Developing an Online Banking Application

Developing an Online Banking Application This report details the importance of securely developing a software and the best practices to implement throughout the development lifecycle. Using the Microsoft Secure Development Lifecycle Model, a software can be developed with sufficient security measures throughout each stage from the beginning of development until its eventual release and even responding to incidents that may follow its release. Creating an online banking application without thoroughly considering the security of the banks assets and customers information would be virtually impossible. Due to the vital importance of the assets a bank contains, large security measures while developing any aspect of its services must always be implemented. Developing this online banking application must include various steps as can be seen in the Microsoft Security Development Lifecycle (Such as Security Requirements, Risk Assessment and Threat Modelling). Banks and financial businesses are large targets for malicious attackers who target the online services provided by these companies. It is for this reason that the threats posed to a bank with an online banking service are vast and development of such an application should be treated as such. Considering the OWASP Top 10 is a good initial security measure as mitigating the threats of the top 10 most common vulnerabilities found in web applications will give a good foundation in avoiding attacks. The application works by having the user access the website through their browser, navigating through the two step authentication and then gaining access to various options relating to their account such as viewing statements, transferring money to other accounts and viewing the amount currently in their account. The first of the two step verification is an 8 digit pin that the user will have decided upon earlier when first creating their account for their online banking service. The second step verification will either be the users date of birth or occasionally it will be the users contact number. This second step verification will change randomly so as to avoid use of an automated tool attempting to access a users account. When the user creates an online banking account, they will be required to give their home address and account number. A letter will then be sent to the user giving them a code that is specific to them which they can then use to verify their identity on their first use of the online banking application and complete creating their account. This means that the only people who can use the service are those who already have full access to the users account details and their post. This is an effective security measure as implementing security into a software that can be compromised simply by having any person impersonate another user signing up for the service would be redundant. Another way that the login process will be secured is by using a counter in which if a user enters details incorrectly three consecutive times then they will be unable to make another attempt for a short period of time. The reason behind this two step verification process is to hinder the use of tools that would continuously attempt to crack the login system, possibly with the use of a tool such as John the Ripper or THC Hydra. The limited amount of login attempts is also used to avoid brute-force attacks from occurring. Having already been authenticated, a user will then have access to their account details including their balance, their previous statements and also they will be able to transfer funds from their account. All of this information will be stored in a database which will be encrypted and salted meaning that a leak of this information should not cause for the information to be decipherable by an attacker. The Secure SDL (Software Development Lifecycle) as implemented by Microsoft is a development process which assists developers in creating secure software and looks at complying with security requirements whilst reducing the overall development cost. The Lifecycle is separated into 7 different SDL practices as can be seen in the figure below. These practices are used to highlight security implementations in the various stages of a softwares development. For example, in the designing of a developing software, it is necessary to create accurate threat models which can be used to easily locate different possible vulnerabilities that the software may be subject to. (stan.gr, 2012). (Microsoft, 2016). Establishing Security Requirements One of the first steps to be taken in developing the banking software is to establish what security and privacy requirements will be implemented in the software. This will make it easier to identify the direction of the development and assist in keeping to the schedule. The team developing the banking software will primarily look at the OWASP Top 10 as the main vulnerabilities that may occur in the application and attempt to secure against these. One of the security requirements that will be present in the software is to secure the software against Injection. As the information that is shown when a user logs in is sensitive, the software must protect against malicious users attempting to login by using injection. In order to avoid SQL injection, the software will be developed using prepared statements in order to sanitise the input of the user. Validation methods will be included in the software to ensure that each user has the correct authority to use the functions that they attempt to use and that all inputs that are entered into the application will be acceptable so as to avoid cross site scripting and other such threats. Create Quality Gates / Bug Bars In the early stages of development, deciding what the minimum acceptable level of quality should be present in the security of the software is vital. Without this step, oversights may exist such as users private information not being totally secure as the development team did not focus on protecting this over a different area. Having a minimum acceptance level also helps the development team to correct security bugs as they are to follow the standard set and will be given some concept as to what risks are associated with various issues. For this software, it will not be acceptable that any bug that could be related to the leaking of information may be present. Strict security measures will be put in place to ensure that the privacy of the banks customers will be protected. Security Privacy Risk Assessment This stage of the development will involve examining the software design and locating areas that are potentially prone to more threats or perhaps possess more risks than other areas. For example, the database being protected, as it contains vital information, is of higher risk of a malicious attack than the website hosting the application. Identifying these risks and what they are susceptible to will improve the security of the software. This will be further developed in the threat modelling step as this step determines which parts of the project will require threat modelling. This stage is vital in the development process as the likelihood of protecting against a risk that has been overlooked in the development of the software is far less than if it had been analyzed throughout the development. Design (Microsoft, 2016). Establish Design Requirements Establishing the Design Requirements will ensure that the software will function in the intended way while also allowing to minimise cost and improve security throughout the development. This stage will guarantee that the software will be user friendly and will also assist in ensuring that there is no way that a user may accidentally gain access to information that they are not authorised to do so. Analyze Attack Surface This step involves analyzing which parts of the software presents opportunities for attackers and can assist developers in reducing these vulnerabilities. This may involve disabling or restricting certain access to services. This stage is another stage that will be a large part of the threat modeling stage in that it will allow the developers to identify aspects of the software that are viable to be attack targets. Threat Modeling This step will allow the developers to look at exactly what happens when a user is using the service and to anticipate what aspects are vulnerable to threats. From here, developers can decide the feasibility of reducing these threats and how this may be achieved. This can be done by identifying vulnerable areas and ensuring that they are secured against the attacks that they are susceptible to. The importance of this stage is highlighted by the importance of protecting the sensitive information that the application will be using. The figure below shows a threat model created with the Microsoft Threat Modelling Tool 2016 in regards to the online banking service. (Microsoft, 2016). Use Approved Tools Using approved tools throughout the development process will assist in ensuring that correct security procedures will be used in the software. This includes using a compiler which will flag security warnings if the software is being compiled and contains a known security risk. These tools may include the IDE (Integrated Development Environment) for the developers to programme the software on, such as Eclipse. Deprecate Unsafe Functions Banning functions that are deemed to be unsafe will reduce potential bugs in the software. Detecting these can be done by using automated tools or manually checking the code and ensuring that none of the functions are present on the banned list which can be found at https://msdn.microsoft.com/en-us/library/bb288454.aspx>. Static Analysis Analyzing the source code before compiling it is a good way of ensuring that the code has been developed in a secure manner. This stage will involve the developers to look at the code and check that the correct security protocols have been put in place such as prepared statements and sanitisation of inputs. (Microsoft, 2016). This stage of the Software Development Lifecycle involves testing the software to ensure that the software is functioning as it is intended and also allows for web application penetration testing to be carried out in order to confirm that the security functions put in place are working correctly. This penetration testing can be done by the business if they have their own department or it can be outsourced to an outside specialist company such as Offensive Security. Offensive Security offers more accurately simulate real-world hacking situations to audit network, web, and application security programs (Offensive Security, 2016). (Microsoft, 2016). Perform Dynamic Analysis Using various tools to monitor things such as user privilege issues will assist in verifying how secure the software is when being used. It is at this stage that the software can be looked at for any possible security oversights. This stage is similar to the testing stage and can be used to verify what devices the web application works on and also if there are any errors with how to application performs. An example of this would be that the application may work as intended on a Firefox browser from an android device but may not work entirely as intended on Safari on an iOS device. Fuzz Testing This step involves attempting to make the program fail by introducing random data. This testing is used to verify how the software handles errors and if there is any weakness in the security of how the software does this. This may involve an error occurring which gives sensitive data about the softwares database. This testing will ensure that the sanitisation of the user inputs is working correctly by handling these errors rather than executing code that is input. Attack Surface Review Reviewing the attack surface when the code has been completed will help ensure that any future changes to the design or functionality of the software has been considered and that these changes will not compromise the security of the software. An example of this could be that considering making the web application into a mobile device application may present difficulties as different vulnerabilities may be present. (Microsoft, 2016). Create an Incident Response Plan Creating an Incident Response Plan is crucial in order to combat any threats that may appear over the softwares lifecycle. It involves identifying security emergency contacts in the event that a security breach occurs. The incident response plan can be broken down into six phases: Preparation Detection Containment Investigation Remediation Recovery The Preparation phase involves having implemented the correct controls in order to recover following an incident. It states the policies, tools and contact information that is necessary in order to respond efficiently to an incident. Detection is a phase which involves the discovery of the incident. This can be through use of logging or may come in the form of a consumer alerting the business. In this phase, the incident will be declared and the severity of it will be determined. The containment phase will be where the affected part of the software will be isolated or mitigated if possible. If the incident affects the software in its entirety, it must be determined whether or not the entire software is to be taken offline so as to avoid any more users to be affected by it. The investigation phase will involve looking at the incident and attempting to identify the source, the scope and the priority of the incident. The remediation phase will be where it is decided which parties to inform about the incident and will confirm that the threat has in fact been contained. The recovery phase will be the phase in which it is determined how the software will ensure that the incident does not happen again and will confirm whether it is necessary to review any of the softwares policies. (Raderman, L. 2015) Conduct Final Security Review Reviewing all of the security checks and measures prior, throughout and post release of the software helps to ensure that they were carried out correctly and that none had been left out. This step can be assisted by using an automated tool such as Vega to scan the application and determine if any known vulnerabilities have been overlooked. Ensuring that the utmost has been done to protect the security and privacy of its users should be one of the banks largest priorities in developing this software as without the trust provided by this, the bank will surely suffer with a loss of assets in the form of customers and finances. Certify Release and Archive Certifying the software before it is released will help to ensure that all of the correct security requirements were met. Archiving the data will allow the developers to do roll backs and to review any future security or privacy breaches in relation to the original software. Without certifying the software upon its full release, the credibility of the software may be questioned and it may cause negative public relations for the business. As a bank, it is important that customers are confident in the security and privacy provided by the business. (Microsoft, 2016). Execute Incident Response Plan The capability of implementing the Incident Response Plan from the Release step will assist in helping users to avoid severe security and privacy breaches and allow for the company to have a quicker response to any exploits that may arise. This step is important as users should feel confident that the bank has their best interests in mind and will ensure that their security, being one of the business key assets, is being frequently and effectively protected. Developing an online application for a bank could prove extremely beneficial and convenient for its customers. However, the importance of the information that a bank retains in regards to its customers and their finances is high and with the nature of cyber security and its ever increasing attacks, especially to a high profile target such as a bank, the development of such an application should be assessed with security in mind throughout the process. Following the Microsoft Secure Development Lifecycle is a very effective way of ensuring that a software is thoroughly analyzed for security threats and vulnerabilities and ensures that a business will have reasonable plans in place in the event that any breach of security may happen. It is also beneficial when developing a software to be secure, to refer to the OWASP Top 10 vulnerabilities and ensure that the software is as secure against these vulnerabilities as possible. Microsoft (2011) Security Development Lifecycle (SDL) Banned Function Calls [online] available from:ÂÂ   https://msdn.microsoft.com/en-us/library/bb288454.aspx [accessed 27th December 2016]. Microsoft (2016) What is the Security Development Lifecycle? [online] available from: https://www.microsoft.com/en-us/sdl/ [accessed 27th December 2016]. Offensive Security (2016) Advanced Penetration Testing Services [online] available from: https://www.offensive-security.com/offensive-security-solutions/penetration-testing-services/ [accessed 2nd January 2017]. OWASP.org (2015) Top 10 2013-Top 10 [online] available from: https://www.owasp.org/index.php/Top_10_2013-Top_10 [accessed 27th December 2016]. Raderman, L. (2015) Computer Security Incident Response Plan. Carnegie Mellon Information Security Office [online], 13th Febuary 2015, (pg 8-9), available from: https://www.cmu.edu/iso/governance/procedures/docs/incidentresponseplan1.0.pdf> [accessed 2nd January 2017]. The phases of Microsoft SDL.(2012) [online image] available from: http://www.stan.gr/2012_11_01_archive.html>,[accessed 27th December 2016].

Guide for employers Essay

Eliminating would mean developing a zero tolerance anti-bully policy while the work environment is being structured to incorporate a sense of autonomy and individual challenge. The best way is to define specific duties and responsibilities of every employee working in the organization. This shall give one a good reference of what and what not to do as covered by the job description. People management practices of managers and work systems must be determined like staff shortages, poorly defined jobs, and lack of policies and procedures including leadership styles. A good and strong HR is but appropriate when there is a need for control of attitude and behavior like when the bullies are the managers. It is high time that HR shall have a distinct place in the organizational chart like organization reengineering that will really make them effective in responding to employee’s problems like sexual harassment, bullies, and workplace violence. However bullying is not always intentional. Workplace diversity also plays a minor role in it when people do not seem to realize that the effects on seemingly innocent gestures or words on others may be perceived negatively and may have a detrimental effect brought about by relative cultural differences. The organization then is encouraged to carefully design and implement an equal opportunity or diversity policies to initiate culture change and work ethics like what is and what is not an acceptable behavior. This will of course lessen counterproductive behaviors. Allow no idle time, see to it that each one is performing and completing their job on time. Preoccupation with the task on hand makes employees look and observe other people less. Idle times promotes chatting and looking at other people’s personal businesses. HR of course shall make use of productivity tools measurement like man-machine charts to make sure that employees used their time wisely but not overworked. The organization must promote team empowerment and group dynamics leadership to care for the values, interest and emotional responses of the members while taking care of the interests of the organization. Develop a code of ethics that everyone is able to understand and follow. HR needed to establish an independent contact with employees and secretly conduct attitude surveys especially on departments where there is high statistics of staff turnover. Eliminate trouble spots by holding awareness seminar and providing a kind of online hotline where employees may be able to tell their problems to HR direct. It could be a tedious task reading emails and complaints but there is not much option better than open communication. Procedure must be developed in handling complaints regarding bullying. The easiest part is to make a blog as part of the company website and encourage employees to contribute. One can know if something is happening within the organization or not by the way they write. To manage stress, deep rooted problems even domestic ones, big organizations must be able to have a counselor (Tehrani 2001, p. 209) offline and online. If it is too expensive then the organization must be able to refer them to one that is not so expensive and that can closely work with HR. Domestic problems has greater tendency to get spilled out in workplaces. Stress and anxiety affects productivity and so employers must provide all the features that could eliminate such deficiency. Domestic violence is not just a private matter anymore because it could get spilled in the workplace anytime. Bullying breed bullying and violence breeds violence. Bully and violence complaints must be immediately responded, investigated and properly documented. This will also paved way to improving current anti-bully policy on hand. Since this is a problem of global dimension, there is a need to evaluate the violence prevention programs and refer any difficulties to an organization that specializes in the field. Employers must keep records of the bullying to help determine the reasons for the bully to be able to find relative solutions for it. The anti-bully policy must be made available in the company’s website along with the organization’s contact person for quick reference. Remember that one is dealing with the behavior and not with the person so it would be good to provide counseling and personal development programs too. References ACT Workcover 2004 Preventing workplace bullying: a guide for employers and employees ACT, Australia, pp. 4. Retrieved November 6, 2007 Website: http://www. workcover. act. gov. au/pdfs/guides_cop/Bullying_Guide-Final. pdf SHARP 2006 Workplace bullying: what everyone needs to know Department of Labor and Industries, Western Australia, pp. 1. Retrieved November 6, 2007 Website: http://www. lni. wa. gov/Safety/Research/Files/Bullying. pdf Tehrani, N. 2001 Building a culture of respect: managing bullying at work Taylor & Francis, London, pp. 209. The CMR Group 2006 Workplace bullying: what can you do? Retrieved November 6, 2007 Website: http://www. badbossology. com/i9763-c47

Automobile collision with serious injury

Yes, as a registered nurse and as a human being, I am obliged to stop and perform first aid should I see an automobile collision with serious injury. According to the Bureau of Labor Statistics, registered nurses (RNs), regardless of specialty or work setting, perform basic duties that include treating patients, educating patients and the public about various medical conditions, and providing advice and emotional support to patients’ family members. This definition shows that there is also the public included among the responsibilities of registered nurses. Nurses have for many years been awarded the top ranking in opinion polls about which occupations are most trusted by the general public.Some people might opine that nursing duties only relate to clinical settings and they tend to focus only nurse-patient relationship. Duties of the nurse exist only within the parameters of the hospital. Some might even argue that such intervention in roadside emergencies can get a nurse int o legal complications. But then, nursing is a profession that the public depend on for support and care especially in emergency situations.Historically, nurses have been associated with emergency responses. In early times, even though nurses were not as much educated and trained as the nurses of today, they offered their nursing services with great dedication and motivation. They were known for their self-sacrificing nature and offering a human touch that says â€Å"I care.† Nursing history is replete with examples of nurses who have knowingly incurred great risk in order to care for those in need of nursing or to contribute to the advancement of health science. In the United States, the Civil War is cited regularly for the role of volunteer nurses and for the stimulus it gave Clara Barton to organize the American Red Cross, which she eventually accomplished in 1881 (Williams, 2003). That humane touch has been characteristic of the nursing profession.The first plank of the Co de for Nurses states â€Å"The nurse provides services with respect for human dignity and the uniqueness of the client, unrestricted by considerations of social or economic status, personal attributes, or the nature of health problems.† This central axiom of respect for persons directs the profession (ANA, 1994). The nurse is not at liberty to abandon those in need of nursing care. According to Gebbie and Qureshi (2006), â€Å"The fundamental goal of nursing, to assist individuals to their highest possible level of functioning in the face of health and illness challenges, is never more needed than under emergency conditions†. This means, a registered nurse is obligated to attend to the wounded person in a roadside emergency.According to the Code for Nurses, nurses may morally refuse to participate in care, but only on the grounds of either client advocacy or moral objection to a specific type of intervention. As applied to nursing, a moral obligation exists for the nur se if the following four criteria are present: The client is at significant risk of harm, loss, or damage if the nurse does not assist; The nurse's intervention or care is directly relevant to preventing harm; The nurse's care will probably prevent harm, loss, or damage to the client; The benefit the client will gain outweighs any harm the nurse might incur and does not present more than an acceptable risk to the nurse (ANA, 2006). In the case of the roadside accident, the victims need to be attended to by a healthcare professional. Prompt medical attention by the RN can make a difference between life and death. Moreover, there is no personal risk. Hence there is a moral obligation on the part of the nurse to attend to the victims.Society has come to rely on nursing and to expect that it will rise to the health demands of virtually any occasion. The only problem registered nurses encounter during such roadside interventions is that they may be forced to take decisions beyond those t hey are qualified for. But then, they can be protected by the Good Samaritan Doctrine which is a legal principle that prevents a rescuer who has voluntarily helped a victim in distress from being successfully sued for ‘wrongdoing.’ The purpose of this doctrine is to prevent people from refusing to help for fear of legal repercussions if they make mistakes in treatment (Neumann, 2005).The practice of the professional nurse extends beyond the confines of the immediate setting where the nurse practices to the broader environment (AU, 2006). According to a survey of many nurses all respondents claimed to have medical assistance and would do so again, but about half of them would not do so unconditionally. However, no respondent has experienced legal complications from providing medical help though they had â€Å"heard† or â€Å"read† of such cases. Thus, it is the moral obligation of a registered nurse to help any accident victim in an emergency situation.Crit ique of Journal Article:Gebbie, K., Qureshi, K. in the article titled â€Å"A Historical Challenge: Nurses and Emergencies† (September 30, 2006) reviews the beginning of emergency nursing as a specialty. The authors also discuss the 21st century expectations about nursing during unexpected disaster situations and various nursing roles related to emergency care. The article is detailed and has many links to related articles.The article says that both paid and volunteer nurses have played a huge role historically in fighting epidemics, HIV and AIDS. Later, nurses became known for their wartime services. By the middle 20th century, emergency rooms came into being. Today, emergency care has become a nursing specialty. The authors then point to the growth of the International Committee of the Red Cross and the International Rescue Committee. The role of the nurses in local public health emergencies is highlighted. The authors conclude that nurses have been key players during vario us emergency situations in the past. In the future, any kind of emergency in the community can impact the public's health and nurses are needed for prevention, surveillance and response of every type.At the end of the 20th century, national thinking about emergency preparedness led to two important developments: identification of the key competencies needed for effective emergency response, and increased attention to planning for and practicing emergency response. The authors point out that it was necessary for nursing to identify the core abilities needed to become a part of an emergency response team and perform well. Therefore the UG nursing curriculum was adapted by the International Nursing Coalition for Mass Casualty Education (INCMCE) to assure communities that their professional nurses were competent to respond when needed.The article includes tables that list the competencies for public health workers, and the currently available emergency response competency sets applicabl e to nursing and the sources from which these data can be accessed in their entirety. Today, it has been recognized that there needs to be an inter-agency, interdisciplinary response, and that nearly all emergencies have potential health consequences. The authors conclude that nurses will continue to be key players in the local and national level emergency response as we move through the 21st century and that the fundamental goal of nursing, to assist individuals to their highest possible level of functioning in the face of health and illness challenges, is never more needed than under emergency conditions.The article is written in chronological sequence and is highly informative. The authors discuss present day trends in detail in the context of the terrorists attack on the World Trade Center and Hurricane Katrina. The included tables and references prove to be very useful in understanding the competency sets needed for emergency responses. This article underlines the need for comp etency in emergency response. This means nurses should be given better basic and continuing education and should be trained to meet such emergency situations through hospitals, public health centers, and community drills. Bibliography:Internet Sources:U.S. Department of Labor. Bureau of Labor Statistics: Registered Nurses. Occupational Handbook. http://www.bls.gov/oco/ocos083.htmAU (2006). School of Nursing: Our Philosophy. http://www.nursing.auburn.edu/about-us/our-philosophy.htmlWilliams, Robyn (2003). ABC Radio National Broadcast: The Ethics of Nursing in the Third Reich. Adelaide Institute. http://www.adelaideinstitute.org/Holocaust/nursing.htmPrint and Journal Sources:Gebbie, K., Qureshi, K. (September 30, 2006) â€Å"A Historical Challenge: Nurses and Emergencies†OJIN: The Online Journal of Issues in Nursing. Vol. #11 No. #3, Manuscript 1. Available: www.nursingworld.org/ojin/topic31/tpc31_1.htmANA (1994). Ethics and Human Rights Position Statements. Risk versus Respons ibility in Providing Nursing Care. http://www.nursingworld.org/readroom/position/ethics/etrisk.htmANA (2005). Code of Ethics for Nurses with Interpretive Statements. The Center for Ethics and Human Rights. http://www.ana.org/ethics/code/protected_nwcoe303.htmNeumann, Karl (2005). Are you a Good Samaritan. News Share. Nov/Dec 2005. http://www.istm.org/publications/news_share/200512/samaritan.aspx

Analysis on R v MacDonald 2014 - Free Essay Example

Sample details Pages: 6 Words: 1934 Downloads: 1 Date added: 2017/06/26 Category Law Essay Type Analytical essay Did you like this example? à ¢Ã¢â€š ¬Ã…“We are social beings and that we live in conditions of interdependence.[1]à ¢Ã¢â€š ¬Ã‚  This is the crux of legal liberalism, while legal liberalism argues for the individual this will always be constrained by our need for social interaction[2]. The case of R. v. Don’t waste time! Our writers will create an original "Analysis on R v MacDonald 2014" essay for you Create order MacDonald is based upon the issues that are faced when the police have to make a choice, protect public safety or violate an individualà ¢Ã¢â€š ¬Ã¢â€ž ¢s rights. Mr. MacDonaldà ¢Ã¢â€š ¬Ã¢â€ž ¢s rights may have been violated but this violation of rights was consistent with the legal liberalism principal that follows those rights, they can only extend so far as to not infringe on other peopleà ¢Ã¢â€š ¬Ã¢â€ž ¢s rights. The case of R. v. MacDonald, 2014 SCC 3, revolves primarily around the issues surrounding the rights to be free from unreasonable search and seizure and how the police acted in this case. In the case at hand the defendant was having a party in his Halifax residence when some of his neighbours called in a noise complaint[3]. One officer arrived at the scene and was unable to persuade Mr. MacDonald to turn down his music so she called for another officer[4]. Upon arrival the second officer repeatedly knocked and kicked at the door until Mr. MacDonald opened it. Mr. Ma cDonald only opened the door a few inches and the offer observed what appeared to be a gun in his hand hidden behind his leg[5]. The officer then opened the door a bit more and confirmed that the metallic object was a gun, upon confirming that the officer forced himself into the apartment and disarmed Mr. MacDonald[6]. Upon further investigation it was revealed that the gun was not properly registered in Halifax and was only registered in Alberta[7]. Mr. MacDonald was charged under section 95 of the criminal code for unlawfully possessing a restricted firearm without a licence, section 86(1) carelessly handling a firearm and section 88(1) having possession of a firearm for a dangerous purpose[8]. Mr. Macdonald was convicted on all three counts and sentenced to a total of 3 years in prison[9]. The case was appealed to the Nova Scotia Court of Appeal where they upheld the sentences and convictions for the charges under section 86 and 88 but threw out the conviction on section 95, this was based on the successful argument that the defendant had made a mistake of fact when he believed that his firearms licence was valid for all of Canada[10]. His sentence was also reduced on the other two charges. This was then appealed to the Supreme Court of Canada where the issue of the section 8 charter rights to be free from unreasonable search and seizure was the main focus as the defendant tried to have the other two charges dismissed, the crown also appealed the findings of the Nova Scotia Court of Appeal on the issue of the charge under section 95. The court reinstated the conviction under section 95 finding that although a mistake of fact was made this was no excuse and the conviction must be reinstated, but this could be a mitigating factor in sentineling[11]. On the next issue of the section 8 charter rights the court applied the Waterfeild test[12] and established that the search was justified, the police were performing there duty to protect the public and there was a real danger present and the only way to remove that danger was to perform a search, so the search was upheld and the court ruled that all of the convictions would stand[13]. Liberalism is a complex set of ideals that are the main governing ideas behind many of our modern political and legal systems today. As part of a larger political idea legal liberalism offers a perspective on how laws should be written and to what extent the government should inject itself into the day to day lives of its citizens[14]. Liberalism stresses a minimalist government approach, one of small government and few, but necessary, laws[15]. According to liberalism when laws are created they should be created in such a way to respect peopleà ¢Ã¢â€š ¬Ã¢â€ž ¢s individual rights, laws should not infringe on people unless it is to protect others from harm, the harm principal[16]. As a legal theory, liberalism assumes that all people are rational, independent, free thinking and completely autonomous from ou tside factors such as the community at large and the government[17]. With this in mind Devlin argues that liberalism advocates that à ¢Ã¢â€š ¬Ã…“à ¢Ã¢â€š ¬Ã‚ ¦society should be governed by the principals of liberty, equality and neutrality. To be more specific, Liberalism advocates that the state and law should strive to provide the citizen with as much space as possibleà ¢Ã¢â€š ¬Ã‚ ¦Ãƒ ¢Ã¢â€š ¬Ã‚ [18] Another point that goes hand in hand with the previous is the idea that each individual should be allowed to decide what their personal idea of the good is in their case[19], and each person should be free to choose his or her own path free of outside interference. While remembering that the idea of self is paramount in the realm of liberalism, it is recognized that humans do and must have social and other interactions with other people[20], in other words humans cannot operate as islands upon themselves and must be interactions with others. Legal liberalists would argue that th is is the place for law to interject, according to liberalistsà ¢Ã¢â€š ¬Ã¢â€ž ¢ law and government should step in to regulate these relationships and to promote the idea of positive relationships[21]. To fully realize the ideals of liberalism one must realize that this is a human created set of ideas and laws and because of that there are bound to be conflicts and tensions inherent to it. Devlin states that liberalism is the dominant legal ideal present in Canada today[22], and that the guiding principal behind that belief is one of infallible individual rights, but as Devlin goes on to point out rights are not infallible in Canada, and may be disregarded if it can be demonstrated to be justifiable in a democratic society[23]. So liberalism strives for an individualistic society, where everyone has rights that are their own, but as it can be seen there is room to bend that stringent definition of liberalism, and every society may adapt it to meet the needs of the people at the time . There are many ways in which the case of R. v. MacDonald can be looked at through the lens of liberalism. First off and probably most importantly is that of the policeà ¢Ã¢â€š ¬Ã¢â€ž ¢s right to search a person to ensure public safety, secondly would be the need to restrict and licence the firearm in the case and finally the question of, was Mr. MacDonald justified in pulling out a firearm when he knew or ought to have known that the police were outside of his residence? All three of these issues can be tested against the harm principal of liberalism. This principal is one that if the action is not causing harm to others than there is no reason to regulate it and there is no need for government intrusion into that area of a personà ¢Ã¢â€š ¬Ã¢â€ž ¢s life[24]. When the policeà ¢Ã¢â€š ¬Ã¢â€ž ¢s actions are compared against this framework of the harm principal it becomes very subjective to judge whether the actions were consistent with liberalism. While all can most likely agree that a firearm is a dangerous weapon did Mr. MacDonaldà ¢Ã¢â€š ¬Ã¢â€ž ¢s actions constitute a dangerous act? This was the question that the judges had to answer and they aired on the side of caution, trusting the police officerà ¢Ã¢â€š ¬Ã¢â€ž ¢s judgment that this situation could have escalated into one where the public was at great risk[25]. In this same vein the judges also decided that Mr. MacDonaldà ¢Ã¢â€š ¬Ã¢â€ž ¢s section 8 rights could be violated if it meant ensuring public safety[26]. While this on its face would be a violation of liberalism when we consider the harm principal, this ruling and the policeà ¢Ã¢â€š ¬Ã¢â€ž ¢s actions can be considered to be within the ideals of liberalism, while one personà ¢Ã¢â€š ¬Ã¢â€ž ¢s rights were violated this was done to protect others, and to allow others to fully enjoy their rights without interference. On the next issue of firearms control and licencing, while the court didnà ¢Ã¢â€š ¬Ã¢â€ž ¢t rule on the validity of firearms li cencing they did enforce the law by upholding the conviction[27]. So this begs the question, are these controls and limitations that are put on firearms consistent with liberalism? On its face these laws would be straying into the field of government intrusion into peoplesà ¢Ã¢â€š ¬Ã¢â€ž ¢ private lives, but firearms can be quite dangerous so then according to the harm principal shouldnà ¢Ã¢â€š ¬Ã¢â€ž ¢t government attention be paid to firearms? These are the questions that must be debated when discussing the issue. Canada has decided that, to spite our legal liberalism ideals[28], that firearms are something that deserve government intrusion into peopleà ¢Ã¢â€š ¬Ã¢â€ž ¢s lives to ensure the protection of the public. While regulating and restricting firearms clearly goes against the ideals of legal liberalism, this is a restriction that we as a society has decided is necessary and is just in a democratic society. On the final issue of Mr. MacDonaldà ¢Ã¢â€š ¬Ã¢â€ž ¢s actions, car rying a firearm to the door of his home when he should have known that the police were outside. While this may have been a justifiable action under legal liberalism if he suspected that the persons at his door were intruders, as they would have been violating his rights[29] and therefore he could justifiably have used the weapon in self-defence but the fact was that the people at his door were police officers. They had identified themselves[30], and were in essence enforcing the rights of Mr. MacDonaldà ¢Ã¢â€š ¬Ã¢â€ž ¢s neighbours, so under legal liberalism the police presence was justified as Mr. MacDonald was in the wrong[31]. When he carried his weapon he then violated everyone in the vicinityà ¢Ã¢â€š ¬Ã¢â€ž ¢s right to be safe and this caused the police to act and protect all. While according to liberalism the firearms licence regime may be government intrusion, Mr. MacDonald violated his neighbours and the policeà ¢Ã¢â€š ¬Ã¢â€ž ¢s rights to safety and the actions that were t aken by the police were appropriate under the harm principal of legal liberalism[32]. What was a simple noise complaint turned into so much more when the defendant, Mr. MacDonald decided to bring his unregistered firearm to the door, with the police outside[33]. This turned into a charter of rights and freedoms issue at the Supreme Court of Canada where Mr. MacDonald was unsuccessful in arguing that his rights were violated[34]. When looked at through the lens of legal liberalism, it can be seen that although he may have the right to have a firearm in some contexts, in this one he was a danger to others which necessitated the policeà ¢Ã¢â€š ¬Ã¢â€ž ¢s actions against him. While the gun control system may be against the ideas of legal liberalism, the harm principal is quite clear in that you may only enjoy your rights as far as they do not harm others[35], and in this case the chance of harm was just too great to ignore. Bibliography R. v. MacDonald, 2014 SCC 3 Richard F. Devlin, Mapping Legal Theory 1994 32: 3 Alta L Rev 609. 1 [1] Richard F. Devlin, Mapping Legal Theory 1994 32: 3 Alta L Rev 610 [2] Ibid 610 [3] R. v. MacDonald, 2014 SCC 3 at para 3 [4] Ibid at para 5 [5] Ibid at para 6 [6] Ibid at para 7 [7] Ibid at para 13 [8] Ibid at para 9 [9] Ibid at para 14 [10] Ibid at para 16 [11] Ibid at para 60 [12] Ibid at para 33 [13] Ibid at para 40 [14] Devlin, supra note 1 610 [15] Ibid 610 [16] Ibid 610 [17] Ibid 610 [18] Ibid 610 [19] Ibid 610 [20] Ibid 610 [21] Ibid 610 [22] Ibid 609 [23] Ibid 611 [24] Ibid 610 [25] MacDonald, supra note 3 at para 29 [26] Ibid at para 29 [27] Ibid at para 60 [28] Devlin, supra note 1 609 [29] Ibid 610 [30] MacDonald, supra note 3 at para 5 [31] Devlin, supra note 1 610 [32] Ibid 610 [33] MacDonald, supra note 3 at para 7 [34] Ibid at para 40 [35] Devlin, supra note 1 610