Computer Law & Security Report Vol. 17 no. 6 2001ISSN 0267 3649/01/$20.00 © 2001 Elsevier Science Ltd. All rights reserved

409

Legal Risk Analysis

Since April 2000 the Information Technology Law Unit of Queen Mary College, University of London, has been work-ing as part of the ECLIP II project with the consultancy firm Arium Risk Architecture, in the exciting and challengingfield of Legal Risk Analysis.The IT Law Unit has been helping Arium to develop a legal risk management model forthe Internet, providing data input and insight into the various aspects of e-commerce, and validating the model struc-ture in light of our specialist legal knowledge.This article explores the work being undertaken and its applications.

INTRODUCTION

Risk Analysis is a growing area, of particular interest to (re)insur-ers, larger organizations seeking to self insure, and to organiza-tions operating in all fields where insurance cannot provideadequate restitution for failure — health and safety is one goodexample. Legal risk management tools are needed because theyhelp people ascertain where the vulnerabilities lie — what cango wrong, and where protections against failure are most need-ed.The Internet is a particularly exciting field for risk modellingbecause companies doing business on the Internet involve a lotof new risks. In an unfamiliar environment, these risks can behard to quantify and assess.And as Napster has demonstrated,thevery existence of the Internet creates hazards even for compa-nies that have no Internet presence or desire to be online. Mostmusic is currently published in the unprotected CD format,which can be easily copied and compressed into the MP3 formatfor sending over the Internet.Napster software enables these dig-ital recordings of songs to be freely copied and exchanged onlinebetween a huge database of users,without compensation to thecopyright holding music corporations.Understandably,the musiccorporations are not very happy about this, and litigation is con-tinuing.The situation has arisen because the music industry, inadopting the CD format as standard, did not consider the risksarising from future technological developments.CDs were initial-ly protected by their difficulty of manufacture and non-rerecord-ability, so that copying was by analogue means such as the taperecorder, with a significant degradation in quality.The develop-ment of the Internet and subsequent MP3 and Napster technolo-gies has enabled near-perfect copying and transmission by and toanyone with Internet access of any music originally published onCD.The consequences threaten the profit structure of the entireindustry. Conversely, Napster’s activities have exposed the com-pany to immense legal risks, with potential damages far exceed-ing the value of the company. As we shall see, Arium’s RiskAnalysis Model provides a way to help foresee and evaluate themagnitude of such risks before they are incurred.

It can be seen from the Napster example that with thedevelopment of the Internet environment,unforeseen risks can

be potentially catastrophic, whether a business has embracedthe Internet or tried to ignore it.All businesses engage in riskmanagement, even if unconsciously.The most pressing need isto identify critical points of failure and to protect against fail-ure,or at least to reduce the cost of failure when it does occur.

DEPENDENCY MODELLING — BASICS

The approach to risk modelling Arium uses is called dependen-cy modelling. For engineers, it can be compared to a reverse(and much quicker) fault tree analysis. Perhaps the easiest wayof explaining what is so revolutionary about the approach is tocompare it to what we call the matrix approach commonlyused by risk managers. We can then explain our approach,which we call the modelling approach, and show what model-ling can do that no matrix can. Typically, the risk matrix startswith a list of risks,with the things that can go wrong.It then hasa column for the consequence of failure,occasionally a columnfor the probability of failure although often it does not, andcolumns for insurance and other controls.

A dependency model starts at the other end, with the goalyou want to achieve. Dependency models are superior to tradi-tional risk matrix modelling because they can quantify the mostserious risks and the most effective controls.This makes it easierto assess sensitivity to risks from limited information,and makesit easy to play with different exposure risks in order to assess thebusiness model’s sensitivity to uncontrollable factors and theeffectiveness of different preventive measures.

BUILDING A DEPENDENCY MODELThis is essentially a six-stage process:1. Start with the (business) goal you want to achieve.2. Ask what achieving that goal depends on.3. Ask what are the immediate consequences, if something

goes wrong.4.Assess the likelihood of something going wrong.5.Assess the risk, the sensitivity to uncontrollable factors, and

the effectiveness of protective measures.6.Assess the costs of failure.

LEGAL RISK ANALYSISLEGAL RISK MANAGEMENT VIA DEPENDENCY MODELLINGSimon Newman

CLSR NovDec.qxd 10/22/01 12:06 PM Page 409

410

Legal Risk Analysis

The dependency maps are all phrased positively, in terms ofgoals. Each element depends on the items connected to itsright.A typical (brief) dependency map for a relatively simpletechnical problem is as follows.For a passenger airline with pri-mary 747 plane Juliet Delta (JD) and backup 747 plane RomeoBravo (RB), the possibility of having a plane available for servicerequires that one of these two planes be operative.This requiresin turn that the 747 design and specification is effective, andthat at least one of the two planes is mechanically sound.

We start building the model from this point, not from air-craft inoperative.You can see that in this model, aircraft beingoperative depends on either the main aircraft being operative orthe back up aircraft being operative. From the perspective ofthe matrix, we are modelling the relationship between aircraftbeing inoperative and the back up aircraft.But we can do morewith the model.We can use the existing information,such as theinformation used in the matrix, but the model’s engine can docalculations to get more out of the model more than we put in.

One of the questions we (Arium) are frequently asked iswhere do we get the numbers? How do we know whetherthe operability of the aircraft has a 1% or 10% or other proba-bility of failure? Occasionally there are statistics, particularlyfor aircraft. But more often, there are no precise numbers

available. Failure rates can be used then first in ranges, forexample, a catastrophic risk might be measured per thousandand some political risks per hundred.Those risks can be alsorefined comparatively, say from a range of 0.1-0.5% or 1-5%.What is key is that we are analyzing to what we are sensitive;our definition of risk is our sensitivity to what we cannot con-trol. Likelihood of failure is only one factor in a sensitivityanalysis, the others being most importantly the degree ofdependency (apparent from the structure of the model), thecost of failure,and the effectiveness of other controls or trans-fer mechanisms.Our analysis is about identifying those thingsto which we are particularly sensitive, which may not be thefactors with the highest failure rates, and finding ways ofreducing our sensitivity. So even if we do not know the pre-cise relevant statistics, we can run ‘what if’ scenarios and seehow much difference it would make if we increased orreduced the likelihood of failure.

The model can be framed as follows:747 operative, REQUIRES____Design of 747 is

EffectiveAND_________A 747 is mechanically sound,

REQUIRES_JD is soundOR____RB is sound

Figure 1: The Risk Analysis Tool.

CLSR NovDec.qxd 10/22/01 12:06 PM Page 410

411

Legal Risk Analysis

The Risk Analysis Tool appears in Figure 1.

We do not have to do calculations now to understand thatthe effectiveness of the back up aircraft may be limited.Theremay be a very large fleet of this type of aircraft, but if thedesign is flawed, the aircraft will not be operable.

So the analysis may need to focus on how likely designfailures are and how we can protect against them.

Although an aircraft manufacturer may be unwilling tobear the loss of revenue suffered from a design flaw, they maybe willing to agree the speed and manpower with which theywould address design problems and to rectify them quickly ifpossible, thus reducing the aircraft downtime. Given thepotentially longer delays and greater loss of revenue from adesign problem then a purely mechanical one, and hence thegreater potential exposure, it may be worth consideringwhether we can transfer at least some of the financial conse-quences of the risk to the designer, even if not all of it.

The real difference is that the matrix will give a differentresult. Looking just at our matrix, we will try to protect againsteach risk listed, e.g., protect against both mechanical failureand design flaws. Using the model, however, we will seek toidentify the greatest exposure and what best protects againstit.We can then produce a sensitivity chart showing us to whatwe are most sensitive, the design or the mechanical flaws.

What this demonstrates is that even without knowing therelevant probabilities of failure, we can see that we are most

likely to have a greater sensitivity to design flaws in a fleetthan to mechanical soundness. Having identified the factor towhich we are most sensitive,we can specifically seek data forthat factor or run ‘what if’ scenarios to measure the sensitivityusing a range of estimates. It is likely,as a result, that we wouldseek to protect against delays from design flaws.

Thus, dependency modelling enables a consistent andcomparative profiling of uncertainties, improved risk selec-tion and discrimination even in the absence of failure statis-tics, and the more targeted collection of relevant statisticaldata.

APPLYING DEPENDENCY MODELLING TOINTERNET LEGAL RISK ANALYSISRisk analysis is particularly needed by companies about toengage in new activities, such as marketing a new product orselling into a new market. It is also important where a compa-ny’s activities remain the same, but the environment in whichthey are conducted is undergoing rapid change. It is particu-larly important in areas where the environment is relativelyunfamiliar to the company personnel engaged in the mostvital decision-making and risk-taking activities, so that theirdeveloped ‘feel’ for potential risks and opportunities may notbe reliable.Two areas where senior company personnel oftenfeel most ill at ease are technology and the law. These are

Contracts enforcable Compliance with consumer legislation

Consumer contracts comply with distance selling

Consumer contracts comply with consumers laws of

Consumer credit agreements enforceable

No consumer complaints about contract

Provide information to consumer under Distance

Prompt delivery of goods to other recepients

No loss from delivery of goods to consumer under

No loss from redelivery of consumer goods under

Form of contract acceptable

Physical delivery/ redelivery of goods

Contracts otherwise enforceable

No consumer withdrawal from contract

Contract notifies of withdrawal / consumer to

Goods liable to deteriorate rapidly and exempt from

No consumer withdrawal from contract

Delivery of goods to consumers within 90 days

Figure 2: The Risk Analysis Tool’s Internet Risk model.

CLSR NovDec.qxd 10/22/01 12:06 PM Page 411

Legal Risk Analysis

412

exactly the areas that come together in the internationalonline environment of the Internet and the World Wide Web.

Reactions to unfamiliar technological and legal environ-ments vary from excessive caution — “if we ever had acomputer virus, we’d shut down the company” — to blithe-ly ignoring the risks — “Just do it”being the mantra of manyInternet start-up companies, at least until recently. A thirdcommon approach is a (sometimes blind) reliance onexperts — such as a company’s information technologyunit, or in-house legal department — to deal with all prob-lems as they arise, effectively isolating these areas from therest of the company. But in the volatile and ever-changingonline environment, such an ‘ignorance is bliss’ approach isincreasingly foolhardy. The Risk Analysis Tool provides ameans for non-experts to assess the magnitude of risksassociated with particular activities. It is particularly suitedto legal risk assessment, because legal risk is founded onlaw codes and precedents that are normally freely available,and the problems which other companies have encoun-tered are usually publicized through case reports as well asfrequently in the mass-media.Thus following Yahoo’s recentproblems, any company wishing to sell Nazi paraphernaliaover the Internet should now be aware of the potentialrisks posed by such jurisdictions as France, where suchsales are illegal.

We now turn to a particular example of the application ofInternet Legal Risk Analysis, that of Consumer Protection.

Example: Consumer Protection

Consumer Protection requirements arise both under nationallaw, such as the UK Unfair Contract Terms Act 1977, andincreasingly under international legislation such as the EUConsumer Protection Directive. Figure 2 shows a screenshotfrom a section of the Risk Analysis Tool’s Internet Risk modelon compliance with consumer legislation:

A company’s risk exposure is assessed by asking aseries of questions, firstly of experts such as the ITLU, inorder to arrive at default values for certain risks, which areinputted into the model. E.g. the first question on thescreenshot below is “What percentage of your consumercustomers do you expect may exercise their right of with-drawal”? While it will rarely be possible to give preciseanswers, it is known that the default rate on Internet retailsales is around 40 times that for over-the-counter sales, andthis is taken into account when setting the default value(see Figure 3).

The same questions may then be asked of the relevantcompany personnel, and the default values modified accord-ingly. In this example, a Business-to-Business company whichnever deals with consumers may have a zero risk, whereas acompany like Amazon.com with a long record of dealing withconsumers over the Internet may have extensive data avail-able for input to the model. For a typical small to mediumbusiness the model’s default values are most likely to be

Figure 3: Risk Analysis Tool — Consumer contracts.

CLSR NovDec.qxd 10/22/01 12:06 PM Page 412

413

Legal Risk Analysis

applicable, perhaps with some modification according to thenature of the business concerned.

Using the data gathered, potential losses are markedaccording to the type of loss, which is colour-coded for refer-ence. The probability of a loss will vary according to its‘dependency count’ — the number of other variables whichimpact on that loss. ‘Or’ variables are those which may eachindividually cause that loss to arise, while ‘and’ variables mustall occur for the loss to manifest (see Figure 4).

In Figure 4, the first row details potential losses concur-rent on a consumer exercising their right to return goods,e.g. under the Distance Selling Directive.As well as the lostprofit on a sale, contingent losses may arise from the com-pany attempting to recover its goods. Even where title isnot disputed, the company may have to pay for the cost of recovering the goods (postage or collection) and maysuffer a further loss if the goods are returned dirty or damaged. In some cases this loss may well exceed the orig-inal value of the goods, a critical point when the highdefault (consumer revocation) rate on Internet sales isborne in mind.

The important point in this risk analysis is not to achievetotal statistical accuracy in assessing the risks, almost certain-ly an impossible task, but rather to quantify relative riskswithin the right orders of magnitude. For example, an onlinecompany that shuts down all trading in response to a com-puter virus threat may find that the losses incurred by this

‘remedy’ are out of all proportion to the potential lossesthreatened by the virus itself. Likewise the cost of disputingtitle to a particular .com Domain Name may far exceed anyrealistic assessment of that Domain Name’s value to the com-pany.The Internet Legal Risk Analysis Model can help to drawout these relative loss/value relations and aid in the formula-tion of sensible company policy to minimize risk exposure inthe inherently risky online world.

EDUCATIONAL USE OF THE RISKANALYSIS MODEL THROUGH ECLIPArium is a consulting firm providing legal risk managementsystems and services for the insurance and financing indus-tries, among others. It is working with the IT Law Unit of theCentre for Commercial Law Studies, Queen Mary College,University of London, in the development through their RiskAnalysis Tools (RATs) of a very comprehensive, ever-evolvingstatistical model for evaluating a company’s Internet risk.Arium’s primary goal for the model is its use in assisting busi-nesses and organizations in evaluating their Internet risk andidentifying the most useful safeguards — those with higheffectiveness and relatively low cost. However, the IT Lawunit has identified a further potential use for the model as adidactic tool for Information Technology Law studentsthrough ECLIP distance teaching. Because the RiskAssessment Tool software and the data that form the Legal

Figure 4: Type of loss.

CLSR NovDec.qxd 10/22/01 12:06 PM Page 413

Legal Risk Analysis

414

Risk Analysis Model exist entirely in electronic form, it will beparticularly suited to the Internet-based electronic distanceteaching (‘E-learning’), that the IT Law Unit is developing inconjunction with its partners in the ECLIP group of interna-tional Universities.

The intention is that the distance students will be given,through E-mail or remote download, sections of the model(micro-models), e.g. a section on residual threats or risks asso-ciated with the use of E-mail. They will then be invited toexplore and manipulate the micromodel, and to think aboutthe risks that it portrays and the links between them. HTMLlinks within the model’s risk descriptions will link to relevantdocuments, such as national and EU legislation, internationaltreaties and case precedents. Ultimately, the students will beencouraged to suggest possible additions or amendments tothe micromodel that would make it a more accurate represen-tation of the current Internet legal environment.Astute obser-vations from students could be forwarded on to Arium for itsown analysis, and possible incorporation into the core model,in a mutually beneficial interactive process. Over the next sixmonths we intend to engage in further development of the

model, with distribution and validation through test environ-ments such as training courses.This will give the IT Law Unitand ECLIP partners experience in using the software as ateaching aid, in preparation for using RATs as part of the fullyintegrated remote networked learning courses aiming to com-mence in autumn 2001.While security,data confidentiality andtechnology considerations will necessarily influence the finalform of the model’s use in E-learning, we are confident that itcan provide a valuable tool to assist students of Internet law inassessing the myriad legal complexities of the ever-evolvingonline world.

DDrr SSiimmoonn NNeewwmmaann,, Information Technology Law Unit, Centrefor Commercial Law Studies,Queen Mary,University of LondonSee: <www.arium.co.uk> for further information.

This paper was written by Simon Newman (IT Law Unit,E-mail: s.t.m.newman@qmw.ac.uk) with the help of AriumRisk Architecture and particular input from the work of RobinWilkinson,who provide risk models to the insurance industry(E-mail: enquiries@arium.co.uk).

BOOK REVIEW

Patent Law

AA PPrraaccttiiccaall GGuuiiddee ttoo PPaatteenntt LLaaww,, 33rrdd EEddiittiioonn,, bbyy BBrriiaann CC.. RReeiidd ((11999999)),, ssoofftt-ccoovveerr,, SSwweeeett && MMaaxxwweellll,, 337788 pppp..,, ££3355..0000,, IISSBBNN00 442211 6655663300 11This text seeks to offer a practical guide to patent law, written in clear and concise style, covering both practical aspectsof the subject and the underlying concepts. This latest edition contains substantial revisions from what has gone before.Much of the detailed material relating to the 1949 Patents Act has been jettisoned while retaining sufficient material fromthat era to provide historical continuity. There are 13 chapters in the work covering all aspects of the subject. The authordescribes the work as intended to illuminate the way and guide the reader, rather than attempt to be encyclopaedic.

AAvvaaiillaabbllee ffrroomm SSwweeeett && MMaaxxwweellll LLttdd,, 110000 AAvveennuuee RRooaadd,, LLoonnddoonn,, NNWW33 33PPFF;; tteell:: ++4444 ((00))2200 77339933 77000000..

BOOK REVIEW

Closed Circuit TV

CClloosseedd CCiirrccuuiitt TTeelleevviissiioonn,, bbyy JJooee CCiieesszzyynnsskkii,, 22000011,, ssoofftt-ccoovveerr,, NNeewwnneessss PPuubblliisshheerrss,, 221155 pppp..,, IISSBBNN 0077550066 44663399 XXAs the preface indicates:“Close circuit television (CCTV) is currently a growth industry, but this growth is very much aresult of the impact that new technology has had on CCTV. People have seen what CCTV can do and they want it. Thishas placed a demand on installation and maintenance companies which at times they are hard-pressed to meet.” The pur-pose of this book is to provide knowledge and understanding about CCTV technology. Advances in intruder alarms andaccess control technology have already forced many engineering to upgrade their understanding of such things as digitaltechnology and telephone systems. Many individuals now find themselves having to deal with CCTV technology withoutthe knowledge that is necessary.

There are 10 chapters in the work dealing with different aspects of the topic. These range from a description of theCCTV industry to the fundamentals of the CCTV camera,monitors, recording equipment, switching and multiplexing. Thebook provides the underpinning knowledge required, in particular for level 3 NVQ from SITO/City & Guilds.

AAvvaaiillaabbllee ffrroomm BBuutttteerrwwoorrtthh HHeeiinneemmaannnn,, LLiinnaaccrree HHoouussee,, JJoorrddaann HHiillll,, OOxxffoorrdd,, OOXX22 88DDPP,, tteell:: ++4444 ((00))11886655 331100336666;; oorrIInntteerrnneett:: <<wwwwww..nneewwnneesspprreessss..ccoomm>>,, tteell:: ++4444 ((00))11886655 331144557722..

CLSR NovDec.qxd 10/22/01 12:06 PM Page 414