312 Test review 2 Tony Scarlatos Fall 2013 Legal Protection to IP • Copyright – written or artistic expressions fixed in a tangible medium. Books, poems, songs, movies, works of art. Protects the manifestation. • Patents – invention of any new, useful, and non-obvious process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof. Protects the idea. Legal Protection to IP • Trade marks – name, word, logo, symbol, etc. used to identify a product and/or service. Protects both manifestation and idea. Patent • You register with the government. Can register in foreign countries. US patent is issued by USPTO – Registration may take more than a year • You gain the right to exclude others from making, using, or offering for sale the invention • Patents generally last for 20 years • Once you hold a patent, others can apply to license your invention • Types - Utility, design, chemical, software, etc. Copyright Holders’ Exclusive Rights – A copyright is valid for the lifetime of the author plus 70 years – making copies – distributing copies – producing derivative works, such as translations into other languages or movies based on books – performing the work in public (e.g. music, plays) – displaying the work in public (e.g. artwork, movies, computer games, video on a Web site) Copyright History • 1790 first copyright law passed in US (1710 in UK) • Copyright Act of 1909 defined an unauthorized copy as a form that could be seen and read visually • 1976 and 1980 copyright law revised to include software and databases that exhibit "authorship" (original expression of ideas), included the "Fair Use Doctrine“ – 1976 law stated that the copy is in violation if the original can be perceived, reproduced, or otherwise communicated by or from the copy, directly or indirectly – an improvement over “seen and read visually” Copyright History (cont.) • 1982 high-volume copying of records and movies became a felony • 1992 making multiple copies for commercial advantage and private gain became a felony – >10 copies, worth >$2,500 get up to 5 yrs in jail • 1997 No Electronic Theft Act made it a felony to willfully infringe copyright by reproducing or distributing one or more copies of copyrighted work with a total value of more than $1,000 within a six-month period (profit provision dropped) Copyright History (cont.) • 1998 Digital Millennium Copyright Act (DMCA) – Anti-circumvention provisions: prohibits making, distributing or using tools to circumvent technological copyright protection systems – Safe-harbor provisions: Protects Web sites if they remove material when asked by the copyright holder, which offered protection from some copyright lawsuits for Web sites where users post materials • 2005 Congress made it a felony to record a movie in a movie theater Fair Use Doctrine (1976 Law) • Goals of copyright law is to promote production of useful work and encourage the use and flow of information • Examples of fair use: – Quoting a portion in a review – Education (even making multiple copies for classroom use) Fair Use Doctrine (1976 Law) • Four factors to determine fair use 1. Purpose and nature of use – e.g., commercial 2. Nature of the copyrighted work (novel less likely than factual) 3. Amount and significance of the portion used 4. Effect of use on potential market or value of the copyrighted work (will it reduce sales of work?) • No single factor alone determines, not all factors given equal weight, depends on circumstances Significant Cases (1) Sony v. Universal City Studios (1984) • Sony made Betamax video cassette recording (VCR) machines, which were used to record movies shown on TV • Supreme Court decided that the makers of a device with legitimate uses should not be penalized because some people may use it to infringe on copyright • Supreme Court ruled that recording a movie for later viewing was fair use Significant Cases (2) Reverse engineering: game machines • Reverse engineering: translate a program from machine code to a form that can be read and understood – Sega Enterprises Ltd. v. Accolade Inc. (1992) – Atari Games v. Nintendo (1992) – Sony Computer Entertainment, Inc. v. Connectix Corporation (2000) Significant Cases (2) • Courts ruled that reverse engineering (to learn how one platform works so that a company can make a compatible product) does not violate copyright if the intention is to make new creative works (video games), not copy the original work (the game systems) Significant Cases (3): Napster Sharing music: the Napster case (2001) • Napster provided a way for users to exchange music files (no files retained on Napster site) • Metallica filed suit against Napster – followed by A&M • Was the sharing of music via Napster fair use? Significant Cases (3): Napster • Napster's arguments for fair use – The Sony decision allowed for entertainment use to be considered fair use – People make copies for personal, not commercial, use – Did not hurt industry sales because users sampled music on Napster and bought the CD they liked Napster (cont’d) • RIAA (Recording Industry Association of America)'s arguments against fair use – "Personal" meant very limited use, not trading with thousands of strangers – Songs and music are creative works and users were copying whole songs – Claimed Napster severely hurt sales • Court ruled sharing music via large-scale copying on Napster violated copyright Significant Cases (4) File sharing: MGM v. Grokster (2005) • Grokster, Gnutella, Morpheus, Kazaa, and others provided peer-to-peer (P2P) file sharing services – The companies did not provide a central service or lists of songs, but the software for sharing files – P2P file transfer programs have legitimate uses • Lower Courts ruled that P2P does have legitimate uses • Supreme Court ruled that intellectual property owners could sue the companies for encouraging copyright infringement The Digital Millennium Copyright Act 1998 • Anti-circumvention – Prohibit circumventing technological access controls and copy-prevention systems • Safe harbor – Protect Web sites from lawsuits for copyright infringement by users of site The DMCA vs. Fair Use, Freedom of Speech, and Innovation • Lawsuits have been filed to ban new technologies • U.S. courts have banned technologies such as DeCSS even though it has legitimate uses, while courts in other countries have not – CSS: content scrambling system, to protect movies • Protesters published the code as part of creative works (in haiku, songs, short movies, a computer game and art) • U.S. courts eventually allowed publishing of DeCSS, but prohibited manufacturers of DVD players from including it in their products Safe Harbor • Industry issues "take down" notices per the DMCA • As long as sites like YouTube and Facebook comply with take down notices they are not in violation • Take down notices may violate fair use, some have been issued against small portions of video being used for educational purposes • In addition, entertainment companies argue YouTube should have the responsibility to filter out copyrightinfringement material – YouTube said it cannot always tell which are unauthorized Free Software • Free software is an idea, an ethic, advocated and supported by large, loose-knit group of computer programmers who allow people to copy, use, and modify their software • Free means freedom of use, not necessarily lack of cost • Open source - software distributed or made public in source code (readable and modifiable) • Proprietary software - commercial, sold in object code, obscure, not modifiable. E.g., Microsoft Office GNU project • Began with a UNIX-like operating system, a sophisticated text editor, and many compilers and utilities • Now has hundreds of programs freely available and thousands of software packages available as free software (with modifiable source code) • Developed the concept of copyleft What is Hacking? • Hacking – currently defined as Intentional, unauthorized access to computer systems • The term has changed over time • Phase 1: early 1960s to 1970s – It was a positive term – A "hacker" was a creative programmer who wrote elegant or clever code – A "hack" was an especially clever piece of code Hacking (cont.) • Phase 2: 1970s to mid 1990s – Hacking took on negative connotations – Breaking into computers for which the hacker does not have authorized access – Still primarily individuals – Includes the spreading of computer worms, viruses and ‘phone phreaking’ – Companies began using hackers to analyze and improve security Hacking (cont.) • Phase 3: starting the mid 1990s – The growth of the Web changed hacking; viruses and worms could be spread rapidly – Political hacking (Hacktivism) surfaced – Denial-of-service (DoS) attacks used to shut down Web sites – Large scale theft of personal and financial information The Law re. Hacking • 1984 Congress passed the Computer Fraud and Abuse Act (CFAA) – Covers government computers, financial and medical systems, activities that involve computers in more than one state, computers connected to the Internet – Outlaws hacking activities: DoS, malware, unauthorized access, fraud, impairing gov operations, public utilities – The USA Patriot Act expanded the definition of loss to include the cost of responding to an attack, assessing damage and restoring systems Stealing Identities • Identity Theft – various crimes in which a criminal or large group uses the identity of an unknowing, innocent person – Use credit/debit card numbers, personal information, and social security numbers – 18-29 year-olds are the most common victims because they use the web most and are unaware of risks – E-commerce has made it easier to steal card numbers and use without having the physical card Theft Techniques • Techniques used to steal personal and financial information – Phishing - e-mail fishing for personal and financial information disguised as legitimate business e-mail • Smishing – text messaging. Vishing – voice phishing – Pharming - planting false URLs in Domain Name Servers, lead to false Web sites that fish for personal and financial information – Online resumes and job hunting sites may reveal SSNs, work history, birth dates and other information that can be used in identity theft Responses to Identity Theft • Authentication of e-mail and Web sites • Use of encryption to securely store data, so it is useless if stolen • Authenticating customers to prevent use of stolen numbers, may trade convenience for security • In the event information is stolen, a fraud alert can flag your credit report; some businesses will cover the cost of a credit report if your information has been stolen • Biometrics: biological characteristics unique to an individual – “what you are” Protection Techniques • Preventing use of stolen numbers – Activation for new credit cards – Retailers do not print the full card number and expiration date on receipts – Software detects unusual spending activities and will prompt retailers to ask for identifying information – Services, like PayPal, act as third party allowing a customer to make a purchase without revealing their credit card information to a stranger Libel law: threat to free speech • Libel tourism: Traveling to places with strict libel laws in order to sue – SPEECH Act of 2010 makes foreign libel judgments unenforceable in the U.S. if they would violate the First Amendment. Foreign governments can still seize assets • Where a trial is held is important not just for differences in the law, but also the costs associated with travel between the countries; cases can take some time to trial and may require numerous trips • Freedom of speech suffers if businesses follow laws of the most restrictive countries Cybercrime Treaty • International agreement foster international cooperation among law enforcement agencies of different countries in fighting copyright violations, pornography, fraud, hacking and other online crime • Treaty sets common standards or ways to resolve international cases • It requires countries to outlaw some formally legal activities “Responsibility to prevent access” • So far governments are assuming a “Responsibility to prevent access” principle: It is the responsibility of providers of services and information to make sure their material is not accessible in countries where it is illegal. They may be sued or jailed in those countries if they do not prevent access Alternative Principles • So far governments are assuming a “Authorityto-prevent entry”: Government of Country A can act within Country A to try to block the entrance of material that is illegal there, but may not apply its laws to the people who create and publish the material, or provide a service, in Country B if it is legal there. The Impact on Employment Job destruction and creation: • A successful technology eliminates or reduces some jobs but creates others – Reduced the need for telephone operators, electric meter readers, mid-level managers • New industries arise – Chip industry, Internet, Cellular communications, clouds, smartphone software • Lower prices increase demand and create jobs – Music industry changed from serving the wealthy to serving the masses, employing more than just musicians A Global Workforce • Outsourcing - a company pays another company to build parts for its products or services instead of performing those tasks itself • Offshoring - the practice of moving business processes or services to another country, especially overseas, to reduce costs • Inshoring - when another company employs thousands of people in the U.S. Almost 5% of U.S. workers work for foreign companies Telecommuting Issues Benefits • Reduces employer overhead • Reduces need for large offices • Employees are more productive, satisfied, and loyal • Reduces traffic congestion, pollution, gasoline use, and stress • Reduces time and expenses for commuting and money spent on work clothes • Allows work to continue after blizzards, hurricanes Problems • Employers see resentment from those who have to work at the office • For some telecommuting employees, corporation loyalty weakens • Odd work hours • Cost for office space has shifted to the employee • Security risks when work and personal activities reside on the same computer Data Entry, Phone Work, Retail • Data entry – Key stroke quotas – Public performance records to encourage competition – Beep when workers pause • Phone work – Number and duration of calls – Idle time between calls – Randomly listen in on calls • Retail – Surveillance to reduce theft by employees Location Monitoring • Cards and badges used as electronic keys increase security but track employee movements • GPS tracks an employee's location – Used in some hospitals to track nurse locations for emergency purposes, but also shows where they are at lunch or when they use the bathroom – Used to track long-haul trucks to reduce theft and optimize delivery schedules, but also detects driving speeds and duration of rest breaks • Employees often complain of loss of privacy E-Mail, Blogging, and Web Use • Some companies block specific sites (e.g. adult content, sports sites, job search sites, social-network sites) • Employees spend time on non-work activities on the Web • Concerns over security threats such as viruses and other malicious software • Concerns about inappropriate activities by employees (e.g., harassment, unprofessional comment) Evaluating Information • Expert information or ‘wisdom of the crowd’? – Daunting amount of information on the web, much incorrect – Search engines are replacing librarians, but Web sites are ranked by popularity, not by expert evaluation – Search engines give prominent display to party who pay them – Wisdom of the crowd - ratings of website by public, democratic journalism for news Narrowing the Information Stream • The Web narrows information streams • Some critics see the web as significantly encouraging narrowness and political extremes by making it easy for people to avoid seeing alternative opinions • Searching online “puts researchers in touch with prevailing opinions, but this may accelerate consensus” and miss less popular but very relevant work • People are seeing filtered information – Search engines, social media services personalize results based on location, past searches, profiles, etc. Why Models May be Inaccurate • Why models may not be accurate – We might not have complete knowledge of the system we are modeling – The data describing current conditions or characteristics may be incomplete or inaccurate – Computing power inadequate for the complexity of the model – It is difficult, if not impossible, to numerically quantify variables that represent human values and choices • Ethical responsibility of professionals/modelers to honestly and accurately describe the results, assumptions, and limitations of their models Neo-Luddite Views of Technology • Computers eliminate jobs to reduce cost of production • Computers manufacture needs; technology causes production of things we do not need • Computers cause social inequity Neo-Luddite Views of Technology • Weaken communities, thwart development of social skills • Computers separate humans from nature and destroy the environment • Benefit big business and big government the most • Do little or nothing to solve real problems Failures and Errors in Computer Systems • Most computer applications are so complex it is virtually impossible to produce programs with no errors • The cause of failure is often more than one factor – Faulty design, sloppy implementation, careless users, poor user interface, insufficient user training… • Design and testing of mission critical systems is much more complex than typical computer-based systems • Computer professionals must study failures to learn how to avoid them, and to understand the impacts of poor work System Failures • AT&T, Galaxy IV satellite, Amtrak • Businesses have gone bankrupt after spending huge amounts on computer systems that failed • Voting systems in presidential elections • Stalled airports: Denver, Hong Kong, Malaysia • Abandoned systems – Systems discarded after wasting millions even billions of dollars • Legacy systems – Reliable but inflexible, expensive to replace, little documentation Denver Airport • Baggage handling system costs ~ $200 million, caused most of the delay • Baggage system failed due to real world problems, problems in other systems and software errors – Carts crashed into each other at track intersections, mistaken route. Scanner got dirty or knocked out of alignment, faulty latches, power surges • Main causes: – Time allowed for development was insufficient – Denver made significant changes in specifications after the project began High-level, management-related causes of computer-system failures • Lack of clear, well thought out goals and specifications • Poor management decisions and poor communication among customers, designers, programmers, etc. • Institutional and political pressures that encourage unrealistically low bids, low budget requests, and underestimates of time requirements • Use of very new technology, with unknown reliability and problems • Refusal to recognize or admit a project is in trouble Case Study: The Therac-25 Therac-25 Radiation Overdoses: • Therac-25: a software controlled radiation therapy machine used to treat cancer patients • 1985-1987, 4 medical centers • Massive overdoses of radiation were given; the machine said no dose had been administered at all • Caused severe and painful injuries and the death of three patients • Important to study to avoid repeating errors • Manufacturer, computer programmer, and hospitals/clinics all have some responsibility Case Study: The Therac-25 (cont.) Software and Design problems: • Re-used software from older systems, unaware of bugs in previous software • Weaknesses in design of operator interface – Obscure error messages with no documentation on them • Inadequate test plan • Bugs in software – Allowed beam to deploy when table not in proper position – Ignored changes and corrections operators made at console What is "Professional Ethics"? • Professional ethics includes relationships with and responsibilities toward customers, clients, coworkers, employees, employers, others who use one’s products and services, and others whom they affect • A professional has a responsibility to act ethically • Many professions have a code of ethics that professionals are expected to abide by – Medical doctors, Lawyers and judges, Accountants • Honesty is one of the most fundamental ethical values; however, many ethical problems are more subtle than the choice of being honest or dishonest Why Professional Ethics? • Because of some special aspects – Professional is an expert in a field that most customers know little about • Customers have little ability to protect themselves, they rely on the knowledge, expertise, and honesty of the professional • This is regardless of whether they are the direct or indirect customers of the product – Products of many professionals (e.g., Highway bridges, investment advice, surgery protocols, computer systems) profoundly affect large number of people – Professionals must maintain up to date skills and knowledge Professional Codes of Ethics • Codes of two main computer professional orgs – ACM code of ethics and professional conduct ACM: Association of Computer Machinery – Software engineering (SE) code of ethics and professional practice IEEE-CS: Inst. for Electrical & Electronics Engineers, Computer Society The SE Code (8 Principles) 1. Public: shall act consistently with the public interest 2. Client and employer: act in the best interest 3. Product: ensure to meet the highest standards possible 4. Judgment: maintain integrity and independence The SE Code (8 Principles) 1. Management: ethical in management of software development and maintenance 2. Profession: advance the integrity and reputation 3. Colleagues: be fair to and supportive of their colleagues 4. Self: participate in lifelong learning in their profession Total: 80 clauses The ACM Code (24 Imperatives) • General moral imperatives: as an ACM member, I will – – – – – – Contribute to society and human well-being Avoid harm to others Be honest and trustworthy Be fair and take action not to discriminate Honor property rights including copyrights, patents Give proper credit for IP (must not take credit for other’s idea or work) – Respect the privacy of others – Honor confidentiality The ACM Code (cont’d) • More specific professional responsibilities – Acquire and maintain professional competence, – Know and respect existing laws, – Honor contracts, agreements, and assigned responsibilities, … • Organizational leadership imperatives – Articulate social responsibilities, encourage their full acceptance – Manage to design & build systems that enhance quality of life, … • Compliance with the code – Uphold and promote the principles of this code, …