Chapter 11
Legal and Ethical Issues in Computer Security
In this chapter
·
Program and data protection by patents, copyrights, and trademarks
·
Computer crime
·
Ethical analysis of computer security situations
·
Codes of professional ethics
In this chapter we study
human controls applicable to computer security: the legal system and ethics.
The legal system has adapted quite well to computer technology by reusing some
old forms of legal protection (copyrights and patents) and creating laws where
no adequate ones existed (malicious access). Still, the courts are not a
perfect form of protection for computer resources, for two reasons. First, the
courts tend to be reactive instead of proactive. That is, we have to wait for a
transgression to occur and then adjudicate it, rather than try to prevent it in
the first place. Second, fixing a problem through the courts can be time
consuming (sometimes taking years) and expensive; the latter characteristic
prevents all but the wealthy from addressing most security issues.
On the other hand, ethics has
not had to change, because ethics is more situational and personal than the
law. For example, the privacy of personal information is becoming an important
part of computer security. And although technically this issue is just an
aspect of confidentiality, practically it has a long history in both law and
ethics. The purpose of this chapter is to round out our study of protection for
computing systems by understanding the context in which security is assessed
and applied.
Not always are conflicts
resolved pleasantly. Some people will think that they have been treated
unfairly, and some people do indeed act unfairly. In some countries, a citizen
reacts to a wrongful act by going to court. The courts are seen as the ultimate
arbiters and enforcers of fairness. But, as most lawyers will tell you, the
courts' definition of fair may not coincide with yours. Even if you could be
sure the courts would side with you, a legal battle can be emotionally
draining. Our purpose in this section is not only to understand how the legal
system helps protect computer security but also to know how and when to use the
legal system wisely.
Law and computer security are
related in several ways. First, international, national, state, and city laws
can affect privacy and secrecy. These statutes often apply to the rights of
individuals to keep personal matters private. Second, laws regulate the use,
development, and ownership of data and programs. Patents, copyrights, and trade
secrets are legal devices to protect the rights of developers and owners of
programs and data. Similarly, one aspect of computer security is controlling
access to programs and data; that access control is supported by these
mechanisms of the law. Third, laws affect actions that can be taken to protect
the secrecy, integrity, and availability of computer information and service.
These basic concerns in computer security are both strengthened and constrained
by applicable laws. Thus, legal means interact with other controls to establish
computer security.
However, the law does not
always provide an adequate control. When computer systems are concerned, the
law is slowly evolving because the issues are similar to but not the same as
those for property rights. Computers are new, compared to houses, land, horses,
or money. As a consequence, the place of computer systems in law is not yet
firmly established. As statutes are written and cases decided, the roles of
computers and the people, data, and processes involved are becoming more defined
in the law. However, laws do not yet address all improper acts committed with
computers. Finally, some judges, lawyers, and police officers do not understand
computing, so they cannot determine how computing relates to other, more
established, parts of the law.
The laws dealing with
computer security affect programmers, designers, users, and maintainers of
computing systems and computerized data banks. These laws protect, but they
also regulate the behavior of people who use computers. Furthermore, computer
professionals are among the best-qualified advocates for changing old laws and
creating new ones regarding computers. Before recommending change, however,
professionals must understand the current state of computers and the law.
Therefore, we have three motivations for studying the legal section of this
chapter:
to know what protection the
law provides for computers and data
to appreciate laws that
protect the rights of others with respect to computers, programs, and data
to understand existing laws
as a basis for recommending new laws to protect computers, data, and people The
next few sections address the following aspects of protection of the security
of computers.
Protecting computing systems
against criminals. Computer criminals violate the principles of
confidentiality, integrity, and availability for computer systems. Preventing
the violation is better than prosecuting it after the fact. However, if other
controls fail, legal action may be necessary. In this section we study several
representative laws to determine what acts are punishable under the law.
Protecting code and data.
Copyrights, patents, and trade secrets are all forms of legal protection that
can be applied to programs and, sometimes, data. However, we must understand
the fundamental differences between the kind of protection these three provide
and the methods of obtaining that protection.
Protecting programmers' and
employers' rights. The law protects both programmers and people who employ
programmers. Generally, programmers have only limited legal rights to access
programs they have written while employed. This section contains a survey of
the rights of employees and employers regarding programs written for pay.
Protecting users of programs.
When you buy a program, you expect it to work properly. If it doesn't, you want
the legal system to protect your rights as a consumer. This section surveys the
legal recourse you have to address faulty programs.
Computer law is complex and
emerging rather rapidly as it tries to keep up with the rapid technological
advances in and enabled by computing. We present the fundamentals in this book
not in their full detail as you would expect by someone with a law degree, but
as a situational analysis to heighten the awareness of those who are not lawyers
but who must deal with the law's implications. You should consult a lawyer who
understands and specializes in computer law in order to apply the material of
this section to any specific case. And, as most lawyers will advise, ensuring
legal protection by doing things correctly from the beginning is far easierand
cheaperthan hiring a lawyer to sort out a web of conflict after things have
gone wrong.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.