Tải bản đầy đủ - 0 (trang)
Chapter 11. Legal and Ethical Issues in Computer Security

Chapter 11. Legal and Ethical Issues in Computer Security

Tải bản đầy đủ - 0trang

istoroundoutourstudyofprotectionforcomputingsystems

byunderstandingthecontextinwhichsecurityisassessedand

applied.

Notalwaysareconflictsresolvedpleasantly.Somepeoplewill

thinkthattheyhavebeentreatedunfairly,andsomepeopledo

indeedactunfairly.Insomecountries,acitizenreactstoa

wrongfulactbygoingtocourt.Thecourtsareseenasthe

ultimatearbitersandenforcersoffairness.But,asmostlawyers

willtellyou,thecourts'definitionoffairmaynotcoincidewith

yours.Evenifyoucouldbesurethecourtswouldsidewithyou,

alegalbattlecanbeemotionallydraining.Ourpurposeinthis

sectionisnotonlytounderstandhowthelegalsystemhelps

protectcomputersecuritybutalsotoknowhowandwhento

usethelegalsystemwisely.

Lawandcomputersecurityarerelatedinseveralways.First,

international,national,state,andcitylawscanaffectprivacy

andsecrecy.Thesestatutesoftenapplytotherightsof

individualstokeeppersonalmattersprivate.Second,laws

regulatetheuse,development,andownershipofdataand

programs.Patents,copyrights,andtradesecretsarelegal

devicestoprotecttherightsofdevelopersandownersof

programsanddata.Similarly,oneaspectofcomputersecurity

iscontrollingaccesstoprogramsanddata;thataccesscontrol

issupportedbythesemechanismsofthelaw.Third,lawsaffect

actionsthatcanbetakentoprotectthesecrecy,integrity,and

availabilityofcomputerinformationandservice.Thesebasic

concernsincomputersecurityarebothstrengthenedand

constrainedbyapplicablelaws.Thus,legalmeansinteractwith

othercontrolstoestablishcomputersecurity.

However,thelawdoesnotalwaysprovideanadequatecontrol.

Whencomputersystemsareconcerned,thelawisslowly

evolvingbecausetheissuesaresimilartobutnotthesameas

thoseforpropertyrights.Computersarenew,comparedto

houses,land,horses,ormoney.Asaconsequence,theplaceof

computersystemsinlawisnotyetfirmlyestablished.As



statutesarewrittenandcasesdecided,therolesofcomputers

andthepeople,data,andprocessesinvolvedarebecoming

moredefinedinthelaw.However,lawsdonotyetaddressall

improperactscommittedwithcomputers.Finally,somejudges,

lawyers,andpoliceofficersdonotunderstandcomputing,so

theycannotdeterminehowcomputingrelatestoother,more

established,partsofthelaw.

Thelawsdealingwithcomputersecurityaffectprogrammers,

designers,users,andmaintainersofcomputingsystemsand

computerizeddatabanks.Theselawsprotect,buttheyalso

regulatethebehaviorofpeoplewhousecomputers.

Furthermore,computerprofessionalsareamongthebestqualifiedadvocatesforchangingoldlawsandcreatingnewones

regardingcomputers.Beforerecommendingchange,however,

professionalsmustunderstandthecurrentstateofcomputers

andthelaw.Therefore,wehavethreemotivationsforstudying

thelegalsectionofthischapter:

toknowwhatprotectionthelawprovidesforcomputersand

data

toappreciatelawsthatprotecttherightsofotherswith

respecttocomputers,programs,anddata

tounderstandexistinglawsasabasisforrecommending

newlawstoprotectcomputers,data,andpeople

Thenextfewsectionsaddressthefollowingaspectsof

protectionofthesecurityofcomputers.

Protectingcomputingsystemsagainstcriminals.Computer

criminalsviolatetheprinciplesofconfidentiality,integrity,

andavailabilityforcomputersystems.Preventingthe

violationisbetterthanprosecutingitafterthefact.



However,ifothercontrolsfail,legalactionmaybe

necessary.Inthissectionwestudyseveralrepresentative

lawstodeterminewhatactsarepunishableunderthelaw.

Protectingcodeanddata.Copyrights,patents,andtrade

secretsareallformsoflegalprotectionthatcanbeapplied

toprogramsand,sometimes,data.However,wemust

understandthefundamentaldifferencesbetweenthekind

ofprotectionthesethreeprovideandthemethodsof

obtainingthatprotection.

Protectingprogrammers'andemployers'rights.Thelaw

protectsbothprogrammersandpeoplewhoemploy

programmers.Generally,programmershaveonlylimited

legalrightstoaccessprogramstheyhavewrittenwhile

employed.Thissectioncontainsasurveyoftherightsof

employeesandemployersregardingprogramswrittenfor

pay.

Protectingusersofprograms.Whenyoubuyaprogram,

youexpectittoworkproperly.Ifitdoesn't,youwantthe

legalsystemtoprotectyourrightsasaconsumer.This

sectionsurveysthelegalrecourseyouhavetoaddress

faultyprograms.

Computerlawiscomplexandemergingratherrapidlyasittries

tokeepupwiththerapidtechnologicaladvancesinandenabled

bycomputing.Wepresentthefundamentalsinthisbooknotin

theirfulldetailasyouwouldexpectbysomeonewithalaw

degree,butasasituationalanalysistoheightentheawareness

ofthosewhoarenotlawyersbutwhomustdealwiththelaw's

implications.Youshouldconsultalawyerwhounderstandsand

specializesincomputerlawinordertoapplythematerialofthis

sectiontoanyspecificcase.And,asmostlawyerswilladvise,

ensuringlegalprotectionbydoingthingscorrectlyfromthe

beginningisfareasierandcheaperthanhiringalawyertosort



outawebofconflictafterthingshavegonewrong.







11.1.ProtectingProgramsandData

SupposeMarthawroteacomputerprogramtoplayavideo

game.Sheinvitedsomefriendsovertoplaythegameandgave

themcopiessothattheycouldplayathome.Stevetookacopy

andrewrotepartsofMartha'sprogramtoimprovethequalityof

thescreendisplay.AfterStevesharedthechangeswithher,

Marthaincorporatedthemintoherprogram.NowMartha's

friendshaveconvincedherthattheprogramisgoodenoughto

sell,soshewantstoadvertiseandofferthegameforsaleby

mail.Shewantstoknowwhatlegalprotectionshecanapplyto

protecthersoftware.

Copyrights,patents,andtradesecretsarelegaldevicesthat

canprotectcomputers,programs,anddata.However,insome

cases,precisestepsmustbetakentoprotecttheworkbefore

anyoneelseisallowedaccesstoit.Inthissection,weexplain

howeachoftheseformsofprotectionwasoriginallydesigned

tobeusedandhoweachiscurrentlyusedincomputing.We

focusprimarilyonU.S.law,toprovideexamplesofintentand

consequence.Readersfromothercountriesordoingbusinessin

othercountriesshouldconsultlawyersinthosecountriesto

determinethespecificdifferencesandsimilarities.



Copyrights

IntheUnitedStates,thebasisofcopyrightprotectionis

presentedintheU.S.Constitution.Thebodyoflegislation

supportingconstitutionalprovisionscontainslawsthatelaborate

onorexpandtheconstitutionalprotections.Relevantstatutes

includetheU.S.copyrightlawof1978,whichwasupdatedin

1998astheDigitalMillenniumCopyrightAct(DMCA)specifically

todealwithcomputersandotherelectronicmediasuchas

digitalvideoandmusic.The1998changesbroughtU.S.



copyrightlawintogeneralconformancewiththeWorld

IntellectualPropertyOrganizationtreatyof1996,an

internationalcopyrightstandardtowhich95countriesadhere.

Copyrightsaredesignedtoprotecttheexpressionofideas.

Thus,acopyrightappliestoacreativework,suchasastory,

photograph,song,orpencilsketch.Therighttocopyan

expressionofanideaisprotectedbyacopyright.Ideas

themselves,thelawalleges,arefree;anyonewithabright

mindcanthinkupanythinganyoneelsecan,atleastintheory.

Theintentionofacopyrightistoallowregularandfree

exchangeofideas.

Theauthorofabooktranslatesideasintowordsonpaper.The

paperembodiestheexpressionofthoseideasandisthe

author'slivelihood.Thatis,anauthorhopestoearnalivingby

presentingideasinsuchanappealingmannerthatotherswill

paytoreadthem.(Thesameprotectionappliestopiecesof

music,plays,films,andworksofart,eachofwhichisa

personalexpressionofideas.)Thelawprotectsanindividual's

righttoearnaliving,whilerecognizingthatexchangingideas

supportstheintellectualgrowthofsociety.Thecopyrightsays

thataparticularwayofexpressinganideabelongstothe

author.Forexample,inmusic,theremaybetwoorthree

copyrightsrelatedtoasinglecreation:Acomposercan

copyrightasong,anarrangercancopyrightanarrangementof

thatsong,andanartistcancopyrightaspecificperformanceof

thatarrangementofthatsong.Thepriceyoupayforaticketto

aconcertincludescompensationforallthreecreative

expressions.

Copyrightgivestheauthortheexclusiverighttomakecopiesof

theexpressionandsellthemtothepublic.Thatis,onlythe

author(orbooksellersorothersworkingastheauthor'sagents)

cansellcopiesoftheauthor'sbook.



DefinitionofIntellectualProperty



TheU.S.copyrightlaw(Đ102)statesthatacopyrightcanbe

registeredfor"originalworksofauthorshipfixedinanytangible

mediumofexpression,...fromwhichtheycanbeperceived,

reproduced,orotherwisecommunicated,eitherdirectlyorwith

theaidofamachineordevice."Again,thecopyrightdoesnot

covertheideabeingexpressed."Innocasedoescopyright

protectionforanoriginalworkofauthorshipextendtoany

idea."Thecopyrightmustapplytoanoriginalwork,anditmust

beinsometangiblemediumofexpression.

Onlytheoriginatoroftheexpressionisentitledtocopyright;if

anexpressionhasnodeterminableoriginator,copyrightcannot

begranted.Certainworksareconsideredtobeinthepublic

domain,ownedbythepublic,bynooneinparticular.Worksof

theU.S.governmentandmanyothergovernmentsare

consideredtobeinthepublicdomainandthereforenotsubject

tocopyright.Worksgenerallyknown,suchasthephrase"topo'

themornin'toye,"orthesong"HappyBirthdaytoYou,"ora

recipefortunanoodlecasserole,arealsosowidelyknownthat

itwouldbeverydifficultforsomeonetotraceoriginalityand

claimacopyright.Finally,copyrightlastsforonlyalimited

periodoftime,socertainveryoldworks,suchastheplaysof

Shakespeare,areinthepublicdomain,theirpossibilityof

copyrighthavingexpired.

Thecopyrightedexpressionmustalsobeinsometangible

medium.Astoryorartworkmustbewritten,printed,painted,

recorded(onaphysicalmediumsuchasaplasticrecord),

storedonamagneticmedium(suchasadiskortape),orfixed

insomeotherway.Furthermore,thepurposeofthecopyrightis

topromotedistributionofthework;therefore,theworkmust

bedistributed,evenifafeeischargedforacopy.



OriginalityofWork

Theworkbeingcopyrightedmustbeoriginaltotheauthor.As



notedpreviously,someexpressionsinthepublicdomainarenot

subjecttocopyright.Aworkcanbecopyrightedevenifit

containssomepublicdomainmaterial,aslongasthereissome

originality,too.Theauthordoesnotevenhavetoidentifywhat

ispublicandwhatisoriginal.

Forexample,amusichistoriancouldcopyrightacollectionof

folksongsevenifsomeareinthepublicdomain.Tobesubject

tocopyright,somethinginoraboutthecollectionhastobe

original.Thehistorianmightarguethatcollectingthesongs,

selectingwhichonestoinclude,andputtingtheminorderwas

theoriginalpart.Inthiscase,thecopyrightlawwouldnot

protectthefolksongs(whichwouldbeinthepublicdomain)but

wouldinsteadprotectthatspecificselectionandorganization.

Someonesellingasheetofpaperonwhichjustoneofthe

songswaswrittenwouldlikelynotbefoundtohaveinfringed

onthecopyrightofthehistorian.Dictionariescanbe

copyrightedinthisway,too;theauthorsdonotclaimtoown

thewords,justtheirexpressionasaparticulardictionary.



FairUseofMaterial

Thecopyrightlawindicatesthatthecopyrightedobjectis

subjecttofairuse.Apurchaserhastherighttousethe

productinthemannerforwhichitwasintendedandinaway

thatdoesnotinterferewiththeauthor'srights.Specifically,the

lawallows"fairuseofacopyrightedwork,includingsuchuse

byreproductionincopiesforpurposessuchascriticism,

comment,newsreporting,teaching(includingmultiplecopies

forclassroomuse),scholarshiporresearch."Thepurposeand

effectoftheuseonthepotentialmarketfororvalueofthe

workaffectthedecisionofwhatconstitutesfairuse.For

example,fairuseallowsmakingabackupcopyofcopyrighted

softwareyouacquiredlegally:Yourbackupcopyprotectsyour

useagainstsystemfailuresbutitdoesn'taffecttheauthor

becauseyouhavenoneedfornordoyouwantuseoftwo



copiesatonce.Thecopyrightlawusuallyupholdstheauthor's

righttoafairreturnforthework,whileencouragingothersto

usetheunderlyingideas.Unfairuseofacopyrighteditemis

calledpiracy.

Theinventionofthephotocopiermadeitmoredifficultto

enforcefairuse.Youcanargueitisfairusetomakeacopyof

theTuscanysectionofatravelbooktocarrywithyouandthrow

awayduringyourholidaysoyoudon'thavetocarrythewhole

bookwithyou.Todaymanycommercialcopyshopswillcopya

portionsometimesanentirechapterofabookorasinglearticle

outofajournalbutrefusetocopyanentirevolume,citingfair

use.Withphotocopiers,thequalityofthecopydegradeswith

eachcopy,asyouknowifyouhaveevertriedtoreadacopyof

acopyofacopyofapaper.

Thecopyrightlawalsohastheconceptofafirstsale:after

havingboughtacopyrightedobject,thenewownercangive

awayorreselltheobject.Thatis,thecopyrightowneris

entitledtocontrolthefirstsaleoftheobject.Thisconcept

worksfineforbooks:Anauthoriscompensatedwhena

bookstoresellsabook,buttheauthorearnsnoadditional

revenueifthebookislaterresoldatasecondhandstore.



RequirementsforRegisteringaCopyright

Thecopyrightiseasytoobtain,andmistakesinsecuringa

copyrightcanbecorrected.Thefirststepofregistrationis

notice.Anypotentialusermustbemadeawarethattheworkis

copyrighted.Eachcopymustbemarkedwiththecopyright

symbolâ,thewordCopyright,theyear,andtheauthor's

name.(Atonetime,theseitemswerefollowedbyAllrights

reservedtopreservethecopyrightincertainSouthAmerican

countries.Addingthephrasenowisunnecessarybutharmless.)

Theorderoftheelementscanbechanged,andeitherâor



Copyrightcanbeomitted(butnotboth).Eachcopydistributed

mustbesomarked,althoughthelawwillforgivefailuretomark

copiesifareasonableattemptismadetorecallandmarkany

onesdistributedwithoutamark.

Thecopyrightmustalsobeofficiallyfiled.IntheUnitedStatesa

formiscompletedandsubmittedtotheCopyrightOffice,along

withanominalfeeandacopyofthework.Actually,the

CopyrightOfficerequiresonlythefirst25andthelast25pages

ofthework,tohelpitjustifyaclaimintheeventofacourt

case.Thefilingmustbedonewithinthreemonthsafterthefirst

distributionofthework.Thelawallowsfilinguptofiveyears

late,butnoinfringementsbeforethetimeoffilingcanbe

prosecuted.

AU.S.copyrightnowlastsfor70yearsbeyondthedeathofthe

lastsurvivingauthoror,iftheitemwascopyrightedbya

companyororganization,for95yearsafterthedateof

publication.Theinternationalstandardis50yearsafterthe

deathofthelastauthoror50yearsfrompublication.



CopyrightInfringement

Theholderofthecopyrightmustgotocourttoprovethat

someonehasinfringedonthecopyright.Theinfringementmust

besubstantial,anditmustbecopying,notindependentwork.

Intheory,twopeoplemightwriteidenticallythesamesong

independently,neitherknowingtheother.Thesetwopeople

wouldbothbeentitledtocopyrightprotectionfortheirwork.

Neitherwouldhaveinfringedontheother,andbothwouldhave

therighttodistributetheirworkforafee.Again,copyrightis

mosteasilyunderstoodforwrittenworksoffictionbecauseitis

extremelyunlikelythattwopeoplewouldexpressanideawith

thesameorsimilarwording.

Theindependenceofnonfictionworksisnotnearlysoclear.



Consider,forexample,anarithmeticbook.Longdivisioncanbe

explainedinonlysomanyways,sotwoindependentbooks

couldusesimilarwordingforthatexplanation.Thenumberof

possiblealternativeexamplesislimited,sothattwoauthors

mightindependentlychoosetowritethesamesimpleexample.

However,itisfarlesslikelythattwotextbookauthorswould

havethesamepatternofpresentationandthesameexamples

frombeginningtoend.



CopyrightsforComputerSoftware

Theoriginalcopyrightlawenvisionedprotectionforthingssuch

asbooks,songs,andphotographs.Peoplecanrathereasily

detectwhentheseitemsarecopied.Theseparationbetween

publicdomainandcreativityisfairlyclear.Andthedistinction

betweenanidea(feeling,emotion)anditsexpressionispretty

obvious.Worksofnonfictionunderstandablyhavelessleeway

forindependentexpression.Becauseofprogramminglanguage

constraintsandspeedandsizeefficiency,computerprograms

havelessleewaystill.

Canacomputerprogrambecopyrighted?Yes.The1976

copyrightlawwasamendedin1980toincludeanexplicit

definitionofcomputersoftware.However,copyrightprotection

maynotbeanespeciallydesirableformofprotectionfor

computerworks.Toseewhy,considerthealgorithmusedina

givenprogram.Thealgorithmistheidea,andthestatementsof

theprogramminglanguagearetheexpressionoftheidea.

Therefore,protectionisallowedfortheprogramstatements

themselves,butnotforthealgorithmicconcept:copyingthe

codeintactisprohibited,butreimplementingthealgorithmis

permitted.Rememberthatonepurposeofcopyrightisto

promotethedisseminationofideasThealgorithm,whichisthe

ideaembodiedinthecomputerprogram,istobeshared.

Asecondproblemwithcopyrightprotectionforcomputerworks



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 11. Legal and Ethical Issues in Computer Security

Tải bản đầy đủ ngay(0 tr)

×