Prepared By: Razif Razali 1

TMK 264: COMPUTER SECURITY

CHAPTER SEVEN : LEGAL, PRIVACY AND

ETHICAL ISSUES

Prepared By: Razif Razali 2

INTRODUCTION

In this chapter we study human controls applicable to computer security: the legal system and ethics. The legal system has adapted quite well to computer technology by reusing some old forms of legal protection and creating laws where no adequate ones existed. There are some aspects of protection of the security of computers:

• Protecting computing system against criminals.

• Protecting code and data.

• Protecting programmers’ and employers’ rights.

• Protecting private data about individuals.

• Protecting users of programs.

Prepared By: Razif Razali 3

COPYRIGHTS

In the United States, the basis of copyright protection is presented in the U.S Constitution.

The body of legislation supporting constitutional provisions laws that elaborate on or expand the constitutional protections.

Copyrights are designed to protect the expression of ideas.

• Purpose: to promote distribution of the work, therefore, the work must be distributed.

Copyright applied to a creative work: story, photograph, and song and pencil sketch.

The right to copy an expression of an idea is protected by copyright. Copyright give the owner the exclusive right to make copies off the

expression and sell them to the public. That is, only the author can sell copies of the author’s book.

Prepared By: Razif Razali 4

Definition of Intellectual Property

Only the originator of the expression is entitled to copyright. If an expression has no determinable originator, the copyright

cannot be granted. The copyright does not cover the idea being expressed. Copyright last for only a limited period of time. The copyrighted expression must also be in tangible medium. A story or art work must be written, printed, recorded, and

stored in disk or fixed on some other way. Certain works are considered to be in the public domain,

owned by the public, by no one in particular.• Example: the song “Happy birthday to you”, “nasi goreng’

recipe.

Prepared By: Razif Razali 5

Originality of Works

The work being copyrighted must be original to the author.

A work can be copyrighted even if it contains some public domain materials, as long as there is some originality.

The author does not even have to identify what is public and what is original.

Example: • A music historian could copyright a collection of folksongs

even if some are in the public domain.

• A dictionary can be copyrighted and the author could not claim to own the word.

Prepared By: Razif Razali 6

Copyright for Computer Software

Can a computer program be copyrighted? YES…

Computer program can be copyrighted (1976 copyright law emended in 1980 to include an explicit definition of computer software).

However, copyright protection may not be especially desirable from a protection

Copyright for Digital Objects

The Digital Millennium Copyright Act (DCMA) of 1998 clarified some issues of digital objects (such as music files, graphic, images, data in a database, and also computer program), but it left other unclear.

Among provision of the DCMA are these:

• Digital objects can be subject to copyright.

• It is a crime to circumvent or disable antipiracy functionality built into an object.

• It is a crime to manufacture, sell, or distribute devices that disable antipiracy functionality or that copy digital object.

Prepared By: Razif Razali 9

PATENTS

Protect invention, tangible objects or ways to make them not works of the mind.

Intended to apply to the result of science, technology and engineering.

A patent can protect a “new and useful process, machine, manufacture or composition of matter.

A patent is designed to protect the device or process for carrying out an idea, not the idea itself.

Example:• If two composers happen to compose the same song

independently at different times, copyright law would allow both of them to have copyright. If two investor devices the same invention, the patent goes to the person who invented it first, regardless of who first filed the patent.

Prepared By: Razif Razali 10

Procedure of registering a Patent

The inventor must convince the U.S Patent and Trademark Office that the invention deserves the patent.

A patent attorney will research the patent already issued for similar invention.

The patent owner uses the patented invention by producing products or by licensing others to produce them.

Patent objects sometimes marked with a patent number to warn others that the technology is patented.

Prepared By: Razif Razali 11

TRADE SECRETS

Is unlike a patent or copyright in that it must be keep a secret.

The information has value only as a secret, and an infringer is one who divulges the secret.

Once divulged, the information usually cannot be made secret again

Prepared By: Razif Razali 12

Characteristics of Trade Secrets

Trade secret is information that gives one company a competitive edge over others.

Example: The formula of soft drinks, mailing list of customers or information about a product due to be announced in a few months.

The distinguishing characteristic of a trade secret is that it must always be kept secret.

The owner must take precautions to protect the secret such as storing safely, encrypting it in computer file, or making employees sign a statement that they will not disclose the secret.

If someone obtains a trade secret improperly and profits from it, the owner can recover profits, damages, lost revenues and legal costs.

Prepared By: Razif Razali 13

Figure: Comparing Copyrights, Patent and Trade Secret

Prepared By: Razif Razali 14

OTHERS TERMS RELATED IN THIS TOPIC

Copyleft• An alternative means of controlling software rights in which

everyone has permission to run, copy or modified the program, and distribute modified versions, but not permission to add restrictions of their own.

Trademark• Is a word, name, symbol or device used to distinguish one

company and its products from another. Plagiarism

• The representation of someone else’s words of ideas as your own.

• Example: copy of the journal, edit the original text and published as our own without permission from the original author.

INFORMATION AND THE LAW

Source code, object code and even the ‘look and feel’ of a computer screen are recognizable, if not tangible object.

Electronic commerce, electronic publishing, electronic voting and electronic are the example of the new challenge to the legal system.

INFORMATION AS AN OBJECT

Let us examine why information is different from other commercial things:• Information is not depletable.

• Information can be replicated.

• Information has a minimal marginal cost.

• The value of information is often time dependent.

• Information is often transferred intangibly.

LEGAL ISSUES RELATING TO INFORMATION

These characteristics of information significantly affect its legal treatment.

Let us look at several examples of situations in which information needs are about to place significant demands on the legal system

• Information commerce.

• Electronic publishing.

• Protecting data in database.

Prepared By: Razif Razali 18

WHY COMPUTER CRIME HARD TO PROSECUTE?

Factors:

• Lack of understanding

• Lack of physical evidence.

• Lack of recognition of assets

• Lack of political impact

• Complexity of case

• Juveniles To fight such high tech crime, a law enforcement specialty

called computer forensics is growing. Already being used to sent criminals behinds bars,

computer forensics is the application of computer system and technique to gather potential legal evidence.

Prepared By: Razif Razali 20

ETHICAL ISSUES IN COMPUTER SECURITY Law

• Law is a set of rules or norms of conduct, which mandate, proscribe or permit, specified relationships among people and organizations.

• Provide methods for ensuring the impartial treatment of such people, and provide punishments for those who do not follow the established rules of conduct.

Ethics• Morals to prescribe generally accepted standards of

proper standard.• A set of moral principles or values• Standard of right or wrong.• Often idealistic principles because they focus on one

objective.

Prepared By: Razif Razali 21

Table: Differences between the law and ethics

No external arbiter.Court is final arbiter of right

Limited enforcementEnforceable by police and courts.

Described by philosophers, religions and professional group

Described by formal, written document

Personal choiceApplicable to everyone

Interpreted by each individualInterpreted by courts

EthicsLaw

Prepared By: Razif Razali 22

WEAKNESSES

Weakness of Law• Not always the appropriate way to deal with issues of

human behaviors.

• Most of law makers are not computer professionals. Weakness of Ethics

• The issues are complex to describe and judges.

• People confuse ethics with religion because many religious supply a framework in which to make ethical choice.

• Ethical principles are not universal

• Different society or person has a different ideology

Prepared By: Razif Razali 23

CRIMINAL AND CIVIL LAW

Criminal• A type of case in which the person is charged with a crime and may

face penalties including fines, jail time, or imprisonment.• Government argues for punishment because an illegal act has harmed

the desire nature of society.• Example: The government will prosecute a murder case because

murder violates a law passed by the government. Civil Law

• Law based on a series of written codes or laws.• In civil law case, an individual, organization, company or group claims it

is has been harmed.• The goal of civil case is restitution: to make the victim “whole” again by

repairing the harm.• Concerned with the relationship between individuals. • The person who has been injured or otherwise suffered loss as the

result of a wrong generally brings a civil action.

Prepared By: Razif Razali 24

Table: Criminal versus Civil Law

Damages, typically monetary Jail, FineRemedy

Individuals and Companies SocietyWronged party

Government Individuals and Companies

GovernmentCases brought by

Contract Common Law

StatutesDefined By

Civil LawCriminal Law

CONCLUSION OF COMPUTER ETHICS

In this study of ethics, we have tried not to decide right and wrong, or even to brand certain acts as ethical or unethical.

The purpose of this section is to stimulate thinking about ethical issues concerned with confidentiality, integrity and availability of data and computations.