Role of Law, Regulation & Public Policy in Information Sciences & Technology

andSecurity & Risk Analysis

John W. Bagby

Professor of IST

Co-Dir. Inst. Info.Policy

What is the “Law of the Horse?”• Generalism serves best by reducing search,

transactions, switching & opportunity costs • Jump to define new fields risks ineptitude,

unjustified special exceptions – Karl Llewellan, parent of UCC, argued value in

specialized contract law for B2B & B2C – Gerhard Casper, 80’s U.Chi.Law Sch dean proudly

denounced any Law of the Horse special topic

• Public policy set by insiders risks self-serving complexity; set by newcomers risks unintended consequences, waste, irrelevance

• Optimality requires pioneering & adaptation

Cyberlaw: another “Law of the Horse?”

• Rules for idiosyncratic transactions between amateurs?

– Frank H. Easterbrook, J. 7th Cir & U.Chi.L.Sch faculty

• Observation about new fields – They must illuminate the entire law - not pander to dilettantes

(dabblers, connoisseurs)

• Netizen’s Utopian Declaration of Independence might insulate Cyberspace from traditional social, political, legal & regulatory controls – Could Regulation stifle eCommerce?

• But should we pander to Cyber Libertarians? – Traditional law too often fails to encourage or accommodate

technological development – Lawrence Lessig (Stanford): “We see something when we think

about the regulation of cyberspace that other areas would not show us.”

Biggest Challenge for CyberlawBiggest Challenge for Cyberlaw

• Adapt Existing Law vs. New Lawmaking – Some existing law adapts well unchanged – Rush to legislate will produce some bad laws (e.g.,

DMCA, CDA, DigSig, more?)

• Pamela Samuelson suggests a careful approach1.Review first principles underlying traditional

regulation, many accommodate cyberspace effectively without much adaptation

2.Exercise restraint: study, deliberate then confine new law to reasonable & proportionate responses

3.Simple/minimal new law & technology neutral

SRA/IST Related Law & Public Policy

• Regulation & Litigation Processes – Jurisdiction– Internet Taxation

• Intellectual Property– Copyright– Trade Secrets

• Database Protections– Patents– Trademark

• dns (a Merger?)

• Technology Transfer – Employment Contracts – Confidentiality

• eCommerce Transaction Process – ePmts– eAgents– eGovt

• Intelligent Transport • Privacy • Security • Sectoral Regulations

– E.g., TeleCommunications

• Standards & Antitrust – Network economics

What is Information Policy?

• The impact of public policy on information creation, access, ownership and use

• Public Policy is exerted by …– Government: through law, regulations, executive

power, courts– NGO, SRO, trade associations, professional self-

discipline– Markets: by attraction or deterrence of capital, trade

practices – Private contracts: private ordering, private regulation,

employee restrictions

Public Policy, Law & Regulation

• IST spans many cutting-edge policy issues– Like in gaming environments today, the early cyber-

libertarians demanded the Internet be exempt from traditional law

– Cyberlaw history resoundingly rejected that demand

• IST public policy clustering of some traditional areas of law – Interesting additional areas dictated by social, political

& economic idiosyncrasies caused of new technology – Therefore, special aggregation of traditional laws,

arguably becoming a law of the horse

Relevant Traditionally Fields of Law• Must adapt to Cyberspace & IT

– Constitutional law (e.g., bill of rights, due process, takings, commerce clause, separation of powers, federalism, freedom of contract),

– Litigation & dispute resolution (e.g., forensics, electronic and traditional discovery, alternative dispute resolution, privileges, role of scientific evidence in legislation, evidence admissibility),

– Legislation (e.g., lobbying, Congressional watchdog committees, pluralist grassroots communities),

– Administrative law & regulatory process (policy development, rulemaking, enforcement forensics, inter-agency co-operation/competition, dispute resolution),

– Intellectual property (IP) – Corporate governance (corporation law, securities regulations,

disclosure, contracts, conflicts of interest), – Commercial law, (contracting, payments, property transfers,

technology transfer)– Tort liability (reform & risk management, product & service

liability)– Sovereign immunity

Intellectual Property Rights • Copyrights

– Form of expression fixed in tangible medium, weak but long protection

• Trade Secrets– Information, valuable, security efforts, variable

protections

• Patents – Invention (machine, manufacture, composition of

matter, process), strong but medium term protection• Trademarks & Trade Dress

– Commercial symbol used in commerce, reduces consumer search costs, identifies source

• Sui Generis Protections: – Semiconductor chips, asexual plants, boat hull design,

designs, petty patents, databases, unfair competition

Traditional Contracting Models

• Information Exchange Model– No actual contracting, ads

• Mutual Assent Model– Offers, acceptances, counter-offers, revocations,

rejections, documentation

• Consideration Model – Online interaction contingent on agreement to

terms of use, collection of private information

• Performance Model – Electronic payments, commercial docs, eDelivery

eCommerce Business Models

1. Information Access & Warehousing ¶ e-Brochures, Ads, Info Capture for Resale, ad referrals

2.Ordering On-Line

3.e-Payment Systems

4.e-Delivery – Information & Data– Software– Advice & other Services

• Combinations of these 4

Existing e-Commerce Successes

• Banking: Wire Transfer & EFT • Securities: trading, execution, record keeping • Health Care Records & Reimbursement• Airline Reservations & e-Ticketing• Telecommunications • Television • Book, CD, Video Sales: amazon.com • On-Line Auctions • Advertising

Jurisdiction & Internet Taxation

• Jurisdiction & Tax share power/authority of a government to regulate/tax activities

• Due Process: state tax interstate business

• Sales & Use Tax if Nexus – Internet Tax Freedom Act (access, bit)

• Complexity of taxation of eCommerce– Differences: rates, base, exemptions, remitter

• Int’l taxation: collect EU’s VAT?

Telecommunications Regulation

• Federal Communications Commission & State/Local Regulators

• Licensing and Entry• Structural Regulation (competition)• Regulation of Rates• Technology & Standards

eGovt• Diffusion of Information Technology into

Government Activities – Migrating transaction processes – Compare/Contrast private sector eCom w/ eGovt – Applications: military, terrorism, control

• ID Key Applications, Facilitate Further Diffusion: – IRS, PTO, DOD, FTC, SEC, SAP (PA), DMVs, Public

Docs under FOIA/Open Records, eVidence in Litigation– Nine Next Neediest: utilities, INS, national security,

transportation, insurance, professional licensure, public safety, elections, cybercrime

An Ontology for Public Policy Scholarship in IST

• IT Governance

• Standardization

• IP Policy and Strategy

• Security and Privacy

• Electronic Commerce (eCommerce)

See: http://faculty.ist.psu.edu/bagby/

IT Governance • “specifying the decision rights and accountability

framework to encourage desirable behavior in the use of IT.”

• “the leadership and organizational structures and processes that ensure that [IT serves strategic objectives].”

• Corporate governance constraints; impact of law, regulators, security & privacy standards; SOX; Implemented through:

• technology transfer agreements• private contracts• employment restrictions• IP constraints • eCommerce commercial practice

Standardization

• Standards Development Activities (SDA)– Expanding form of public policy development

• “Code is Law”

• Major foci: resolution of conflicts of interest – Antitrust & IP– International Aspects quickly Emerging

• EU through ISO & China

– Due Process & Fair Political Representation• Balanced against participants’ domain expertise

IP Policy and Strategy• Pervasive to nearly all IST scholarship streams

– artifacts, cooperative research, HCI, security, privacy, search, dB, data mining, domain-related informatics, cyber-infrastructure, GIS, enterprise systems

– See http://ist.psu.edu/facultyresearch/research/

• Copyright, trade secret, patent, trademark:– IP Strategy & IP Reform – IP rights valuation, IP rights assessment, IP audit

infringement risk analysis • P2P, numerous urban legendary myths

– Open Source & Antitrust aspects of IP– Software & BMPatents

Security and Privacy• An Amalgam of:

– Criminal Law– CyberForensics (EDD, ESI, ERM)– Sectoral privacy regulations

• e.g., privacy regulations in health, financial, online, telecommunications, law enforcement, international commerce, security breaches)

– IT governance – Information Assurance– Electronic Surveillance– Money Laundering – Social Network Analysis Mapping using Graph Theory

eCommerce

• Online & Electronic Contracting• Ubiquitous EULAs

– Shrink, Click, Box & Browse Wrap Contracts

• Electronic Marketing & Auction Markets• Electronic Payment Systems• Financial Services IT Regulation

– Money Laundering…again

• Automated Transaction Processing– AI, intelligent agents, electronic agents, ontologies &

expert systems in eCommerce

Some Instruction Interests

• Existing Courses:– IST 432– IST 452– IST 453– SRA 211

• Proposed New Courses:– Critical Infrastructures– Standardization– Open Source– Electronic Payment Architecture & MoneyLaundering

Research Methods Useful in Public Policy of IST• Doctrinal Legal Research

• Public Policy Analysis

• Conceptual Analysis

• Model Building & Testing

• Artifact Design, Development & Testing

• Simulation

• Various Empirical Methods

Doctrinal Legal Research

• Combines Analytical Methods from Humanities, Empirical Social/Natural Sciences, Public Policy Analysis

• Evaluates Existing/Proposed Law for Consistency, Validity, Authority & Impact (social, political, economic)– Constitutions, precedents, statutes, regs

• Influences cases, legislative history, policymaking, other disciplines’ research design