1 ics 417: ict and society 4.3 ict and legal issues
TRANSCRIPT
1
ICS 417: ICT and Society
4.3 ICT and Legal Issues
2
4.3.1 Confidentiality & Privacy
There is conflicting tension between privacy and accessibility of info Privacy is an individual’s right to
determine for themselves what about them is communicated to others
Confidentiality is an organization’s right to determine what will be communicated about commercially held info. e.g. sales data
Given conflict, to what extent are individual’s/society’s interests best served by allowing limits to data/info access?
3
Gvts have different legal instruments relating
to different aspects of privacy e.g. defamation, copyright, trespass, etc.
Individual privacy space is defended by law in many countries and is a compromise between the needs of an individual and the needs of society for information Current Kenyan Constitution does not have
a separate section on privacy but aspects are included in the protection of fundamental rights and freedoms of the individual but adds “… subject to such limitations of that protection as are contained in those provisions, being limitations designed to ensure that the enjoyment of those rights and freedoms by any individual does not prejudice the rights and freedoms of others or the public interest.” (Chap. 5, Sec. 70 of the Constitution of Kenya)
4
Draft Constitution has a specific section on the
privacy of the individual, which includes the right not to have:
information relating to their family or private affairs unnecessarily required or revealed and
the privacy of their communications infringed (Chap. 5, Sec. 43)
However, most Gvts have an interest in invading privacy than in protecting it: “It cannot be emphasized too strongly that the
incentives for the government and the bureaucracy are in the direction of invading, or at least ignoring or neglecting, privacy interests rather than protecting them. Most measures that are perceived as “necessary” to cope with a societal problem involve surveillance through data collection”. Flaherty, D. (1989), Protecting Privacy in Surveillance Societies, The University of North Carolina Press.
5
Concept of privacy is context specific:
Variations wrt to what is “private” information exist between one individual and another, between different sections of society & between countries
THEN important concern is what the data is used for rather than the data itself
Whatever the privacy debate in a country or society, privacy protection is important & is likely to become more so as society becomes more informatized
2 important privacy issues: Fair use. The requirement to seek an
individual’s permission before passing the data on to others e.g. to be used in support of an organization’s business mission
6
Gate keeping. The restricted access to
services, privileges, benefits or opportunities on the basis of certain data values. Some are inevitable and acceptable, e.g. point scoring system for credit provision. However, the same system can be used to keep out “trouble makers”! THEN the issue becomes: whose definition of trouble maker
Many Gvts have responded to the challenge on privacy with a myriad of legislative provisions, e.g. Data Protection Act 1998, 1998 Chapter 29
UK Laws, http://www.hmso.gov.uk/acts/acts1998/19980029.htm
Directive 95/46/EC of the EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://www.privacy.org/pi/intl_orgs/ec/eudp.html
7
Finnish Government’s No. 565 Act on the
Protection of Privacy and Data Security in Telecommunications
http://www.mintc.fi/www/sivut/suomi/tele/saadokset/telecom/norms/1999_565.htm
Internet Privacy Law by Timothy J. Walton,
http://www.netatty.com/privacy/privacy.html Kenya?
8
4.3.2 Copyright & Software Protection
Software development investment not adequately protected in many countries (cf hardware developments are usually adequately covered by patent law)
However, innovation & technology transfer can be stifled by draconian protection
Trade secrets (ways of working, plans and interactions), patents and copyright legislation attempt to balance these 2 tensions
9
(a) Trade secrets or confidence Trade secrets (ideas & methods of
implementation) protected via the law of confidentiality. Includes both HW & SW
Protection created where there is a direct contractual obligation e.g. confidentiality obligations in employment contracts are enforceable in law
If obligations not defined, may be necessary to determine degree of good faith in any disclosure, e.g. use of knowledge acquired in previous employment in a competitor firm once employment ceases
With increasing outsourcing, using contracts to define specific confidentiality obligations is advised.
10
(b) Copyright Protects copying the expression of an
idea (protects software) Most acts recognize SW as “literary”
work. Thus prohibit copying, issuing of copies, performing/showing/playing the work in public, adapting, etc.
Most acts permit certain actions (“fair dealing”), e.g. use for research, private study, criticism, review, news reporting, taking back-ups, etc.
SW license issued to permit actions forbidden by copyright (see example of SW license agreement)
Damages for contravening copyright usually a notional cost of license fee, e.g. 10% royalty
11
Weaknesses/challenges:
Does not protect underlying idea (protects its expression: in source code and documentation).
What is the legality of reverse engineering? What is the position of “look and feel” of software?
What is the position of object code? Not intelligible to human beings, it therefore falls outside the definition of "copy" in a Copyright Act
Other SW protection measures (esp. security): Hardware locks Randomizing blocks in source code to disguise
its logic Compiling SW to ensure source code not
available Low prices to make illegal copies less attractive
12
SW license agreement may allow SW to be:
used or copied for use on or with the primary computer for which it was acquired, plus a backup computer if the primary is inoperative;
reproduced for safekeeping or backup purposes;
customized, adapted, or combined with other computer software, provided that derivative software incorporating any of the delivered, restricted computer software shall be subject to same restrictions set forth herein;
disclosed to and reproduced for use by support service suppliers or their subcontractors, subject to the same restrictions set forth in the Contract;
used or copied for use on or transferred to a replacement computer; and
subject to audit by the Supplier to verify compliance with the License Agreements
13
SW license agreement may disallow SW
to: assign or otherwise transfer voluntarily
without the Supplier’s prior written consent, except as otherwise provided for in an assignment clause
transfer, sell, lease, rent, charge or otherwise deal in or encumber the Source Code nor use the same on behalf of or the benefit of any other party, unless such is within the overall scope of the project
expand access to the Source Code to those of its employees, agents, contractors, or subcontractors who neither have a need to know nor are directly engaged in the maintenance and/or enhancement of the programs
See ACM case – touches on issues of confidentiality and copyright
14
4.3.3 Trademarks & Trade Names
Trademark is any sign or combination of signs, capable of distinguishing the goods and services of one undertaking from those of other undertakings
Tradename is the name or designation which identifies an enterprise
Most laws: require trademarks & trade names be registered with a
Gvt authority protect against use of a trademark or a sign similar to it,
at least in connection with the same or similar goods for which trademark was registered e.g. the case between Uniliver PIC that manufactures Blue Band & Bidco Oil Industries that manufactures Gold Band. Uniliver accused Bidco of using its registered trademark Blue Band, packaging with the same shape, colour, configuration, design and general appearance, and generally confusing the minds of the public into thinking Gold Band was manufactured by Uniliver (DN 17.02.2004)
protect against use of trade name by another enterprise, if likely to mislead the public
15
4.3.4 Patents Used to protect inventions Generally, in order for an invention to be
patented, patent laws require that it must: be new, involve an inventive step (non-
obvious), be industrially applicable Can patent process or product Patent is issued by Gvt authority, gives
patentee (owner of patent) exclusive rights, has a territory & is for specified term of years
Patent protection means anyone who wishes to exploit the invention must obtain the authorization of the patentee, otherwise prosecution (patent given on first to file basis)
Patented invention may be exploited without patentee’s authority, e.g. in the public interest by or on behalf of the Gvt or after expiry of term
16
4.3.5 Software Piracy No legal distinction between breach of
copyright of mass-market SW product & bespoke SW – but concerns are different
Usually refers to clearly detectable copying of commercially available SW
What are the issues? Huge investment cost. SW houses will
therefore attempt to protect their investment e.g. by having pressure groups (funded by SW developers) dedicated to reduce the extent of piracy
High costs, especially for poor countries Detection of breach. How do you detect
illegal copies? SW external raids and audits by lobby groups?
17
Rights of user. What rights should the legitimate SW user have? Should they be able to copy e.g. for backups; to “decompile” or to adapt to meet certain requirements that are not commercial in nature; etc.
How much piracy to allow! Piracy represents locking in of customers – it might therefore have long-term benefits
How can we address the problem of piracy? Simplify licensing rules Make site licenses cheaper and easier to
obtain Use free/open source software (F/OSS) Draw up a relevant legislation Make SW users aware of the law and legal
implications of piracy
18
4.3.6 Other Legal Issues Issues over copyright ownership rights in
systems development: SW development by an employee in course of the
employment? – Employer as per Copyright Act, 2001, subject to any agreement between the parties
SW developed by consultant/contractor in course of consultancy assignment? - Employer as per Copyright Act, 2001, subject to any agreement between the parties
SW developed using rapid prototyping or CASE tools?
How do you protect disclosure for an employee who resigns/leaves in middle of a major SW development project?
How do we deal with new crimes (cyber crime) associated with new ICT innovations? e.g. altering a program to perform a fraudulent act, time bombs in programs, etc.
19
How do we deal with issues of jurisdiction?
How do you insure against ICT crimes?
Note: ICT can be used to prevent, detect and prosecute crimes e.g. audit trails, cashless systems reduces cash crimes (& creates other types of crimes), knowledge-based systems that can warn of potential criminals, systems that support crime protection, detection, & prosecution, etc.
20
4.3.7 Copyright in Kenya? SW treated as “literary works” under the
Copyright Act, 2001 Confers copyright to employer or
customer subject to any agreement between the parties
Term of CR is 50 years after the end of the year in which the author dies
Allows copies to correct errors, make back-up, testing for suitability, or other purposes not prohibited under SW license agreement
Limited capacity (AG’s chambers and judiciary) for SW copyright
Require separate legislation for SW?
21
4.3.8 Patenting in Kenya? Used UK patent law until 1989 Now under Industrial Property Act, 2001 (KIPI) Patent right granted to:
person(s) with earliest application filing date employer or person who commissioned the
work for invention made in in execution of a commission or of employment contract, in the absence of contractual provisions to the contrary
employee or person commissioned to do the work for invention made without any relation to an employment or service contract
Rights extended only to acts done for industrial or commercial purposes and not acts for scientific research
Patent expires after 20 yrs from date of filing Patent may be exploited in public interest…
22
4.3.9 What next for SW? Global copyright agenda dominated by
powerful Western interest groups (esp. MNEs) laws (e.g. TRIPS – agreement on trade-
related IP) marginalize LDCs CR protected SW has high license costs, is
inflexible, does not create necessary human capacity transfer, etc. – no solution for LDCs.
Solutions? Evaluate options, including: getting exemptions to copyright laws? differential pricing for LDCs? open licenses, esp. for education sectors? switching to F/OSS? you setting up business enterprises to
produce software to compete with that from the “West”