Legal & Moral issues in e-commerce

Background information

1. Data Protection Act

• DPA (1984) grew out of public concern over personal privacy during rapidly developing computer technology

• Individual rights are protected

• Information needs to be handled correctly

• People who use data on individuals need to be open and follow set practices

• DPA updated in 1998

• Now incorporates European Data Directive (2000)

• Also covers some manual data

Principles – data must be:• Fairly and lawfully processed• Processed for limited purposes• Adequate, relevant and not excessive• Accurate• Not kept longer than necessary• Processed in accordance with subject’s rights• Secure• Not transferred to countries without protection

Useful phrases• Personal data (on living individuals)

• Automatically processed (by a computer – doesn’t cover manual paper records)

• Data Users (controllers of personal data)

• Data subjects (individuals whose files are kept)

• Data Protection registrar – keeps a register of data users, promotes data protection principles, considers complaints and prosecutes offenders

• Exemptions – payroll, pensions & accounts; no right to access data collected for statistical purposes,tax, crime and national security

Rights of data subjects• Compensation for unauthorised disclosure

• Compensation for inaccurate data

• Erase inaccuracies

• Compensation for unauthorised access, loss or destruction of data

2. Copyright Act• Copyright Designs & Patents Act (1988)

• Includes software, music and literature

• You cannot:– Copy software– Run pirate software– Transmit software to make copies available

• Bootlegged software available via filesharing sites accounts for 40% of US software and 100% in Indonesia

• Companies sue over “look and feel” of similar software (ie Apple invented the GUI, unsuccessfully sued MS over Windows)

• Companies often put ‘fingerprints’ into code to spot engineers who copy designs

3. Misuse of Computers Act

• Computer Misuse Act (1990) followed hacking scandals of the 1980s when it was not illegal

• Criminal offences dealt with hacking, viruses and other nuisances

• Under the Computer Misuse Act, it is an offence to:

• Unauthorised access to computer programs or data

• Unauthorised access with further criminal intent

• Unauthorised modification of computer material (ie. Programs of data)

4. Moral issues• Civil liberties groups try to protect privacy, free

expression, access to online information• Civil liberties groups include those trying to

protect the history of minorties and the storage of your personal data

• Electronic Frontier Foundation challenge “remote attestation” – some companies ‘own’ the software on your computer and often force you into expensive upgrades

• More issues:– Access to personal information made available

through search engines, what web sites have you visited?

– Online stores target adverts based on browsing habits to encourage you to spend

– Windows XP / MS Office designed to send and store personal data on your computer

– Some personal information kept may be accessible to stalkers etc; child safety issue too

Examples used to illustrate - DPA• Cookies

• CRB – Computer Records Bureau

• Collection of IP addresses

• CCTV use

• Identity theft

• Stolen credit/debit card data -swiping

• E-mail surveillance – reading your e-mails

Examples – Misuse Act• Denial Of Service attacks

• Virus/worms/trojans

• Phishing for data

• E-mail bombing

• Hacking via open ports (ie. Your printer that you always leave on)

• WiFi piggy-backing