Post on 24-Dec-2015
Legal and ethical perspectives on IT development
Liability, Litigation risk, ‘Professional' standards, and Ethics
Slides at http://cyberlawcentre.org/seng4921/
David VaileCo-convenorCyberspace Law and Policy Centre/CommunityFaculty of Law, University of NSWhttp://www.cyberlawcentre.org/
OutlineStrange bedfellows: IT, Law & ethicsLegal systemLiability, ‘professional’ ethicsSoftware development – immature? ‘It’s the risk, stupid’ IT project mgt central issue: risk, should drive
everything ‘Spiral’ iterative disposable prototype for
resolving risksNon-tech risks: human, data, political,
regulatory, unknownEarly rather than after disaster.Examples
Software, Law and EthicsStrange bedfellowsHow the law is made, and worksDiffering Principles and standardsRisks in software developmentExamples:
◦ Consumer protection◦ Product liability◦ Professional liability◦ Anti-trust: abuse of monopoly◦ Intellectual property: copyright, patents◦ Privacy◦ Spam
Legal System
Features of the legal systemMain divide: Criminal <-> the rest Criminal
◦ Launched by state, trial, conviction or acquittal. Crimes
Civil◦ Sued by other party, damages, restitution.
Contracts, rolesSources
◦ Statutes ('Laws") set rules, Cases interpret them ◦ Jurisidiction: which laws and courts ◦ Appeals to higher court◦ Precedent is critical in cases: follow higher/past
authority◦ Contracts: Making stuff up
Obligations: from Statutes and Contracts Everything is arguable (if you lose, $$ costs) ‘Ignorance is no defence’: I click therefore I
am Bound
What shapes the law?Ongoing struggle between
interestsEvidence based policy,
Parliamentary processCommercial realityTechnical realityPublic standardsInternational affects (indirect)Clueless bozos on Facebook
Different standardsLiability
◦Is it against the law?Litigation risk
◦Will you be caught, sued or prosecuted?
‘Professional' standards ◦Will your peers reject you?
Ethics◦Will your children & friends reject
you?
Why do I care?
What matters?Breaking the law?
LiabilityGetting caught? EnforcemtLosing your job?
ProfessionalLosing your reputation? EthicsOr just building crap? Self
respect
Professional LiabilityNature of Profession?Membership of Professional bodyRegistration required to work?Self-regulationInsurancePeer attitudesReputation
IT Risk
Development risk factors
20% coding and engineering – ignore?80% analysis, communication, revisionUser-Centred Design & Risk
Management Neglected but criticalEarly vs. late error discovery‘User sovereignty’
When development mistakes blow‘Too soon old, too late smart’
Coding
Feasibility and conception
User requirements, analysis, communication
Design
Testing
Revision
Delivery
??? Too late!
Development quandariesMost software projects fail, 4 PM
variables◦Cost, time, scope, quality (for User)
Many break various standards, but...
You could do it accidentally...Or be asked/tempted to
deliberatelyYour own positionYour employer’sThe ‘victim’s position’
How to navigate IT risk‘Spiral' iterative disposable
prototype approach to resolving risks
Inc non-technical risks: human, data, political, regulatory, unknown
User requirements central, get feedback at every stage
Early discovery rather than after disaster
Value & reward mistakes, deprecate denial
But...
‘Move Fast and Break Things’ (Zuckerberg’s naughty teenager model to exploit ‘dumb **cks’)
‘See what you can get away with’‘See if you get caught’‘We haven’t been caught [yet]’Disposable prototyping, not
complianceWhat works for software does not
work for personal or critical information
Your secrets are not revokable, disposable
Brutal ‘Reality Therapy’ from the law: Usmanov case: 6 months for FB GF photo
Examples:Legal and Ethical Impacts of IT Risk
‘Ethical Hacking’Essence of Cybercrime:
‘Unauthorised’Criminalisation of hacking,
circumventionEH done w Good Intentions (See Road to
Hell, paved with)
But uses methods of malware, crackers
Morris Worm 1990s: Jail for bug exposé
Personal Information Security is critical
Yoof disbelieve contract & consequence?
Drive it by transparent risk management
The right answer may be: Don’t do it!
Ethical Hacking ExampleRecent inquiry...
Plan for great ethical hackPotential cybercrime, reputation,
professional, etc.
Solution: Get it out in the open to run the risk management paper prototype;
If too dodgy to reveal, discuss: drop it!
Other Examples
Privacy‘Right to be left alone’Defeat of Australia Card, Privacy
Act 1988Limited rights of data subjects,
few casesRestricts what technology can doRequires securityAffects everyoneBut risk awareness is abysmalFacebook brain-washing re: over-
sharing2012 AGs Telecoms Data
Retention plan
Privacy Hypothetical
See hypothetical example
Tort/ NegligenceProduct liabilityDuty of Care, special relationshipAct or omissionCausationForseeability of harmProximity
Consumer ProtectionBased on consumer/vendor
relationAssumes imbalanceStatutory Warranties – fit purpose Contractual waiver?Misleading and deceptive
conductUnfair ContractsCan be Strict Liability – State
Bank
Consumer protection hypothetical
See hypothetical example
Anti-trust: Abuse of Monopoly Competition policy MonopolyExample: MS v DoJ re NetscapePolitical involvementPractical significance
Anti-trust hypothetical
See hypothetical example
Intellectual PropertyPurpose: Copyright Act: form, not
substance◦No registration◦Digital Agenda
Patents Act: the idea, not the form
Circuit DesignsFree Trade Agreement
Copyright Copyright Act:
◦Exclusive right to control exploitationNo registrationActual text, code or
implementationLicences with conditions and feesTechnological Protection
◦‘Digital Rights Management’ tools◦DMCA and contracting away user
rights
Copyright and Public DomainDifferences in Australia, US...Fierce battle: maximalist v PD?‘Public Domain’Open Source software: GPL,
copyleftOpen Content
◦Creative Commons – US, global?◦Free for Education - Australian
Business models
Patents and softwareRight to deny accessRequires registration Expensive to fightPatentable material?E-business patents
◦Amazon 1-Click web shopping cart Gene sequence patents
◦Bioinformatics – human genome race
Current patent battlesResistance to patentability of softwareEU Commission recommends, Parl. RejectsCSIRO v. US computer industry – wirelessLinux?Why are software patents a danger?
◦ Locking up pure ideas? Mathematics? Stallman◦ Not just open source◦ Impossible to ascertain if infringing◦ Patent Offices too lax and inexperienced? $$ motive◦ Very expensive◦ Only works if you have a huge portfolio
SpamSpam Acts: Australia, USA,
CaliforniaUnsolicited commercial electronic
messageSingle messageAddress harvestingPenaltiesSurveillanceWorkplace privacy bill NSW
Spam hypothetical
See hypothetical example
Questions?
Conclusion
David VaileExecutive Director
Cyberspace Law and Policy CentreFaculty of Law, University of NSWhttp://www.cyberlawcentre.org/