Download The Changing Role of University Computing Centres

Legal Issues
Arising from Providing
IT Services & Facilities
Alex Reid
Director, OUCS
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
1
CONTENTS





Background
Membership
Status
Report Recommendations
Current Status
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
2
Background
 Initiative of the IT Committee (under Joe Stoy)
 Rationale:
 Increasing numbers using networks
 Increasing potential or real threats
 Changing legal framework (see on)
 Extent of University’s liability for actions of its staff &
students
 First Set Up May 98
 First Report Feb 99
 Council Augmented Membership
 Final Report Nov 99
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
3
Changing Legal Framework
 Defamation Act 1996
 Godfrey vs Demon (Times 20/4/99)
 WIPO Copyright Treaty 1996
 EU Directive being drafted
 Obscene Publications Act 1959, 1964 & Criminal Justice &
Public Order Act 1994
 publishing obscene material for gain
 Protection of Children Act 1978 & Criminal Justice Act 1988
 Computer Misuse Act 1990
 JISC Briefing Paper (New Developments in UK Internet Law http://www.jisc.ac.uk/pub/index.html#briefing)
 Morrell, Peel & Gamlen: Electronic Networks - Potential
Liabilities for Network Providers and User Organisations, 1995
 Manches: Caught in the Web - Law and the Internet (2nd ed),
1998
 Fyfe Ireland: Issues of Internet Liability (Report for Glasgow
University), 1996
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
4
Membership






Chaired by Chairman of IT Committee (Stoy, then Woodhouse)
OUCS Director (Reid)
University Legal Services Director (Anelay)
Professor of IP & IT Law (Vaver)
Council member (Hackney)
Secretary from Legal Services Office (Barnwell)
Later afforced by:




Departmental Administrator (Plummer)
College Bursar (Ruck-Keene)
College Senior Tutor (Kirwan)
College IT Fellow (Matthews)
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
5
Main Recommendations










Council adopt a statement denying “right to private use”
Council adopt a statement limiting “right to privacy”
IT Committee have the power to make Rules
IT Committee make and regularly revise Rules
Revise the Rules now
Procedures for authorising research using otherwise
prohibited material
Visibility of servers of various kinds outside Oxford be
controlled
Content on visible servers be subject to regulation
Third parties (including colleges) connected to Janet via
Oxford’s network be required to provide indemnities
Clear authority for College action
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
6
Right to Private Use
The University provides computer facilities and access to its
computer networks only for purposes directly connected with
the work of the University and the colleges and with the normal
academic activities of their members.
Individuals have no right to use University facilities for any
other purpose.
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
7
Limitation on Right to Privacy
The University reserves the right to exercise control over all
activities employing its computer facilities, including examining
the content of users’ data, such as e-mail, where that is necessary
(a) for the proper regulation of the University’s facilities;
(b)
in connection with properly authorised investigations in
relation to breaches or alleged breaches of provisions in
the University’s statutes, decrees and regulations, and the
rules on computer use published by the IT Committee
from time to time; or
(c)
to meet legal obligations.
Such action will only be undertaken in accordance with guidelines
laid down and published from time to time by the IT Committee
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
8
Power to Make Rules







OUCS has the power in relation to its facilities
Could rely on that
Too narrow a legal point
Library Committee analogy
Guidance/Direction to departments
Ensures proper consultation
Added weight to the Rules
 IT Committee to make and regularly revise Rules
 Issue revised Rules now:
 fairly straightforward revision of current OUCS Rules;
 guidelines on when/how privacy can be invaded derived
from existing SecPriv Guidelines
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
9
Authorising Research
 Accessing “forbidden” material for legitimate research
purposes
 Case at Bristol University (Guardian, 27/5/99)
 Cases here (offensive material & child porn)
 Case at University of Central England (book of
photographs by Robert Mapplethorpe - Oct 97,
Independent, 7/3/98)
 Staff members and students
 Who is authorised to endorse such research?
 Proper procedures
 RSO, CVCP, UCISA, SCONUL, Peter Sommer (Computer
Security Research Centre, LSE - aka Hugo Cornwall, author of
Hacker’s Handbook), ...
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
10
External Visibility of Web Servers
 Improper material being mounted on a Web site (pornography,
libel, offence, IPR infringement,…)
 Possible defences against legal consequences:
 Denial of responsibility;
 Scan all sites for offending material;
 Have clear-cut policies and ensure they are well-publicised;
 Act swiftly if brought to your attention;
 Do spot checks;
 Have proper procedure for maintaining appropriate balance
between freedom of expression and giving offence;
 Defence of innocent dissemination.
 Ensure all Web sites/servers are under proper “supervision”
 Deny external visibility to any that are not
 Applies also to Newsgroups, Hotline, anon-ftp, IRC, email, etc.
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
11
Third Party Indemnities
 UKERNA’s requirement (for connected 3rd parties):
UKERNA and the Funding Councils “are indemnified for any
and all losses caused to them by improper use of the facilities
granted to the organisation” being connected.
 Applies to those organisations which, while not being a part of
the University, have association with it, and are connected to
Janet via the University network
 Applies also to Colleges
 And to anyone connected via a College
 Colleges currently being consulted
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
12
Third Party Indemnities
Proposed Indemnity:
The University is indemnified by xxx College for any and all losses
caused to it by the improper use of the University’s computing or
network facilities accessed via college facilities where the use in
question is by:
1. A third party authorised by the college to use college
facilities;
2. A member or employee of the college, for purposes
unconnected with the University or with academic study or
research;
3. A member or employee of the University who is not a
member or employee of the college, for purposes
unconnected with the University or with academic study or
research;
4. A person or persons, whether or not known to the college,
who has obtained access to University facilities in breach of
University and/or college rules.
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
13
Clear Authority for College Action





Ultimate Sanction - Cut Off
External appearance is of a unitary university
Need to act in concert
Need to act quickly
Need to identify someone with the authority to act quickly
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
14
END
QUESTIONS?
ITSSC-2000 - Legal Issues - Alex Reid, OUCS
29-Jun-00
15