Why Laws?

(1)
• Laws and computer security are related in several ways.
– First, both federal and state laws affect privacy and secre
cy. These statutes often apply to the rights of individuals
to keep personal matters private.

– Second, laws regulate the use, development, and ownersh

ip of data and programs. Patents, copyrights, and trade se
crets are legal devices to protect the rights of developers
and owners of the programs and data.

– Third, laws affect actions that can be taken to protect the

secrecy, integrity, and availability of computer informatio
n service.
Information Security Chapter 9 Legal and Ethical Issues in Computer S 1
ecurity
 Why Laws? (2)
• The laws of computer security affect programmers, de
signers, users, and maintainers of computing systems
and computerised data banks.

• These laws provide protection, but they also regulate t

he behaviour of people who use computers.

• Before recommending change, however, professionals

must understand the current state of computers and the
law.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 2

ecurity
 Objectives of Understanding Legal Section

• Therefore, there are three motivations for studying the

legal section
– to know what protection the law provides for computers
and data;

– to appreciate laws that protect the rights of others with r

espect to computers, programs, and data; and

– to understand existing laws as a basis for recommending

new laws to protect computers, data, and people.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 3

ecurity
 Protecting Programs and Data

There are three common used ways to provide protection

s by laws:
Copyright

Patent

Trade Secret

Information Security Chapter 9 Legal and Ethical Issues in Computer S 4

ecurity
 Copyrights
• Copyrights are designed to protect the expression of id
eas. Thus, a copyright applies to a creative work, such
as a story, photograph, song, or pencil sketch. The rig
ht to copy an expression of an idea is protected by a c
opyright.
• Copyright gives the author/programmer exclusive righ
t to make copies of the expression and sell them to the
public. That is, only the author can sell copies of the a
uthor’s book (except, of course, for booksellers or oth
ers working as the agents of the author).

Information Security Chapter 9 Legal and Ethical Issues in Computer S 5

ecurity
 Copyrights - Originality of Work
• The work being copyrighted must be original to the author.
A work can be copyrighted even if it contains some public
domain material, as long as there is some originality, too.

• For example, a music historian could copyright a collectio

n of folksongs even if some are in the public domain. In or
der to be subject to copyright, something in or about the co
llection would have to be original. The historian might arg
ue that collecting the songs, selecting which ones to includ
e, and putting them in order was the original part. In this ca
se, the copyright law would not protect the folk songs, but
the specific selection and organisation.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 6

ecurity
 Copyright - Fair Use of Material
• The copyright law indicates that the copyrighted objec
t is subject to “fair use”.
• Specifically, the law allows “fair use of a copyrighted
work, including such use by reproduction in copies, …
for purposes such as criticism, comment, news reporti
ng, teaching (including multiple copies for classroom
use), scholarship and research”.
• The copyright law usually upholds the author’s right t
o a fair return for the work, while encouraging others t
o use the underlying ideas.
Information Security Chapter 9 Legal and Ethical Issues in Computer S 7
ecurity
 Copyright - Infringement

• The infringement must be substantial, and it must be c

opying, not independent work.

• In theory, two people might write identically the same

song independently, neither knowing the other. These
two people would both be entitled to copyright protect
ion for their work.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 8

ecurity
 Copyrights for Computer Works
• Can a computer program be copyrighted?

YES. The algorithm is the idea, and the statements of th

e programming language are the expression of the idea.

• Therefore, protection is allowed for the program stateme

nts themselves, but not for the design: copying the code
intact is prohibited, but reimplementing the algorithm is
permitted.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 9

ecurity
 Examples of Copyrights
• A second problem with the copyright protection for com
puter works is the requirement that the work be publishe
d.
• A program may be published by distributing copies of it
s object code, for example on a disk. However, if the sou
rce code is not distributed, it has not been published.
• An alleged infringer cannot have violated a copyright on
source code if the source code was never published.
• A copyright controls the right to copy and distribute; it is
not clear that allowing distributed access is a form of dis
tribution in distributed system.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 10

ecurity
 Patents
• Patents are unlike copyrights in that they protect inven
tions, not works of the mind.
• The distinction between patents and copyrights is that
patents were intended to apply to the results of science
, technology, and engineering, whereas copyrights wer
e meant to cover works in the arts, literature, and writt
en scholarship.
• The patents law excludes newly discovered laws of nat
ure … [and] mental processes.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 11

ecurity
 Patents - Requirement of Novelty
• If two composers happen to compose the same song in
dependently at different times, copyright law would al
low both of them to have copyright.
• If two inventors devised the same invention, the patent
goes to the person who invented it first, regardless of
who filed the patent first.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 12

ecurity
 Patent - Infringement (1)
• A patent holder must oppose all infringement.

• With a copyright, the holder can choose which cases t

o prosecute, ignoring small infringements and waiting
for serious infractions where the infringement is great
enough to ensure success in court or to justify the cost
of the court case.
• However, failing to sue a patent infringement - even a
small one or the patent holder does not know about -
can mean losing the patent rights entirely.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 13

ecurity
 Patent - Infringement (1)
• But, unlike copyright infringement, a patent holder doe
s not have to prove that the infringer copied the inventi
on;
• a patent infringement occurs even if someone independ
ently invents the same thing, without knowledge of the
patented invention.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 14

ecurity
 Patents - Computer Objects
• The patent has not encouraged patents of computer soft
ware.
• For a long time, computer programs were seen as the re
presentation of an algorithm was a fact of nature, whic
h is not subject to patent.
• There was a case on a request to patent a process for co
nverting decimal numbers into binary. The Supreme C
ourt rejected the claim, saying it seemed to attempt to p
atent an abstract idea, in short, an algorithm. But the un
derlying algorithm is precisely what most software dev
elopers would like to protect.
Information Security Chapter 9 Legal and Ethical Issues in Computer S 15
ecurity
 Trade Secret
• A trade secret is information that gives one company a c
ompetitive edge over others. For example, the formula fo
r a soft drink is a trade secret, as is a mailing list of custo
mers, or information about a product due to be announce
d in a few months.
• The distinguishing characteristic of a trade secret is that i
t must always be kept secret. The owner must take precau
tions to protect the secret, such as storing it in a safe, encr
ypting it in a computer file, or making employees sign a s
tatement that they will not disclose the secret.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 16

ecurity
 Trade Secret - Computer Objects (1)
• Trade secret protection applies very well to computer s
oftware.

• The underlying algorithm of a computer program is no

vel, but its novelty depends on nobody else’s knowing i
t.

• Trade secret protection allows distribution of the result

of a secret (the executable program) while still keeping
the program design hidden.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 17

ecurity
 Trade Secret - Computer Objects (2)
• Trade secret protection does not cover copying a produ
ct (specifically a computer program), so that it cannot p
rotect against a pirate who sells copies of someone else’
s program without permission.

• However, trade secret protection makes it illegal to stea

l a secret algorithm and use it in another product.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 18

ecurity
 Comparisons
Copyright Patent Trade Secret

Protects Expression of idea, Invention; the way A secret competive

not idea itself something works advantage
Protected object Yes; intention is to Design filed ar No
made public promote publication patent office
Requirement to Yes No No
distribute
Ease of filing Very easy, Very complicated; No filing
do-it-yourself specialist lawyer
suggested
Duration Life of human 19 years Indefinite
originator or 75
years for a company
Legal protection Sue if copy sold Sue if invention Sue of secret
copied improperly obtained

Information Security Chapter 9 Legal and Ethical Issues in Computer S 19

ecurity
 Rights of Employees and Employers
• Employers hire employees to generate ideas and make
products. Thus, the protection offered by copyrights, p
atents, and trade secrets applies to the idea and produc
ts.
• However, considering the issue of who owns the ideas
and products is much more complex.
• Ownership is an issue of computer security because it
relates to the rights of an employer to protect the secre
cy and integrity of works produced by the employees.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 20

ecurity
 Ownership of the Products (1)
• Ownership of a patent - The person who owns a work un
der patent or copyright law is the inventor.
• Therefore, employee can has the right of the patent.

• However, in a patent law, it is important to know who fil

es the patent. If an employee lets an employer patent an i
nvention, the employer is deemed to own the patent and
, therefore, the right to the invention.
• The employer also has the right to patent if the employee
’s job functions included inventing the product.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 21

ecurity
 Ownership of the Products (2)
• Ownership of a copyright - Ownership of a copy right
is similar to ownership of a patent.
• The author (programmer) is the presumed owner of th
e work.
• Normally, the owner has all rights to an object.
• However, a special situation known as work for hire a
pplies to many copyrights for development of softwar
e or other products.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 22

ecurity
 Ownership of the Products (3)
• Trade secret protection - In the event a trade secret is
revealed, the owner can prosecute the revealer for dam
ages suffered.

• But first, ownership must be established because only

the owner can be harmed.

• A company owns the trade secrets of its business as co

nfidential data. As soon as a secret is developed, the c
ompany becomes the owner.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 23

ecurity
 Ownership of the Products (4)
• Employment contracts - Sometimes there is no
contract between the software developer and a
possible employer. However, commonly an
employment contract will spell out rights of
ownership. Having a contract is desirable both for
employees and employers so that both will understand
their rights and responsibilities.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 24

ecurity
 Why Computer Crime is Hard to Define? (1)

• Understanding

Neither courts, lawyers, police agents, nor jurors necess

arily understand computers.

• Fingerprints

Polices and courts for years depended on tangible evide

nce, such as fingerprints. But with many computer crim
es there simply are no fingerprints, no physical clues.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 25

ecurity
 Why Computer Crime is Hard to Define? (2)
• Form of Assets

We know what cash is, or diamonds, or even negotiabl

e securities. But are 20 invisible magnetic spots really
equivalent to a million dollars?
• Juveniles

Many computer crimes involve juveniles. Society und

erstands immaturity and can treat even very serious cri
mes by juveniles as being done with less understandin
g than when the same crime is committed by an adult.
Information Security Chapter 9 Legal and Ethical Issues in Computer S 26
ecurity
 Type of Crimes Committed (1)
• Telecommunications Fraud

It is defined as avoiding paying telephone charges by misrepres

entation as a legitimate user.
• Embezzlement
It involves using the computer to steal or divert funds illegally.
• Hacking

It denotes a compulsive programmer or user who explores, test

s, and pushes computers and communications system to their li
mits - often illegal activities.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 27

ecurity
 Type of Crimes Committed (2)
• Automatic Teller Machine Fraud
It involves using an ATM machine for a fraudulent activity -
faking deposits, erasing withdrawals, diverting funds from a
nother person’s account through stolen PIN numbers.
• Records Tampering

It involves the alteration, loss, or destruction of computerise

d records.
• Acts of Disgruntled Employees

They often use a computer for revenge against their employe

r.
Information Security Chapter 9 Legal and Ethical Issues in Computer S 28
ecurity
 Type of Crimes Committed (3)
• Child Pornography and Abuse
They are illegal or inappropriate arts of a sexual nature committed
with a minor or child, such as photographing or videotaping.

• Drug Crimes

Drug dealers use computers to communicate anonymously with e

ach other and to keep records of drug deals.

• Organised Crime

For all kinds of crime, the computer system may be used as their t
ools.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 29

ecurity
 Cryptography and the Law

• Cryptography is a regulated activity, but the issues are

a little less clear-cut, in part because there is little open
discussion of the subject.

• Everybody wants cryptography e.g. business, individu

al, criminal, bankers, and government.

• France prohibits use of encryption by individuals, asse

rting that in order to control terrorism, it must have ac
cess to communications of suspected terrorists.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 30

ecurity
 Summary (1)
• Firstly, the legal mechanisms of copyright, patent, and
trade secret were presented as means to protect the sec
recy of computer hardware, software and data.
• However, these mechanisms were designed before the
invention of computer, so their applicability to comput
ing needs is somewhat limited.
• Meanwhile, program protection is especially desired, a
nd software companies are pressing the courts to exten
d the interpretation of these means of protection to inc
lude computers.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 31

ecurity
 Summary (2)
• Secondly, relationship between employers and employ
ees, in the context of writers of software. Well-establis
hed laws and precedents control the acceptable access
an employee has to software written for a company
• Thirdly, some difficulties of in prosecuting computer
crime. In general, the courts have not yet granted com
puters, software, and data appropriate status consideri
ng value of assets and seriousness of crime. The legal
system is moving cautiously in its acceptance of comp
uters.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 32

ecurity
 What are Ethics?
• Society relies on ethics or morals to prescribe generall
y accepted standards of proper behaviour.
• An ethic is an objectively defined standard of right and
wrong within a group of individuals.
• These ethics may influence by religious believe. There
fore, through choices, each person defines a personal s
et of ethical practices.
• A set of ethical principles is called and ethical system.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 33

ecurity
 Differences of The Law and Ethics
• Firstly, laws apply to every one, even you do not agree wit
h the laws. However, you are forced to respect and obey th
e laws.
• Secondly, there is a regular process through the courts for
determining which law supersedes which if two laws confl
ict.
• Thirdly, the laws and the courts identify certain actions as
right and others as wrong. From a legal standpoint, anythin
g that is not illegal is right.
• Finally, laws can be enforced, and there are ways to rectify
wrongs done by unlawful behaviour.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 34

ecurity
 Contrast of Law Versus Ethics
Law Ethics
Destributed by formal, written Described by unwritten principles
documents
Interpreted by courts Interpreted by each individual

Established by legislatures representing Presented by philosophers, religions,

all people professional groups
Applicable to everyone Personal choice

Priority determined by courts if two Priority determined by an individual if

laws conflict two principles conflict
Court is final arbiter of “right” No external arbiter

Enforceable by police and courts Limited enforcement

Information Security Chapter 9 Legal and Ethical Issues in Computer S 35

ecurity
 Studying Ethics (1)
• Ethics and Religion
Two people with different religious backgrounds may develop
the same ethical philosophy, while two exponents of the same
religion might reach opposite ethical conclusions in a particula
r situation.

• Ethics is not universal

Ethical values vary by society, and from person to person with

in a society. For example, privacy concept is very important in
western cultures. But in the eastern cultures, privacy is not des
irable because people associate privacy with having something
to hide.
Information Security Chapter 9 Legal and Ethical Issues in Computer S 36
ecurity
 Studying Ethics (2)
• Ethics does not Provide Answers
Ethical pluralism is recognising or admitting that more
than one position may be ethically justifiable - even eq
ually so - in a given situation. Pluralism is another wa
y of nothing that two people may legitimately disagree
on issues on ethics. We expect and accept disagreeme
nt in such areas as politics and religion.

Information Security Chapter 9 Legal and Ethical Issues in Computer S 37

ecurity