1. Week 13 - Thursday

2.  What did we talk about last time?  E-mail security  Privacy in emerging technologies

6.  Heartbleed updates!  It's true that attackers can get arbitrary chunks of data, possibly including user passwords  Analysts at Cloudflare believe it is difficult to use Heartbleed to steal private SSL keys  The ones that the servers use that are central to all of public key infrastructure  However, one attacker was successful in recovering such keys  https://www.cloudflarechallenge.com/heartbleed

7.  Another possible exploit for Heartbleed is session hijacking  Taking over a user's session after he or she logs in  More information: https://www.mattslifebytes.com/?p=533  A Bloomberg article says that the NSA knew and used Heartbleed for two years  http://www.bloomberg.com/news/2014-04-11/nsa- said-to-have-used-heartbleed-bug-exposing- consumers.html  NSA denies prior knowledge of Heartbleed

9. Cartoon from: http://xkcd.com/1354/

11.  Motivations for studying legal issues:  To know what protection the law gives us for computers and data  To respect laws that protect the rights of others with respect to computers and data  To help, as experts, to recommend improvements to these laws  Computer law is complicated  Computer law changes quickly, but never as fast as technology itself

12.  We will look at four areas where the law intersects with the usage of computers:  Protecting computer systems against criminals ▪ What is your legal recourse when criminals attack?  Protecting code and data ▪ What are the copyright issues at stake?  Protecting programmers' and employers' rights ▪ What is the legal environment of a software development workplace?  Protecting users of programs ▪ What is your legal recourse if a program you buy doesn't work?

14.  Copyright protects the expression of an idea  Two people could have had the same idea independently  Many laws including the copyright law of 1978 and the DMCA apply to copyright  Copyright applies to an original work which must be in some tangible medium of expression  Works with no clear author or that are old enough are in the public domain, owned by everyone  Copyright is supposed to promote the free exchange of ideas by protecting the authors

15.  Fair use includes the uses that a copyrighted work can be put to  If you buy a work, you can use it in the ways outlined in the purchasing agreement  Without purchasing the work, it can be used and copied for criticism, comment, reporting, teaching, and research  Piracy includes any uses of a copyrighted work that do not fall under fair use  Copyright gives the author rights to the first sale  After the first sale, the purchaser can sell it to someone else  This system is reasonable for books or works of art but more complex for software

16.  Copyrighted material must be clearly marked with the word "copyright" or ©, the author's name, and the year  Registering a copyright is unnecessary at a philosophical level  But you are not able to claim damages until you have done so  In the US, a copyright lasts for 70 years after the death of the last surviving author or 95 years after publication for a work copyrighted by a company  International standards give only 50 years after the death of the last surviving author or 50 years after publication

17.  If someone has violated the protections of your copyright (called infringing), you must go to court to claim damages  The infringement must be substantial, and it must be copying, not coincidentally creating the same thing  If two people create the same thing independently, they can both copyright their versions

18.  Copyrights are good for books, songs, and photographs  Copying is obvious  The line between public domain and creativity is clear  Computer programs can be copyrighted but it doesn't work as well  You can copyright the source code, the expression of the idea  But that won't copyright the algorithm, the idea behind it  You also have to publish the source code in order to copyright it

19.  The Digital Millennium Copyright Act (DMCA) of 1998 clarified some aspects of copyright law about digital objects  Digital objects can be copyrighted  It is a crime to disable antipiracy measures built into an object  It is a crime to make, sell, or provide devices that disable antipiracy measures or copy digital objects ▪ Except for educational purposes  You can make a backup copy of a digital object to protect against hardware and software failures  Libraries can make up to 3 copies of a digital object to lend to other libraries

20.  Some things in the DMCA are quite vague  A lawyer could argue that you can't rip music from a CD and put it on an MP3 player  Is it a backup or not?  Courts have ruled that a computer menu design can be copyrighted but its "look and feel" cannot be  Copyrights probably need a real update for the computer age  An emerging idea behind music and software copyrights is that you don't buy the music or software itself, you buy the right to use it

21.  Patents are another form of legal protection  They focus on inventions, tangible objects, and ways to make them  Unlike copyright protection which applies directly to works of the mind  Patents apply to a "new and useful process, machine, manufacture, or composition of matter"  They explicitly do not apply to "newly discovered laws of nature … [and] mental processes"  Patents protect a way to carry out some idea

22.  The object patented has to be novel and nonobvious  Unlike copyrights, two people cannot hold patents for simultaneously inventing something  The person who invented it first gets the patent (not the person who files first)  Copyrights are easy to get, but a patent requires that you convince the U.S. Patent and Trademark Office that your invention deserves a patent  Lawyers are usually involved

23.  Unlike copyrights, an inventor must oppose all infringement or risk losing patent rights  However, infringement occurs even in the case of independent invention  Defenses when charged with patent infringement:  My invention is sufficiently different from yours  Your patent is invalid  Your invention really wasn't novel  I invented the object first

24.  The Patent Office has discouraged patents for computer software  In 1981 two cases won patents for industrial processes that use computer programs as part of a larger process  Since then, algorithms have been recognized as processes by the Patent Office and thousands of software patents have been issued  The time and expense is often not justified for small software developers

25.  Copyrights and patents both require that the underlying work or details of an invention are made public  A trade secret is some information that gives a company an advantage over others  The formula for Coca-cola  Trade secrets must be kept secret  If a product can be reverse engineered, a trade secret gives no protection  If an idea or process is independently discovered, there is still no protection  The only protection is when a trade secret is improperly obtained

26.  Trade secret protection is a typical protection for computer software  Microsoft does not explain all the details of its software  Unfortunately, software is not too difficult to reverse engineer  Even with only machine code  Trade secret protection is hard to enforce  They try to do it with a lot of Nondisclosure Agreements

27. CopyrightPatentTrade Secret Protects Expression of idea, not idea itself Invention, the way something works A secret, a competitive advantage Protected object made public Yes, all about promoting publication Filed at patent officeNo Requirement to distribute YesNo Ease of filingEasy, do it yourself Complicated, usually needs lawyers No filing Duration Life of author + 70 years, 95 years for corporations 19 years As long as you can keep it secret Legal protection Sue if unauthorized copy sold Sue if invention copied Sue if secret improperly obtained

28.  The book incorrectly claims that the song "Happy Birthday to You" is so widely known that it would be hard to claim a copyright  In fact, the song has a long history of copyright with ownership transferred to Time-Warner in 1998  Time-Warner collected over $2 million in royalties for performances of the song in 2008  Don Pablo's, Outback, Olive Garden, and other large chains almost always sing some bizarre customized birthday song instead of paying royalties  Some experts argue that the copyright is not valid  If it is valid, it will expire in 2016 in Europe and 2030 in the US

29.  Hardware designs can, in general, be patented  Firmware is tough  The hardware it is stored on can be patented  The code itself is hard to copyright  Trade secrets are probably the right choice  Object (machine) code  Uncertain! Companies file copyrights, but there is no guarantee they will apply  Source code  You can file a copyright  You have to publicize the first and last 25 pages of sourced code (but those can contain nothing useful)  Trade secrets are typical

30.  The documentation of a program must be copyrighted separately from the source code  Web content is perhaps the easiest to link to traditional copyrights  It is mostly text and pictures  Much of the code online is visible, so trade secrets don't work  Domain names, URLs, company names, product names, and commercial symbols are protected by a trademark

31.  This is from 2000, a relatively old story  Hacker magazine 2600 went to register the domain name verizonsucks.com  They discovered that Verizon had already registered it  They registered verizonreallysucks.com  Verizon sued them under a new law but lost because 2600 was not trying to profit from the domain  In response, someone registered the longest domain name supported by the system at that time: VerizonShouldSpendMoreTimeFixingItsNetworkAndLe ssMoneyOnLawyers.com  Read more:  http://www.wired.com/techbiz/media/news/2000/05/36210

33.  Traditionally, actual things like cannon balls, horses, and eggplants were sold  Service industries such as hair stylist or accountant have existed for a long time as well  Information can also be sold, but it has different properties

34.  Information is not depletable  Information can be replicated (often exactly)  Information has a small marginal cost  Marginal cost is the price to make another thing after you've made the first one  It's much lower for computer-based information ▪ Reprinting a newspaper by hand is hard, but distributing software is not  The value of information is often time dependent  Information can be transferred intangibly

35.  Information has some value, but it is hard to pin down  There are technological approaches to dealing with piracy, but we need better legal remedies  Electronic publishing  How do you protect content that you have published online only for subscribers?  They can copy the material and distribute it  Data in a database  Courts can't figure out what is and isn't protected in a database  Can some specific subset be protected?  Databases often contain a great deal of public data  Electronic commerce  How do you prove that a digital sale of electronic items actually occurred?  What if Steam took your money and didn't give you a game?  There are essentially no legal ways to redress a situation where you pay real money for equipment in Diablo 3 and don't get it

36.  Statutes are laws that say that certain actions are illegal  Violating a statute can result in a criminal trial  The goal is to punish the criminal  A tort is harm that does not come from violating a statute but still runs counter to precedents  Perpetrators can be sued, usually for money  Contract law is another form of civil law  It involves an offer, an acceptance, and a consideration  Contracts do not have to be written

37. Criminal LawCivil Law Defined byStatutes Contracts Common law Cases brought byGovernment Individuals and companies Wronged partySocietyIndividuals and companies RemedyJail or fineDamages, usually money

39.  Employee and employer rights  Software failures  Computer crime  No class on Monday!

40.  Keep reading Chapter 11  Work on Assignment 5  Due next Friday before midnight  Turn in your Project 3 code by midnight!  Then get cracking!