing

 Spamming

 Cyberdefamation

 Cyberstalking and harassment

 Computer sabotage

 Pornographic offenses
 Password sniffing

2)Cybercrime against property

 Credit card frauds

 Intellectual property crimes

 Internet time theft

3) Cybercrime against organization

 Unauthorized accessing of computer

 Password sniffing

 Denial-of-service attacks

 Virus attack

 E-mail bombing/ mail bombs

 Salami attacks

 Logic bomb

 Trojan horse

 Data diddling

 Crimes emanating from Usenet newsgroup

 Industrial spying/ industrial espionage

 Computer network intrusion

 Software piracy

4) Cybercrime against society

 Forgery

 Cyberterrorism

 Web jacking

Que ) How do we classify cybercrime? Explain each one briefly.

Ans) Note: Classification is as above, separate questions can be asked on mix of topics.

1) E-mail spoofing:
 A spoofed e-mail is one that appears to originate from one source but actually has been sent from
another source.

2) Spamming:

 People who create electronic spam are called spammers.

 Spam is the abuse of electronic messaging systems to send unsolicited bulk messages
indiscriminately.

 E-mail spam is the most widely recognized spam.

 There are various other spam instant messaging spam, UseNet newsgroup spam, spam blogs etc.

 Spamming is difficult to control because it has economic (feasibility)-advertisers have no

operating costs beyond the management of their mailing lists, and it is difficult to senders
accountable for their mass mailings.

3)Cyber defamation:

 Defamation is the act in which, words either spoken or intended to be read, or by signs or by
visible representations any allegation concerning any person intending to harm the reputation of that
person

 Cyber defamation happens when defamation takes place with the help of computers and/or
internet.

 For eg. Some one publishes defamatory matter about someone on website or sends an e-mail
containing defamatory information to all friends of that person.

 Libel is written defamation and slander is oral defamation.

4) Internet time theft:

 Such a theft occurs when an unauthorized person uses the internet hours paid for by another
person.

 Internet time theft comes under hacking because the person who gets access to someone else’s
ISP user ID and password , either by hacking or by gaining access to it by illegal means , uses it to
access the internet without the other person’s knowledge.

 However, one can identify the time theft if the internet time has to be recharged often.

5) Salami attack/ salami technique:

The name ‘salami attack’ comes from the fact that salami is cut into very thin slices. It is also known
as salami shaving.  A salami attack is a series of minor attacks that together results in a larger
attack.

 These attacks are used for committing financial crime.

 The idea here is to make an alteration so insignificant that in a single case it would go completely
unnoticed.

 For eg a bank employee inserts a program, into the bank servers, that deducts a small amount of
money from the account of every customer.

 No account holder will probably notice this unauthorized debit, but the bank employee will make a
sizable amount of money every month.

6) Data diddling:

 A data diddling attack involves altering raw data just before it is processed by a computer and then
changing it back after the processing is completed.

 Electricity boards in India have been victims to data diddling programs when private parties
computerize their systems.

7)Forgery:

 Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using
sophisticated computers, printers and scanners.

 Outside many colleges there are many miscreants soliciting sale of fake mark sheets or even
degree certificates.

8) Web jacking:

 Web jacking occurs when someone forcefully takes control of a website.

 The first stage involves password sniffing.

 The actual owner of the website does not have any control over what appears on that website.

9) Newsgroup spam/ Crimes emanating from Usenet newsgroups:

 The advent of Google groups and its large UseNet archive has made UseNet more attractive to
spammers than ever.

 Spamming of Usenet newsgroups actually predates e-mail spam.

 The first widely recognized UseNet spam titled “Global alert for all: Jesus is coming soon” was
posted on 18th Jan 1994

10) Industrial spying/ industrial espionage:

 Today corporations like government often spy on the enemy.

 The internet and the privately owned systems provide new and better opportunities for espionage.

 Spies can get information about product finances , research and development and marketing
strategies, an activity called as industrial spying.

 Cyber spies rarely leave behind a trail.

 This has been the reserved hunting field of few hundreds of highly skilled hackers, contracted by
high profile companies or certain governments.

 With growing public availability of Trojans and spyware material even low skilled individuals
have got involved into it

 One interesting case is the famous Israeli Trojan story, where a software engineer created a Trojan
horse program specifically designed to extract critical data gathered from machines infected by his
program.

 He made business out of it by selling his program to companies in Israel.

11) Hacking: The purpose of hacking are many, the main are:

 Greed

 Power

 Publicity

 Revenge

 Adventure

 Desire to access forbidden information.

 Destructive mindset.

 Every act committed toward breaking into computer and/or network is hacking and it is an
offense.

 Hackers write or use readymade computer programs to attack the target computer.

 They possess the desire to destruct and get an enjoyment out of this.

 Some do it for monetary gains such as stealing credit card information, transferring money from
various bank accounts to their account.

 They extort money from corporate giant threatening him to publish the stolen information.

 Government websites are hot favorite for hackers.

 Hackers, crackers and phreakers are some of the oft heard terms.

 The original meaning of the word hack meaning an elegant, witty or inspired way of doing almost
anything

12) Online frauds:

 There are few major types of crimes under the category of hacking: spoofing websites and Email
security alerts, hoax mails about virus threats, lottery frauds and spoofing.
 In spoofing websites and e-mail security fear, fraudsters create authentic looking websites that are
nothing but spoof.

 It prompts the user to enter personal information which is then used to access business and bank
accounts.

 Such links come embedded in e-mails

 In virus hoax(fraud) emails, the warning may be genuine, so there is always a dilemma whether to
take them lightly or seriously.

 Lottery frauds are typically letters or e-mails that inform the recipient that he or she has won a
prize in a lottery.

 They take bank details to transfer money and they also ask for processing fee.

 The details provided can easily be used for other scams.

 Spoofing means illegal intrusion, wherein the hacker poses as a genuine user(false identity).

13)Pornographic offense:

 Child pornography means any visual depiction, including but not limited to the following.  Any
photograph that can be considered obscene and/or unsuitable for the age of a child viewer.  Film,
video, picture  Computer generated image or picture of sexually explicit conduct where the
production of such visual depiction involves the use of minor engaging in sexually explicit conduct.

 Child pornography is considered an offense.

 Internet explosion has made children a viable victim to the cybercrime and pedophiles.

 Pedophiles are the people who physically or psychologically pressurize minors to engage in
sexual activities.

 The modus operandi of pedophiles is as under:  Pedophiles use false identity to trap the
children/teenagers.  They seek children/teens in the kids areas on the services where the children
gather.  They befriend them.  They extract children’s personal information by gaining their
confidence.  They start mailing these children using sexually explicit language. They start sending
pornographic images/text in order to shed their inhibitions so that a feeling is created in the mind of
victim that what is being fed to them is normal and that everybody does it.  At thee end of it the
pedophiles set up a meeting with the child out of the house and then drag them into the net to further
sexually assault him as a sex object.

 Such things can be avoided if the parents are aware about it.

 In most of the scenarios parents are unaware about the internet and the hidden dangers of it. 
Most children remain unprotected in cyber world.

14) Software piracy:

  Cybercrime investigation cell of India defines software piracy as theft of software through the
illegal copying of genuine programs or the counterfeiting and distribution of products intended to
pass for the original.

 Various examples of software piracy  End user copying –friends loaning disks to one another,
organizations not tracking their software licenses  Hard disks loading with illicit means- hard disk
vendors load pirated software.  Counterfeiting – large scale duplication and distribution of illegally
copied software.  Illegal downloads from the internet- by intrusion , by cracking serial numbers.

• Those who buy pirated software lose a lot:

a. Getting untested software that may have been copied thousands of times

b. The software may contain hard drive infecting virus

c. No proper license so no technical support.

d. There is no warranty protection.

e. No legal right to use the product.

15) Computer sabotage:

 The use of internet to hinder(hamper) the normal functioning through the introduction of worms,
viruses or logic bombs, is referred to as computer sabotage.

 It can be used to gain economic advantage over a competitor.

 To promote illegal activities of the terrorists

 To steal data or programs for extortion.

 Logic bombs are event driven programs created to do something only when a certain event
(trigger) occurs.

16) Email bombs:

 It refers to sending a large number of emails to crash victim’s email account or mail servers.

 Computer programs can be written to instruct a computer to do such tasks on repeated basis.  In
recent times, terrorism has hit the internet in the form of mail bombings.

 This maybe or may not be legal but is certainly disruptive.

17)Usenet newsgroup as a source of cybercrime:

 Usenet is a popular means of sharing and distributing information on the web with respect topic or
subject.

 Usenet is a mechanism that allows sharing information in many to many manner.

 The newsgroups are spread across 30000 different topics.

 There is no technical method available for controlling the contents of any news group.

 It is subject self regulation or net etiquette.

 it is possible to put UseNet to following criminal use.

1. Distribution/ sale of pornographic material.

2. Distribution/ sale of pirated software packages.

3. Distribution of hacking software.

4. Sale of stolen credit card numbers.

5. Sale of stolen data/ stolen property.

18) Computer network intrusions:

 Computer networks pose a problem by way security threat because people can get into them from
anywhere.

 Crackers who are often misnamed hackers can break into computer systems from anywhere in the
world and steal data, plant viruses, create backdoors, insert Trojan horse or change username and
passwords.

 Current laws are limited and many intrusions go undetected.

 The cracker can easily by pass the password hence , the practice of strong password is important.

19)Password sniffing:

 Password sniffers are programs that monitor and record the name and password of network users
as they login, jeopardizing security at a site.

 Whoever installs the sniffer can then impersonate an authorized user and login to access restricted
documents.

 Laws are not yet set up to adequately prosecute a person for impersonating another person online.

 Laws designed to prevent unauthorized access to information should be implemented.

20) Credit card frauds:

 Information security requirements for anyone handling credit cards have been increased
dramatically recently.

 Millions of dollars may be lost annually by consumers who have credit card and calling card
numbers stolen from online databases.

 Bulletin boards and other online services are frequent targets for hackers who want to access large
databases of credit card information.

 Such attacks usually result in the implementation of stronger security systems.

21) Identity theft:

 It is a fraud involving another person’s identity for an illicit purpose.

 This happens when a criminal uses someone else’s identity for his own illegal purposes.

 Phishing and identity theft are related offenses.

 Examples include fraudulently obtaining credit cards, stealing money from the victim’s bank
accounts, using the victim’s credit card number, renting an apartment etc.

Que ) Write a short note on “Indian legal perspective on cybercrime”

Ans) Cybercrime the legal perspective:

 Cybercrime poses a mammoth challenge.

 International legal aspects of computer crimes were studied in 1983.

 In that study, computer crime was consequently defined as encompass any illegal act for which
knowledge of computer technology is essential for its perpetration.

 Cybercrime is an outcome of globalization.

 Globalized information systems accommodate an increasing number of transnational offences.

 The network context of makes it one of the most globalized offences of the present and most
modernized threats of the future.

 This problem can be resolved in two ways: Cybercrimes: An Indian perspective

 India has the fourth highest number of internet users in the world around 45 million users.

 37% of all internet access happens from cybercafés and 57% users are between age 18 to 35. 
There has been a 50% rise in cybercrime in the year 2007 as compared to 2006.

 Majority of the offenders were under 30

 46% cases were related to cyber pornography and hacking.

 The Indian government is doing its best to control cybercrimes.

 Police are being trained to handle cybercrimes.

 They are trained for 6 weeks in computer software and hardware, data communication network,
network protocol and network security.
Que ) What is Hacktivism?

Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially or
ideologically motivated purpose. It is basically used as a means to promote an agenda. Hacktivists
are responsible for denial-of-service (DoS), distributed denial of service (DDoS), information theft,
data breaches, web site defacement, typosquatting(URL hijacking relying on typographical errors in
URL spelling) and many other acts of digital sabotage.

Que ) Write a short note on Cyber War.

‗Cyber "war" is simply the act of fighting on an electronic battlefield with digital weapons. To
attack an adversary‘s capabilities in an effort to disable or destroy their ability to get things done.
This may be completely digital in nature (such as communication and information systems) or the
electronics that monitor and manage physical infrastructure, like power and water systems. Hostile
code like StuxNet is an example of such weapons for cyber warfare.

Cyberwarfare has been defined as "actions by a nation-state to penetrate another nation's computers
or networks for the purposes of causing damage or disruption," but other definitions also include
non-state actors, such as terrorist groups, companies, political or ideological extremist groups,
hacktivists, and transnational criminal organizations

Que ) What is Cyber espionage?

Cyber espionage is unauthorized spying by computer6. However, a more comprehensive definition,

and the associated tools, is given by Anonymous7 which is as below:

Cyber spying, or cyber espionage, is the act or practice of obtaining secrets without the permission
of the holder of the information (personal, sensitive, proprietary or of classified nature), from
individuals, competitors, rivals, groups, governments and enemies for personal, economic, political
or military advantage using methods on the Internet, networks or individual computers through the
use of cracking techniques and malicious software including Trojan horses and spyware. It may
wholly be perpetrated online from computer desks of professionals on bases in far away countries or
may involve infiltration at home by computer trained conventional spies and moles or in other cases
may be the criminal handiwork of amateur malicious hackers and software programmers.

Que ) How to prevent Insider Attack

If you consider the full attack path of an external hacker, the first step is to gain internal access.
Usually organisations expend an extra ordinary amount of resources on protecting their edge
specifically to counter insider threats. Every organisation need to create an effective security policy
is understand your attack surface. Below are the steps for preventing insider attack:
Step 1: The first step in protecting a company‘s assets from internal attacks is to identify and
classify what those assets are and what controls are currently in place to protect those assets. If a
company‘s most important asset is money, then it will be important to note its physical location, how
it is accessed, how it is guarded, who currently protects it, how much of it exists, and how the
amount is recorded and maintained safe from alteration.

If the most important asset is data, it will be important to note what form is it stored in (electronic or
physical), where it is stored (on a server, in a file cabinet), how it is accessed (over the network,
physically opening a file cabinet), who has access to it (employees, managers), how changes are
logged, and what controls are in place to secure it (usernames & passwords, lock & key). After
identifying the assets and all the means of accessing them, the company should determine who,
within the company, has access to these assets. This list should be reviewed and re-evaluated against
job roles to ensure that only those employees that actually need access to conduct their daily
responsibilities continue to have access. For all other employees, regardless of rank or managerial
influence, their access should be removed.

Step 2- Assigning Owners: Classify your information so you can design and implement the proper
controls for different types of data. The owner should be typically a senior ranking official, who
have a solid understanding of the high level business processes but he/she should not be involved in
the daily routine of operations or maintenance.

The owner should be responsible for making decisions about the assets including who should have
access to them, and for what purpose. The information supervisor should be responsible for the
maintenance and administration of the assets. The supervisor should follow the directives of the
information owner and provides the operational and security aspects of maintaining the asset. If the
owner defines the ―what and who‖, the supervisor provides the ―how‖.

Step 3- Recognize Suspicious behaviour: It is difficult to prevent a malicious attack from a

motivated insider, there are ways to spot bad behaviour before it becomes a big problem. Each
employee has logical patterns of information usage, and the organization should look for abnormal
usage and investigate when this occurs. For example, if an employee looks at 50 customer accounts
each day and then one day looks at 100 or more, there is a potential issue that should be investigated.
You always need to understand if unusual behaviour is warranted or malicious. Identifying potential
issues or unauthorized changes requires logging or record keeping of all changes so as to be able to
identify who made the change, when it happened, and the details of the changes.

Step 4- File Sharing on internal network: Most common vulnerabilities of companies is caused by
their inherent desire to share everything internally. When members of a team want to communicate
or share files with each other, they will create a folder on an internal file server, give it their team‘s
name, and begin sharing files. Although we like to believe our employees are inherently good, it is
not good practice to leave the bank vault completely unlocked. As with network file shares, if the
Finance and Accounting team creates a folder that has employee or customer banking information in
it, does this really need to be visible to everyone?

Step 5: Permission Allotment

A small company may have one employee tasked with multiple jobs. As the company grows this
employee will begin to delegate his responsibilities to new employees, thereby reducing his access
requirements to specific assets. The trouble is, many companies focus their efforts on providing
access to their employees and do not focus on removing access or ensuring alignment with actual job
responsibilities.If an employee started out as a database developer and was promoted after three
years to manager and then three years later to director of operations, it is likely that their access
requirements would be significantly different today versus when they started. But there are many
directors and vice presidents that still possess their same permissions that they had when they started
with the company. This can pose a significant risk to a company if that VP or director becomes
disgruntled or didn‘t get that raise they were expecting.

Step 6: Data Portablity

The Internet provides a backbone of communication for legitimate business use but also facilitates
employees sending internal information outside the company. This can be accomplished by email,
file transfer protocol, instant messaging, or even over the web via hypertext transfer protocol
(HTTP). Along with relying on networks to send and receive data, employees can also take
advantage of local data portability from their desktop or laptop via CD/DVD burners or even USB
thumb drives. While the devices may simplify the transfer of data between machines, their use also
increases the risk of data theft. Employees with access to the company‘s intellectual property may
rationalize the transfer from their work machines to their home systems to work at home. The
problem is that

once the data leaves a company computer, the company can no longer ensure the security or
legitimate use of the data.

Step 7: Manage Incident Response

Incident response is a very tricky and precise job. Even a small mistake can lead to major pieces of
evidence being lost or some other evidence being tainted in a way that makes it inadmissible in
court. If your security team is not trained and certified in incident response, you should have a
relationship with an organization that is and call them as soon as you identify a problem. They‘ll
likely want to get on the ground immediately.

Que) How to prevent Outsider Attack

For many a system is a hub of significant documents, files, and applications, but there is always a
risk of losing the important files because of outside threat8. Outside threats have become a big
concern for all users, especially those who use the internet regularly. Starting from damage to your
system to cyber crime like identity theft, outside threats pose many dangers to your system.
However, the silver lining to this concern is the presence of ways to protect and guard your system
from these threats. You do not need to be a computer wizard to do this, as you just have to follow
some simple steps. When it comes to computer security, you have to look after many aspects such as
risk analysis, kinds of threats, security policy, and then come protection techniques. Viruses,
keylogging, worms and phishing attacks are all around your system to damage it, but there are ways
through which you can assure the security of your system. The main ways of computer security
includes:

Antivirus programs, which can scan and keeps you alert about viruses

information between your system and internet.

lost files because of virus attack.

Things to remember

Apart from the main security options for your data, there are some more points that you should keep
in mind. These are as follows:

ser and OS up to date

Que) What is a Comprehensive IT Security Policy?

To ensure that you are effectively protecting your data, you need something that works to prevent
breaches, detect potential threats, analyze suspicious activity, and provide remediation in the event
that something does occur. That’s where IT security policy comes into play.

A comprehensive IT security policy is essentially a battle plan that guides your organization,
ensuring that your data and network is guarded from potential security threats. Think of it as a link
between your people, processes, and technology. When a security breach happens, it’s likely because
one of these links has failed.

Having IT security policy in place, therefore, should tell your employees what’s expected of them,
and helps to educate them on safe and secure procedures they should be following. Such a policy
should encompass a variety of activities, like how your organization’s workstations will be
configured, how your employees will log in, building access procedures to be aware of, and how
your employees should be trained – after all, security breaches at the end-user level can often be
prevented if the end-users are aware of safe practices.

5 benefits of Having a Comprehensive IT Security Policy

1. A Comprehensive Security Policy helps enhance organization’s overall security posture.

2. A Comprehensive Security Policy helps to better prepare for auditing and compliance
requirements

3. A Comprehensive Security Policy leads to increased operational efficiency.

4. A Comprehensive Security Policy leads to increased accountability for both users and
stakeholders within organization.

5. A Comprehensive Security Policy provides organization with a solid strategy around effective
communication and enforcement of policies.

Que) Explain International Conventions on Cyberspace?

The Convention on Cybercrime, also known as the Budapest Convention on Cybercrime or

the Budapest Convention, is the first international treaty seeking to address Internet and computer
crime (cybercrime)by harmonizing national laws, improving investigative techniques, and increasing
cooperation among nations. It was drawn up by the Council of Europe in Strasbourg, France, with the
active participation of the Council of Europe's observer states Canada, Japan, Philippines, South
Africa and the United States.

Since it entered into force, important countries like Brazil and India have declined to adopt the
Convention on the grounds that they did not participate in its drafting. Russia opposes the
Convention, stating that adoption would violate Russian sovereignty, and has usually refused to
cooperate in law enforcement investigations relating to cybercrime. It is the first multilateral legally
binding instrument to regulate cybercrime.

The Convention aims principally at:

 Harmonising the domestic criminal substantive law elements of offences and connected
provisions in the area of cyber-crime

 Providing for domestic criminal procedural law powers necessary for the investigation and
prosecution of such offences as well as other offences committed by means of a computer
system or evidence in relation to which is in electronic form

 Setting up a fast and effective regime of international cooperation

The following offences are defined by the Convention: illegal access, illegal interception, data
interference, system interference, misuse of devices, computer-related forgery, computer-
related fraud, offences related to child pornography, and offences related
to copyright and neighbouring rights.
It also sets out such procedural law issues as expedited preservation of stored data, expedited
preservation and partial disclosure of traffic data, production order, search and seizure of computer
data, real-time collection of traffic data, and interception of content data. In addition, the Convention
contains a provision on a specific type of cross-border access to stored computer data which does not
require mutual assistance (with consent or where publicly available) and provides for the setting up
of a 24/7 network for ensuring speedy assistance among the Signatory Parties. Further, as conditions
and safeguards, the Convention requires the provision for adequate protection of human rights and
liberties, including rights arising pursuant to obligations under European Convention on Human
Rights, International Covenant on Civil and Political Rights, and other applicable international
human rights instruments, and shall incorporate the principle of proportionality.