ICS 417 ICT and Society 4 3 ICT

ICS 417: ICT and Society 4. 3 ICT and Legal Issues 1

4. 3. 1 Confidentiality & Privacy n n There is conflicting tension between privacy and accessibility of info u Privacy is an individual’s right to determine for themselves what about them is communicated to others u Confidentiality is an organization’s right to determine what will be communicated about commercially held info. e. g. sales data Given conflict, to what extent are individual’s/society’s interests best served by allowing limits to data/info access? 2

n n Gvts have different legal instruments relating to different aspects of privacy e. g. defamation, copyright, trespass, etc. Individual privacy space is defended by law in many countries and is a compromise between the needs of an individual and the needs of society for information u Current Kenyan Constitution does not have a separate section on privacy but aspects are included in the protection of fundamental rights and freedoms of the individual but adds “… subject to such limitations of that protection as are contained in those provisions, being limitations designed to ensure that the enjoyment of those rights and freedoms by any individual does not prejudice the rights and freedoms of others or the public interest. ” (Chap. 5, Sec. 70 of the Constitution of Kenya) 3

u n Draft Constitution has a specific section on the privacy of the individual, which includes the right not to have: F information relating to their family or private affairs unnecessarily required or revealed and F the privacy of their communications infringed (Chap. 5, Sec. 43) However, most Gvts have an interest in invading privacy than in protecting it: u “It cannot be emphasized too strongly that the incentives for the government and the bureaucracy are in the direction of invading, or at least ignoring or neglecting, privacy interests rather than protecting them. Most measures that are perceived as “necessary” to cope with a societal problem involve surveillance through data collection”. Flaherty, D. (1989), Protecting Privacy in Surveillance Societies, The University of North Carolina Press. 4

n n n Concept of privacy is context specific: u Variations wrt to what is “private” information exist between one individual and another, between different sections of society & between countries u THEN important concern is what the data is used for rather than the data itself Whatever the privacy debate in a country or society, privacy protection is important & is likely to become more so as society becomes more informatized 2 important privacy issues: u Fair use. The requirement to seek an individual’s permission before passing the data on to others e. g. to be used in support of an organization’s business mission 5

u Gate n keeping. The restricted access to services, privileges, benefits or opportunities on the basis of certain data values. Some are inevitable and acceptable, e. g. point scoring system for credit provision. However, the same system can be used to keep out “trouble makers”! THEN the issue becomes: whose definition of trouble maker Many Gvts have responded to the challenge on privacy with a myriad of legislative provisions, e. g. u Data Protection Act 1998, 1998 Chapter 29 UK Laws, http: //www. hmso. gov. uk/acts 1998/19980029. ht m u Directive 95/46/EC of the EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http: //www. privacy. org/pi/intl_orgs/ec/eudp. html 6

n Finnish Government’s No. 565 Act on the Protection of Privacy and Data Security in Telecommunications http: //www. mintc. fi/www/sivut/suomi/tele/saadokset/telecom/norms /1999_565. htm Internet Privacy Law by Timothy J. Walton, http: //www. netatty. com/privacy. html n Kenya? n 7

4. 3. 2 Copyright & Software Protection n Software development investment not adequately protected in many countries (cf hardware developments are usually adequately covered by patent law) However, innovation & technology transfer can be stifled by draconian protection Trade secrets (ways of working, plans and interactions), patents and copyright legislation attempt to balance these 2 tensions 8

(a) Trade secrets or confidence n Trade secrets (ideas & methods of implementation) protected via the law of confidentiality. Includes both HW & SW n Protection created where there is a direct contractual obligation e. g. confidentiality obligations in employment contracts are enforceable in law n If obligations not defined, may be necessary to determine degree of good faith in any disclosure, e. g. use of knowledge acquired in previous employment in a competitor firm once employment ceases n With increasing outsourcing, using contracts to define specific confidentiality obligations is advised. 9

(b) Copyright n Protects copying the expression of an idea (protects software) n Most acts recognize SW as “literary” work. Thus prohibit copying, issuing of copies, performing/showing/playing the work in public, adapting, etc. n Most acts permit certain actions (“fair dealing”), e. g. use for research, private study, criticism, review, news reporting, taking back-ups, etc. n SW license issued to permit actions forbidden by copyright (see example of SW license agreement) n Damages for contravening copyright usually a notional cost of license fee, e. g. 10% royalty 10

n n Weaknesses/challenges: u Does not protect underlying idea (protects its expression: in source code and documentation). u What is the legality of reverse engineering? What is the position of “look and feel” of software? u What is the position of object code? Not intelligible to human beings, it therefore falls outside the definition of "copy" in a Copyright Act Other SW protection measures (esp. security): u Hardware locks u Randomizing blocks in source code to disguise its logic u Compiling SW to ensure source code not available u Low prices to make illegal copies less attractive 11

n SW license agreement may allow SW to be: u used or copied for use on or with the primary computer for which it was acquired, plus a backup computer if the primary is inoperative; u reproduced for safekeeping or backup purposes; u customized, adapted, or combined with other computer software, provided that derivative software incorporating any of the delivered, restricted computer software shall be subject to same restrictions set forth herein; u disclosed to and reproduced for use by support service suppliers or their subcontractors, subject to the same restrictions set forth in the Contract; u used or copied for use on or transferred to a replacement computer; and u subject to audit by the Supplier to verify compliance with the License Agreements 12

n SW license agreement may disallow SW to: u assign n or otherwise transfer voluntarily without the Supplier’s prior written consent, except as otherwise provided for in an assignment clause u transfer, sell, lease, rent, charge or otherwise deal in or encumber the Source Code nor use the same on behalf of or the benefit of any other party, unless such is within the overall scope of the project u expand access to the Source Code to those of its employees, agents, contractors, or subcontractors who neither have a need to know nor are directly engaged in the maintenance and/or enhancement of the programs See ACM case – touches on issues of confidentiality and copyright 13

4. 3. 3 Trademarks & Trade Names n n n Trademark is any sign or combination of signs, capable of distinguishing the goods and services of one undertaking from those of other undertakings Tradename is the name or designation which identifies an enterprise Most laws: u u u require trademarks & trade names be registered with a Gvt authority protect against use of a trademark or a sign similar to it, at least in connection with the same or similar goods for which trademark was registered e. g. the case between Uniliver PIC that manufactures Blue Band & Bidco Oil Industries that manufactures Gold Band. Uniliver accused Bidco of using its registered trademark Blue Band, packaging with the same shape, colour, configuration, design and general appearance, and generally confusing the minds of the public into thinking Gold Band was manufactured by Uniliver (DN 17. 02. 2004) protect against use of trade name by another enterprise, if likely to mislead the public 14

4. 3. 4 Patents n n n Used to protect inventions Generally, in order for an invention to be patented, patent laws require that it must: u be new, involve an inventive step (non-obvious), be industrially applicable Can patent process or product Patent is issued by Gvt authority, gives patentee (owner of patent) exclusive rights, has a territory & is for specified term of years Patent protection means anyone who wishes to exploit the invention must obtain the authorization of the patentee, otherwise prosecution (patent given on first to file basis) Patented invention may be exploited without patentee’s authority, e. g. in the public interest by or on behalf of the Gvt or after expiry of term 15

4. 3. 5 Software Piracy n n n No legal distinction between breach of copyright of mass-market SW product & bespoke SW – but concerns are different Usually refers to clearly detectable copying of commercially available SW What are the issues? u Huge investment cost. SW houses will therefore attempt to protect their investment e. g. by having pressure groups (funded by SW developers) dedicated to reduce the extent of piracy u High costs, especially for poor countries u Detection of breach. How do you detect illegal copies? SW external raids and audits by lobby 16 groups?

u Rights n of user. What rights should the legitimate SW user have? Should they be able to copy e. g. for backups; to “decompile” or to adapt to meet certain requirements that are not commercial in nature; etc. u How much piracy to allow! Piracy represents locking in of customers – it might therefore have long-term benefits How can we address the problem of piracy? u Simplify licensing rules u Make site licenses cheaper and easier to obtain u Use free/open source software (F/OSS) u Draw up a relevant legislation u Make SW users aware of the law and legal implications of piracy 17

4. 3. 6 Other Legal Issues n Issues over copyright ownership rights in systems development: SW development by an employee in course of the employment? – Employer as per Copyright Act, 2001, subject to any agreement between the parties u SW developed by consultant/contractor in course of consultancy assignment? - Employer as per Copyright Act, 2001, subject to any agreement between the parties u SW developed using rapid prototyping or CASE tools? u n n How do you protect disclosure for an employee who resigns/leaves in middle of a major SW development project? How do we deal with new crimes (cyber crime) associated with new ICT innovations? e. g. altering a program to perform a fraudulent act, time bombs in programs, etc. 18

n n n How do we deal with issues of jurisdiction? How do you insure against ICT crimes? Note: ICT can be used to prevent, detect and prosecute crimes e. g. audit trails, cashless systems reduces cash crimes (& creates other types of crimes), knowledge-based systems that can warn of potential criminals, systems that support crime protection, detection, & prosecution, etc. 19

4. 3. 7 Copyright in Kenya? n n n SW treated as “literary works” under the Copyright Act, 2001 Confers copyright to employer or customer subject to any agreement between the parties Term of CR is 50 years after the end of the year in which the author dies Allows copies to correct errors, make back-up, testing for suitability, or other purposes not prohibited under SW license agreement Limited capacity (AG’s chambers and judiciary) for SW copyright Require separate legislation for SW? 20

4. 3. 8 Patenting in Kenya? n n n Used UK patent law until 1989 Now under Industrial Property Act, 2001 (KIPI) Patent right granted to: u person(s) with earliest application filing date u employer or person who commissioned the work for invention made in in execution of a commission or of employment contract, in the absence of contractual provisions to the contrary u employee or person commissioned to do the work for invention made without any relation to an employment or service contract Rights extended only to acts done for industrial or commercial purposes and not acts for scientific research Patent expires after 20 yrs from date of filing Patent may be exploited in public interest… 21

4. 3. 9 What next for SW? n n n Global copyright agenda dominated by powerful Western interest groups (esp. MNEs) u laws (e. g. TRIPS – agreement on trade-related IP) marginalize LDCs CR protected SW has high license costs, is inflexible, does not create necessary human capacity transfer, etc. – no solution for LDCs. Solutions? Evaluate options, including: u getting exemptions to copyright laws? u differential pricing for LDCs? u open licenses, esp. for education sectors? u switching to F/OSS? u you setting up business enterprises to produce software to compete with that from the “West” 22