Скачать презентацию Legal and ethical perspectives on IT development Liability Скачать презентацию Legal and ethical perspectives on IT development Liability

480404e1af6898209fb968b22de67775.ppt

  • Количество слайдов: 36

Legal and ethical perspectives on IT development Liability, Litigation risk, ‘Professional' standards, and Ethics Legal and ethical perspectives on IT development Liability, Litigation risk, ‘Professional' standards, and Ethics Slides at http: //cyberlawcentre. org/seng 4921/ David Vaile Co-convenor Cyberspace Law and Policy Centre/Community Faculty of Law, University of NSW http: //www. cyberlawcentre. org/

Outline Strange bedfellows: IT, Law & ethics Legal system Liability, ‘professional’ ethics Software development Outline Strange bedfellows: IT, Law & ethics Legal system Liability, ‘professional’ ethics Software development – immature? ‘It’s the risk, stupid’ IT project mgt central issue: risk, should drive everything ‘Spiral’ iterative disposable prototype for resolving risks Non-tech risks: human, data, political, regulatory, unknown Early rather than after disaster. Examples

Software, Law and Ethics Strange bedfellows How the law is made, and works Differing Software, Law and Ethics Strange bedfellows How the law is made, and works Differing Principles and standards Risks in software development Examples: ◦ ◦ ◦ ◦ Consumer protection Product liability Professional liability Anti-trust: abuse of monopoly Intellectual property: copyright, patents Privacy Spam

Legal System Legal System

Features of the legal system Main divide: Criminal <-> the rest Criminal ◦ Launched Features of the legal system Main divide: Criminal <-> the rest Criminal ◦ Launched by state, trial, conviction or acquittal. Crimes Civil ◦ Sued by other party, damages, restitution. Contracts, roles Sources ◦ ◦ ◦ Statutes ('Laws") set rules, Cases interpret them Jurisidiction: which laws and courts Appeals to higher court Precedent is critical in cases: follow higher/past authority Contracts: Making stuff up Obligations: from Statutes and Contracts Everything is arguable (if you lose, $$ costs) ‘Ignorance is no defence’: I click therefore I am Bound

What shapes the law? Ongoing struggle between interests Evidence based policy, Parliamentary process Commercial What shapes the law? Ongoing struggle between interests Evidence based policy, Parliamentary process Commercial reality Technical reality Public standards International affects (indirect) Clueless bozos on Facebook

Different standards Liability ◦ Is it against the law? Litigation risk ◦ Will you Different standards Liability ◦ Is it against the law? Litigation risk ◦ Will you be caught, sued or prosecuted? ‘Professional' standards ◦ Will your peers reject you? Ethics ◦ Will your children & friends reject you?

Why do I care? Why do I care?

What matters? Breaking the law? Getting caught? Losing your job? Losing your reputation? Or What matters? Breaking the law? Getting caught? Losing your job? Losing your reputation? Or just building crap? Liability Enforcemt Professional Ethics Self respect

Professional Liability Nature of Profession? Membership of Professional body Registration required to work? Self-regulation Professional Liability Nature of Profession? Membership of Professional body Registration required to work? Self-regulation Insurance Peer attitudes Reputation

IT Risk IT Risk

Development risk factors 20% coding and engineering – ignore? 80% analysis, communication, revision User-Centred Development risk factors 20% coding and engineering – ignore? 80% analysis, communication, revision User-Centred Design & Risk Management Neglected but critical Early vs. late error discovery ‘User sovereignty’

When development mistakes blow ‘Too soon old, too late smart’ ? ? ? Too When development mistakes blow ‘Too soon old, too late smart’ ? ? ? Too late! Delivery Revision Testing Coding Design User requirements, analysis, communication Feasibility and conception

Development quandaries Most software projects fail, 4 PM variables ◦ Cost, time, scope, quality Development quandaries Most software projects fail, 4 PM variables ◦ Cost, time, scope, quality (for User) Many break various standards, but. . . You could do it accidentally. . . Or be asked/tempted to deliberately Your own position Your employer’s The ‘victim’s position’

How to navigate IT risk ‘Spiral' iterative disposable prototype approach to resolving risks Inc How to navigate IT risk ‘Spiral' iterative disposable prototype approach to resolving risks Inc non-technical risks: human, data, political, regulatory, unknown User requirements central, get feedback at every stage Early discovery rather than after disaster Value & reward mistakes, deprecate denial But. . .

‘Move Fast and Break Things’ (Zuckerberg’s naughty teenager model to exploit ‘dumb **cks’) ‘See ‘Move Fast and Break Things’ (Zuckerberg’s naughty teenager model to exploit ‘dumb **cks’) ‘See what you can get away with’ ‘See if you get caught’ ‘We haven’t been caught [yet]’ Disposable prototyping, not compliance What works for software does not work for personal or critical information Your secrets are not revokable, disposable Brutal ‘Reality Therapy’ from the law: Usmanov case: 6 months for FB GF photo

Examples: Legal and Ethical Impacts of IT Risk Examples: Legal and Ethical Impacts of IT Risk

‘Ethical Hacking’ Essence of Cybercrime: ‘Unauthorised’ Criminalisation of hacking, circumvention EH done w Good ‘Ethical Hacking’ Essence of Cybercrime: ‘Unauthorised’ Criminalisation of hacking, circumvention EH done w Good Intentions But uses methods of malware, crackers Morris Worm 1990 s: Jail for bug exposé Personal Information Security is critical Yoof disbelieve contract & consequence? Drive it by transparent risk management The right answer may be: Don’t do it! (See Road to Hell, paved with)

Ethical Hacking Example Recent inquiry. . . Plan for great ethical hack Potential cybercrime, Ethical Hacking Example Recent inquiry. . . Plan for great ethical hack Potential cybercrime, reputation, professional, etc. Solution: Get it out in the open to run the risk management paper prototype; If too dodgy to reveal, discuss: drop it!

Other Examples Other Examples

Privacy ‘Right to be left alone’ Defeat of Australia Card, Privacy Act 1988 Limited Privacy ‘Right to be left alone’ Defeat of Australia Card, Privacy Act 1988 Limited rights of data subjects, few cases Restricts what technology can do Requires security Affects everyone But risk awareness is abysmal Facebook brain-washing re: over-sharing 2012 AGs Telecoms Data Retention plan

Privacy Hypothetical See hypothetical example Privacy Hypothetical See hypothetical example

Tort/ Negligence Product liability Duty of Care, special relationship Act or omission Causation Forseeability Tort/ Negligence Product liability Duty of Care, special relationship Act or omission Causation Forseeability of harm Proximity

Consumer Protection Based on consumer/vendor relation Assumes imbalance Statutory Warranties – fit purpose Contractual Consumer Protection Based on consumer/vendor relation Assumes imbalance Statutory Warranties – fit purpose Contractual waiver? Misleading and deceptive conduct Unfair Contracts Can be Strict Liability – State Bank

Consumer protection hypothetical See hypothetical example Consumer protection hypothetical See hypothetical example

Anti-trust: Abuse of Monopoly Competition policy Monopoly Example: MS v Do. J re Netscape Anti-trust: Abuse of Monopoly Competition policy Monopoly Example: MS v Do. J re Netscape Political involvement Practical significance

Anti-trust hypothetical See hypothetical example Anti-trust hypothetical See hypothetical example

Intellectual Property Purpose: Copyright Act: form, not substance ◦ No registration ◦ Digital Agenda Intellectual Property Purpose: Copyright Act: form, not substance ◦ No registration ◦ Digital Agenda Patents Act: the idea, not the form Circuit Designs Free Trade Agreement

Copyright Act: ◦ Exclusive right to control exploitation No registration Actual text, code or Copyright Act: ◦ Exclusive right to control exploitation No registration Actual text, code or implementation Licences with conditions and fees Technological Protection ◦ ‘Digital Rights Management’ tools ◦ DMCA and contracting away user rights

Copyright and Public Domain Differences in Australia, US. . . Fierce battle: maximalist v Copyright and Public Domain Differences in Australia, US. . . Fierce battle: maximalist v PD? ‘Public Domain’ Open Source software: GPL, copyleft Open Content ◦ Creative Commons – US, global? ◦ Free for Education - Australian Business models

Patents and software Right to deny access Requires registration Expensive to fight Patentable material? Patents and software Right to deny access Requires registration Expensive to fight Patentable material? E-business patents ◦ Amazon 1 -Click web shopping cart Gene sequence patents ◦ Bioinformatics – human genome race

Current patent battles Resistance to patentability of software EU Commission recommends, Parl. Rejects CSIRO Current patent battles Resistance to patentability of software EU Commission recommends, Parl. Rejects CSIRO v. US computer industry – wireless Linux? Why are software patents a danger? ◦ ◦ ◦ Locking up pure ideas? Mathematics? Stallman Not just open source Impossible to ascertain if infringing Patent Offices too lax and inexperienced? $$ motive Very expensive Only works if you have a huge portfolio

Spam Acts: Australia, USA, California Unsolicited commercial electronic message Single message Address harvesting Penalties Spam Acts: Australia, USA, California Unsolicited commercial electronic message Single message Address harvesting Penalties Surveillance Workplace privacy bill NSW

Spam hypothetical See hypothetical example Spam hypothetical See hypothetical example

Questions? Questions?

Conclusion David Vaile Executive Director Cyberspace Law and Policy Centre Faculty of Law, University Conclusion David Vaile Executive Director Cyberspace Law and Policy Centre Faculty of Law, University of NSW http: //www. cyberlawcentre. org/