Use this URL to cite or link to this record in EThOS:
Title: Multi-layered regulation of phishing attacks : a Taiwan case study
Author: Kuo, Chuan-Chi
ISNI:       0000 0004 5359 6354
Awarding Body: University of Warwick
Current Institution: University of Warwick
Date of Award: 2014
Availability of Full Text:
Access from EThOS:
Access from Institution:
This research examines the regulation of phishing in Taiwan, particularly focusing on legal regulation but within a context of a multi-dimensional regulatory framework which also necessarily includes an examination of international regulation and the interaction between international and Taiwan regulatory interfaces given the transnational nature of phishing. Phishing is a malicious cyber activity which targets the acquisition of various types of confidential information by deception through the use of spoofed emails and/or websites. The increasing threat of phishing to information security has inspired a growing demand for regulation. Significant effort has been made in academic research and by industry to develop regulatory measures for phishing, which is dominated by technological work with comparatively little research on legal regulation. The current legal discussion of phishing, both international and Taiwan, very often concentrates on the criminal liability of phishers and pays little attention to the alternative role of law in the regulation of phishing. Thus this research suggests a broader approach to legal regulation that goes beyond criminal law and particularly addresses the role of information privacy law which constrains phishing by ensuring the protection of personal information. Phishing has posed crucial challenges to the traditional system in terms of both criminalization and legal enforcement. The solution that has been mostly addressed by the existing research is cooperation. As phishing is frequently a global phenomenon, this research suggests that an international approach involving coordination of legal standards and cross-border cooperation of law enforcement is necessary to tackle phishing, and also suggests that the fundamental step lies in a converged regulation of phishing consistent with its true context. Weak legal enforcement is a major deterrent to the effectiveness of legal regulation which highlights a need for a broad from of regulation that goes beyond law. In addition, a successful phishing episode involves a complex of factors including not only weakness in law but also vulnerability of technical infrastructure, administrative system and user awareness. A single solution is thus unlikely to deal with phishing. This research therefore suggests a multi-dimensional regulatory framework comprising different countermeasures developed especially in the areas of law, technology, education, and institutional network. It examines the anti-phishing approach undertaken in Taiwan employing qualitative methods to supplement the doctrinal research. In the context of a shortage of Taiwan scholarship on this subject, the research provides a set of suggestions to Taiwan development of a multi-dimensional regulatory scheme.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available
Keywords: HV Social pathology. Social and public welfare ; KN Asia and Eurasia ; Africa ; Pacific Area ; and Antarctica