Security: Identifying and Managing the Legal Risks of Development and Twitter

Prof. Jonathan I. EzorTouro Law Center

140: The Twitter ConferenceSeptember 23, 2009

jezor@tourolaw.edu@ProfJonathan

jezor@tourolaw.edu / @ProfJonathan

Risk Management Key to Successful

Business

• Risks come from many sources– Financial– Technological– Legal

• “Silos” can lead to missed risks (and opportunities)

• Legal (hopefully) constructive part of team

jezor@tourolaw.edu / @ProfJonathan

Software Development,

Internet Both Have Unique Risks

• Each depends on other vendors, users for functionality

• Each also used for business-critical functions

• Combination adds to challenges

jezor@tourolaw.edu / @ProfJonathan

Risks and Management for Twitter Software

Developers• Rights to their own code • Use and limits of contract language • General workplace risk from soc media

use• Unexpected legal issues • The Fail Whale• Insurance

jezor@tourolaw.edu / @ProfJonathan

Code and Copyright

• Software covered by copyright• Under US law, copyright exists on creation• Generally, creator (or employer)

automatically owns copyright• Otherwise, only transferred in writing• Filing allows for litigation, increases

remedies

jezor@tourolaw.edu / @ProfJonathan

Licenses: Giving and Receiving

• Licenses how copyright holders control use by others– Many types– Cover variety of rights

• Freeware ≠ Public Domain (“libre” vs. “gratuit”)

• For software, license may be to object and/or source code

jezor@tourolaw.edu / @ProfJonathan

Accidental Open Source “Infection”

• Open source licenses require devs to make source code avail to users– May be free or commercial– Different licenses (GNU, Creative Commons, Etc.)

• Issue when open source incorporated into intended closed source– May turn entire project into open source– Developer may not know about inclusion

• Must educate developers, monitor libraries/code

jezor@tourolaw.edu / @ProfJonathan

Contract Language

• Contracts popular way to identify/manage risks– Provide permitted uses– State/limit warranties– Limit liability– Set applicable law

• May be provided in EULA, Terms of Use, etc• Employee contracts also crucial (NDAs, non-

competes, etc.)

jezor@tourolaw.edu / @ProfJonathan

Contracts May Not Provide Expected

Protection– Contracts governed by state law– Some language may be overbroad– Clickthroughs may/may not be sufficient– Copying others’ contracts could be problem– As risks increase, need for signed contract does

as well

jezor@tourolaw.edu / @ProfJonathan

General Workplace Risks from Social

Media Use

• As said yesterday, Twitter-focused companies “eat their own dog food”

• Also as said yesterday, humor in business doesn’t always work well

• Need to balance benefits and risks of Internet access/use in workplace

• Culture, business need, productivity all concerns

http://shankman.com/be-careful-what-you-post/

Many of my peers and I feel this is inappropriate. We do not know the total millions of dollars FedEx Corporation pays Ketchum annually for the valuable and important

work your company does for us around the globe. We are confident however, it is enough to expect a greater level of respect and awareness from someone in your position

as a vice president at a major global player in your industry. A hazard of social networking is people will read

what you write.

jezor@tourolaw.edu / @ProfJonathan

Additional Internet-Related Legal Risks

to Consider

• Privacy• International issues• Consumer protection– Prize promotions (http://bit.ly/ke7y5)– Spam– Overall marketing

• Others

jezor@tourolaw.edu / @ProfJonathan

What if Twitter Fails?

• Building business on single vendor puts success in its hands

• Twitter a single company, single product• Subject to technical issues, business risks of

own• When Twitter Ain’t Running, Ain’t Nobody

Running: http://bit.ly/19gpb3

jezor@tourolaw.edu / @ProfJonathan

Appropriate Insurance a Key Risk

Management Component

• Most businesses have some kind of insurance

• Question whether it covers Internet-related risks

• Many carriers offer appropriate policies• Need to ask/find broker who also

understands

jezor@tourolaw.edu

Knowledge, Policies and Procedures Must Work Together

To Minimize Risks

• Create a “Social Media Policy” and enforce it (Good list at http://bit.ly/58oeQ)

• Adequate funding of IT staff, including training• Make sure employees and outside professionals given proper

education• Set up systems with business concerns in mind• Keep up with trade press• Follow company on Twitter, FB, etc.

QUESTIONS?

Jonathan I. Ezorjezor@tourolaw.edu

@ProfJonathan on Twitter

http://www.mobilerisk.com