role of law, regulation & public policy in information sciences & technology and security...
Post on 19-Dec-2015
215 views
TRANSCRIPT
Role of Law, Regulation & Public Policy in Information Sciences & Technology
andSecurity & Risk Analysis
John W. Bagby
Professor of IST
Co-Dir. Inst. Info.Policy
What is the “Law of the Horse?”• Generalism serves best by reducing search,
transactions, switching & opportunity costs • Jump to define new fields risks ineptitude,
unjustified special exceptions – Karl Llewellan, parent of UCC, argued value in
specialized contract law for B2B & B2C – Gerhard Casper, 80’s U.Chi.Law Sch dean proudly
denounced any Law of the Horse special topic
• Public policy set by insiders risks self-serving complexity; set by newcomers risks unintended consequences, waste, irrelevance
• Optimality requires pioneering & adaptation
Cyberlaw: another “Law of the Horse?”
• Rules for idiosyncratic transactions between amateurs?
– Frank H. Easterbrook, J. 7th Cir & U.Chi.L.Sch faculty
• Observation about new fields – They must illuminate the entire law - not pander to dilettantes
(dabblers, connoisseurs)
• Netizen’s Utopian Declaration of Independence might insulate Cyberspace from traditional social, political, legal & regulatory controls – Could Regulation stifle eCommerce?
• But should we pander to Cyber Libertarians? – Traditional law too often fails to encourage or accommodate
technological development – Lawrence Lessig (Stanford): “We see something when we think
about the regulation of cyberspace that other areas would not show us.”
Biggest Challenge for CyberlawBiggest Challenge for Cyberlaw
• Adapt Existing Law vs. New Lawmaking – Some existing law adapts well unchanged – Rush to legislate will produce some bad laws (e.g.,
DMCA, CDA, DigSig, more?)
• Pamela Samuelson suggests a careful approach1.Review first principles underlying traditional
regulation, many accommodate cyberspace effectively without much adaptation
2.Exercise restraint: study, deliberate then confine new law to reasonable & proportionate responses
3.Simple/minimal new law & technology neutral
SRA/IST Related Law & Public Policy
• Regulation & Litigation Processes – Jurisdiction– Internet Taxation
• Intellectual Property– Copyright– Trade Secrets
• Database Protections– Patents– Trademark
• dns (a Merger?)
• Technology Transfer – Employment Contracts – Confidentiality
• eCommerce Transaction Process – ePmts– eAgents– eGovt
• Intelligent Transport • Privacy • Security • Sectoral Regulations
– E.g., TeleCommunications
• Standards & Antitrust – Network economics
What is Information Policy?
• The impact of public policy on information creation, access, ownership and use
• Public Policy is exerted by …– Government: through law, regulations, executive
power, courts– NGO, SRO, trade associations, professional self-
discipline– Markets: by attraction or deterrence of capital, trade
practices – Private contracts: private ordering, private regulation,
employee restrictions
Public Policy, Law & Regulation
• IST spans many cutting-edge policy issues– Like in gaming environments today, the early cyber-
libertarians demanded the Internet be exempt from traditional law
– Cyberlaw history resoundingly rejected that demand
• IST public policy clustering of some traditional areas of law – Interesting additional areas dictated by social, political
& economic idiosyncrasies caused of new technology – Therefore, special aggregation of traditional laws,
arguably becoming a law of the horse
Relevant Traditionally Fields of Law• Must adapt to Cyberspace & IT
– Constitutional law (e.g., bill of rights, due process, takings, commerce clause, separation of powers, federalism, freedom of contract),
– Litigation & dispute resolution (e.g., forensics, electronic and traditional discovery, alternative dispute resolution, privileges, role of scientific evidence in legislation, evidence admissibility),
– Legislation (e.g., lobbying, Congressional watchdog committees, pluralist grassroots communities),
– Administrative law & regulatory process (policy development, rulemaking, enforcement forensics, inter-agency co-operation/competition, dispute resolution),
– Intellectual property (IP) – Corporate governance (corporation law, securities regulations,
disclosure, contracts, conflicts of interest), – Commercial law, (contracting, payments, property transfers,
technology transfer)– Tort liability (reform & risk management, product & service
liability)– Sovereign immunity
Intellectual Property Rights • Copyrights
– Form of expression fixed in tangible medium, weak but long protection
• Trade Secrets– Information, valuable, security efforts, variable
protections
• Patents – Invention (machine, manufacture, composition of
matter, process), strong but medium term protection• Trademarks & Trade Dress
– Commercial symbol used in commerce, reduces consumer search costs, identifies source
• Sui Generis Protections: – Semiconductor chips, asexual plants, boat hull design,
designs, petty patents, databases, unfair competition
Traditional Contracting Models
• Information Exchange Model– No actual contracting, ads
• Mutual Assent Model– Offers, acceptances, counter-offers, revocations,
rejections, documentation
• Consideration Model – Online interaction contingent on agreement to
terms of use, collection of private information
• Performance Model – Electronic payments, commercial docs, eDelivery
eCommerce Business Models
1. Information Access & Warehousing ¶ e-Brochures, Ads, Info Capture for Resale, ad referrals
2.Ordering On-Line
3.e-Payment Systems
4.e-Delivery – Information & Data– Software– Advice & other Services
• Combinations of these 4
Existing e-Commerce Successes
• Banking: Wire Transfer & EFT • Securities: trading, execution, record keeping • Health Care Records & Reimbursement• Airline Reservations & e-Ticketing• Telecommunications • Television • Book, CD, Video Sales: amazon.com • On-Line Auctions • Advertising
Jurisdiction & Internet Taxation
• Jurisdiction & Tax share power/authority of a government to regulate/tax activities
• Due Process: state tax interstate business
• Sales & Use Tax if Nexus – Internet Tax Freedom Act (access, bit)
• Complexity of taxation of eCommerce– Differences: rates, base, exemptions, remitter
• Int’l taxation: collect EU’s VAT?
Telecommunications Regulation
• Federal Communications Commission & State/Local Regulators
• Licensing and Entry• Structural Regulation (competition)• Regulation of Rates• Technology & Standards
eGovt• Diffusion of Information Technology into
Government Activities – Migrating transaction processes – Compare/Contrast private sector eCom w/ eGovt – Applications: military, terrorism, control
• ID Key Applications, Facilitate Further Diffusion: – IRS, PTO, DOD, FTC, SEC, SAP (PA), DMVs, Public
Docs under FOIA/Open Records, eVidence in Litigation– Nine Next Neediest: utilities, INS, national security,
transportation, insurance, professional licensure, public safety, elections, cybercrime
An Ontology for Public Policy Scholarship in IST
• IT Governance
• Standardization
• IP Policy and Strategy
• Security and Privacy
• Electronic Commerce (eCommerce)
See: http://faculty.ist.psu.edu/bagby/
IT Governance • “specifying the decision rights and accountability
framework to encourage desirable behavior in the use of IT.”
• “the leadership and organizational structures and processes that ensure that [IT serves strategic objectives].”
• Corporate governance constraints; impact of law, regulators, security & privacy standards; SOX; Implemented through:
• technology transfer agreements• private contracts• employment restrictions• IP constraints • eCommerce commercial practice
Standardization
• Standards Development Activities (SDA)– Expanding form of public policy development
• “Code is Law”
• Major foci: resolution of conflicts of interest – Antitrust & IP– International Aspects quickly Emerging
• EU through ISO & China
– Due Process & Fair Political Representation• Balanced against participants’ domain expertise
IP Policy and Strategy• Pervasive to nearly all IST scholarship streams
– artifacts, cooperative research, HCI, security, privacy, search, dB, data mining, domain-related informatics, cyber-infrastructure, GIS, enterprise systems
– See http://ist.psu.edu/facultyresearch/research/
• Copyright, trade secret, patent, trademark:– IP Strategy & IP Reform – IP rights valuation, IP rights assessment, IP audit
infringement risk analysis • P2P, numerous urban legendary myths
– Open Source & Antitrust aspects of IP– Software & BMPatents
Security and Privacy• An Amalgam of:
– Criminal Law– CyberForensics (EDD, ESI, ERM)– Sectoral privacy regulations
• e.g., privacy regulations in health, financial, online, telecommunications, law enforcement, international commerce, security breaches)
– IT governance – Information Assurance– Electronic Surveillance– Money Laundering – Social Network Analysis Mapping using Graph Theory
eCommerce
• Online & Electronic Contracting• Ubiquitous EULAs
– Shrink, Click, Box & Browse Wrap Contracts
• Electronic Marketing & Auction Markets• Electronic Payment Systems• Financial Services IT Regulation
– Money Laundering…again
• Automated Transaction Processing– AI, intelligent agents, electronic agents, ontologies &
expert systems in eCommerce
Some Instruction Interests
• Existing Courses:– IST 432– IST 452– IST 453– SRA 211
• Proposed New Courses:– Critical Infrastructures– Standardization– Open Source– Electronic Payment Architecture & MoneyLaundering
Research Methods Useful in Public Policy of IST• Doctrinal Legal Research
• Public Policy Analysis
• Conceptual Analysis
• Model Building & Testing
• Artifact Design, Development & Testing
• Simulation
• Various Empirical Methods
Doctrinal Legal Research
• Combines Analytical Methods from Humanities, Empirical Social/Natural Sciences, Public Policy Analysis
• Evaluates Existing/Proposed Law for Consistency, Validity, Authority & Impact (social, political, economic)– Constitutions, precedents, statutes, regs
• Influences cases, legislative history, policymaking, other disciplines’ research design