9 23 09 140tc Security Presentation

Security: Identifying and Managing the Legal Risks of Development and Twitter
Prof. Jonathan I. Ezor
Touro Law Center
140: The Twitter Conference
September 23, 2009
jezor@tourolaw.edu
@ProfJonathan

Risk Management Key to Successful Business
Risks come from many sources
Financial
Technological
Legal
“Silos” can lead to missed risks (and opportunities)
Legal (hopefully) constructive part of team
jezor@tourolaw.edu / @ProfJonathan

Software Development, Internet Both Have Unique Risks
Each depends on other vendors, users for functionality
Each also used for business-critical functions
Combination adds to challenges

Risks and Management for Twitter Software Developers
Rights to their own code
Use and limits of contract language
General workplace risk from soc media use
Unexpected legal issues
The Fail Whale
Insurance

Code and Copyright
Software covered by copyright
Under US law, copyright exists on creation
Generally, creator (or employer) automatically owns copyright
Otherwise, only transferred in writing
Filing allows for litigation, increases remedies

Licenses: Giving and Receiving
Licenses how copyright holders control use by others
Many types
Cover variety of rights
Freeware ≠ Public Domain (“libre” vs. “gratuit”)
For software, license may be to object and/or source code

Accidental Open Source “Infection”
Open source licenses require devs to make source code avail to users
May be free or commercial
Different licenses (GNU, Creative Commons, Etc.)
Issue when open source incorporated into intended closed source
May turn entire project into open source
Developer may not know about inclusion
Must educate developers, monitor libraries/code

Contract Language
Contracts popular way to identify/manage risks
Provide permitted uses
State/limit warranties
Limit liability
Set applicable law
May be provided in EULA, Terms of Use, etc
Employee contracts also crucial (NDAs, non-competes, etc.)

Contracts May Not Provide Expected Protection
Contracts governed by state law
Some language may be overbroad
Clickthroughs may/may not be sufficient
Copying others’ contracts could be problem
As risks increase, need for signed contract does as well

General Workplace Risks from Social Media Use
As said yesterday, Twitter-focused companies “eat their own dog food”
Also as said yesterday, humor in business doesn’t always work well
Need to balance benefits and risks of Internet access/use in workplace
Culture, business need, productivity all concerns

http://shankman.com/be-careful-what-you-post/
Many of my peers and I feel this is inappropriate. We do not know the total millions of dollars FedEx Corporation pays Ketchum annually for the valuable and important work your company does for us around the globe. We are confident however, it is enough to expect a greater level of respect and awareness from someone in your position as a vice president at a major global player in your industry. A hazard of social networking is people will read what you write.

Additional Internet-Related Legal Risks to Consider
Privacy
International issues
Consumer protection
Prize promotions (http://bit.ly/ke7y5)
Spam
Overall marketing
Others

What if Twitter Fails?
Building business on single vendor puts success in its hands
Twitter a single company, single product
Subject to technical issues, business risks of own
When Twitter Ain’t Running, Ain’t Nobody Running: http://bit.ly/19gpb3

Appropriate Insurance a Key Risk Management Component
Most businesses have some kind of insurance
Question whether it covers Internet-related risks
Many carriers offer appropriate policies
Need to ask/find broker who also understands

jezor@tourolaw.edu
Knowledge, Policies and Procedures Must Work Together To Minimize Risks
Create a “Social Media Policy” and enforce it (Good list at http://bit.ly/58oeQ)
Adequate funding of IT staff, including training
Make sure employees and outside professionals given proper education
Set up systems with business concerns in mind
Keep up with trade press
Follow company on Twitter, FB, etc.

QUESTIONS?

Jonathan I. Ezorjezor@tourolaw.edu@ProfJonathan on Twitterhttp://www.mobilerisk.com