Post on 14-Jun-2015
description
transcript
Security: Identifying and Managing the Legal Risks of Development and Twitter
Prof. Jonathan I. EzorTouro Law Center
140: The Twitter ConferenceSeptember 23, 2009
jezor@tourolaw.edu@ProfJonathan
jezor@tourolaw.edu / @ProfJonathan
Risk Management Key to Successful
Business
• Risks come from many sources– Financial– Technological– Legal
• “Silos” can lead to missed risks (and opportunities)
• Legal (hopefully) constructive part of team
jezor@tourolaw.edu / @ProfJonathan
Software Development,
Internet Both Have Unique Risks
• Each depends on other vendors, users for functionality
• Each also used for business-critical functions
• Combination adds to challenges
jezor@tourolaw.edu / @ProfJonathan
Risks and Management for Twitter Software
Developers• Rights to their own code • Use and limits of contract language • General workplace risk from soc media
use• Unexpected legal issues • The Fail Whale• Insurance
jezor@tourolaw.edu / @ProfJonathan
Code and Copyright
• Software covered by copyright• Under US law, copyright exists on creation• Generally, creator (or employer)
automatically owns copyright• Otherwise, only transferred in writing• Filing allows for litigation, increases
remedies
jezor@tourolaw.edu / @ProfJonathan
Licenses: Giving and Receiving
• Licenses how copyright holders control use by others– Many types– Cover variety of rights
• Freeware ≠ Public Domain (“libre” vs. “gratuit”)
• For software, license may be to object and/or source code
jezor@tourolaw.edu / @ProfJonathan
Accidental Open Source “Infection”
• Open source licenses require devs to make source code avail to users– May be free or commercial– Different licenses (GNU, Creative Commons, Etc.)
• Issue when open source incorporated into intended closed source– May turn entire project into open source– Developer may not know about inclusion
• Must educate developers, monitor libraries/code
jezor@tourolaw.edu / @ProfJonathan
Contract Language
• Contracts popular way to identify/manage risks– Provide permitted uses– State/limit warranties– Limit liability– Set applicable law
• May be provided in EULA, Terms of Use, etc• Employee contracts also crucial (NDAs, non-
competes, etc.)
jezor@tourolaw.edu / @ProfJonathan
Contracts May Not Provide Expected
Protection– Contracts governed by state law– Some language may be overbroad– Clickthroughs may/may not be sufficient– Copying others’ contracts could be problem– As risks increase, need for signed contract does
as well
jezor@tourolaw.edu / @ProfJonathan
General Workplace Risks from Social
Media Use
• As said yesterday, Twitter-focused companies “eat their own dog food”
• Also as said yesterday, humor in business doesn’t always work well
• Need to balance benefits and risks of Internet access/use in workplace
• Culture, business need, productivity all concerns
http://shankman.com/be-careful-what-you-post/
Many of my peers and I feel this is inappropriate. We do not know the total millions of dollars FedEx Corporation pays Ketchum annually for the valuable and important
work your company does for us around the globe. We are confident however, it is enough to expect a greater level of respect and awareness from someone in your position
as a vice president at a major global player in your industry. A hazard of social networking is people will read
what you write.
jezor@tourolaw.edu / @ProfJonathan
Additional Internet-Related Legal Risks
to Consider
• Privacy• International issues• Consumer protection– Prize promotions (http://bit.ly/ke7y5)– Spam– Overall marketing
• Others
jezor@tourolaw.edu / @ProfJonathan
What if Twitter Fails?
• Building business on single vendor puts success in its hands
• Twitter a single company, single product• Subject to technical issues, business risks of
own• When Twitter Ain’t Running, Ain’t Nobody
Running: http://bit.ly/19gpb3
jezor@tourolaw.edu / @ProfJonathan
Appropriate Insurance a Key Risk
Management Component
• Most businesses have some kind of insurance
• Question whether it covers Internet-related risks
• Many carriers offer appropriate policies• Need to ask/find broker who also
understands
jezor@tourolaw.edu
Knowledge, Policies and Procedures Must Work Together
To Minimize Risks
• Create a “Social Media Policy” and enforce it (Good list at http://bit.ly/58oeQ)
• Adequate funding of IT staff, including training• Make sure employees and outside professionals given proper
education• Set up systems with business concerns in mind• Keep up with trade press• Follow company on Twitter, FB, etc.
QUESTIONS?
Jonathan I. Ezorjezor@tourolaw.edu
@ProfJonathan on Twitter
http://www.mobilerisk.com