Threats to the Information Infrastructure
INTELLECTUAL PROPERTY AND LEGAL
RISKS IN INFORMATION TECHNOLOGY (IT)
By: John M. Carroll, B.S.I.E., M.A., Dr. Eng. Sci., Ll.B., P.Eng.
Introduction
Whenever a person or company causes loss to another because of
negligence, unfair practices, or malice, the aggrieved one has the right to seek
compensation from the offender. Whether or not compensation would be
granted, and in what amount, was traditionally determined by a civil court or an
administrative tribunal. Now there are alternative methods of resolving a
dispute, including arbitration and mediation.
This tutorial focuses on activities uniquely under the control of
an IT department, that are at risk for culpable losses, and which of those risks
are likely. An IT enterprise can avail itself of these legal remedies as part of its
own security posture, both to avoid liability and to seek compensation for loss.
This chapter will deal neither with common incidents such as slip-and-fall or
motor vehicle accidents, nor with corporate-level incidents such as restraint of
trade by unlawful monopoly, or with tax problems, or with anything of a criminal
nature.
The causes of action to be discussed in this tutorial include:
1. Breach of Confidence and/or Breach of Trust-Like Fiduciary Duty.
2. Patent Infringement
3. Trademark ( In Canada, Trade Mark) Infringement
4. Copyright Infringement
5. Defamation (Libel or Slander)
6. Invasion of Privacy
7. Denial of Human Rights (e.g. Unlawful Discrimination)
8. Unjust Dismissal
9. Specific Workplace Injuries (e.g. Carpal Tunnel Syndrome)
10. Errors, Omissions, and Contract Defaults
Threats to the Information Infrastructure
Remedies available to injured parties and costs to defendants:

Injunctions

Prohibition from doing certain work

Money Damages (General, Specific, Aggravated, Punitive)

Imposition of a constructive trust

Legal Costs (yours, and theirs)

Administrative fines

Orders to deliver up property

Increased insurance premiums, or cancellation

Orders for specific performance

Orders for remedial action (e.g. work orders)

Waste of productive time by employees involved

Adverse publicity
The law is made up of constitutions, common law, statutes, regulations,
by-laws, policy statements, and findings in previous cases. It varies greatly from
jurisdiction to jurisdiction. This chapter will not cite specific cases or statutes,
but will deal with general principles. Any serious legal matter should be referred
to a law firm that has access to the pertinent research facilities and that
maintains awareness of new legislation, amendments to existing legislation,
regulations, administrative policy, and binding decisions of superior or appellate
courts (precedents).
Some general principles that will hold true anywhere are:
1. All cases are ultimately decided on the basis of what a
reasonable person could reasonably have foreseen in the
circumstances. If you have a feeling you are doing something
wrong that could unlawfully hurt somebody, you probably are. So
stop doing it. If you believe you have been unfairly injured in
business, you may have a cause of legal action against the offender.
2. Settle any legal matter at the lowest level of adjudication
possible: mutually agreed settlement, mediation, arbitration,
administrative tribunal, small claims court, civil court (judge only),
Threats to the Information Infrastructure
civil court (judge and jury), and appeal courts -- roughly in that
order. The higher the court, the greater your potential
loss. Never turn down a reasonable settlement. It can cost
you "big bucks".
3. Put everything of possible legal significance in writing:
names, dates, times, places; who said or did what to whom, and
how much money changed hands.
4. Take immediate action if anything significant happens.
Causes of action you may have can fail because of statutory
limitations. Causes someone may have against you can ultimately
cost you more money because of prejudgment interest.
5. When you consult a lawyer, bring in all your evidence.
Don't equivocate or leave out important facts.
Breach of Confidence or Breach of Trust
President Calvin Coolidge said: "The business of America is business".
Today it could be said “The business of America is Information
Technology”. A major challenge of Computer Security is protecting the
confidentiality, integrity, and availability of information resident in, or
processed by, computers or other tools of Information Technology (IT).
Information is a kind of property with several peculiar attributes:
Information is capable of universal possession and infinite reproduction. It can
be stolen from its creator without deprivation, and restitution is not usually a
remedy.
There is never a scarcity of information. The law of supply and demand does not
apply to information.
The only law of economics that applies to information is analogous to Gresham's
Law of currency: "Bad money always drives out the good." Similarly, incorrect or
trivial information can obscure important information, and can make even
essential information suspect.
Information overload is one of the principal evils of the Internet, and
has been since Internet was ARPAnet. In a denial-of-service attack, a flood
of enticing misinformation, because it has to be read, is infinitely more wasteful
of IT resources than garbage that is obviously meaningless. Moreover, many
search engines can be defeated by cleverly sprinkling keywords at any web site
where one wants to increase artificially the number of hits.
Threats to the Information Infrastructure
C. I. A.
Attributes of information that make it either valuable or useless:
Confidentiality -imparts a positive quality of scarcity to specific
information, and empowers its creator or custodian to control its
distribution, thus enhancing its value. Typical kinds of confidential
information are trade secrets, business plans, and private information
concerning or describing a named individual.
Integrity -ensures that information has not been corrupted by
errors or unauthorized alteration, thus preventing it from losing its value.
As long as a pristine copy is kept under conditions of confidentiality,
integrity can always be ensured by comparison.
Availability -provides for immediate access to information.
Three elements are necessary if a case of breach of confidence is to
succeed in court:
1. The information itself must have the necessary quality of confidence
about it.
2. The information must have been imparted under circumstances
carrying an obligation of confidence.
3. There must have been unauthorized use of the information.
Quality of confidence
Information that exists in the public domain and is public knowledge
cannot provide the foundation for proceedings for breach of confidence. No
matter how confidential the circumstances of communication, there can be no
confidence in revealing to others something which is already public knowledge.
However, something that has been constructed from materials in the
public domain by application of human skill and ingenuity may possess the
quality of confidentiality. It depends upon the thing itself and not on the quality
of the constituent parts.
The mere simplicity of an idea does not prevent it from being confidential.
Where information is partly public and partly private, the recipient must
be careful to distinguish between the two parts and although free to use the
former must take no advantage of the latter.
Threats to the Information Infrastructure
Circumstances importing an Obligation of Confidence
There can be no binding obligation of confidence if information is blurted
out in public or under circumstances which negate any duty of holding it
confidential.
In a well developed jurisdiction there are guides and tests that aid in
determining confidentiality.
If no such guides and tests exist, then the test is one of reasonableness:
"Would any reasonable person standing in the shoes of the recipient of
information realize on any reasonable grounds that the information was being
imparted in confidence?"
Where privileged information of a commercial or industrial nature is given
on a business-like basis with some common purpose in mind, the recipient will be
bound by a heavy obligation of confidence.
Detriment to the communicator
The recipient must not use confidential information, imparted under
circumstances of confidence, to the detriment either of the communicator or of a
person or organization, the communicator would wish to protect.
A person receiving confidential information should not use it as a
springboard for activities detrimental to the person who made the confidential
communication.
If a person wishes to use public information received under conditions of
confidentiality, the person should go to a public source to get it.
A law-abiding citizen could commission someone else to make the
discovery anew without providing any specific help (the "white room" approach).
The recipient would then be at liberty to make use of new ideas to make
improvements and, possibly, turn a failure into a triumph. However, the
recipient must not build the superstructure if forbidden to use the foundation.
A law-abiding citizen who has received confidential information pertinent
to a joint venture must accept that when negotiations break down he or she
should withdraw from the field in question until the informant or somebody else
has put the information into the public domain.
The fundamental question is: "Is the information common knowledge in
the industry?"
Threats to the Information Infrastructure
Breach of Confidentiality –versus- Breach of Trust:
Breach of confidentiality usually occurs in dealings with employees, and
less frequently with representatives of suppliers, customers, or potential business
partners. It is best controlled by having a possible recipient of confidential
information agree to be bound by an employment contract or non-disclosure
agreement. Then any legal action for breach of confidentiality can be one for
breach of contract, which is an action generally well understood in law.
A typical employment contract with a professional employee might include
some or all of the following provisions in addition to provisions relating to salary
and working conditions:
In consideration of this Agreement and the employment thereby created,
the employee agrees:
1 To devote full time and attention to the business of the employer.
2. To use best efforts to keep informed of and acquainted with all matters
pertaining to his or her duties.
3. To give the Company or its Agent(s) all such available information as
may be required.
4. To attend at any place for the purposes of experiments, demonstrations,
consultations, or conferences as may from time to time be requested by the
Company.
5. To take all precautions to keep secret all records, knowledge, or
information that may come into the employee’s possession which may be
of value to the Company; and shall take like precautions to prevent such
records, knowledge, or information from passing into the possession of
any person(s) or company not specifically authorized in writing by the
Company to receive them.
6. That the said records, knowledge, or information gleaned or discovered
by the employee shall be the exclusive property of the Company and any
new application thereof that shall be conceived by, or become known to,
the employee during working hours using the materials of the employer
shall forthwith be communicated fully by the employee to the Company or
as the Company may direct.
7. At the expense of the Company, to take all steps necessary, and to do all
such acts and things as the Company may consider necessary. and
required. To assign any patents when granted to the Company, and to
enable the Company to derive full benefit of any or all of such information
or inventions, patents, protections, and improvements as shall be
derivable therefrom.
Threats to the Information Infrastructure
8. That in the event of any patents being taken out in the name of the
employee, with or without any other names, the employee shall thereafter
at the request and cost of the Company transfer the same to the Company,
or as the Company may direct.
9. Not to enter the employment of, nor to act in a professional capacity for,
any individual or company competing with the Company for the period of
one year (or some other legal period) after leaving the employ of the
Company, and not at any time to make disclosure of any knowledge of
confidential information belonging to the Company.
Because the last provision could be construed by some judges as a
restraint of trade, the time during which a former employee may be restricted
in subsequent employment, if an employee may be restricted at all, varies from
jurisdiction to jurisdiction
IT enterprises may be doubly vulnerable to the consequences of
corruption or unauthorized dissemination of confidential
information. Not only must they safeguard their own computer program code,
business plans and records, and other information, but they may also be
custodians and processors of client information, or licensed users of supplier
information. As such they could be liable in negligence to their clients or
suppliers if such information is mishandled.
Threats come from casual visitors, hackers, staff (including customer and
supplier representatives) and fiduciaries -- such as: lawyers, consultants and
financial advisors, corporate officers and directors.
Threats from casual visitors can be controlled by basic physical security.
Hackers are a criminal matter but their depredations can be controlled by
measures such as those described in many security handbooks
Staff derelictions can be minimized by training and by employment
contracts or non-disclosure agreements. Appropriate action for breach of
contract would usually be termination of relationship without compensation to
the offender.
However, in cases of serious loss, a former employer is entitled to sue an
offender for breach of contract and to get a court order for specific performance,
such as assigning patents taken out in the employee's name for discoveries made
on Company time using Company resources.
Threats to the Information Infrastructure
The former employer could also sue for money damages, counsel fees, and
an order to return all Company property in the ex-employee's possession, and an
injunction to prevent the ex-employee from working for a competitor. However,
such actions against an individual are seldom worth their cost. It is unlikely that
the ex-employee would have enough money so that the injured Company could
recoup its legal costs.
Of course there remains the option of suing whomever encouraged the
employee to defect and profited thereby. However, it might be difficult to prove
that such a backer was not "a bona fide purchaser for value without notice".
Besides, there are at least three defenses the offender could raise:
(1) The employment contract was invalid because it cast too wide a net and
deprived me of the right to ply my trade and make a living.
(2) The breach of contract was not committed in bad faith, e.g. "I hit the
wrong key and suddenly all my files were gone.”
(3) I didn't know the information was confidential.
If the offender is a fiduciary, the situation may be different. A senior
manager, who quits with notice, takes a department or two along, gets backing
from some venture capitalist, and sets up as a competitor, can wreck, and in some
cases has wrecked, a well-established corporation.
In this case, court action may be essential to save the enterprise. All
avenues of remedy open to the injured company in the case of the defecting
employee are still open. In addition, the action now becomes one for breach of
trust and a court may grant the additional remedy of the constructive trust.
Here the fiduciary is deemed to be a trustee of the confidential information
held for Company as beneficiary, and the liability to account does not depend
upon proof of bad faith. The general rule of equity is that no one who has duties
of a fiduciary nature (the word fiduciary literally means "devoted follower") is
allowed to enter into engagements in which the fiduciary has, or can have, a
personal interest conflicting with those whose interests the fiduciary is bound to
protect.
If that person holds any property so acquired, that person is bound to
account for it to the beneficiary. The reaping of a profit by a person at a
Company's expense when that person held a position of trust is adequate grounds
to hold the person accountable. The profit must be disgorged even if it was not
gained at the expense of the Company, on the ground that a trustee must not be
allowed to use that position to make a profit, even though it was not open to the
Company to do so.
Threats to the Information Infrastructure
We seldom see a new company being bound by court order to cough up its
profits to another as a result of breach of trust by one of its founding principals to
a former employer. A lawsuit like this could drag on for decades and cost
millions in preoccupation of personnel on both sides, and because of bad
publicity, as well as high legal costs. Often, a private settlement is reached in
which the injured company is compensated by a transfer of shares from the new
corporation to the former employer.
Trade Secrets
A trade secret is information including formulas, patterns, compilations,
programs, devices, methods, techniques, or processes that derive economic value
from not being generally known, and not readily ascertainable through proper
means, by other persons who can obtain economic value from their disclosure.
Property rights exist in trade secrets only as long as they are kept under
conditions of confidentiality. In addition to imparting the information only to
those who need to know, representations of trade secrets must be kept in a
reasonably secure environment.
This may include:
1. Secure storage of paper, tape or disk copies in vaults, safes or file
cabinets locked with a bar and a three-combination padlock.
2. Secure storage of electronic copies may require measures such as:
3. Dual file passwords: personal and project. Should be at least 8 bytes
long and randomly selected from the whole ASCII set.
4. File encryption using a single-key block-product cipher, such as DES or
a public-key exponentiating cipher such as RSA. One-time tape or disk
ciphers afford highest security but even they are subject to successful
cryptanalysis, as are all ciphers.
5. Background screening of employees, confidentiality agreements, and
security training are all essential.
6. Confidential areas should be secured with security-grade lock sets,
alarmed and/or guarded, and regularly swept electronically for
clandestine radio or television transmitters.
Registered Information
Property rights exist in information registered with national agencies.
They include patents, trade marks, and copyrights. Some countries also allow
Threats to the Information Infrastructure
registration of trade dress, such as distinctive packaging; or industrial designs,
such as distinctive patterning applied to products.
Patent Infringement
A patent is a monopoly granted by the national government in one or more
countries for a term of 17 to 22 years, depending on country and subject matter
that allows an inventor to exploit and profit from an invention. New drugs
usually get a longer time to compensate for the time spent in clinically testing
them. The term of a patent can be extended only by making patentable
innovations to the product. Patentees can sell their patent rights to anyone they
choose or they can license anyone to use, sell, or produce the invention.
The government does not monitor patent infringement, but patentees have
the right to sue anyone they discover making, using or selling the invention, or
any integral part of it, without authority, during the term of the patent and within
the country that granted the patent. Patentees can also sue anyone who induces
a third party to infringe. The remedy for patent infringement is damages to the
patentee and any person holding under the patent for any losses suffered as a
result of the infringement; and a court order enjoining further infringement.
The infringement must have been done in the ordinary course of business,
knowingly, and for the infringers’ own benefit and to the damage of the patent
holder.
Patent holders have an obligation to work their patents in the country
which granted the patent. If they do not do so for a stated period of time, an
interested party can complain to the Commissioner of Patents for a license to
work the invention.
Other abuses of a patent include:
(1) Failing to meet demand for the patented article.
(2) Manufacturing under the patent abroad and importing the patented
articles.
(3) The patented rights becoming prejudicial to industry in the granting
country.
Following a complaint, the Commissioner may:
(1) Grant a compulsory non-exclusive license to a competitor.
(2) Grant a compulsory exclusive license.
(3) Revoke the patent.
Threats to the Information Infrastructure
There are at least four acts not constituting infringements
1. The government that granted the patent can exploit the invention for
its own uses, although they usually compensate the patentee.
2. Anyone can make a copy of the invention for his or her own
amusement, if no practical application is involved.
3. Any person can construct a patented article, as an experiment, for the
purpose of improving on it.
4. The invention can be used on board a foreign vessel or aircraft as long
as it is used exclusively for the needs of the vessel or aircraft.
To be granted a patent, the subject matter must be an invention.
An invention is defined as a new and useful art, process, machine, manufacture,
or composition of matter, or any new and useful improvement therein.

Art means a method of accomplishing change in the character or
condition of material objects.

Process means performance of an operation to produce a result.

Machine means a mechanical device or combination of mechanical
powers and devices which function to produce a new result.

Manufacture means an object or instrument created by the exercise of
mechanical forces.

Composition of Matter means chemical compounds, compositions and
substances.
Whether or not computer software can be patented is an open
question. One answer is: "Yes, but only if it is an integral part of an invention".
Many things cannot be patented:

Methods, plans and business schemes.

Arrangement of words in a newspaper.

A product which has no saleable character.

Any invention with an illicit or immoral object.

Abstract theorems, scientific principles or laws of nature.
Threats to the Information Infrastructure

Something obvious to a person with ordinary skill in the art.

A mere new use for a known contrivance.

The mere carrying forward of an original thought.

A change only in form, proportion or degree.

Doing the same thing in the same way, by the same means, but with
better results.

A different combination of old devices unless it results in a specific
product that can be realized in no other way.
Most importantly: Absolute novelty is required for an invention to
be patentable. Grant of a patent can be barred for any invention that has been
disclosed to the public anywhere in the world before the date of filing for a
patent.
Disclosure with the mark “patent pending” as allowed in the U.S., or
taking advantage of the "one-year grace period" as allowed in Canada, have
resulted in refusal of patents in some other countries.
Trade Mark Infringement
There are two kinds of trade marks: common law and registered.
Common-law trade-marks extend no further than the geographical area in which
the trade mark is being used, and in contiguous areas. The owner of a registered
trade mark can sue for infringement if it is discovered that someone else is using
it. Trade marks are used as an indication of origin, distinguishing goods from
other's goods, and as an indication of quality.
To be registered, a trade mark must be sufficiently distinctive so that it is
capable of distinguishing the wares or services of the holder from the wares and
services of others. The object is that potential customers must not be confused.
In determining whether a trade mark is confusing, a court or the
Registrar will usually consider:

Inherent distinctiveness of the trade mark.

Length of time the trade mark has been in use.

Nature of the wares, services or business.

Nature of the trade.
Threats to the Information Infrastructure

Degree of resemblance to other trade marks or names in appearance,
sound, or idea suggested.

Whether the trades mark is weak or strong: a distinctive mark; a mark
in a crowded field; or a mark in common usage.

Whether use of the trade mark is restricted geographically.
Failure to use a registered trade mark can lead to loss of rights to it.
Rights to a trade mark also must be enforced by the owner by calling attention to
misuse. This includes sending legal letters to publishers who use the trade mark
in a generic sense without capitalization, or without following with an encircled
capital "TM", or “T” in Canada. Alternatively, after five years of use the owner
can request the trade mark be expunged or modified.
Copyright Infringement
Copyright is a legal system that gives proprietary rights and
privileges to creators, to reward them for their intellectual labor,
and to encourage them to keep creating.
Copyright includes both economic and moral rights. Economic rights
control reproduction and public performance and manifest themselves in the
marketplace. Moral rights enable owners to claim authorship and restrain others
from distorting or mutilating their work.
Infringement results when someone uses copyright material without the
required permission or without paying required fees or royalties. Copyright is
often assigned for consideration to publishers or employers.
In the United States copyright vests immediately and
automatically upon reduction of the work to a tangible form, but if a
copyright is not officially registered, there can be no suit for infringement, and
there can be no claim for statutory damages. It is permissible to register a
copyright after an infringement, with an intention to sue. In some countries
copyright vests with the author immediately on creation. Under the
Berne Convention of 1886 the term of copyright protection is for the
lifetime of the author plus 50 years and can be extended. In the United
States, the term of protection is during the author’s life and for 70 years
thereafter. If the work is one done for hire, the term is 95 years after first
publication, or 120 years from date of creation, whichever is shorter.
Adaptations of an existing work or any substantial part thereof,
translation, transformation, and reproduction in another form without extensive
alterations, additions or abridgements require permission.
Threats to the Information Infrastructure
Copyright protects the expression of an idea, but not the idea
itself. The only essential quality a work must have is originality. Questions of
quality, usefulness or good taste are not relevant.
A work includes the title thereof when the title is original and distinctive.
The following kinds of work are eligible for copyright: artistic works, collective
works, dramatic works, literary works, and musical works, graphical and pictorial
works, and sound recordings.
A collective work is any work written in distinct parts by different authors.
They include: dictionaries, encyclopedias, and handbooks.
A literary work includes tables, compilations and computer programs.
Computer programs are defined as sets of instructions or statements,
expressed, fixed or embodied in any manner (including semiconductor or intermetallic chips or their equivalent), that is to be used directly or indirectly in a
computer to bring about a desired result.
Copyright in a work is deemed to be infringed by any person who sells or
lets for hire, or by way of trade exposes or offers for sale or hire; or imports for
sale or hire into the country granting the copyright; any work that to his or her
knowledge infringes copyright, or would infringe copyright were it made within
the granting country.
In the US, the “Fair Use” provision of the Copyright Act lists the
limitations on exclusive rights. Certain uses are not infringements of
copyright. These uses include, research, teaching, criticism, comments, and news
reporting. In a trial, at least four factors would be considered in determining fair
use:
1) whether or not the use was for commercial purposes.
2) the nature of the copyrighted work.
3) whether the amount of copied material was insubstantial in
comparison to the original, and whether it adds sufficient new
material to alter substantially the copyrighted work.
4) The extent to which the infringing work has diminished or
destroyed the market value, or its potential market value.
In some countries, lack of knowledge is a possible defense to claims of
copyright infringement That is one reason why, although it is no longer required
in the US, it is still customary to include a copyright notice with each work. The
notice must show an © (encircled “C”), the year of the copyright, and the name of
the copyright holder. The word “Copyright” may be used with the © (encircled
“C”), or it may replace it. Also, in accordance with the Buenos Aires
Convention, the words “All Rights Reserved” should be added.
Threats to the Information Infrastructure
Once copyright material becomes widely distributed without objection, it
becomes part of the common intellectual domain and it may be difficult for the
author to realize even the moral right of authorship. Then, to paraphrase Kipling,
you may live to see: "The truth you have written twisted by knaves to set a trap
for fools."
Copyright is a civil matter and must be policed by the copyright holder.
Remedy for infringement is a temporary or permanent injunction against copying
the protected work, money damages for the loss suffered by the copyright holder,
and possibly a court order to deliver up copies made and the plates used to print
them.
Defamation
There are two modes of defamation: slander is oral; libel is written.
Libel is much more serious: it is permanent and much easier to prove.
Defamation historically was narrowly defined. It was limited to falsely
asserting that a person was guilty of a felony, infected with a loathsome disease,
or incompetent in his trade.
Today, depending upon the jurisdiction and the circumstances
defamation can be any statement that tends to diminish a person in
the eyes of others, -or even- makes a person feel badly about himself.
In some jurisdictions, truth alone is not a justification for publishing a
libel, -nor is a person who publishes a falsehood necessarily guilty of libel.

Honest belief is one defense against an accusation of defamation.

Another defense is that the © (encircled “C”) to convey a different
meaning than was ascribed to his statement.

Still another defense is justification -- the publisher's position justified
his making an accusation.

Other defenses are fair comment and qualified privilege.
On the other hand, proof of malice is fatal to the defenses of fair
comment and qualified privilege. Malice refers to the state of mind of
the defendant.
Courts have held that the plea of different meaning would ring hollow
unless the defendant were able to © (encircled “C”).
Even the defense of justification fails if a case is pursued recklessly or
without foundation.
Threats to the Information Infrastructure
Finally, the defense of honest belief is still subject to the reasonable
man test.
The remedy for defamation can range from a simple apology, as when
a name is misspelled or a caption switched in a newspaper story, to significant
money damages.
As in other civil litigation, damages are based on a reasonable attempt
to measure in money terms the loss and injury the plaintiff has
suffered.
In defamation cases at least four kinds of damages have been found to
be appropriate:

general

special

aggravated

punitive.
These would be awarded in addition to the costs of the action.
General damages are what might reasonably be expected in a loss and
in some jurisdictions are subject to a “cap”.
Special damages are damages that have a sufficient causal link to some
loss-causing event such as the defendant's loss of his job.
Aggravated damages may be appropriate where the defendant's
conduct has been particularly high-handed or oppressive, thereby causing the
plaintiff's humiliation and anxiety arising from the libelous statement.
Punitive damages can be awarded in situations where the defendant's
misconduct is so malicious, oppressive and high-handed that it offends the
court's sense of decency. They are awarded to punish the defendant. It is a
means whereby the jury or judge can express outrage at the egregious conduct of
the defendant.
Invasion of Privacy
Privacy information is information which concerns or describes
an identifiable individual. Since the 1970's there has been growing concern
that the potential for linking computer data banks of privacy information would
severely and unfairly affect the lives of individuals. The proposition was
advanced that each individual should have the right to determine when and to
Threats to the Information Infrastructure
whom privacy information about that individual should flow. No over-reaching
right to privacy ever evolved, although some restrictions were imposed on
handling consumer credit and medical information, and on acquiring privacy
information by clandestine electronic monitoring.
As a practical matter, anyone who wants a benefit such as social
assistance, disability benefits, a line of credit, insurance, admission to a learned
profession, or employment in a position of trust will be required to sign a privacy
release.
For example, a general release might take the form:
To: [record keeper]:
I [applicant] for [benefit sought] hereby authorize, direct, and consent
to your disclosing and releasing to [adjudicator] all information,
documents and records of any kind in your possession or control and
relating to me, and this shall be your good and sufficient authority for so
doing. This Consent shall remain in effect unless and until you receive
written revocation of said Consent.
Dated at [place] this [number] day of [month], [year]
Applicant [signature] Date of Birth [year/month/day]
Witness [signature].
Medical consent forms are more specific, requesting information on past
and present health and potential for rehabilitation. Mental health forms
anticipate possible incapacity and provide for execution by trustees. Forms
dealing with minor children provide for consent of legal guardians. Some forms
use Social Security Numbers and/or residential address to identify subjects, as
well as DOB.
The important thing for sites processing privacy information is that
consent forms be signed witnessed and kept on hand.
Human Rights
In some jurisdictions special commissions exist to police unlawful
discrimination in certain situations against persons deemed to be especially
vulnerable, in addition to due process of law. These commissions may be
empowered to investigate complaints, convene boards of inquiry, award
damages, order granting of benefits refused, and levy administrative fines.
Threats to the Information Infrastructure

Rights typically enforced include the following:

Provision of services, goods, and facilities

Freedom from harassment in the workplace by employer, agents, or
other employees.

Right to refuse to infringe the rights of another person.

Attempts to infringe or to do indirectly anything that infringes on a
right.

Freedom from reprisal or threat of same.

Employment.

Occupancy of accommodation.

Freedom from harassment by landlord, agents, or other occupants.

Right to contract.

Freedom from sexual solicitation by persons in a position to grant or
deny a benefit or advancement.

Right to claim and enforce claims, to institute proceedings and
participate in them.
Almost all of the rights listed above have rather obvious relevance to
computer security, particularly in regard to privacy and the workplace
environment as affected by the Internet. Prudent managers will take all
necessary steps to ensure that personnel are not only physically secure, but that
none of their rights are curtailed or abrogated.
Specific characteristics deemed to make persons vulnerable:

Race.

Ancestry.

Place of origin.

Color.

Ethnic origin.

Citizenship.

Creed.

Sex.
Threats to the Information Infrastructure

Sexual orientation.

Age

Marital status.

Family status.

Handicap.

Receipt of social assistance.

Record of offenses.
Unjust Dismissal
The principle of employment at will is still alive and well in the modern
workplace. There are just more players than the employer and employee. These
include: fair labor standards boards, unemployment insurance carriers, unions,
and civil courts. Widespread “down-sizing” in the 1990's, and carried over into
the new millennium, gave rise to employment law as a popular practice option.
An employee who has been terminated and believes the termination is
unjust can choose to sue the employer in several forums, including charging
infringement of human rights, as described above. Rarely will a court or
administrative tribunal order an employer to rehire a terminated employee, for
the simple reason that it seldom works well for either party.
The object of these actions usually is to maximize termination pay in lieu
of notice; and to word termination papers such that the terminated worker will
not be denied unemployment benefits.
In some jurisdictions, unemployment benefits are withheld for
persons discharged for their own misconduct or for an improper quit.
Proper quits can be limited to: health and safety concerns with medical evidence,
following a spouse to another area, physical or mental impairment, family
emergencies, serious personality conflict, or quitting for a job offer that was
withdrawn.
Avoiding actions for unjust dismissal should begin before
hiring. Every enterprise should have a professional human relations
department. At the very least, the HR staff should check references of job
candidates, and obtain certified education transcripts. Background screening
should be required for positions of trust.
Work rules should be explicit and explained to all new
employees, who should acknowledge them in writing. New employees should
Threats to the Information Infrastructure
be required to sign confidentiality agreements, patent disclosure and assignment
agreements, copyright assignments, and privacy consents.
There should be a probationary period for new employees,
subject to labor standards law and collective agreements. A mentor should be
assigned and required to write a report at the end of the period. All infractions of
work rules and disciplinary actions should be carefully documented. The
employee should acknowledge each report and should be permitted to file a reply.
Good labor management will pay off in many ways: lower hiring costs,
improved morale and productivity, fewer termination pay-outs, and, in some
jurisdictions, lower payroll taxes.
Workplace Injuries
Compared to some industries, IT is a relatively benign environment. That
does not mean some people do not get hurt. Improving workplace health and
safety will cut the costs of workplace disability insurance and workers'
compensation charges plus enhancing productivity by continuance of tenure and
reduced absenteeism.
The most common cause of IT worker injury is carpal tunnel
syndrome. It seems mostly to affect workers who type for long periods of time
at computer keyboards. Incidence can be reduced by providing padded wrist
supports, adjusting the relative heights of the monitor screen, keyboard, and
operator's chair for the most comfortable position for the worker. Frequent short
breaks also seem to help.
Repetitive strain injury to the shoulder seems to be more common
than would be expected. It is caused by frequently reaching above shoulder
height. It is wise to reduce the height of shelving in cubicles and put the most
frequently used manuals on the lower shelves.
Glare from monitor screens seems to cause migraines in some
workers. Anti-glare screens can help, as can monitors that can be tipped to the
most advantageous viewing position for the worker. Choice of background and
text colors can also be personalized to suit.
Probably at least 5% of all workers over 40 have some degree
of degenerative disc disease in the lower back. Provision of ergonomic
chairs for these workers and arranging for them to stand and walk around every
half hour or so can reduce absences and avoid disability claims for aggravation of
their injuries.
Many office workers have relatively poor muscular development. There is
no excuse for them to participate in activities like moving computer equipment
and furniture. There should be personnel that specialize in this kind of activity,
Threats to the Information Infrastructure
and sufficient carts and dollies for them to carry out their work safely. There
should be no occurrences of hernias or slipped inter-vertebral discs in an IT shop.
Epicondylitis or “tennis elbow” is another common cause of
disability. It is caused by making quick moves to lift moderately heavy things at
arms length. Some sensible workplace planning should eliminate the need for
moves such as these in an IT setting.
Stress appears to be responsible for much impairment by
mental illnesses such as clinical depression, excessive anxiety, or
panic attacks. The workplace is only one source of stress. However, it is wise
to be able to refer workers who appear to be stressed out to independent
counselors to whom they can talk in confidence.
This is a relatively inexpensive "perk" that can help keep some of the most
valuable employees working at peak performance. Counseling is only part of the
help needed, however. Changes or simply rotation of duties should often go
hand-in-hand with counseling.
Errors, Omissions and Contract Defaults
In no industry, especially one as complex as IT, can every
adverse eventuality be prevented or even anticipated. Everybody
makes mistakes sometimes.
There are some well known precautions that every IT enterprise ought to
take all the time. These range from high-level functions such as competent
project management, to lower-level safeguards including: use of check sums,
batch counts, serial numbering of documents, virus scanners, continuous tape
backup, control of internet access, restriction of E-mail to designated machines,
spelling and grammar checkers - to mention a few.
In spite of all efforts, project management may be unable to meet
contractual delivery dates or functional specifications, and safeguards may not
prove to be totally effective. Wherever possible, and economically feasible,
insurance should be in effect to compensate for losses caused by errors and
omissions, and by business interruptions.
Some of the available coverage includes:

Errors and omissions

Property damage

Bodily injury

Lost profits, and expenses, during shut-downs
Threats to the Information Infrastructure

Liabilities for products and services

Copyright and patent infringement

Privacy violations
Summary
This tutorial has presented information about those activities
generally under the control of IT personnel, -and- which are at risk for
losses due to legal liabilities. The individual causes for legal action, and some
of the available remedies have been discussed.
However, the information contained in this tutorial is provided for
information only. It is not legal advice and it is not to be considered as a
replacement or substitute for a competent attorney. Nor is the information
static; it varies from time to time, and from place to place. In any specific
situation, neither action nor inaction should be based on information in this Web
site, but rather on appropriate legal and professional counsel.
Reference Web Sites:
http://www.uspto.gov/
(US government information and searches on patents and trademarks)
http://www.loc.gov/copyright
(US government information and searches on copyrights)
http://www.scl.org/default.asp
(Society for Computers and Law)
http://www.a-ten.com/alz/claw.htm
(Extensive list of books on computers and the law)
http://www.lectlaw.com/inll/95.htm
(Internet Law Library, Computers and the Law)
http://library.lp.findlaw.com/computerstechnologylaw.html
(Library of Computer and Technology Law)