9 23 09 140tc Security Presentation
-
Upload
jonathan-ezor -
Category
Technology
-
view
2.270 -
download
2
description
Transcript of 9 23 09 140tc Security Presentation
![Page 1: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/1.jpg)
Security: Identifying and Managing the Legal Risks of Development and Twitter
Prof. Jonathan I. EzorTouro Law Center
140: The Twitter ConferenceSeptember 23, 2009
[email protected]@ProfJonathan
![Page 2: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/2.jpg)
[email protected] / @ProfJonathan
Risk Management Key to Successful
Business
• Risks come from many sources– Financial– Technological– Legal
• “Silos” can lead to missed risks (and opportunities)
• Legal (hopefully) constructive part of team
![Page 3: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/3.jpg)
[email protected] / @ProfJonathan
Software Development,
Internet Both Have Unique Risks
• Each depends on other vendors, users for functionality
• Each also used for business-critical functions
• Combination adds to challenges
![Page 4: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/4.jpg)
[email protected] / @ProfJonathan
Risks and Management for Twitter Software
Developers• Rights to their own code • Use and limits of contract language • General workplace risk from soc media
use• Unexpected legal issues • The Fail Whale• Insurance
![Page 5: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/5.jpg)
[email protected] / @ProfJonathan
Code and Copyright
• Software covered by copyright• Under US law, copyright exists on creation• Generally, creator (or employer)
automatically owns copyright• Otherwise, only transferred in writing• Filing allows for litigation, increases
remedies
![Page 6: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/6.jpg)
[email protected] / @ProfJonathan
Licenses: Giving and Receiving
• Licenses how copyright holders control use by others– Many types– Cover variety of rights
• Freeware ≠ Public Domain (“libre” vs. “gratuit”)
• For software, license may be to object and/or source code
![Page 7: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/7.jpg)
[email protected] / @ProfJonathan
Accidental Open Source “Infection”
• Open source licenses require devs to make source code avail to users– May be free or commercial– Different licenses (GNU, Creative Commons, Etc.)
• Issue when open source incorporated into intended closed source– May turn entire project into open source– Developer may not know about inclusion
• Must educate developers, monitor libraries/code
![Page 8: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/8.jpg)
[email protected] / @ProfJonathan
Contract Language
• Contracts popular way to identify/manage risks– Provide permitted uses– State/limit warranties– Limit liability– Set applicable law
• May be provided in EULA, Terms of Use, etc• Employee contracts also crucial (NDAs, non-
competes, etc.)
![Page 9: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/9.jpg)
[email protected] / @ProfJonathan
Contracts May Not Provide Expected
Protection– Contracts governed by state law– Some language may be overbroad– Clickthroughs may/may not be sufficient– Copying others’ contracts could be problem– As risks increase, need for signed contract does
as well
![Page 10: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/10.jpg)
[email protected] / @ProfJonathan
General Workplace Risks from Social
Media Use
• As said yesterday, Twitter-focused companies “eat their own dog food”
• Also as said yesterday, humor in business doesn’t always work well
• Need to balance benefits and risks of Internet access/use in workplace
• Culture, business need, productivity all concerns
![Page 11: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/11.jpg)
http://shankman.com/be-careful-what-you-post/
Many of my peers and I feel this is inappropriate. We do not know the total millions of dollars FedEx Corporation pays Ketchum annually for the valuable and important
work your company does for us around the globe. We are confident however, it is enough to expect a greater level of respect and awareness from someone in your position
as a vice president at a major global player in your industry. A hazard of social networking is people will read
what you write.
![Page 12: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/12.jpg)
![Page 13: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/13.jpg)
![Page 14: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/14.jpg)
[email protected] / @ProfJonathan
Additional Internet-Related Legal Risks
to Consider
• Privacy• International issues• Consumer protection– Prize promotions (http://bit.ly/ke7y5)– Spam– Overall marketing
• Others
![Page 15: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/15.jpg)
![Page 16: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/16.jpg)
![Page 17: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/17.jpg)
[email protected] / @ProfJonathan
What if Twitter Fails?
• Building business on single vendor puts success in its hands
• Twitter a single company, single product• Subject to technical issues, business risks of
own• When Twitter Ain’t Running, Ain’t Nobody
Running: http://bit.ly/19gpb3
![Page 18: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/18.jpg)
[email protected] / @ProfJonathan
Appropriate Insurance a Key Risk
Management Component
• Most businesses have some kind of insurance
• Question whether it covers Internet-related risks
• Many carriers offer appropriate policies• Need to ask/find broker who also
understands
![Page 19: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/19.jpg)
Knowledge, Policies and Procedures Must Work Together
To Minimize Risks
• Create a “Social Media Policy” and enforce it (Good list at http://bit.ly/58oeQ)
• Adequate funding of IT staff, including training• Make sure employees and outside professionals given proper
education• Set up systems with business concerns in mind• Keep up with trade press• Follow company on Twitter, FB, etc.
![Page 20: 9 23 09 140tc Security Presentation](https://reader033.fdocuments.in/reader033/viewer/2022060115/557ceb0bd8b42a057f8b4cdb/html5/thumbnails/20.jpg)
QUESTIONS?