March 29th, 2001
Professor Lance J. Hoffman (Department of
Computer Science -- GWU)
Contents:
§
Security and Legal Implications
§
Privacy in the Public Policy Context
§
Surveillance of Individuals
§
Copying of Data and Protection of Children
§
Appendix – Additional Web Resources
Security and Legal Implications
Security implications in
terms of electronic commerce often fall to governing nations. Among the responsibilities of governments in
this arena are:
§
Maintaining citizen privacy rights: Citizen privacy rights are a major concern
in electronic commerce as the technology to track and monitor users is much
greater than in the traditional brick and mortar environment.
§
Freedom of Speech:
Freedom of speech becomes complicated as different governments have
different policies on the issue, while the nature of the Internet is a
borderless one.
§
Computer Security:
A fundamental key to success in electronic commerce is having the proper
security to protect users, particularly with respect to personal and financial
information
§
International Issue: To properly address many of these issues, international
collaboration may be necessary.
Laws have historically been used to restrict
products such as tobacco, items sold to children, food, pharmaceuticals,
alcohol, financial services and clothing products. Taxation is also used, but a problem in using taxation as a
control mechanism is that the framework to properly collect said taxes is
non-existent. There is great debate as
to what constitutes a nexus in terms of the electronic world. Societal values with respect to language,
and accessibility standards for the disabled are also policy issues that
deserve attention.
Fraudulent e-commerce schemes have permeated
the Internet such as pyramids, “miracle” products, gambling, and other schemes
that have found an audience on the anonymous Web. The FTC monitors such schemes and posts them on the Internet.
Privacy, being central to e-commerce policy
issues has many different meanings, due to the often different cultural and
societal entities residing on the Internet.
Much of the problem lies in the fact that users want the benefits of the
web in having customized pages, and catered advertising, but do not wish to
sacrifice their privacy. A balance must
be found between the two to wholly satisfy the public in this respect. Privacy on the Internet has the potential to
become the modern day equivalent of the civil rights movement or
environmentalism.
Regulation worldwide often tends to be more
advanced than that in the United States.
23 countries currently have data protection commissioners. The European Union has fairly strict
regulations including:
§
No secondary use of data without an individual’s
informed consent.
§
No transfer of data to non-EU countries unless there
is adequate privacy protection.
It can be said that medical records are often
less secure that rental records in the United States due in part to regulations
passed regarding former Supreme Court nominee Robert Bork’s rental
records. P3P is a new standard that is
being developed to address many of these concerns.
Privacy with respect to record systems has
changed considerably since the 1960s.
Then, the government was mainly concerned with issues involving vehicle
tracking, land and tax records. Today,
the focus is primarily on medical and advertising databases that contain
personal information. To address the
changing concerns of the government (and the public), there has been a
substantial increase in the number of Chief Privacy Officers at US
companies. In 1998 there were 0,
increasing to 100 in 2000, and it is expected there will be 1000 by the end of
2001.
There have been a number of examples of
businesses improperly using personal data.
The tracking of individuals on sites like Switchboard.Com have enabled
people to find much information about others with relative ease including home
phone numbers, and home addresses.
Unsolicited email, more commonly referred to as “spam” has become a
pervasive problem in the era of mass email use as well. DoubleClick, an advertising agency came
under fire recently for monitoring the surfing of internet users, while other
companies like Toysmart.com have attempted fire sales of user data which goes
against past promises not to do so. The
nature of the Internet is forcing policy on the issue, and most sites now have
comprehensive privacy policy statements on their site outlining exacting what
information they collect from users, and how they intend to use it. The Direct Marketing Association (DMA) has a
web site that can be used to produce such a form (See Appendix).
Surveillance of people extends beyond the
Internet as Global Positioning Systems (GPS) allow people to have their exact
location geographically. Some sites
like Travelize.Com allow further tracking with such systems so that people can
see exactly where a car is, and at what time.
This goes hand in hand with other tracking tools on the Internet like
USSearch.Com where anyone can get information on any person they desire for a
relatively low fee.
Governments have also used surveillance, and
not simply only surveillance limited to military purposes. Its history can be traced back to 1791 when
Jeremy Bentham argued for control by surveillance in his design of the
“Panopticon” which was a building where every person could be watched from a
central tower.
The Federal Bureau of Investigation came
under for fire for their planned “net-tapping” device dubbed “Carnivore”. Carnivore would allow the FBI, with proper
permission from a court to monitor people, much like a wiretap currently works
in the brick and mortar environment.
The Generic Code of Fair Information Practices
outlines 7 areas:
§
Openness: no
secret databases should be kept on individuals.
§
Data Subject to View and Correction: individuals should have the right to see and
correct data that pertains to themselves.
§
Collection Limitation: data should only be collected by lawful means, and where
appropriate, with the knowledge or consent of said individual.
§
Data Quality:
only relevant, accurate, complete and timely data should be used.
§
Finality:
there should be limits to the uses and disclosure of personal data, including
that the data only be used for purposes specified at the time of collection
unless otherwise allowed by the data subject or appropriate authority.
§
Security:
reasonable security safeguards against loss, unauthorized access,
destruction, improper use, modification and disclosure should be implemented.
§
Accountability:
record keepers should be held accountable for complying with fair
information practices.
The issue of “copy” is also important to
e-commerce policy issues. The current
Napster debate and issues regarding the publishing of the DVD descrambling
algorithm call attention to the issue of intellectual property in the form of
data being used in a questionable manner.
It can be noted that throughout history, utility often wins out. That is, the usefulness of copying software,
and music may be too great to overcome the legal problems associated with the
practices. As such, the rules and
regulations developed to address these concerns will need to cater to the
benefits of copying data.
Other potential problems can be seeing in
sampling in the music industry. Are
there inherent rights for the “new composer”?
Issues of free speech can also be seen in the DVD example. Is a person wearing a t-shirt that has the
descrambling algorithm on it a declaration of free speech protect under our
laws, or is it illegal? It should also
be noted that while Napster may not continue to exist in its former form,
peer-to-peer data sharing may not be subject to the same laws that have
curtailed Napster. This form of data
transmission is much tougher to regulate under our current laws.
Freedom of speech on the Internet also brings
out some of the worst. Hate speech and
inflammatory groups now have an outlet to reach a larger audience with their
rhetoric. Pornography, being one of the
most popular items on the Internet is also of concern as children can access it
very easily despite the efforts of lawmakers and various non-profit
organizations to implement a system that addresses the concerns of many
parents.
The Internet Content Rating Association (see
Appendix) has implemented the Platform for Internet Content Selection (PICS) to
address these concerns. It outlines
four primary areas: violence, nudity,
sex and language and rates on levels from 0 to 4. Web sites are asked to voluntary insert a META tag into their
HTML so that users of Internet Explorer or Netscape Navigator can have sites
blocked that go beyond what a parent may want their child to see.
The general feeling among many people is that
the laws and regulations that are guiding the Internet right now are the
equivalent of the “laws of the west” where there was free reign, and few
repercussions for acts. The Internet is
so young, and expanding so rapidly, that the growing pains associated with
attempting to create a reasonable policy framework to guide it are very
difficult.
Canadian Privacy Commissioner’s Annual Report
(lists countries with Privacy Commissioners):
http://www.privcom.gc.ca/english/02_04_08_e.htm
European Union Data Regulations Information:
http://www.export.gov/safeharbor
Examples of Web Sites that allow tracking of
Individuals:
http://www.switchboard.com
http://www.ussearch.com
http://www.deja.com (for UseNet groups)
FBI Carnivore Program
http://www.fbi.gov/hq/lab/carnivore/carnivore.htm
Generic Code of Fair Information Practices
Information:
http://www.cdt.org/privacy/guide/basic/generic.html
References on Intellectual Property Regime:
http://books.nap.edu/html/digital_dilemma/
http://www.digital-copyright.com
DVD Story Information:
http://www.cs.cmu.edu/~dst/DeCSS/
http://www.mpaa.org/Press/
ACM Digital Library
http://www.acm.org/dl
Internet Content Rating Association:
http://www.icra.org
World Wide Web Consortium:
http://www.w3.org
Anti-Spam Tools:
http://www.junkbusters.com
Anti-Spam Legislation Information:
http://www.cdt.org
http://www.epic.org
Computers Freedom and Privacy Video
http://www.cfp2001.org
Direct Marketing Association Privacy Policy
Generator
http://www.the-dma.org/library/privacy/creating.shtml
March 29th, 2001
Raymond Millien, Esq. (Adjunct Professor of the George Washington
University Law School)
Contents:
§
Introduction/Overview
§
Copyright
§
Trade Secret
§
Trademark
§
Patent
§
Appendix
Introduction/Overview
Intellectual Property (IP)
refers to the creations of the human mind that are protected by state and
federal law. There are four types of IP, which are: Trade Secrets, Trademarks,
Copyrights, and Patents. The Patent And Copyright Clause of the US Constitution
provides the legal basis for Intellectual Property protection. This Clause,
which is specified in Article I, Section 8, Clause 8, states that the “congress
shall have power…to promote the progress of science and useful arts, by
securing for limited times to authors and inventors the exclusive right to
their writings and discoveries.”
The reason why Intellectual
Property law is needed is quite subtle. Unlike physical possessions,
intellectual possessions are a lot more difficult to protect. Once the general public finds out about
those intellectual possessions/findings, in whichever form they might be, there
is nothing there to prevent the use of those possessions/findings in a way not
originally intended by creator or without giving the creator proper
credit. Thus, a framework is needed
that would define what rights does one have on one’s creations and how can the
general public use something that is intern somebody else’s intellectual
property. IP law provides this framework.
It is important to protect Intellectual
Property for the following reasons. Firstly, the protection of IP promotes
creativity and contributes to economic and social development. If the creator
knows that he [Note: throughout these notes I will use ‘he’, but I could just
as well have use ‘she’] will receive proper credit for his invention he is a
lot more likely to be motivated to work hard. As a result of this hard work
something potentially useful can come out from which the general public is also
likely to benefit. Secondly, it protects moral and economic rights of IP creators
and governs public access. ‘Moral rights’ are the rights of the creator to be
able to control where and how his creations are being used. ‘Economic rights’
refers to the rights of the creator to the proceeds of his invention.
As said previously, one form of protection of
Intellectual Property is the Copyright.
According to its formal definition, the Copyright protects “original
works of authorship fixed in any tangible form.” In most countries of the world
the Copyright is automatically created once the author or creator fishes the
work. For example, once an artist finishes a painting and the paints dries,
once a writer completes the last sentence of the book, or once a programmer
finishes writing the last code segments and saves the file, all the creators
automatically own the copyright on their works. There is no need to apply for a
Copyright. Ó is a symbol
that indicated that somebody own a copyright on a given work. It is strongly
recommended to use this symbol if you seek copyright protection of your work
even though it is not required.
It is important to note that Copyright
protects expression and not the idea.
This distinction is very significant and therefore it would be
appropriate to provide an example. Assuming that the copyright laws existed in
the times of William Shakespeare, then he would be the owner of a copyright on
“Romeo and Juliet.” This copyright would only protect the expression or how the
book is worded. It would not protect the idea of writing a story where two
young people are in love, their families are against the relationship and there
is a tragic ending where the two die. So it would not be a copyright
infringement for some other author to write a similar story as long as the
wording (expression) is different.
The following works are eligible for
Copyright:
Copyright gives the owner exclusive rights
to: 1) Reproduce the work 2) Prepare derivative works based upon the
copyrighted work 3) Distribute copies 4) Publicly perform work 5) Publicly
display the work 6) Publicly display the work through digital transmission.
However, it is important to be aware of the ‘Fair Use’ doctrine. As the name
suggests, sometimes it is fair to use copyrighted material without having to
ask the owner for permission. What is
fair is not (and cannot) specified in the law and is determined by a judge on a
case-by-case basis. Very often it is quite easy to determine what is fair just
by intuition. If for example, a university professor makes a photocopy of
several pages of a book (not textbook) to give to students for extra reading,
this can very well be considered fair use. Most likely the students did not
know about the book and would not have bought it. Thus by making copies the
professor does not deprive the author of his earned proceeds. However, if that
book was a textbook then the case would be quite different. Since a textbook is
geared towards students, making copies of it to distribute to students is not
fair use.
How long the Copyright lasts depends on
whether it was individual’s work or ‘work for hire.’ In case of the former, the
copyright lasts the life of author/creator plus another 70 years. In case of
‘work for hire,” the Copyright lasts for 95 years from publication date or 120
years from creation, whichever is shorter.
Another form of Intellectual Property is a
Trade Secret. According to the formal definition, a Trade Secret is “any
confidential information that is valuable to a firm because it provides a
competitive advantage.” Typical examples of trade secrets are recipes,
formulas, and methods of implementation of a particular task. The owner of a
trade secret is protected by the State Law misappropriations suit under one
condition – reasonable steps are taken to keep Trade Secret a secret. However,
‘reasonable’ is not defined by the law and is usually determined by judge on a
case-by-case basis. Also, a Non-disclosure agreement is almost always
considered reasonable.
The following are some of the advantages of a
Trade Secret over other forms of IP protection. Trade Secret does not expire
and remains valid for as long as the company can keep it a secret or deems
worthwhile to keep it a secret. Unlike a Patent (which is discussed later),
Trade Secret has minimal novelty/utility requirement and is also considerably
cheaper since it does not require an application to be filed. At the same time,
unlike a Patent, a Trade Secret does not protect the owner again
reverse-engineering.
Another form of Intellectual
Property is a Trademark. IP law defines
a Trademark as a “way to identify the source of goods and/or services.” A
trademark can be a name, a symbol, a color, a shape, a device or any
combination of those. Unlike Copyrights, which only exist at the federal level,
Trademark exist at both state and federal levels. For a Trademark to be
obtained the following 3 requirements have to be met. 1) The product has to be used in interstate commerce. 2)
Trademark has to be affixed to goods or used in advertisements to identify
services 3) Trademark has to be distinctive.
Intellectual property law
outlines 4 different ways in which a trademark can to be distinctive. For this
requirement to be satisfied only one of the ways has to be met.
1.
The trademark must be fanciful.
This usually means the work does not have any semantic meaning.
Good example, is
Kodakâ Film
2.
The trademark must be arbitrary.
For example Four Roseâ Whiskey. Even though “four”
and “rose” are actual words in the
English language, whiskey in not made out of roses and
therefore the name is arbitrary.
3.
The trademark mush be suggestive
For example, Coppertoneâ Sun Tan Oil.
The name of this product suggests what it might be used for, however, the word
‘Coppertone’ can be used in many other ways.
4.
The trademark must have acquired secondary meaning.
This one requires takes the
longest and usually requires a consumer survey. When Chap Stick Inc. first
attempted to obtain a trademark for their Chap Stick Lip Balm they were denied
by the trademark examiner. Their trademark did not meet any of the first 3
qualifications and was did not have an acquired secondary meaning. What the
company did was the following. They continued to market their product for
several years and later took a consumer survey in which they asked people what
did they thin of when they heard “Chap Stick.” Majority’s answer was Chap Stick
Lip Balm. This was sufficient to prove that Chap Stick had an acquired
secondary meaning.
Applications for trademark that can be deemed as Generic, Misleading,
Immoral/Scandalous, or in any way portraying a false connection to something
are usually denied. Yet again, the above terms are not defined and the decision
is made by judge/trademark examiner on a case-by-case basis.
The four types of trademark are:
1.
Trademarks
Examples of this are: Coca-Colaâ or SomeMarkÔ. â indicates that the trademark is
registered at the federal level.
2.
Service Marks
Examples: Jiffy Lubeâ. This is an example of a
service mark because Jiffy Lube does not
have a product, but rather provides a service.
3.
Certification Marks
Example: Good Housekeeping Seal of Approval, UL Listed. Some companies provide
special rating services
and usually identify that a particular product was rated by affixing a
certification mark.
4.
Collective Marks
Example:
Brazilian Nut Association, ADA. This usually indicated that a produce/service
comes from a source that is part of an organization/association.
Trademarks last for 10 year and can be
continuously renewed as long as it is not abandoned. In the US, the trademark
is considered abandoned if it was not used for more then 3 years.
A Patent is a grant by the US government that
entitles the owner to exclude other from doing the following with an invention:
1) making 2) Using 3) Selling 4) Offering to Sell 5) Importing into the
US. The life of a Patent is 20 years
from the date on which the application for the Patent was filed.
In the US a Patent is granted to the fist
inventor of a method/process, machine, article of manufacture or chemical
compound, or improvements of the same assuming that those are: 1) Novel 2)
Useful 3) Non-obvious. There are few things about this requirement that are
needed to be pointed out. First, these rules apply to the US Patents only.
Other countries usually require absolute novelty and thus differ from the US.
Additionally, “useful” and “non-obvious” are determined on a case-by-case basis
by patent examiners. Usually this
involves field experts’ testimonies.
There is a variety of reason why it is
advantageous to acquire a patent. A Patent provides a patent owner with
commercial advantage over competitors. A Patent also helps to stop unfair
competition by those who compete by imitation. Patent owner can either exercise
his rights directly by marketing or selling the invention or indirectly by
licensing others to make, sell, or develop upon the invention. Just exercising
right indirectly can prove to be financially extremely beneficial to the patent
owner. IBM’s yearly income for Patent royalties is around $1 billion, while for
Texas Instruments this number is about $800 million.
In the US, there is a one-year statue of
limitations to file that begins from the earliest of:
Other countries offer no grace period. This
is why if a world-wide patent is sought, the patent application must be filed
before any publication, sale, offer for sale, or public use.
US Patent and Trademark office consists of
about 3000 patent examiners and is organized into six technology centers: 1)
Biotechnology, Organic Chemistry and Designs 2) Chemical and Material
Engineering 3) Transportation, Construction and Agriculture 4) Mechanical
Engineering, Manufacturing and Products 5) Communications and Information
Processing 6) Physics, Optics, System Components and Electrical Engineering.
United Stated Patent and Trademark Service
http://www.uspto.gov