Citation
Hannabuss, S. (2001), "Legal (and Ethical) Comment", Library Hi Tech News, Vol. 18 No. 10. https://doi.org/10.1108/lhtn.2001.23918jaa.002
Publisher
:Emerald Group Publishing Limited
Copyright © 2001, MCB UP Limited
Legal (and Ethical) Comment
Plus ça change . . .
Everyone tells me that change is the only true constant. Never has this been truer than in present times. In times of profound change, we often look for things that do not seem to change – religious beliefs, perhaps, moral principles, ethical values, professional standards, and legal rules. But these change too, and often have to with changing circumstances. Concepts like "crusade" take on new, alarming resonances, all the more powerful for evoking historical echoes.
The fog of war and the need to spin partisan truths out of "neutral" facts shapes beliefs about the free exchange of information. The neutrality of facts itself ceases to be a matter of trust. In our personal and professional lives, we seem faced with dilemmas of being "for" or "against", disentangling right from wrong, political and personal expediency from doing the right thing. Philosophers tell us that even the "right" thing may be based on expediency – the surgical strike, the utilitarian justification, and the majoritarian good.
At such times we look for consolations and explanations. We look for gurus. A recent survey of management gurus decided that Sun-Tzu, the Chinese general and author of The Art of War, was still a hot property. Even though he lived about 500bc, his big idea – that "all warfare is based on deception" – still exerts its influence on modern managers. Many other models of good management are available for the busy manager, of course, from Michael Porter and Tom Peters to Rosabeth Moss Kanter (firms have to learn to dance), and Dilbert (work sucks and it is getting worse).
Ethical talk
So I was interested to see Wengert's argument in favour of virtue which comes in his issue of Library Trends (Wengert, 2001). Talking about professional ethics, and the ALA Code of Ethics in particular, he suggests that professional information work has to be based on rights and on virtue. Protecting privacy is such a right, and being confidential is related to it. Rules demand, and express, obligations, but rules do not exhaust obligations. Our ethical lives are shaped by these obligations. Lawyers tell us that, legally, obligation expresses itself through right and wrong conduct (say in contract or tort), and may lead to the fulfilment of promises or their breach, and to enrichment, just or unjust.
Wengert argues that our ethical lives are shaped by what we find worthwhile in life, such as what we value. This kicks in when professionals deal with information access. Professional judgements are never strictly neutral because they involve decisions about what is beneficial or harmful, and they smell of malpractice when they are deliberately deceitful. Wengert's argument moves on to rights – life, liberty, speech, privacy – and leads him to conclude, following MacIntyre, that even a rights-based view of professional ethics ultimately falls short of explaining how we really should act. That is where virtue matters. It is why codes of ethics stress honesty and integrity and trustworthiness.
Current concerns about employee surveillance and e-mail monitoring demonstrate this very well. It is not easy because of the rules and expediency of the market. Prudential requirements often present conflicts of interest, conflicts of obligations – about autonomy, doing no harm, acting in a beneficent way, applying "just" practice. It is often complex, because ethical acts can make other people worse off (e.g. you invent some ingenious software and put a competitor out of business), and unethical acts may do no harm (a case often made by hackers).
I like what Baase (1997) says about ethics in her fascinating study, A Gift of Fire: Social, Legal, and Ethical Issues in Computing. She suggests that ethics fill the gap between the general legal standards that apply to all cases, and the particular choices that must be made in a specific case.
Professionals are regarded as experts, and customers rely on their expertise and honesty. They are expected to be competent and up-to-date on professional standards and techniques. They are meant to be accountable – in a contract, say, or in showing duty of care so that harms do not arise from negligence. Their professional work – on a network, in providing advice, in designing software – can affect the lives and economic wellbeing of many others. This is why it is interesting at this time to consider moves towards monitoring Internet traffic, accessing personal data, and making information less anonymous. Looking for those general legal standards makes sense: so does reflecting on the particular choices, specific cases, that make ethics so personally relevant.
Living in interesting times
Following the US terrorist attacks on September 11, the European Union ordered the European Commission to draft a law allowing law enforcement officials access to electronic personal data. The new law is intended to allow such officials to investigate allegedly criminal acts involving the use of electronic communication systems and take legal measures against their perpetrators. The larger, deeper human agenda of terrorism is likely to have many consequences for information professionals and for privacy of information. Striking a balance between protecting personal privacy and law and order is never easy. Issues like this have surfaced over the years, on credit-reporting, access to Web sites by children, spam or junk e-mail, and whistle-blowing. But never has the atmosphere been so highly charged as now.
European moves to monitor Internet traffic would cover messages, logging them and keeping them for up to seven years. Such policing rights and powers would increase data retention responsibilities of network operators and service providers considerably. In the UK there has been much debate about the Regulation of Investigatory Powers Act, giving law enforcement agencies powers to intercept data communications, but these EU proposals go much further. Privacy interests are concerned that they are going too far.
Another factor here is the way in which many communication companies regard themselves merely as conduits, rather than as content aggregators or publishers exercising an editorial function. This is a chestnut in the field of ISP liability, of course, but it has re-emerged in the UK with a vengeance. The UK Information Commissioner, whose title was originally the Data Protection Commissioner, has reminded legislators of the current 30-day limit for personal data for business purposes. Bodies like Statewatch are also concerned about the growth of databanks that could be mined for many years ahead, at the expense of personal privacy. Companies likely to be affected are also concerned about the cost of self-surveillance.
I do not want to say he did it, but maybe now I should
UK case law is moving in a similar direction. In a recent High Court decision, Totalise plc, a UK-based ISP, was given permission to require two other companies, which operated financial information Web sites, to disclose someone's identity. The person concerned had used Totalise's public discussion boards anonymously to post defamatory and commercially damaging material about Totalise.
The two financial services companies were The Motley Fool Ltd and Interactive Investor International Ltd. They both knew who the anonymous contributor was. He had been defaming Totalise by alleging that Totalise was incompetent and insolvent. Totalise asked the two companies to remove the statements from the board and disclose the identity of the contributor: they were happy to do the first but refused to do the second. Among their reasons was the Data Protection Act 1998. The court decided that Totalise was entitled to know the contributor's name so that it could protect its legal rights and issue proceedings.
There are some interesting implications here. Required disclosure is the key one: the Internet is no longer a purely anonymous means of communication. The law is trying to keep up in this field, as is electronic security. As legal opinion said at the time, companies which run Web sites with bulletin boards, e-mail, and chat-rooms, are increasingly unable to rely on confidentiality and data protection principles to keep information about the customers hidden away. The balance between personal privacy and required (legitimate) disclosure has always swung about, but at present is clearly moving in the direction of disclosure.
It's an interesting time in the UK for data protection. From October 24 2001 companies will have to comply fully with the Data Protection Act 1998 or face potential enforcement action from the Information Commissioner. The transitional period is over for implementing appropriate processes. After that date, individuals will be able to claim compensation for distress suffered as a result of a breach of the Act by companies using personal information about them.
E-commerce, data protection, and children also present us with an interesting set of issues. Children are increasingly important as consumers of Web site services, and have growing purchase power in their own right. Online currency services like http://www.smartcreds.co.uk allow children to use their own credit cards independently of adults and parents. If data protection law is going to work, it has to be able to assume informed consent, and this may not exist with children (the capacity of a minor). In Scotland, a person of 12 years of age is presumed to be of sufficient age, so watch out for those 11-year-olds.
This takes us back to surveillance in response to terrorism. There is a proposed EU Telecommunications Directive, which has UK Home Office support, to widen the scope of electronic data retention laws. The broadsheet press have given the government stick for secrecy. "Sensitive" personal data includes racial origins, religious beliefs, sexual life, and criminal record, and must be, and seen to be, "fair" and "lawful". There has always been a balance between personal privacy and the needs of employers to have personal information, and there has always been an issue of informed consent. Many businesses are likely to go on relying on these conditions for the foreseeable future.
There are lots of loose ends, how-ever. Informed observers have noticed how companies in Europe and North America are, more and more, being asked to hand over entire customer databases to law enforcement agencies. This can drive a coach and horses through already brittle privacy policies. It is a matter of balance: disclosure of information in the context of a criminal investigation or suspected illegal activity is one thing. Handing over complete databases is another. These will be issues for many information professionals in the coming months.
What, where and whose fault
If you have been following the case about the Nazi memorabilia site on Yahoo!, then things move on. A final ruling about this is expected later this month (October, 2001). Back in 2000, a French judge ordered Yahoo France to block French Internet users from accessing auction areas that included such memorabilia. The portal is http://www.Front14.org and it contains Nazi, neo-Nazi, anti-Semitic and other content. J'accuse, a French anti-racism group, along with others, filed a lawsuit aiming to force French ISPs to block or filter the portal and the Web sites it hosts. This is another interesting example of where commercial and public interest are finely balanced, where expedient and ethical principles may clash. My hunch is that the portal will be restrained. The case is interesting in itself, not least because of its jurisdictional implications – ISPs function around the world and any ruling in one place is likely to affect policy elsewhere. Or else it will encourage a seepage or migration of hate site blocking cases into jurisdictions where, for reasons of free speech or inertia or both, purveyors of controversial content believe their case can best be made.
The law is not always straight-forward. Yahoo! US is hosting racist propaganda on its Messenger chat-rooms but UK police argue that the portal is doing nothing wrong under UK law. The Internet Watch Foundation believes that there is no way under current legislation of prosecuting a content provider for hosting racially offensive material. There should not be a difficulty, because racial discrimination law is there and operates in other spheres, like employment law, well enough. Difficulties arise where the ISP or host's servers are not in the same jurisdiction. This is a challenge faced by any jurisdiction seeking to impugn Gnutella and sons of Napster with their distributed server networks.
The Public Order Act 1986 can be applied to racism on the Internet: this makes it a criminal offence to incite any form of racial hatred. As yet, however, there have been no successful prosecutions. Many legislators have seen it as an exclusively Internet issue, without taking account of the elusive nature of newsgroups and chat rooms.
That said, an awareness of ISP liability is growing fast among providers, as the UK Demon case revealed. There is greater vigilance about this on the international stage. The US case of Gary Bernstein v. J C Penney Inc. and others in California in 1998 springs to mind. It hinges around liability for infringements on linked sites. Hypertext links have been a topic of dispute for years – are they signposts (in which case, no fault) or processes (in which case, intrinsic to the content and copyrightable and infringeable as any text)? Then there is the matter of who cites whom, and whether any personal endorsement (or responsibility) can be perceived or assumed.
Bernstein was a photographer who brought an action against Elizabeth Arden and J C Penney for infringement based on a series of hypertext links connecting Penney's Web site to a site containing unauthorised copies of photos taken by Bernstein. Arden advertised a perfume on the Penney Web site, and this site contained a link to the Internet Movie Database Web site, which itself linked to a third site where more of Bernstein's photos could be found.
Lawyers are bound to ask about the chain of proximity here. What we have is multiple linking. Terms and conditions of use on Web sites are usually sufficient to disclaim any such remote associations. Bernstein lost his case. But could he – or anyone else – have won it if the chain had been less multiple, the infringement more blatant and undeniable, or if, say, the photos had been electronically reframed in such a way (say within a third party's banner ads) so that disparaging treatment could be alleged. This is the area of moral rights, an area where, if anywhere in intellectual property, the legal and ethical collide.
Making your mark
The patentability of computer software refuses to lie down. To be patentable, an invention must not just be new but also have an inventive step. By this we mean it must not be obvious, given what has gone before. Computer programs present a difficulty. Unlike semi-conductor chips, which can be patented, computer programs have been regarded as literary works and have claimed protection, in consequence, under copyright law. Present UK law (the Patents Act 1977) and the European Patent Convention (1973) exclude computer software as such and methods of doing business as such from patent protection. US practice has moved towards granting patents for software and non-technical business methods. Developments in e-commerce and divergence in international practice has put pressure on UK interests. News on the grapevine says that the UK government is moving in the US direction at last.
The position is this: patents are given for technological innovations, so software where there is no such innovation should not be patentable. Similarly, technological innovations should not stop being patentable just because the innovation lies in the software. Clarification is needed about where software starts and stops (i.e. where it is, and is not, technological innovation).
This is what commentators have called the quest for a technical contribution. I shall be interested to know how this pans out: it looks at present as if business methods will, in the UK, not become patentable unless evidence is provided of this technical contribution. We remember the famous Merrill Lynch Application case (1989), about a business application, and how, after getting nowhere in the UK, the company eventually obtained a patent from the US Patent Office.
New Registered Designs Regulations 2001 are about to come into effect in the UK. This is a monopoly right over the external appearance of an article lasting for 25 years. The regulations widen the types of design that can attract this kind of protection, and now will include graphic symbols and typographic faces. So company logos are clearly included, as well as computer game characters, text styles, and Web site designs (so long as they are distinctive enough, and not just the look and feel). The importance of a registered design commercially is well-known, and the financial investment and the need for secrecy during market testing are critical to success. There is a growing interest in this crossover between copyrights and patents/trade marks/designs.
Regularly attracting attention are cybersquatter disputes. The owner of a registered trademark in the UK will usually win such a dispute, and registration helps to protect the owner against "passing off" and trademark dilution. Same or similar names present problems, and may do in different countries. A landmark case in the UK was the Phonenames case: it hinges on the claim by a US florist that it should be able to use its name, and stop others using it, on the Internet, and that the existence of a similar name in the UK should be stopped because UK customers could order flowers by phone from the USA. Phonenames was the UK party and successfully argued its case. The mere existence in the UK of the US florist's mark (there was no evidence that it was actively attracting UK business!) was not enough.
Copy right and wrong
There has been much talk in the UK about DMCA among networkers. Representative of many views has been that, among all the other things, the Digital Millennium Copyright Act criminalizes the circumvention of copy-protection schemes on multimedia products, and outlaws scientific research into copy-protection technology. John Naughton of The Observer argues that DMCA is "a pestilential statute that embalms in law the business plans of brain-dead corporations and preserves technological innovation in the aspic of legislators' ignorance".
This is why we keep reading cries that "copyright is gagging programmers". This autumn has seen movement here as computer security experts pulled down their works from the Internet. A DMCA protest Web site has arisen. Some security experts are holding back on any public critique of copy-protection schemes out of fear of prosecution.
This is an environment that Linus Torvalds would recognise. What started as a bit of Finnish hacking ended up as Linux, the open source operating system, now a mainstream product. Open source is software where the source code is freely available for others to view, amend, and adapt. One large proprietary vendor cannot appropriate it because it is created and developed internationally. There are plenty of eyes to spot and fix bugs, and, despite the distribution and set-up costs, the software is essentially free.
Some very interesting library-specific projects have developed based on open source. They include the Prior Health Sciences Library in Columbus, Ohio (http://bones.med.ohio-state.edu/prospero), the MyLibrary@NCState portal, and the Koha Open Source Library System (developed by the Horowhenua Library Trust and Katipo Communications in New Zealand). Open source draws on copyleft principles, and in the sales pitch for open source you find – naturally enough – no conventional warranty.
Post-Tasini, debate about electronic/ digital rights rumbles on. Recently there has been debate about whether digital transmission interferes with a copyright owner's exclusive right to reproduction. Proposals to expand DMCA to permit digital transmission of lawfully purchased copies of work were rejected by the US Copyright Office this autumn. The Office argued that digital transmission of work would interfere with the copyright owner's control over the intangible work and the exclusive right of reproduction.
The EU Directive on copyright and related rights was finally approved in February 2001. It was aimed at harmonizing copyright and related rights in the information society. It has been going on for a long time, with new bits creeping in, and Oppenheim conveniently identifies these new bits in his excellent "Lislex" column in the Journal of Information Science (2001).
Much missed will be ip-wire from the IPR-helpdesk. It has done a lot to raise awareness of intellectual property rights. It was electronic newsletter created by the EC DG XIII-D, published monthly on their Web site at http://www.cordis.lu/ipr-helpdesk and by e-mail. The final issue, number 31, appeared in August 2001, and the project itself came to an end then too.
Custom built
The world of content managers and aggregators is rewriting conventional wisdom on publishing. Many key players are publishers playing to their strengths as owners of intellectual property. Customized publishing is a growth area. From within publishers' own lists, custom publications can be created or adapted. So, McGraw-Hill Primis Custom Publishing can take an existing book and reorganize the chapters and/or abridge the contents. To these adaptations can be added a course syllabus, original artwork, student guides and assignments.
ebrary, the firm that develops software and copyright content services, is working with publishers like McGraw-Hill to allow lecturers to create customized e-book adaptations from existing textbooks. Students can view online and download in secure delivery conditions. Other services, like the ebrary/Pearson "Learning Network" (at http://learningnetwork.ebrary.com), offer free searching and browsing, and a pay-as-you-go print/copying service. Permissions are, of course, carefully protected and administered (see http://www/mhhe.com). Sounds like an ideal opportunity for co-branding if a university is entrepreneurial enough.
The legal implications are both simple and complex. Owning the IP gives content aggregators a substantial edge commercially. Secure dissemination systems give customers confidence to cut and come again. Customizing the text is a real benefit: you can update (say, new assignments, new statutes), adapt (say, to New Zealand legal practice), add (say, more about ethics), enhance with interactive features (including links). Database and compilation law presumably applies to such texts, and would do so as texts take on more idiosyncrasies. Just where a customized text becomes more the property of a customer than the publisher is interesting, particularly where most is the customer's but where the conduit is the service provider. The law at such a point is at least as much a campus matter (i.e. the university as copyright owner/aggregator) as contractual between publisher and academia. I am watching this space and welcome comment.
More ethical talk
Which takes us finally to the Tempe principles. These principles for emerging systems of scholarly publishing have been much talked about. They started at a meeting in Tempe in Arizona in March 2000 and a full account of them can be found at http://www.arl.org/scomm/tempe.html. The aim was to build consensus, provide guidance, while acknowledging market forces and free creativity. They speak of the cost of research and maintaining access, interoperability and searchability, secure archiving, evaluating the quality of scholarly work, embracing copyright and fair use, ensuring quality rather than proliferation in scholarly journals, and assuring scholars of privacy.
So many legal and ethical balances – collective action and individual interest, commerce and scholarship, personal recognition and institutional sponsorship, widespread citational access and scholarly authenticity, copyright and fair use, free speech and privacy – are involved. The background assumption to Tempe is that current systems are cracking and crumbling under the pressure of rising journal costs, publish-or-perish quantity over quantity, distortions and disincentives to carry out research, and copyright transfer practices. The big CogPrints archive debate sustained by Stevan Harnad and his interlocutors probes deep into the wrinkles of this world (go to http://cogprints.soton.ac.uk/copyright.html for more!).
All of which takes me back to something else Sara Baase said: ethics fills the gap between the time when technology creates new problems and the time when reasonable laws are passed. If there is one (in fact there are many) reason for examining law and ethics in the same breath, this is surely it. What is right, good, prudent, expedient, professional, fair, just . . . Now to examine motherhood and apple pie: someone told me that they were getting a bad press. . .
Stuart Hannabuss (MSCSH@mailer.rgu.ac.uk) is a Professor at the School of Information and Media, The Robert Gordon University, Aberdeen, UK.
References
Baase, S. (1997), A Gift of Fire: Social, Legal and Ethical Issues in Computing, Prentice-Hall, Englewood Cliffs, NJ.Oppenheim, C. (2001), "Listex", Journal of Information Science, Vol. 27 No. 3.Wengert, R. (2001), "Ethical issues of information technology", Library Trends, Vol. 49 No. 3.