|
Home
| The Handling of Legal Issues (Summary)
Full Text: Page 1 | Page 2 |
Page 3 | Page 4
Encryption and authentication
With everyday transactions now being carried out electronically, people need to trust that their private communications are not intercepted or altered as they make their way across global networks. If people cannot depend on the confidentiality and authenticity of electronic information, they may revert to more traditional methods of communication and effecting business transactions. The full potential of the information society may then not be achieved.
Against this backdrop, new and developing cryptographic techniques are of widespread appeal. Cryptography is used to conceal or verify the contents of electronic documents and to protect files from unauthorised access, alteration and theft. Encryption involves coding a text so that it cannot be read if it is intercepted. It is used when people need information to stay confidential. However, encryption may also be deployed for illegitimate purposes. This prospect has urged law enforcement agencies to call for restrictions on unbreakable encryption. Privacy advocates and business interest groups resist any attempts to restrict encryption arguing that to do so would unfairly compromise the privacy of individuals and jeopardise the development of the information society.
(See also
personalisation)
The USA has traditionally resisted the export of cryptographic softwares, and has pushed for the ability of Federal Agencies to have access to the keys necessary to decrypt communications. The USA’s attitude towards the use of cryptography by third parties has hardened since the terrorist attacks in Washington and New York on 11 September 2001.
Authentication is the electronic confirmation that you are the person you claim you are. Authenticity is the confirmation that the message as received has not been tampered with in any way on its way from the sender to the recipient. Citizens today need to know that they can engage in electronic transactions with the same degree of trust that is associated with paper-based transactions.
Public Key Cryptography, or PKC, uses a pair of keys, a public key that is widely available and another private key known only to the person, application or service that owns the keys. The public key can be transmitted unencrypted over insecure lines, but the private key must be kept secret. Thus, key distribution is greatly simplified.
The major government issues that arise are questions regarding the right of governments to demand keys from their owners so that they can decrypt messages, the establishment of Trusted Third Parties to handle keys on behalf of third parties, and their legal role.
(General
background on encryption issues.)
Authentication does not have to involve cryptography. The very successful ATHENS system developed in the UK is based on ID and password characters. It is due to be upgraded to a new system in the near future, and
could in principle be used by any library.
Key political point – the tension between Governments and civil libertarians on the right to decrypt messages. Where will public libraries position themselves?
Filtering software
A major issue for public libraries is concern that patrons either receive, or send materials from Internet workstations that is considered unsuitable. Principally, the concern is to do with pornographic materials, but other materials, such as race hate materials, violent images, encouragement of drug-taking, pro-terrorist propaganda, and so on have also been the subject of some concern. The EU has agreed a number of position statements regarding the protection of minors and other vulnerable citizens from the worst excesses of the Internet. There are many methods for addressing the problem, but one that has attracted considerable attention is that of the use of filtering software. Such softwares (and there a number available on the market) reject attempts to display or retrieve Web sites that contain objectionable words, or, in some cases, types of images (based on the amount of flesh tones).
A number of libraries have installed such softwares in an attempt to address the pressure they are under to prevent patrons from accessing objectionable materials. Unfortunately, studies (some of them funded by the EU) have demonstrated that all the current softwares are too crude, in that they reject sites that are totally unobjectionable because of the fortuitous use of certain words in the text, and they fail to reject many objectionable sites that happen not to use the words in question. There have been a number of cases worldwide, both formal Court cases and informal decisions, regarding the liability of public libraries in regard to the access they provide to the Internet. Concerned groups and individuals have either taken the public library to Court or have pressurised for action where that public library offers Internet access that has resulted in patrons viewing objectionable material. In some of the cases, efforts have been made to either restrict access altogether, or to impose content filtering software. The American Library Association (ALA) in particular has been vigorous in defending US public libraries against such pressure, and has generally been successful in such efforts.
(See also
multimedia, filtering,
filtering software)
The legal position of public libraries depends on the legal traditions of the country in question, and the willingness of the librarians to be robust in resisting attempts at external censorship. The EU is developing policies regarding the safe use of the Internet, and it is important that public libraries get involved in the development and implementation of such policies. This topic is particularly problematic, and public libraries should try to co-operative with each other in developing policies and procedures.
Key political point – the tension between those who wish to censor and those who want a free flow of information. Public libraries are in the firing line.
IPR in metadata
General issues of IPR are discussed in another deliverable. In principle, metadata is protected in the EU, under database right and/or copyright. Under the database Directive, a database comprises a systematic collection of data or other materials, each of which is individually accessible by electronic or other means. Without doubt, any collection of metadata qualifies as a database, therefore. The protection accorded to that database depends whether there is intellectual or creative effort in the database.
There is a strong argument that if an indexer used skill and expertise to apply metadata tags to a document, then the metadata tags should be protected by copyright. Even if a Court were to decide they did not qualify for such protection, because of the human and financial investment in such tagging, they would without doubt enjoy database right. Thus, metadata should be respected by public libraries as they respect other copyright works, and equally, if the libraries have created their own metadata, they have the right to sue if third parties copy substantial portions of the material without permission.
(See
metadata.)
IPR in metadata becomes a particular issue when there is a joint project of some sort for adding metadata to a collection of We resources. If the IPR issues are not sorted out from the outset, there is potential for serious legal problems if, say, the parties wish to break the arrangement in the future, or if commercial exploitation of the collection becomes a possibility.
Key political point – this is an issue that gets overlooked, but has the potential to cause serious problems in the future if rights are not sorted out in advance of joint development projects.
GOOD PRACTICE GUIDELINES
The major public library activities that are covered by this Guideline area are:
Data Protection and privacy
Issues arise in particular regarding the maintenance and use of patron borrowing records, and the tracking of their usage of electronic resources. These are often sensitive matters, and there have been cases where police have sought to identify particular individuals’ reading habits from local public libraries. Other problematic areas include the forwarding of readers’ details to commercial organisations. Other less contentious areas include the maintenance of records of authors on library catalogues, and the publication of details of library staff maintained on Web sites. Codes of ethics or of practice for public library staff should be developed to give guidance to staff if particular problems arise. Advice on legal responsibility regarding privacy and data protection is also needed.
Encryption
At present, public libraries are not heavily engaged in the transfer or receipt of messages that are encrypted. However, with the increasing likelihood that sooner or later the financial dealings of the library, say ordering books, will be done using e-commerce methods, public libraries will have to get themselves up to speed in this field. It is important to recognise that the law only provides a benign regulatory framework for encryption, and that ultimately it is up to the library to employ the best-established and most reliable technique available.
Encryption applies to Business to Customer (B2C), Customer to Customer (C2C) and Business to Business (B2B) transactions, and different rules might apply in future to these different types of communication. B2C is the one that is of most importance to public libraries, as the issues primarily arise when they communicate electronically with their patrons. It is important to recognise that encryption has important political overtones, and that public libraries may find themselves in the vanguard of arguments in favour of permissions to use encryption. At present, European public libraries do not have the same tradition of political lobbying as the American Library Association has. This may have to change in the future.
(See also
personalisation.)
Home
| The Handling of Legal Issues (Summary)
Full Text: Page 1 | Page 2 |
Page 3 | Page 4
|
