BIT2222 : ICT and Society

6. ICT and Legal Issues

6.1 Confidentiality & Privacy

There is conflicting tension between privacy and accessibility of info

Privacy is an individuals right to determine for

themselves what about them is communicated to others Confidentiality is an organizations right to determine what will be communicated about commercially held info. e.g. sales data

Given conflict, to what extent are individuals/societys interests best served by allowing limits to data/info access?
2

Gvts have different legal instruments relating to different aspects of privacy e.g. defamation, copyright, tresspass, etc. Individual privacy space is defended by law in many countries and is a compromise between the needs of an individual and the needs of society for information
Current Kenyan Constitution does not have a separate

section on privacy but aspects are included in the protection of fundamental rights and freedoms of the individual but adds subject to such limitations of that protection as are contained in those provisions, being limitations designed to ensure that the enjoyment of those rights and freedoms by any individual does not prejudice the rights and freedoms of others or the public interest. (Chap. 5, Sec. 70 of the Constitution of Kenya)
3

 Draft Constitution has a specific section on the privacy of

the individual, which includes the right not to have: information relating to their family or private affairs unnecessarily required or revealed and the privacy of their communications infringed (Chap. 5, Sec. 43)

However, most Gvts have an interest in invading privacy than in protecting it:
It cannot be emphasized too strongly that the incentives

for the government and the bureaucracy are in the direction of invading, or at least ignoring or neglecting, privacy interests rather than protecting them. Most measures that are perceived as necessary to cope with a societal problem involve surveillance through data collection. Flaherty, D. (1989), Protecting Privacy in Surveillance Societies, The University of North Carolina Press.
4

Concept of privacy is context specific:

Variations wrt to what is private information exist between

one individual and another, between different sections of society & between countries THEN important concern is what the data is used for rather than the data itself

Whatever the privacy debate in a country or society, privacy protection is important & is likely to become more so as society becomes more informatized 2 important privacy issues:
Fair use. The requirement to seek an individuals permission

before passing the data on to others e.g. to be used in support of an organizations business mission
5

 Gate keeping. The restricted access to services, privileges,

benefits or opportunities on the basis of certain data values. Some are inevitable and acceptable, e.g. point scoring system for credit provision. However, the same system can be used to keep out trouble makers! THEN the issue becomes: whose definition of trouble maker

Many Gvts have responded to the challenge on privacy with a myriad of legislative provisions, e.g.
Data Protection Act 1998, 1998 Chapter 29 UK Laws,

http://www.hmso.gov.uk/acts/acts1998/19980029.htm Directive 95/46/EC of the EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://www.privacy.org/pi/intl_orgs/ec/eudp.html
6

Finnish Governments No. 565 Act on the Protection of Privacy and Data Security in Telecommunications
http://www.mintc.fi/www/sivut/suomi/tele/saadokset/teleco m/norms/1999_565.htm

Internet Privacy Law by Timothy J. Walton, http://www.netatty.com/privacy/privacy.html Kenya?

6.2 Copyright & Software Protection

Software development investment not adequately protected in many countries (cf hardware developments are usually adequately covered by patent law) However, innovation & technology transfer can be stifled by draconian protection Trade secrets (ways of working, plans and interactions), patents and copyright legislation attempt to balance these 2 tensions
8

(a) Trade secrets or confidence Trade secrets (ideas & methods of implementation) protected via the law of confidentiality. Includes both HW & SW Protection created where there is a direct contractual obligation e.g. confidentiality obligations in employment contracts are enforceable in law If obligations not defined, may be necessary to determine degree of good faith in any disclosure, e.g. use of knowledge acquired in previous employment in a competitor firm once employment ceases With increasing outsourcing, using contracts to define specific confidentiality obligations is advised.
9

(b) Copyright Protects copying the expression of an idea (protects software) Most acts recognize SW as literary work. Thus prohibit copying, issuing of copies, performing/showing/playing the work in public, adapting, etc. Most acts permit certain actions (fair dealing), e.g. use for research, private study, criticism, review, news reporting, taking back-ups, etc. SW license issued to permit actions forbidden by copyright (see example of SW license agreement) Damages for contravening copyright usually a notional cost of license fee, e.g. 10% royalty
10

Weaknesses/challenges:
Does not protect underlying idea (protects its expression: in

source code and documentation). What is the legality of reverse engineering? What is the position of look and feel of software? What is the position of object code? Not intelligible to human beings, it therefore falls outside the definition of "copy" in a Copyright Act

Other SW protection measures (esp. security):

Hardware locks Randomizing blocks in source code to disguise its logic

Compiling SW to ensure source code not available

Low prices to make illegal copies less attractive
11

SW license agreement may allow SW to be:

used or copied for use on or with the primary computer for

which it was acquired, plus a backup computer if the primary is inoperative; reproduced for safekeeping or backup purposes; customized, adapted, or combined with other computer software, provided that derivative software incorporating any of the delivered, restricted computer software shall be subject to same restrictions set forth herein; disclosed to and reproduced for use by support service suppliers or their subcontractors, subject to the same restrictions set forth in the Contract; used or copied for use on or transferred to a replacement computer; and subject to audit by the Supplier to verify compliance with the License Agreements
12

SW license agreement may disallow SW to:

assign or otherwise transfer voluntarily without the

Suppliers prior written consent, except as otherwise provided for in an assignment clause transfer, sell, lease, rent, charge or otherwise deal in or encumber the Source Code nor use the same on behalf of or the benefit of any other party, unless such is within the overall scope of the project expand access to the Source Code to those of its employees, agents, contractors, or subcontractors who neither have a need to know nor are directly engaged in the maintenance and/or enhancement of the programs

See ACM case touches on issues of confidentiality and copyright

13

6.3 Trademarks & Trade Names

Trademark is any sign or combination of signs, capable of distinguishing the goods and services of one undertaking from those of other undertakings Tradename is the name or designation which identifies an enterprise Most laws:

require trademarks & trade names be

registered with a Gvt authority protect against use of a trademark or a sign similar to it, at least in connection with the same or similar goods for which trademark was registered protect against use of trade name by another enterprise, if likely to mislead the public 14

6.4 Patents

Used to protect inventions Generally, in order for an invention to be patented, patent laws require that it must: be new, involve an inventive step (nonobvious), be industrially applicable Can patent process or product Patent is issued by Gvt authority, gives patentee (owner of patent) exclusive rights, has a territory & is for specified term of years Patent protection means anyone who wishes to exploit the invention must obtain the authorization of the patentee, otherwise prosecution (patent given on first to file basis) Patented invention may be exploited without patentees authority, e.g. in the public interest by or on behalf of the Gvt or after expiry of term 15

6.5 Software Piracy

No legal distinction between breach of copyright of mass-market SW product & bespoke SW but concerns are different Usually refers to clearly detectable copying of commercially available SW What are the issues?

Huge investment cost. SW houses will

therefore attempt to protect their investment e.g. by having pressure groups (funded by SW developers) dedicated to reduce the extent of piracy High costs, especially for poor countries Detection of breach. How do you detect illegal copies? SW external raids and audits by lobby groups? 16

 Rights of user. What rights should the

legitimate SW user have? Should they be able to copy e.g. for backups; to decompile or to adapt to meet certain requirements that are not commercial in nature; etc. How much piracy to allow! Piracy represents locking in of customers it might therefore have long-term benefits

How can we address the problem of piracy?

Simplify licensing rules Make site licenses cheaper and easier to

obtain Use free/open source software (F/OSS) Draw up a relevant legislation Make SW users aware of the law and legal implications of piracy 17

6.6 Other Legal Issues

Issues over copyright ownership rights in systems development:

SW development by an employee in course of the

How do you protect disclosure for an employee who resigns/leaves in middle of a major SW development project? How do we deal with new crimes (cyber crime) associated with new ICT innovations? e.g. altering a program to perform a fraudulent act, time bombs in programs, etc.

18

employment? Employer as per Copyright Act, 2001, subject to any agreement between the parties SW developed by consultant/contractor in course of consultancy assignment? - Employer as per Copyright Act, 2001, subject to any agreement between the parties SW developed using rapid prototyping or CASE tools?

How do we deal with issues of jurisdiction? How do you insure against ICT crimes?

Note: ICT can be used to prevent, detect and prosecute crimes e.g. audit trails, cashless systems reduces cash crimes (& creates other types of crimes), knowledge-based systems that can warn of potential criminals, systems that support crime protection, detection, & prosecution, etc.
19

6.7 Copyright in Kenya?

SW treated as literary works under the Copyright Act, 2001 Confers copyright to employer or customer subject to any agreement between the parties Term of CR is 50 years after the end of the year in which the author dies Allows copies to correct errors, make back-up, testing for suitability, or other purposes not prohibited under SW license agreement Limited capacity (AGs chambers and judiciary) for SW copyright Require separate legislation for SW? 20

6.8 Patenting in Kenya?

Used UK patent law until 1989 Now under Industrial Property Act, 2001 (KIPI) Patent right granted to:
person(s) with earliest application filing date
employer or person who commissioned the work for

invention made in in execution of a commission or of employment contract, in the absence of contractual provisions to the contrary employee or person commissioned to do the work for invention made without any relation to an employment or service contract

Rights extended only to acts done for industrial or commercial purposes and not acts for scientific research Patent expires after 20 yrs from date of filing Patent may be exploited in public interest 21

6.9 What next for SW?

Global copyright agenda dominated by powerful Western interest groups (esp. MNEs)
laws (e.g. TRIPS agreement on trade-

related IP) marginalize LDCs

CR protected SW has high license costs, is inflexible, does not create necessary human capacity transfer, etc. no solution for LDCs. Solutions? Evaluate options, including:

getting exemptions to copyright laws? differential pricing for LDCs? open licenses, esp. for education sectors? switching to F/OSS?

22