SEC575 Information Security Law and Ethics
Week 1 Discussion
DQ1 JURISDICTION OVER WEBSITES
Read Yahoo v. La Lique (Links to an external site.) and Mink v. AAAA Development LLC (Baumer, pp. 44–46), and then discuss the factors that were used to determine whether each court had jurisdiction over non-resident website operators. What business factors should enter into development of commercial websites and decisions about whether to subject a company to long-arm jurisdiction?
DQ2 IMPACT OF TECHNOLOGY ON THE LAW
All websites are equally accessible on the Internet, no matter where a site's business sponsor is located. Consequently, foreign websites are accessible to people cruising the Internet.
Suppose a foreign website sells drugs that are not approved by regulatory agencies for sale to citizens of another country. Do you think that website has a duty to be familiar with drug laws throughout the world? Why or why not? In addition, do you think the owners of the website have committed a crime? Why or why not?
SEC575 Information Security Law and Ethics
Week 2 Discussion
DQ1 TO SPAM OR NOT TO SPAM
You have just graduated from Keller Graduate School and decide that you want to start an Internet business. You have limited capital but need to market your product. Someone suggests that you can purchase 500,000 Internet addresses at an extremely low cost. You have always hated spam but realize that this is a great way to reach a half a million potential customers both quickly and cheaply. You recognize that many, if not most, of the recipients will find your spam message a nuisance. Focusing on the legal issues that you believe affect your actions, discuss what you would do.Read the excerpts of the CAN-SPAM Act (Links to an external site.).
DQ2 TAXATION AND THE INTERNET
Class, it always comes down to taxes--the state wants them and you the consumer would just as soon pass on sales taxes if you are ordering online rather than at a brick and mortar store.
What is the state of taxing of Internet sales? Read Case 23-1: National Bellas Hess, Inc. v. Department of Revenue of the State of Illinois at p. 752 and the accompanying discussion at pp. 750-56 of our Text. Also read the linked 1992 Quill Corp v. North Dakota (Links to an external site.) decision which served as the basis for more than a decade of debate on taxation of Internet transactions. And, finally, please read South Dakota v. Wayfair (Links to an external site.), a 2018 decision which expressly overruled National Bellas Hess and Quill Corp decisions.
SEC575 Information Security Law and Ethics
Week 3 Discussion
DQ1 SHRINK-WRAP. BOX-TOP, AND CLICK-WRAP AGREEMENTS
Shrink-wrap, box-top, and click-wrap agreements are inherent to e-commerce. How you feel about them often depends on whether you are the vendor or purchaser. What are the best practices to assure shrink-wrap, box-top, and click-wrap agreements are legal? What are the best ethical practices that the e-commerce industry should adopt?
DQ2 ATTRIBUTION IN AN E-COMMERCE WORLD
In a world of one-click acceptance, vendors face real challenges in determining whether the clicker is in fact the offeree to whom the offer is made. What are some steps or procedures vendors can adopt to establish attribution? What happens if a consumer clicks on the wrong button or did not intend to click at all? What legal and ethical defenses should be available to e-commerce customers?
SEC575 Information Security Law and Ethics
Week 4 Discussion
DQ1 CONSTITUTIONAL RIGHTS AND BUSINESS
We tend to think of constitutional rights in terms of individuals--our rights to free speech, to worship or not worship as we see fit, our rights to be secure in our homes from unreasonable governmental intrusion and our rights as criminal defendants to a jury trial, to a competent attorney and the right against self-incrimination.
But a lot of these rights have relevance to business. And other rights such as the power of the federal government under the Commerce Clause and the right of governments to seize our property under eminent domain are critical to how businesses can profitably operate.
So let's jump into what should be a fascinating discussion
DQ2 INVASIONS OF PRIVACY IN CYBERSPACE
Americans have a high regard for privacy. This regard is codified in the Fourth Amendment to the U.S. Constitution, which guarantees the right of the people to be secure in their persons, houses, papers and effects against unreasonable search and seizure.
Is the Electronic Communication Privacy Act of 1986 sufficient to guarantee our rights to privacy in Internet and other electronic communications? Or, in the aftermath of 9/11 and the war on terror, should we reasonably expect government inroads into privacy and the use of snooping tools such as Carnivore?
SEC575 Information Security Law and Ethics
Week 5 Discussion
DQ1 INTELLECTUAL PROPERTY IN AN INTERNET AGE
The Internet revolution brought with it a flood of intellectual property issues. We all know about the rise and fall of Napster and the efforts of next-generation file-sharing programs to build pure person-to-person networks. Our text discusses DeCSS software that can defeat anticopying protections on DVDs. Internationally, the problem has exploded, with knock-off software programs available throughout China and much of the Far East.
What can intellectual property owners, particularly the creators of music and movie entertainment, do to protect their copyrights?
Are international trade agreements likely to be effective in protecting copyright holders?
DQ2 "SUCK SITES," FREE SPEECH, AND METATAGS
The Internet is the new soapbox anyone can use to voice an opinion. With that being the case, can a website that is critical of a business use the trademarked name of the business? Can those critical of the commercial practices of a business use the business's name and also employ metatags to draw browsers of those who input the business's name in the search engine?
Which value should receive the highest weight—the right of a company to protect its trademark or the right of unfettered free speech in the marketplace?
SEC575 Information Security Law and Ethics
Week 6 Discussion
DQ1 ETHICAL HACKER
Your CEO reads an article that a German firewall company, Securepoint, has hired the author of the Sasser worm. She also reads articles from security experts who are in support of or against the hiring. She concludes that it would be a good idea for your company to hire a local hacker to work for your company. She asks you, the company's Chief Information Security Officer, for your opinion. Please advise whether you agree or disagree with the CEO, specifically addressing the ethical issues involved. (suggested reading: Baumer, pp. 725–726)
DQ2 CYBERETHICS
Using your favorite Search Engine, locate a website devoted to cyber ethics. Provide the URL and a summary of the ethical principles promoted by the website.
SEC575 Information Security Law and Ethics
Week 7 Discussion
DQ1 COMPUTER VIRUSES
Computer viruses can cause havoc when the infection hinders or disables personal or business computers. Naturally, the cost of dealing with viruses impacts major companies whenever an infection occurs and is high in both monetary and manpower expenditures. But even the small businessperson or casual user can experience major inconvenience, anguish, and expense when infected. Does the law deal severely enough with those who spread viruses? Is there anything more that the government could do to protect citizens and businesses that use the Internet that would not be viewed as an invasion of citizens' rights? Now imagine that the next time you went to your personal computer it was useless because of a virus and had to be replaced, or that the next time you went to the computer lab on campus you found that a virus had disabled all computers on your campus for 6 months. Would your answer be different?
DQ2 THE INTERNET, PORN, AND FREE SPEECH
The attempt to regulate pornography and to develop definitions that do not run afoul of the First Amendment is expanding as the Internet becomes the number-one source for the dissemination of pornography. Attempts to regulate online pornography through the Communication Decency Act of 1996 and the Child Online Protection Act of 1998 have been struck down by the Supreme Court. What legal solutions are available to combat pornography? Are site-blocking tools an effective way to monitor the usage of the Internet by children?
SEC575 Information Security Law and Ethics
Week 1 Homework
Ch. 1, Review and Analysis: Question 1 - Page 34
Ch. 2, Review and Analysis: Questions 3 and 4 - Pages 63-64
SEC575 Information Security Law and Ethics
Week 2 Homework
Ch. 18: Review and Analysis: Question 3 – Page 610.
Ch. 23: Review and Analysis: Questions 1 and 5 – Page 777.
SEC575 Information Security Law and Ethics
Week 3 You Decide
You are the manager of a large data processing project. Your company, Systems Inc., worked very hard to obtain a contract with Big Bank to do the conversions from its recent acquisition, Small Bank. The bank met with several companies to discuss who would do the best work on the contract. During your meeting with Big Bank, you told them that you had "never missed a conversion deadline." At the time, your company had never missed a conversion deadline, but the company had only done three conversions. You also told them that your data processing systems were the fastest around. After months of negotiation, Big Bank signed the contract. The president of Big Bank said, "We like fast, and you guys are fast. We choose you."
You started work on the data conversion immediately (ahead of contract). According to the contract, your team was responsible for ensuring that the new bank's data were converted to Big Bank's data processing system. The contract involved six large conversions. The first involved converting Big Bank's savings accounts, the second its checking accounts, the third its investment portfolio, the fourth its credit cards, the fifth its mortgage portfolios, and the sixth its large business loans. Your team completed four of the six conversions without a problem. The fifth task, the largest and most important, has encountered numerous problems. Some problems have been based on personnel issues on your part and other issues have been based on the bank's failure to provide you with necessary information. One issue resulted when the conversion was delayed for over a week. The data to be converted were formatted differently than the bank's previously provided specifications. For that reason, the data conversion fields needed to be changed. A provision in the contract required your company to receive four people's approval before making any changes to the conversion data fields, and one of those four people, Glenda Givealot, was out of the country doing missionary work in an area of the world that did not have cell phone reception. Another issue resulted when the conversion was supposed to occur. Because of the change in the timeline, the conversion schedule had to change. The weekend the conversion was rescheduled to occur, an ice storm struck the state where your data processing computers were housed. Your facility lost electricity for 3 days and the conversion was delayed again until power could be restored.
Key Players
Female Businesswoman 1The bank’s president, who is a known hothead, was furious. He called you after power was restored and yelled,
“We are rescinding this contract!”
He also threatened to take the case to court to seek damages.
Systems Inc. President
Female Businesswoman 2Your company president wants this situation resolved amicably. He also wants to maintain the contract with the bank, because he sees the potential for a large amount of business with the bank in the future if this contract proves successful. Corporate counsel believes that the bank just needs to be shown that it is out of compliance with the contract just as we are and that both parties are to blame. He wants you to start negotiations with the bank to modify certain provisions of the contract to make expectations clearer.
You Decide Activity or Assignment
Below is the list of questions you should answer using this YD Template (Links to an external site.).
Can Big Bank's president rescind the contract? Under what circumstances can a contract be rescinded by either party? What facts have to be alleged and proven? What is the result of a contract that is rescinded?
Big Bank's president also threatens legal action. What potential causes of action could you foresee him bringing in court? Would he be successful? Why or why not? What arguments could Systems Inc. raise in its defense? What are Big Bank's potential damages?
Review the facts provided and the sample contract. What provisions of the contract could you cite to support an argument that it is not in Big Bank's best interest to rescind the contract? What facts could you cite to support an argument that Big Bank should be responsible for some of these issues and/or not in compliance with the contract?
In this situation, your company greatly prefers amicable resolution of problems. Would this be true in all contract disputes? In what situations would you decide to move to litigation over amicable resolution, and why?
There are three types of contract performance: complete, substantial, and material breach. Describe the differences (and similarities) among the three, and explain some of the legal ramifications for one or more of these types of performances. (For example, what happens if one party performs completely but the other party performs only substantially?) Give examples from outside readings or experiences in your career or personal business life.
What are the two most important concepts from this exercise that will help you in future contract negotiations?
SEC575 Information Security Law and Ethics
Week 4 Homework
Ch. 5, Review and Analysis: Question 4 - Page 160.
Ch. 11, Review and Analysis: Questions 1 and 2 - Page 363.
SEC575 Information Security Law and Ethics
Week 5 Homework
Ch. 12, Review and Analysis: Question 5 - Page 401.
Ch. 13, Review and Analysis: Questions 3 and 5 - Page 437.
SEC575 Information Security Law and Ethics
Week 6 Homework
Business Ethics Simulation: Bribery. Complete simulation (see Simulation area) and submit paper per guidelines and questions.
Objective
In this exercise, you will be given the opportunity to consider several ethical questions involved in making "encouragement payments" overseas. You will make choices, and as in real life, you will deal with the consequences of your choices as they relate to the handling of a criminal case.
Assignment
The simulation presented several areas for decision making, involving profitability for the organization, ethical considerations, and potential legal liability.
Business Ethics
Tutorial
Click here to open the Business Ethics Simulation (Links to an external site.).
Approximate run time: 5 minutes
At the conclusion of the simulation, you will complete the following assignment.
Transcript
Task:
Write a 4–5-page paper with your answers to the questions. See the Assignments for the grading rubric.
What should CEO Werner say to the Division Chiefs? Is the decision ethical? Why or why not?
How are you enjoying the new position in Hong Kong? Do you keep your job? Why or why not?
What are the implications of payments being made by the subordinate?
Epilogue: From your perspective, how does the simulation impact ethical considerations for organizations?
SEC575 Information Security Law and Ethics
Week 7 Homework
Review and Analysis: Questions 3, 4, and 5 - Page 743
SEC575 Information Security Law and Ethics
Week 4 Midterm Exam
Question 1 (TCO A) Which of the following describe what happens to law over time?
Group of answer choices
It evolves and changes.
It is enriched, defined, and interpreted by court decisions.
It provides a prediction about how courts will decide cases.
All of the above
B and C only
Question 2 (TCOA) For nonresident persons, long-arm statutes enable state courts to have jurisdiction over nonresidents in all but which one of the following situations?
Group of answer choices
Nonresidents who commit a within-the-state tort
Nonresidents who signed a contract within the state
Nonresidents who bought a product in this state and consumed it in the state in which the plaintiff is alleging jurisdiction
Nonresidents who bought a product in another state and consumed it in the state in which the plaintiff is alleging jurisdiction
Question 3 (TCOB) When a website makes outlandish claims regarding age longevity products, the FTC can pursue an action against which of the following groups?
Group of answer choices
The owner of the site
The website designer
The advertising agency
All of the above
A and C only
Question 4 (TCOC) Which best describe describes what is provided by the Internet Tax Freedom Act of 1998?
Group of answer choices
A 3-year moratorium on special taxation of the Internet
A 3-year moratorium, then a federal tax on Internet access or electronic commerce
A 3-year moratorium on multiple and discriminatory taxes on electronic commerce
A 3-year moratorium on taxation of goods or services that are sold exclusively over the Internet with no comparable offline equivalents
Question 5 (TCOE) Under the UCC, additional terms in the acceptance are proposals that become part of the contract if which (if any) of the following occurs?
Group of answer choices
The offer expressly limits acceptance to the terms of the offer.
They materially alter the acceptance.
They alter a nonmaterial term of the offer.
Notification of objection to the terms has already been given or is given within a reasonable time after notice of them is received.
Question 6 (TCOC) Ralph chooses the password "brains" when becoming a website member to an online auction company. To become a member, Ralph must provide a good bit of personal information as well as choose the password. If the website uses commercially reasonable procedures for identifying a customer, then
Group of answer choices
the risk of unauthorized use of a password stays with the vendor.
the risk of unauthorized use of a password shifts from the website vendor to Ralph.
the risk of unauthorized use of a password shifts to Ralph, but Ralph will not have to pay if anything is charged to his account, provided he can show that he did not order the items.
None of the above
Question 7 (TCOE) You go into a store and purchase some software that displays a clickwrap agreement at the time of installation. You have already purchased the product and are being asked to consent to the contract that purportedly memorializes the payment. When is the contract formed? Is it at the moment of purchase or later, when you assent to the terms of the clickwrapagreement? Explain your answer.
Question 8 (TCOB) State taxation of out-of-state businesses is based upon establishment of "minimum contacts." Describe the theory of minimum contacts and explain how that theory affects whether or not a state can tax goods sold or services rendered.
SEC575 Information Security Law and Ethics
Week 8 Final Exam
Question 1(TCOs A, B) The FTC considers e-commerce just the same as traditional brick-and-mortar businesses. Describe what the FTC requires regarding claims made by websites.
Question 2 (TCO C) The Communications Decency Act (CDA) of 1996 had a significant impact on the liability of ISPs in its provisions regarding defamation. Detail the act and its impact on state defamation laws.
Question 3(TCO D) "Teachers 'R Us" is a registered trademark and a registered domain name ("teachersrus.com"). This website provides general information about a number of subjects and is primarily targeted to middle school–age children. The teachers from the local middle school decide to design and maintain their own website. Their website will provide information specific to their school as well as general tips on homework, class assignments, and similar items. The domain name that they have chosen is "mteachersrus.com." If the owner of the Teachers 'R Us domain name would like to prevent this competitor from operating, what would be best cause of action for the owner to pursue? What would be the probable outcome of this lawsuit?
Question 4(TCO E) You have hired a new salaried employee to develop security protocols for your company. The employee is very ambitious. You are concerned that his plans are to collect a salary from you until he develops something he views as commercially viable, then quit and attempt to market the protocols you have paid him to develop.
i. What steps can you take to protect yourself and your company? (18 points)
ii. What specific contractual language is most likely to protect your company against employee disclosures or theft of confidential information? (18 points)
Question 5 (TCO F) Most websites contain privacy statements. What are the advantages of privacy statements to the owners of websites? Include in your answer considerations related to choice of law, customer expectations relating to privacy, and fair information practices.
Question 6 (TCOs D, G) Jim is a consultant; small businesses hire him to advise them on their computer needs. Recently, he was hired by a company interested in upgrading its hardware and software to manage customer relations. Jim has been hired to evaluate proposals. Jim concludes that the best alternative is from Customers-R-Us, and he explains why he recommended Customers-R-Us in his report. But Jim fails to mention that he is a silent partner (co-owner) in Customers-R-Us.
i. Did Jim act unethically? Why or why not? (10 points)
ii. Should he have disclosed his ties to Customers-R-Us? Why or why not? (10 points)
iii. Should Jim have declined the consulting job once he learned that Customers-R-Us was going to make a bid? Why or why not? (10 points)
iv. What guidance can you get from any relevant published professional ethics codes? (5 points)
Question 7 (TCO H) Cybermedicine is a very complicated area of e-commerce. It poses some very difficult legal issues as two industries interface over the Internet. Discuss and substantiate your understanding of the issues currently being faced by cyber medicine providers. What are the major concerns?