Slide 1 © 2013, Ian Tan TSC2211 Computer Security Slide 1 TSC2211 Computer Security Lecture 12 Legal Issues

Slide 2 © 2013, Ian Tan TSC2211 Computer Security Agenda Introduction Intellectual Property –Copyrights –Patents –Trademarks –Trade Secrets –Industrial Design Information and Law Ethical Issues

Slide 3 © 2013, Ian Tan TSC2211 Computer Security Introduction We have looked at –Technical aspects of computer security. –Security planning to minimize security breach What about information leaks that leads to security breaches? What happens when there is a breach?

Slide 4 © 2013, Ian Tan TSC2211 Computer Security Intellectual Property and Law Laws effect privacy and secrecy (right of individual to keep personal matters private) Laws regulate the use, development and ownership of data and program Patents, copyrights and trade secrets are legal devices to protect rights of developers and owners of program and data

Slide 5 © 2013, Ian Tan TSC2211 Computer Security Computer System Protection Computer criminals violate the principles of confidentiality (secrecy), integrity and availability for computer systems It is better to prevent the violations than to prosecute it after the fact However if the control fail, legal action is necessary

Slide 6 © 2013, Ian Tan TSC2211 Computer Security Protection Code and Data –Copyrights, patents and trade secrets are all forms of legal protection that can be applied to programs and sometimes data Access to Programs –The law protects both the programmers and the people who employ programmers –The programmers have only limited legal rights to access programs they have written while employed

Slide 7 © 2013, Ian Tan TSC2211 Computer Security Protection Private Data –Consider the rights of privacy –The private affairs of every individual are protected by laws (or are they?) –Computer security system must be adequate to prevent unauthorized disclosure of sensitive data about individuals

Slide 8 © 2013, Ian Tan TSC2211 Computer Security Intellectual Property (IP) PatentsCopyrights Trademarks

Slide 9 © 2013, Ian Tan TSC2211 Computer Security MyIPO

Slide 10 © 2013, Ian Tan TSC2211 Computer Security Copyrights Protect the expression of ideas - not the ideas themselves. Protects the ‘written expression’ of the idea Applies to an original work in some tangible medium of expression It is limited in time (50 years after the death of the author) –if there are more than one author? Restricts reproduction, distribution, performance, display of copyrighted work Used to protect source code and object code

Slide 11 © 2013, Ian Tan TSC2211 Computer Security Copyrights Cost is low, but level of protection is also low, as it doesn't deter reimplementation. Easy to obtain and copyrighted works must be marked either by © or with the word Copyright. Copyright protection does not limit the use of a work, ONLY the distribution of copies. While a computer program can be copyrighted, the algorithm (idea) behind the program cannot be copyrighted.

Slide 12 © 2013, Ian Tan TSC2211 Computer Security Filing at MyIPO Under which category should software be filed?

Slide 13 © 2013, Ian Tan TSC2211 Computer Security Patents Protect the device or process for carrying out an idea, not the idea itself There can only be one patent for a given invention and it must be unique Before a patent is issued, a search is made for similar patents to determine the uniqueness of the device or process Not applicable to mathematical formulae, software algorithms etc.

Slide 14 © 2013, Ian Tan TSC2211 Computer Security Patents Level of protection is high but costly and time- consuming Must reveal trade- secrets to obtain patent

Slide 15 © 2013, Ian Tan TSC2211 Computer Security Trade Marks Covers marks for services as well as trade marks for goods –Name by which service is known (McDonald’s) –Symbols that signify that service (golden arches) –Slogans (McDonalds, I’m loving it!) –Trade “dress” (red packaging with yellow arches for french fries)

Slide 16 © 2013, Ian Tan TSC2211 Computer Security Trade Secrets A TRADE SECRET is information that gives one company a competitive edge over others –Formula of a soft drink or sauce for a dish (KFC) –Process for preparing reports If someone obtains a trade secret improperly and profits from it, the owner can recover profits, damages, lost revenues and legal costs Here, special steps must be taken to keep a formula, process or even the inner workings of an object itself secret Trade secrets do not work well in products that can be reverse engineered and, thus, copied

Slide 17 © 2013, Ian Tan TSC2211 Computer Security CopyrightPatentTrade Secret ProtectsExpression of idea, not idea itself Invention: the way something works A secret competitive advantage Protected object made public Yes; intention is to promote publication Design filed at patent office No Requirement to distribute YesNo Ease of filingVery easy, do-it yourself Very complicated; specialist lawyer suggested No filing DurationLife of human originator or 75 years for company 19 yearsIndefinite Legal ProtectedSue if copy soldSue if invention copied Sue if secret improperly obtained Comparison on copyright, patent and trade secret protection

Slide 18 © 2013, Ian Tan TSC2211 Computer Security In general, patents should be used to protect computer hardware and the processes used to produce it Trade secret protection may be the most appropriate for firmware but Apple is using copyright protection for their products Copyright still seems to offer the best protection for software Since source code is filed with the copyright office and cannot be kept secret, concurrent trade secret protection of the software probably does little good Copyright is the best form of protection for documentation of software and hardware

Slide 19 © 2013, Ian Tan TSC2211 Computer Security Information and the Law Information (e.g. credit ratings, client lists, stock tips, etc.) can be stored digitally, just like software Information can be easily copied, is never "used up", has a minimal cost for each new copy made, loses it's value over time and can be transferred intangibly All these factors make it very difficult to legally protect information

Slide 20 © 2013, Ian Tan TSC2211 Computer Security Rights of Employees and Employers Laws vary in different countries. In the U.S.A., the employer of a programmer generally owns the programs developed, even if they are privately developed by the employee At Swedish universities, the opposite is true i.e. that the employee owns the software rights Recent legislation in Norway awarded damages to employees whose was read by their employer

Slide 21 © 2013, Ian Tan TSC2211 Computer Security Ethical Issues in Computer Security Laws attempt to describe and enforce all forms of behavior acceptable to society whereas ethics are objectively defined standards of right and wrong Since there are often a number of moral objectives to consider, people often use a set of ethical principles called an ethical system

Slide 22 © 2013, Ian Tan TSC2211 Computer Security LawEthics Described by formal, written documentDescribed by unwritten principles Interpreted by courtsInterpreted by each individuals Establish a legislatures representing all people Presented by philosophers, religions, professional groups Applicable to everyonePersonal choice Priority determined by courts if two laws conflict Priority determined by an individual if two principles conflict Courts is final arbiter of ‘right’No external arbiter Enforcement by police and courtsLimited enforcement Contrast of Law versus Ethics

Slide 23 © 2013, Ian Tan TSC2211 Computer Security How to Examine a Case for Ethical Issues A method of approach to making and justifying ethical choices in computer security: 1.Understand the situation, from many different viewpoints (personal, economical, organizational, external) 2.Know different theories of ethical reasoning 3.List the ethical principles involved, how different theories could be applied 4.Determine which principles outweigh others (subjective)

Slide 24 © 2013, Ian Tan TSC2211 Computer Security Examples of Ethical Principles Consequence-based principles –Teleological theory: focuses on the action which results in the greatest good and the least harm –Egoism form of teleology says a moral judgment is based on the positive benefits to the person taking the action –Utilitarianism form of teleology says a moral judgment is based on the positive benefits to the entire universe

Slide 25 © 2013, Ian Tan TSC2211 Computer Security Examples of Ethical Principles Rule-based principles –Deontology theory: states that certain things are good in and of themselves, e.g. truth, wisdom, justice, pleasure, peace, freedom, love, beauty, etc. –This ethical system can also be applied from a personal standpoint or a universal standpoint –In actual cases of computer ethics ranging from employers reading employees , employees using spare computing-time, students discovering but not divulging system errors –There are different ways to apply ethical systems leading to different outcomes

Slide 26 © 2013, Ian Tan TSC2211 Computer Security Homework Read –Chapter 11: pp 647 – 713 Understand the local context of, go to –Copyrights –Patents