legal and ethical perspectives on it · pdf filelegal and ethical perspectives on it...
TRANSCRIPT
1
Legal and ethical perspectives Legal and ethical perspectives
on IT developmenton IT development
Liability, Litigation risk, ‘Professional' standards, and Ethics
Slides at http://cyberlawcentre.org/seng4921/
David Vaile
Co-convenor
Cyberspace Law and Policy Centre/Community
Faculty of Law, University of NSW
http://www.cyberlawcentre.org/
OutlineOutline
Strange bedfellows: IT, Law & ethics
Legal system
Liability, ‘professional’ ethics
Software development – immature?
‘It’s the risk, stupid’
IT project mgt central issue: risk, should drive everything
‘Spiral’ iterative disposable prototype for resolving risks
Non-tech risks: human, data, political, regulatory, unknown
Early rather than after disaster.
Examples
2
Software, Law and EthicsSoftware, Law and Ethics
Strange bedfellows
How the law is made, and works
Differing Principles and standards
Risks in software development
Examples: ◦ Consumer protection
◦ Product liability
◦ Professional liability
◦ Anti-trust: abuse of monopoly
◦ Intellectual property: copyright, patents
◦ Privacy
◦ Spam
3
Features of the legal systemFeatures of the legal system Main divide: Criminal <-> the rest
Criminal
◦ Launched by state, trial, conviction or acquittal. Crimes
Civil
◦ Sued by other party, damages, restitution. Contracts, roles
Sources
◦ Statutes ('Laws") set rules, Cases interpret them
◦ Jurisidiction: which laws and courts
◦ Appeals to higher court
◦ Precedent is critical in cases: follow higher/past authority
◦ Contracts: Making stuff up
Obligations: from Statutes and Contracts
Everything is arguable (if you lose, $$ costs)
‘Ignorance is no defence’: I click therefore I am Bound
What shapes the law?What shapes the law?
Ongoing struggle between interests
Evidence based policy, Parliamentary
process
Commercial reality
Technical reality
Public standards
International affects (indirect)
Clueless bozos on Facebook
4
Different standardsDifferent standards
Liability
◦ Is it against the law?
Litigation risk
◦ Will you be caught, sued or prosecuted?
‘Professional' standards
◦ Will your peers reject you?
Ethics
◦ Will your children & friends reject you?
5
What matters?What matters?
Breaking the law? Liability
Getting caught? Enforcemt
Losing your job? Professional
Losing your reputation? Ethics
Or just building crap? Self respect
Professional LiabilityProfessional Liability
Nature of Profession?
Membership of Professional body
Registration required to work?
Self-regulation
Insurance
Peer attitudes
Reputation
6
Development risk factorsDevelopment risk factors
20% coding and engineering – ignore?
80% analysis, communication, revision
User-Centred Design & Risk Management
Neglected but critical
Early vs. late error discovery
‘User sovereignty’
7
When development mistakes blowWhen development mistakes blow
‘‘Too soon old, too late smartToo soon old, too late smart’’
Coding
Feasibility and conception
User requirements, analysis, communication
Design
Testing
Revision
Delivery
??? Too late!
Development quandariesDevelopment quandaries
Most software projects fail, 4 PM variables
◦ Cost, time, scope, quality (for User)
Many break various standards, but...
You could do it accidentally...
Or be asked/tempted to deliberately
Your own position
Your employer’s
The ‘victim’s position’
8
How to navigate IT riskHow to navigate IT risk
‘Spiral' iterative disposable prototype
approach to resolving risks
Inc non-technical risks: human, data,
political, regulatory, unknown
User requirements central, get feedback
at every stage
Early discovery rather than after disaster
Value & reward mistakes, deprecate denial
But...
‘‘Move Fast and Break ThingsMove Fast and Break Things’’ ((ZuckerbergZuckerberg’’ss naughty teenager model to naughty teenager model to exploit ‘dumb **exploit ‘dumb **ckscks’)’)
‘See what you can get away with’
‘See if you get caught’
‘We haven’t been caught [yet]’
Disposable prototyping, not compliance
What works for software does not work
for personal or critical information
Your secrets are not revokable, disposable
Brutal ‘Reality Therapy’ from the law:
Usmanov case: 6 months for FB GF photo
9
‘‘Ethical HackingEthical Hacking’’
Essence of Cybercrime: ‘Unauthorised’
Criminalisation of hacking, circumvention
EH done w Good Intentions (See Road to Hell, paved with)
But uses methods of malware, crackers
Morris Worm 1990s: Jail for bug exposé
Personal Information Security is critical
Yoof disbelieve contract & consequence?
Drive it by transparent risk management
The right answer may be: Don’t do it!
10
Ethical Hacking ExampleEthical Hacking Example
Recent inquiry...
Plan for great ethical hack
Potential cybercrime, reputation,
professional, etc.
Solution: Get it out in the open to run the
risk management paper prototype;
If too dodgy to reveal, discuss: drop it!
11
PrivacyPrivacy
‘Right to be left alone’
Defeat of Australia Card, Privacy Act 1988
Limited rights of data subjects, few cases
Restricts what technology can do
Requires security
Affects everyone
But risk awareness is abysmal
Facebook brain-washing re: over-sharing
2012 AGs Telecoms Data Retention plan
Privacy HypotheticalPrivacy Hypothetical
See hypothetical example
12
Tort/ NegligenceTort/ Negligence
Product liability
Duty of Care, special relationship
Act or omission
Causation
Forseeability of harm
Proximity
Consumer ProtectionConsumer Protection
Based on consumer/vendor relation
Assumes imbalance
Statutory Warranties – fit purpose
Contractual waiver?
Misleading and deceptive conduct
Unfair Contracts
Can be Strict Liability – State Bank
13
Consumer protectionConsumer protection hypotheticalhypothetical
See hypothetical example
AntiAnti--trust: Abuse of Monopoly trust: Abuse of Monopoly
Competition policy
Monopoly
Example: MS v DoJ re Netscape
Political involvement
Practical significance
14
AntiAnti--trust hypotheticaltrust hypothetical
See hypothetical example
Intellectual PropertyIntellectual Property
Purpose:
Copyright Act: form, not substance
◦ No registration
◦ Digital Agenda
Patents Act: the idea, not the form
Circuit Designs
Free Trade Agreement
15
Copyright Copyright
Copyright Act:
◦ Exclusive right to control exploitation
No registration
Actual text, code or implementation
Licences with conditions and fees
Technological Protection
◦ ‘Digital Rights Management’ tools
◦ DMCA and contracting away user rights
Copyright and Public DomainCopyright and Public Domain
Differences in Australia, US...
Fierce battle: maximalist v PD?
‘Public Domain’
Open Source software: GPL, copyleft
Open Content
◦ Creative Commons – US, global?
◦ Free for Education - Australian
Business models
16
Patents and softwarePatents and software
Right to deny access
Requires registration
Expensive to fight
Patentable material?
E-business patents
◦ Amazon 1-Click web shopping cart
Gene sequence patents
◦ Bioinformatics – human genome race
Current patent battlesCurrent patent battles
Resistance to patentability of software
EU Commission recommends, Parl. Rejects
CSIRO v. US computer industry – wireless
Linux?
Why are software patents a danger?
◦ Locking up pure ideas? Mathematics? Stallman
◦ Not just open source
◦ Impossible to ascertain if infringing
◦ Patent Offices too lax and inexperienced? $$ motive
◦ Very expensive
◦ Only works if you have a huge portfolio
17
SpamSpam
Spam Acts: Australia, USA, California
Unsolicited commercial electronic message
Single message
Address harvesting
Penalties
Surveillance
Workplace privacy bill NSW
Spam hypotheticalSpam hypothetical
See hypothetical example
18
Questions?Questions?
ConclusionConclusion
David Vaile
Executive Director
Cyberspace Law and Policy Centre
Faculty of Law, University of NSW
http://www.cyberlawcentre.org/