Foundations of IT Legal Issues and IT – Social Needs?

2 Intended Learning Outcomes Through engaging in self-study, preparation and learning activities you will:  Be aware of some UK statutes related to the IT industry and users of IT  Be aware of some illustrative case law regarding the Use of IT  Be increasingly aware of some copyright and trademark issues connected with IT

3 Reality Check!  There are higher degrees that focus on IT / computing law, thus this session can only hint at the issues and the legislation.  As IT develops and changes the law tries to change but it can be slightly out-of-step

4 Activity 1 – Knowledge  Discuss with a partner and record the things you know are ‘illegal’ or breaches of some form of contract  Record the legislation you are aware of that impinges on IT and IT users

5 Main Statutes in English Law - 1  Computer Misuse Act 1990  Copyright Act 1956  Copyright (Computer Software) Amendment Act 1985  Copyright, Designs & Patents Act 1988  Disability Discrimination Act 1995 & 2005

6 Main Statutes in English Law - 2  Data Protection Act(s) 1984 & 1998  Interception of Communications Act 1985  Regulation of Investigatory Powers Act 2000  Protection of Children Act 1978  Various Trademarks Act 1994

7 Data Protection  Legislation regarding data protection is also found in other countries:  France  Germany  Sweden  USA  Singapore  Hong Kong  Australia  ?

8 Data Protection  Data Protection Act 1984 – This had limited scope – in the main it related to processes that required individuals, companies and organisations to register that they held data.

9 Activity 2 - Register  When do you feel it would be necessary for an individual, an organisation or a business to register (as previously required ) or notify (as currently required) under the terms of Data Protection?

10 Activity 2 - Register  It is probable that you will have to register if you are dealing with Personal data  Personal data means data which relate to a living individual who can be identified from those data or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller. 

11 Data Protection Data Protection Act 1998 defines data protection principles.

12 Data Protection 8 enforceable principles of good practice

13 Data Protection fairly and lawfully processed; 1

14 Data Protection processed for limited purposes; 2

15 Data Protection adequate, relevant and not excessive; 3

16 Data Protection accurate; 4

17 Data Protection not kept longer than necessary; 5

18 Data Protection processed in accordance with the data subject's rights; 6

19 Data Protection secure; 7

20 Data Protection not transferred to countries without adequate protection. 8

21 Data Protection  Personal data covers both facts and opinions about the individual.

22 Data Protection Data processing, the definition is far wider than previously accepted. Incorporates the concepts of 'obtaining', ‘holding' and 'disclosing'.

23 Computer Misuse Act 1990 criminal offence  The so called ‘basic offence’ under this Act states that it is a criminal offence to obtain unauthorized access to computer material.  Unauthorised access includes "browsing" or "probing”.  It implies that the individual knows that in gaining access he/she is gaining unauthorised access.

24 Computer Misuse Act 1990 This raises three questions:  What constitutes access?  What constitutes authorised access?  How is it possible to make a judgement about any individual’s degree of ‘intent’?

25 Activity 3 – Access etc…  Spend a few minutes discussing what you believe may constitute ‘access’  What is your understanding of ‘intent’  Do you consider there to be a difference between ‘obtaining’ and ‘processing’

26 Case Scenarios A “Mike” went to a locksmith to purchase some equipment. He had formerly worked as a sales assistant at the business. The transaction was entered on a PC. While the PC was left unattended Mike keyed in a code that provided a 70% discount thus reducing the cost of the equipment from some £700 to £200. When the business realised what happened “Mike” was arrested and charged with an offence under Computer Misuse Act. How did the case progress?

27 Case Scenarios A on another computer The Judge dismissed the case because he held the narrow view that the phrasing in the legislation about access, required one PC to be used to obtain access to a ‘program or data held on another computer’.

28 Case Scenarios - B An electrical contractor’s office has recently installed a network. The PCs are used by administrative staff. During a lunch break one of the company electricians sits at a PC and views unacceptable material on the web. A member of the administrative staff returns from lunch break to find disturbing images on the PC. In what circumstances might there be an offence?

29 Case Scenarios - B Unauthorised access will only be an offence when the user is aware that access is unauthorised! all employees Actions: The Electrical Contractor needs to get all employees to sign an ‘Acceptable Use’ policy. This should ensure that the employees appreciate who has authorised access and that if they do not any access will be deemed to be unauthorised

30 Case Scenarios - C A computer ‘hacker’ admitted to gaining unauthorised access to several computer systems on several occasions. The hacker’s defence suggested that the hacker was addicted to hacking. Is there any intent involved in the hacker’s actions?

31 Case Scenarios - C The defence argued that as this was an addiction there was no intent because the hacker was acting as a result of a compulsion. The judge directed the jury that this would not be a proper defence against the charges. The jury acquitted the defendant – Juries are not allowed to provide reasons for their decision.

32 Copyright and Trademarks  Copyright Act 1956  Copyright (Computer Software) Amendment Act 1985  EC directive on the Legal Protection of Programs….  Copyright (Computer Programs) Regulations 1992

33 Copyright and Trademarks  Copyright can be applied to software but also can be applied to any information recorded in electronic format such as e- mail, multimedia and web pages  Piecemeal approach to technology  1956 Act extended protection to TV and radio broadcasts

34 Copyright and Trademarks  Copyright lasts for the lifetime of the author and continues for 70 years after the author’s death  Copyright applies to three forms of ‘property’

35 Activity - Copyright  What do you think are the three forms of property?  Literary, dramatic, musical or artistic works  Sound recordings, films, broadcasts or cable programmes  Typographical arrangement of a published work

36 Copyright  The 1988 Act states that a literary work would include “ a computer program”  Where does a computer program end and a film begin? (e.g. Toy Story )  Issues of digital sampling (sound)?  Issues of digital photos  Back up copies?

37 Trademarks  Trademarks Act 1994 defines a trademark as: – …any sign capable of being represented graphically…(it may include) words (including personal names) designs, letters, numerals & packaging

38 Activity - Trademarks What elements of a domain name would it be appropriate to register as a trademark? What is cyber-squatting? What EU IT law and directives are there?

39 Activity – Sources of information  Use Google – search  Use Google Scholar –  Check Library – search  Lloyd, I. J., (2000) Information Technology Law (3 rd Ed.) Butterworths  Hedley, S., and Aplin, T. Blackstone’s Statutes on IT and e-Commerce Oxford University Press