1

Legal and ethical perspectives Legal and ethical perspectives

on IT developmenton IT development

Liability, Litigation risk, ‘Professional' standards, and Ethics

Slides at http://cyberlawcentre.org/seng4921/

David Vaile

Co-convenor

Cyberspace Law and Policy Centre/Community

Faculty of Law, University of NSW

http://www.cyberlawcentre.org/

OutlineOutline

Strange bedfellows: IT, Law & ethics

Legal system

Liability, ‘professional’ ethics

Software development – immature?

‘It’s the risk, stupid’

IT project mgt central issue: risk, should drive everything

‘Spiral’ iterative disposable prototype for resolving risks

Non-tech risks: human, data, political, regulatory, unknown

Early rather than after disaster.

Examples

2

Software, Law and EthicsSoftware, Law and Ethics

Strange bedfellows

How the law is made, and works

Differing Principles and standards

Risks in software development

Examples: ◦ Consumer protection

◦ Product liability

◦ Professional liability

◦ Anti-trust: abuse of monopoly

◦ Intellectual property: copyright, patents

◦ Privacy

◦ Spam

3

Features of the legal systemFeatures of the legal system Main divide: Criminal <-> the rest

Criminal

◦ Launched by state, trial, conviction or acquittal. Crimes

Civil

◦ Sued by other party, damages, restitution. Contracts, roles

Sources

◦ Statutes ('Laws") set rules, Cases interpret them

◦ Jurisidiction: which laws and courts

◦ Appeals to higher court

◦ Precedent is critical in cases: follow higher/past authority

◦ Contracts: Making stuff up

Obligations: from Statutes and Contracts

Everything is arguable (if you lose, $$ costs)

‘Ignorance is no defence’: I click therefore I am Bound

What shapes the law?What shapes the law?

Ongoing struggle between interests

Evidence based policy, Parliamentary

process

Commercial reality

Technical reality

Public standards

International affects (indirect)

Clueless bozos on Facebook

4

Different standardsDifferent standards

Liability

◦ Is it against the law?

Litigation risk

◦ Will you be caught, sued or prosecuted?

‘Professional' standards

◦ Will your peers reject you?

Ethics

◦ Will your children & friends reject you?

5

What matters?What matters?

Breaking the law? Liability

Getting caught? Enforcemt

Losing your job? Professional

Losing your reputation? Ethics

Or just building crap? Self respect

Professional LiabilityProfessional Liability

Nature of Profession?

Membership of Professional body

Registration required to work?

Self-regulation

Insurance

Peer attitudes

Reputation

6

Development risk factorsDevelopment risk factors

20% coding and engineering – ignore?

80% analysis, communication, revision

User-Centred Design & Risk Management

Neglected but critical

Early vs. late error discovery

‘User sovereignty’

7

When development mistakes blowWhen development mistakes blow

‘‘Too soon old, too late smartToo soon old, too late smart’’

Coding

Feasibility and conception

User requirements, analysis, communication

Design

Testing

Revision

Delivery

??? Too late!

Development quandariesDevelopment quandaries

Most software projects fail, 4 PM variables

◦ Cost, time, scope, quality (for User)

Many break various standards, but...

You could do it accidentally...

Or be asked/tempted to deliberately

Your own position

Your employer’s

The ‘victim’s position’

8

How to navigate IT riskHow to navigate IT risk

‘Spiral' iterative disposable prototype

approach to resolving risks

Inc non-technical risks: human, data,

political, regulatory, unknown

User requirements central, get feedback

at every stage

Early discovery rather than after disaster

Value & reward mistakes, deprecate denial

But...

‘‘Move Fast and Break ThingsMove Fast and Break Things’’ ((ZuckerbergZuckerberg’’ss naughty teenager model to naughty teenager model to exploit ‘dumb **exploit ‘dumb **ckscks’)’)

‘See what you can get away with’

‘See if you get caught’

‘We haven’t been caught [yet]’

Disposable prototyping, not compliance

What works for software does not work

for personal or critical information

Your secrets are not revokable, disposable

Brutal ‘Reality Therapy’ from the law:

Usmanov case: 6 months for FB GF photo

9

‘‘Ethical HackingEthical Hacking’’

Essence of Cybercrime: ‘Unauthorised’

Criminalisation of hacking, circumvention

EH done w Good Intentions (See Road to Hell, paved with)

But uses methods of malware, crackers

Morris Worm 1990s: Jail for bug exposé

Personal Information Security is critical

Yoof disbelieve contract & consequence?

Drive it by transparent risk management

The right answer may be: Don’t do it!

10

Ethical Hacking ExampleEthical Hacking Example

Recent inquiry...

Plan for great ethical hack

Potential cybercrime, reputation,

professional, etc.

Solution: Get it out in the open to run the

risk management paper prototype;

If too dodgy to reveal, discuss: drop it!

11

PrivacyPrivacy

‘Right to be left alone’

Defeat of Australia Card, Privacy Act 1988

Limited rights of data subjects, few cases

Restricts what technology can do

Requires security

Affects everyone

But risk awareness is abysmal

Facebook brain-washing re: over-sharing

2012 AGs Telecoms Data Retention plan

Privacy HypotheticalPrivacy Hypothetical

See hypothetical example

12

Tort/ NegligenceTort/ Negligence

Product liability

Duty of Care, special relationship

Act or omission

Causation

Forseeability of harm

Proximity

Consumer ProtectionConsumer Protection

Based on consumer/vendor relation

Assumes imbalance

Statutory Warranties – fit purpose

Contractual waiver?

Misleading and deceptive conduct

Unfair Contracts

Can be Strict Liability – State Bank

13

Consumer protectionConsumer protection hypotheticalhypothetical

See hypothetical example

AntiAnti--trust: Abuse of Monopoly trust: Abuse of Monopoly

Competition policy

Monopoly

Example: MS v DoJ re Netscape

Political involvement

Practical significance

14

AntiAnti--trust hypotheticaltrust hypothetical

See hypothetical example

Intellectual PropertyIntellectual Property

Purpose:

Copyright Act: form, not substance

◦ No registration

◦ Digital Agenda

Patents Act: the idea, not the form

Circuit Designs

Free Trade Agreement

15

Copyright Copyright

Copyright Act:

◦ Exclusive right to control exploitation

No registration

Actual text, code or implementation

Licences with conditions and fees

Technological Protection

◦ ‘Digital Rights Management’ tools

◦ DMCA and contracting away user rights

Copyright and Public DomainCopyright and Public Domain

Differences in Australia, US...

Fierce battle: maximalist v PD?

‘Public Domain’

Open Source software: GPL, copyleft

Open Content

◦ Creative Commons – US, global?

◦ Free for Education - Australian

Business models

16

Patents and softwarePatents and software

Right to deny access

Requires registration

Expensive to fight

Patentable material?

E-business patents

◦ Amazon 1-Click web shopping cart

Gene sequence patents

◦ Bioinformatics – human genome race

Current patent battlesCurrent patent battles

Resistance to patentability of software

EU Commission recommends, Parl. Rejects

CSIRO v. US computer industry – wireless

Linux?

Why are software patents a danger?

◦ Locking up pure ideas? Mathematics? Stallman

◦ Not just open source

◦ Impossible to ascertain if infringing

◦ Patent Offices too lax and inexperienced? $$ motive

◦ Very expensive

◦ Only works if you have a huge portfolio

17

SpamSpam

Spam Acts: Australia, USA, California

Unsolicited commercial electronic message

Single message

Address harvesting

Penalties

Surveillance

Workplace privacy bill NSW

Spam hypotheticalSpam hypothetical

See hypothetical example

18

Questions?Questions?

ConclusionConclusion

David Vaile

Executive Director

Cyberspace Law and Policy Centre

Faculty of Law, University of NSW

http://www.cyberlawcentre.org/