§11.0 Introduction

Data Protection and Computer Misuse may be the central UK acts related to the use of computers and the application of computer science, but many other areas of law are also of importance; some of them we review in this chapter.

§11.1 Intellectual Property Rights

In terms of computer use, due regard must be had in particular to copyright, the most often cited part of the whole morass of Intellectual Property Rights - a statement which holds regardless of whether we are acting as the producer or the consumer of software.

The Copyright etc Act 1988 as it was originally written only applied to a limited range of items, of which the most relevant for our purposes are:

• literary works, for example poems,

• recordings, for example of music or of television programmes,

• the printed form of material, the actual layout and typography.

The consequence of the Act is that any significant copying, or depending on the circumstances, possibly any copying of articles of these types is prohibited - and that prohibition normally stretches in principle to the temporary copying of them into RAM or onto a VDU screen - unless appropriate permission has been obtained from the copyright holder. To set that in context, articles may be copied in the University for the purposes of teaching (because of a limited licence held by the University) or (under some circumstances: see below!) for research; but any copying done for those purposes needs to be within the limits of the licences and cannot be extended for use in other circumstances without further permission.

There is one other consequence of the Act as originally written. No protection is given to computer programs, except in so far as they can be considered to be literary formulations or works of aesthetic value. The difficulty with programs is that normally it is the ideas behind them which are important, a sort of meta-level of programming, and that does not fall within the scope of the Act or, indeed, of any associated legislation.

In the last decade or so of the twentieth century, the Americans in particular (but also those in the European Commission, who saw Computer Science as the economic driver for the future) worried about the limited protection for programs; and they attempted to separate the ideas from the form in which those ideas were expessed - the concept of "Intellectual Property Rights". These thoughts were making steady if painful progress

• not least in the extended, expensive and ultimately inconclusive (because it was abandoned) legal battle brought by Apple against Microsoft
  • because of the windowing similarities between the then new Windows Operating System and the ten year old series of Macintosh Operating Systems

• and the subsequent battles between Microsoft and - or so it seemed - almost everybody else
  • as Microsoft tried to keep access to Windows restricted, to prevent other manufacturers developing - and selling - software to run under it.

The key question was, what level of detail could be captured in a legal definition. For computer scientists, this is a difficulty perhaps best captured - although strictly the action is wholly irrelevant to the developing legal argument - in the unsuccessful attempt in one American state to patent or otherwise restrict (except under licence) the use in programs of binary trees.

But, whatever progress in this separation of ideas and form was being made in America or on mainland Europe, the concept stayed firmly outwith the development of British legal thought. However, to comply with an EU Directive on computer programs, there was in 1992 an extension to the Act, namely The Copyright (Computer Programs) Regulations 1992.

These regulations served to bring computer programs firmly into the copyright-protected fold. The EU Directive said:

The split - ideas versus expressions - was not incorporated into the UK regulations, which thus continue to rely on the simple copying of a substantial part as the test of whether or not copyright is breached. Though the concept seems to be coming!

As in any form of copyright discussion, "fair dealing" is the main test of what is legally permissible; and what the 1992 Regulations did do was to provide a firm background definition of what could reasonably be considered fair in the context of software. Thus

• it is fair to take a single copy for back-up purposes ;

• it is not fair to engage in "reverse engineering"
  • except for private study or research (but see below)
  • although, as encouragement to the software industry, it may be permitted in order to increase the interoperability of programs;

• also, error correction is explicitly permitted.

So the 1992 Regulations had their successes, even if they also had their limitations. Nonetheless, it would seem as if some sort of protection has now been achieved in the United Kingdom, as a consequence of a stand-everything-that-went-before-on-its-head case decided in autumn 2004, when EasyJet obtained a ruling that the business logic behind a software system was not automatically covered by the copyright of an earlier system, so that the copyright did not automatically extend to the protection of functional effects - in other words, EasyJet's new in-house booking system did not automatically infringe the rights of Accenture's subsidiary in the booking system they had previously provided to EasyJet.

So much for programs. Curiously, databases were from an early stage regarded as being covered by the Act, having been classified as literary works. The position became more obviously defined nearly ten years after the Act, with the publication of The Database Regulations 1997.

In any form of copyright, we also have the issue of non-literal copying, for example when an employee moves from one company to another and takes their ideas with them. A moment's reflection on the EasyJet case (which did not involve non-literal copying) will show just how dangerous is the concept, especially in the context of computer programming.

Copyright forms - indeed, all issues of intellectual property rights form - a complex area, and an area which (in legal terms) is at present fast changing. Within that pattern of legal change, the position on programs and on certain web-based material is particularly complex. For example, there is a series of programming-related questions, each of which takes us deeper and deeper into a potential legal quagmire. What, we may ask for some particular program of our devising, what is significant about

• its layout?
• its variable names?
• its constructs?
• its design?
• its purpose?

And, when we know the answers to those questions, what is significant about the re-use elsewhere of any of the elements we have considered? In passing, note that exactly the same questions apply when we are trying to assess issues of programming plagiarism - for the reason, obvious when you think about it, that plagiarism is an underlying layer of unacknowledged or unauthorised use of another's intellectual property rights, topped off with a coating of intent to deceive by passing the work off as one's own.

In constructing programs, we learn early the virtues of code (and design) re-use, so that (leaving aside the complications of user interfaces) the novelty of our solutions is concentrated in two main areas:

• that of problem analysis and more particularly the consequential design using standard building blocks such as abstract data types
  • all right, allow a third area of potential novelty, the construction and use of a new ADT or algorithm

• the bringing together of those blocks to form a structured whole

As the sixteenth century French philosopher and poet Montaigne said, and he could perfectly well have been writing about much of our programming,

Moving from programming to web-based material, we can easily construct a related series of almost simple questions:

• design - who owns the design, at the point at which it is displayed?
• publication - whose is the responsibility for meeting any rules or laws at that location?
• um, consultation - who has the responsibilty for any difficulties which may arise?

As a simple if extreme example, responsibility for the Scottish armorial system (the granting and displaying of coats of arms) rests with Lord Lyon, who has the power "to dash furth" false arms - meaning that he can order his henchmen to put a hammer through and so destroy any display of arms he has not approved, a power he has not exercised for over a hundred years. But - if I, working in Scotland, display on my computer screen an English coat of arms (for example, the commonly used coat of arms of the British Computer Society), is Lyon entitled to come and put his hammer through my computer screen?

Just as in the world at large there are few simple answers (except, no!), so seldom are there simple answers to questions like these.

Reference has already been made to the significant UK court decision late in 2004. But before that, in November 2003, the law had itself changed yet again, as a consequence of a further EU Copyright Directive: fair dealing was redefined.

In the recent past, with certain limitations, copying for the purposes of research has been fully legal. That will continue under the revised definitions of fair dealing - provided the research is not for commercial purpose

• regardless of whether the commercial purpose is (conventionally) for profit
• or, as in the case of many bodies of charitable status (not least universities, cancer hospices and youth hostels), "not for profit"

View this as closing a licensing loophole, if you will! But when undertaking research it is very hard to know whether and to what extent subsequent commercial application will emerge.

One consequence of the changing legislation is that the possession of hardware and software intended to circumvent the protection applied to or inherent in music discs (whether CDs, or the old vinyls) is illegal. The people in the music industry are very happy! On first inspection of the legislation, this illegality would seem to extend necessarily to any form of disc copying facility - but doubtless common sense (or some previously unnoticed clause!) will in due course come to prevail.

§11.2 Web Publishing

The development of high speed computing networks - and specifically the internet - brings with it many risks, risks often unappreciated by those capitalising on the developments.

For example, Internet Service Providers (and universities too) used to take the view that they were not publishers of their users' views, but rather the simple providers of a channel of communication.

Alas, or not (depending on how you look at it), the Defamation Act 1996 would seem to have trumped that view. Case law remains uncertain, but such as there is quite clearly leaves ISPs and universities, and every other computer-using organisation, responsible for the acts of their users. Whether this responsibility is justifiable may be an open question, but at least it gives the providers some justification - and responsibility - for trying to police what their users are publishing.

If that was a problem in the nineties, how are people positioned in a world of social [web] spaces? Once again, technological capability and implementation seems to be running well ahead of the law.

§11.3 Obscenity & Equality

And there are many, somewhat related areas, all of which impinge both on individual users as well as those who can be regarded as publishers.

Students, and those dealing with young professionals, should be especially alive to the risks posed by the Obscene Publications Act 1959.

• It may be half a century since the first trial under the then new act permitted the U.K publication of "Lady Chatterley's Lover"
  • A trial which gave us the oft quoted, oft scoffed at

    "Would you want this book to be read by your servants?"

• But of far deeper significance, in bringing up to date the criterion of what constituted obscene material, then as now defined as
  "[matter tending] to deprave and corrupt those whose minds are open to such immoral influences and into whose hands a publication of this sort might fall"

  was the statement of the judge in a closely related English trial of 1954 ("The Philanderer case")

  "Are our literary standards to be defined ... by what is suitable for a 14 year old school girl?"

  The judge's answer to his own question, an answer confirmed by and embodied in the 1959 act, was a resounding "No!"

• But even that robust answer, and the subsequent obscenity act, has not eradicated the previous definition of obscene material

• So, be careful, and remember that even email is not a private medium!

• The only safe standard to apply to what you permit to appear on your computer screen (yes, okay, a standard which many might condemn as sexist!) is that it comprises only material which would be acceptable to your 60 year old maiden aunt, were she looking over your shoulder

That sexist tag is a good reminder that we have always to pay heed to the raft of late twentieth century legislation which attempted to outlaw all forms of prejudice ("attempted", since elimination of such things can only be fully achieved when the principles are freely accepted in the minds of all concerned). In particular, we should be alive to the legislation requiring sexual and racial equality in all our actions, and to the subsequent widening of those concepts (in the Equality Act 2006) so that it is illegal, for example, to discriminate in terms of religious belief or disability or age except where such discrimination is required by law - for example, the freedom to enter into a contract is not available to a minor.

Relatively recent legislation (November 2003) in the UK has, at least by intent, reduced the amount of "spam" (unsolicited email) permitted to be sent to individuals. Such material can now only legally be sent when prior consent has been given or when the individual is a customer of the sending body. The restriction does not apply to corporate email accounts. The intent is very welcome - but whether it is of any practical value to any user still remains to be seen!

One of the particular difficulties, a difficulty inherent in any form of computer law, concerns the locality of operation: is the email legislation breached if the email is sent from, say, Malaysia but received in the United Kingdom? Several countries (in particular America and Germany) have attempted to get round this by declaring their legislation to be omni-present: the Malaysians have done it quite explicitly in the wording of their 1997 Computer Crime Act. Since that Act is heavily based on the UK's Computer Misuse Act, what we have in effect is an attempted universal application of that Act!

But - is that really a realistic deterrent? Certainly the approach can work, as it did for maybe two hundred years, when British courts investigated accidents at sea by declaring that the loss of a ship had occurred in, say, the Carribean Sea "in the mouth of the River Thames"; since the mouth of the Thames was quite clearly in British territorial waters, the legality of the enquiry was established by the legal fiction. But - could the approach really work as a deterrent, or is it just a means which might make a succesful prosecution easier?

§11.4 Software Standards

The final legal strand mentioned in this chapter almost takes us in a full legal circle - although there are many other issues, not least the complexities of contractual law - which are of of great relevance. Let us very briefly revisit our very first legal point, the Health & Safety at Work etc Act 1974, and look in a slightly different light at some of the design issues we drew from it.

At the very least, that Act has implications (steadily becoming more explicit) that the application and operation of computer systems must always be safe. That in turn leads to a need for us as computing professionals to be able to prove the proper development of our systems, not only to protect our clients bu also to protect ourselves and our reputations.

This takes us into the world of software quality, and to the development of formal standards for the creation of software. Indeed, it is this legal pressure which has forced our predecessors down the route of the development (and application!) of British and other formalised standards, in just the same way that ethical pressures led to the development of the series of software engineering quality benchmarks.