Feeds

CIOs should fear the IP police ... have your get-out-of-jail files ready

Let's hope nobody wins this, it's disaster either way

SANS - Survey on application security programs

Opinion The powers that be in the copyright world continually push for ever-stricter copyright with longer terms. They seek to externalise the cost of enforcement onto society at large. Society at large, on the other hand, wants easier, quicker access to content with fewer restrictions. Regular businesses can easily be caught in the crossfire.

shutterstock_must credit and link

Copyright theft has become so habitual that it has
become socially acceptable. Image via Shutterstock

A big problem with copyright infringement is that in many regions, general social acceptance of copyright is completely out of alignment with the current legal landscape. In many ways, it is no different than the many and varied other Wars On Stuff which have sought to fundamentally change society's habits, preferences and beliefs.

Alcohol prohibition famously failed. Marijuana usage certainly hasn't been eradicated here in Canada. Instead, a generation of Canadians are coming of age who simply don't understand what the big deal is in the first place.

So it is with copyright. Big Content spends billions on legal sticks: extending copyright terms beyond absurdity, lobbying continually for irresponsibly disproportionate damages and now waging a protracted international war on fair use. Half a century's stubborn resistance to change – and cemented unwillingness to try the carrot – has created a massive rift between Big Content and the audience upon which the industry relies.

If the war for legal control over our culture shows no signs of abating, what does this mean for you?

Copyright infringement at work

Alcohol in the workplace in many cases isn't technically illegal, but it is likely to get you fired. Marijuana is illegal; however the law typically punishes the user of the controlled substance, not the company upon whose campus that individual happened to be at the time.

Copyright infringement exists in a less well-trodden legal space. As corporate size increases, so too do the chances of infringing material existing on a corporate campus. Smartphone and MP3 player penetration is nearly total; anyone and everyone could be walking around with 75,000 American jobs in their pocket.

Your company may not be legally liable for this infringing material if it stays in people's pockets. But what if your staff plug their smartphones into the company computer? At every company I visit, there are mini-USB cords and iThingy cables attached to USB ports. Terrible battery life means we are constantly charging our toys, even when employers might wish otherwise.

Most phones and media players can be mounted and made visible to the operating system. What do the laws in your jurisdiction say about that? Big Content's War On Its Own Customers has tried to make educational institutions, parents and ISPs liable for the traffic crossing their networks; many of those battles are still ongoing. The argument of the day is that no company or individual should be considered a "dumb pipe". Anyone with a network must ensure infringing material never crosses it.

What about that network? If merely lighting up the $4bn iPod with power doesn't make your company liable in your jurisdiction, what happens when someone copies infringing material into their home folder? What if they use your corporate network to transmit this to another employee? What if they email it with the corporate mailer, or download new material from the internet?

Region restrictions are an even greyer area. Consider the Comedy Central/Comedy Network War On Canada. Canadians who are trying to view content (South Park clips, episodes of The Daily Show, etc) that is legally available to Americans are frequently met with a rude notification that this content isn't available in our area.

If I am VPNed into an American client's network, my IP address appears to be American. If I visit one of these websites and show a co-worker a South Park clip explaining why I call some people manatees... have I broken the law? Which law, from which country? Is the company whose network I am using liable? What about the website that allows me to view the content?

Attempts to bring clarity to intellectual property concerns on an international level have been horrible, and have been met with resistance from other nations. Even after the digital provisions are pulled.

There are more prosaic IP concerns as well; something as common and everyday as photocopying may be infringement. Using a photo in a presentation or on your website may be infringement. Playing music in the office or having a television in the break room may be infringement.

Anything you or your employees duplicate – in whole or in part – where you do not have express consent of the current copyright holder (which is rarely the actual content creator!) may potentially make you liable for various legal remedies regarding copyright infringement.

Copyright infringement isn't ever going to go away, but the crackdown is going to get a lot worse before it gets better. To avoid becoming a casualty in a War On Something, corporate computer systems usage policies need to be revamped with an eye to the new reality of copyright infringement.

The only way to be sure you aren't violating copyright is to have your employees create everything on their own, without utilising external resources. Even if you manage to do that, someone probably owns the patent on how it was done.

Open Source and Creative Commons

Companies with some awareness of the pitfalls of copyright infringement frequently turn to both open source software and creative commons media. Proprietary software is traditionally viewed as expensive, overly complex and restrictive; at a minimum you probably can't install multiple copies of anything off a single licence.

Restrictions can be more complex than simply "pay for every copy you use". You may not be allowed to take that copy of an application or operating system you bought and simply move it to another machine. You may not be allowed to use it on a computer that isn't made by a given company, or inside a virtual machine (VM).

If you are allowed to use a given piece of software inside a VM, making use of templates or cloning known-good setups may be prohibited. More confusingly, taking snapshots of a VM or doing live backups could potentially be a violation; you've essentially copied the whole "computer" in a usable state, even if you don't currently have the copy actively in use.

With the pandemonium of proprietary licensing as a backdrop, open source seems welcoming. Open source, however, does not necessarily mean "free." It means you can see the source code; that's about it.

Depending on the specific licence chosen, you may be allowed to modify said source code. You may be allowed to use the application for commercial purposes free, or for a fee. You may be allowed to copy it, under various circumstances and ... well, open source simply isn't the panacea for intellectual property ills it's usually billed as.

While it frequently comes with a lower sticker price, open source software probably isn't going to lower the costs involved with navigating the copyright infringement minefield that permeates the modern business landscape. That said, depending on the particularities of the licence, it's a great hedge against the developer going bust or getting Oracled.

SANS - Survey on application security programs

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.