The Computer Software Compliance Problem

Peter J. Knoke

Download Paper | Permalink

Conference: 2014 ASEE Annual Conference & Exposition
Location: Indianapolis, Indiana
Publication Date: June 15, 2014
Start Date: June 15, 2014
End Date: June 18, 2014
ISSN: 2153-5965
Conference Session: Potpourri
Tagged Division: Computing & Information Technology
Page Count: 7
Page Numbers: 24.1191.1 - 24.1191.7
DOI: 10.18260/1-2--23124
Permanent URL: https://strategy.asee.org/23124
Download Count: 418

Request a correction

Paper Authors

biography

Peter J. Knoke University of Alaska, Fairbanks

visit author page

Associate Professor of Software Engineering in the University of Alaska Fairbanks Computer Science Department for the last 25 years. Prior to that various positions in the computer industry from 1958 to 1988, mostly in the role of software engineer.
Prior to that fighter pilot in the USAF for several years.

visit author page

Download Paper | Permalink

Abstract

THE COMPUTER SOFTWARE COMPLIANCE PROBLEM: IMPORTANCE AND POSSIBLE SOLUTIONSABSTRACT1) IMPORTANCEThe computer software compliance problem is discussed in the context of the standard softwareengineering model, which addresses components of requirements, design, construction, test, andmaintenance. It is especially relevant to the requirements and design phases. It is important becausemishandling the problem can lead to lengthy development times, large development costs, andserious quality and liability risks for the software developer.2) COMPUTER SOFTWARE COMPLIANCE PROBLEMThe problem may become more difficult to solve because of the current trend toward cloudcomputing. This is because legal liabilities of the developed software can be different if it isconsidered to be “software as a service” instead of “software as a product”. Problems are bestaddressed in the requirements and design development phases, because solutions in laterdevelopment phases are much more expensive to apply. However non-compliance is often detectedin later phases because software-related legal requirements tend to be complex, ambiguous, andsubject to changes due to legal changes. Also software developers and software engineers can beunaware of or baffled by legal requirements.3) SOLUTION APPROACHESSolutions are most cost-effective if applied at the requirements or design levels. Lawyers tend to bequite familiar with laws that are complex, ambiguous and changeable, and so their presence could bemost effective at the requirements level. Problem solutions at a requirements level can be addressedby tools and processes, whether the problem solver is a lawyer or a software engineer. Sometimeslawyers and software engineers have something to offer each other in the solution of the computersoftware compliance problem. At the software design and software architecture levels softwareengineers are likely to be most helpful. Some modularity and object definition ideas of Parnas andothers are promising at this level. At the test level both lawyers’ and software engineers’ ideas couldbe helpful. The meaning of some laws is often clarified by the application of standard legal tests.4) MINING LEGAL CASE STUDIES FOR SOLUTION IDEAS Software law litigation documents can be good sources of lessons learned. The documents could helpsoftware developers avoid liability problems. The ongoing Apple v. Samsung case is provided as anexample to illustrate this point. In this lawsuit wherein Apple charges Samsung of copying Apple iPadand iPhone products in violation of Apple “look and feel” design patents, and reportedly seeks tocollect $25 billion from Samsung for this infringement. The broad legal concept of “ IntellectualProperty” applies in this case. The concept is quite old but in recent years it has been specialized todeal with software property rights. The trial case has a judge and a jury, and is now being held inCalifornia. It is reported by many sources on a daily basis. However, the lessons learned are not yetknown because at this writing the trial is still incomplete. It is also not clear how long it will be beforethe trail is completed.5) REASONS FOR HOPEThere are some reasons for hope that progress will continue toward solutions for the computersoftware compliance problem. They include the increasing numbers of well-documented and relevantlegal case studies, an increasing number of law schools with programs addressing technology law, anincreasing number of lawyers and judges with significant technical understanding and expertise, andan increasing number of software engineers with awareness of software-related legal issues.6) REFERENCESSome key references for ideas in the paper are provided below as a draft list 1) IMPORTANCE references (many recent trials with high publicity US FTC v. many large US software and computer companies EU v. Microsoft, Google, Facebook Oracle v. Google (IP, Java language) Apple v. Samsung (“look and feel”, IP) Westlaw Journal Software Law 2) COMPUTER SOFTWARE COMPLIANCE PROBLEM references (many results from Google Bing, Wikipedia, IBM Systems Journal) Lessig papers and books Knoke papers and reports Samuelson papers (ACM) Stern papers (IEEE Micro) 3) SOLUTION APPROACHES references (software tools and methods of various kinds) Books by Supreme Court Justice Scalia Parnas papers on objects Financial compliance software HIPAA compliance software SOX compliance software Checkers for open source software presence Software license checkers 4) MINING LEGAL CASE STUDIES references (many media reports) Apple v. Samsung Oracle v. Google “Pirates of Silicon Valley” video (CD from 5) REASONS FOR HOPE references (law school programs, etc. reports on web) Judge actions at high interest trials Advertised specialty law practicesOpen source advocates (many lawyers. FOSS licenses are based on copyright law)Many new books on Internet Law, Cyber law, etc.A number of CS professors are also lawyers

Citation
Format

Knoke, P. J. (2014, June), The Computer Software Compliance Problem Paper presented at 2014 ASEE Annual Conference & Exposition, Indianapolis, Indiana. 10.18260/1-2--23124

TY - CPAPER
AB - THE COMPUTER SOFTWARE COMPLIANCE PROBLEM: IMPORTANCE AND POSSIBLE SOLUTIONSABSTRACT1) IMPORTANCEThe computer software compliance problem is discussed in the context of the standard softwareengineering model, which addresses components of requirements, design, construction, test, andmaintenance. It is especially relevant to the requirements and design phases. It is important becausemishandling the problem can lead to lengthy development times, large development costs, andserious quality and liability risks for the software developer.2) COMPUTER SOFTWARE COMPLIANCE PROBLEMThe problem may become more difficult to solve because of the current trend toward cloudcomputing. This is because legal liabilities of the developed software can be different if it isconsidered to be “software as a service” instead of “software as a product”. Problems are bestaddressed in the requirements and design development phases, because solutions in laterdevelopment phases are much more expensive to apply. However non-compliance is often detectedin later phases because software-related legal requirements tend to be complex, ambiguous, andsubject to changes due to legal changes. Also software developers and software engineers can beunaware of or baffled by legal requirements.3) SOLUTION APPROACHESSolutions are most cost-effective if applied at the requirements or design levels. Lawyers tend to bequite familiar with laws that are complex, ambiguous and changeable, and so their presence could bemost effective at the requirements level. Problem solutions at a requirements level can be addressedby tools and processes, whether the problem solver is a lawyer or a software engineer. Sometimeslawyers and software engineers have something to offer each other in the solution of the computersoftware compliance problem. At the software design and software architecture levels softwareengineers are likely to be most helpful. Some modularity and object definition ideas of Parnas andothers are promising at this level. At the test level both lawyers’ and software engineers’ ideas couldbe helpful. The meaning of some laws is often clarified by the application of standard legal tests.4) MINING LEGAL CASE STUDIES FOR SOLUTION IDEAS Software law litigation documents can be good sources of lessons learned. The documents could helpsoftware developers avoid liability problems. The ongoing Apple v. Samsung case is provided as anexample to illustrate this point. In this lawsuit wherein Apple charges Samsung of copying Apple iPadand iPhone products in violation of Apple “look and feel” design patents, and reportedly seeks tocollect $25 billion from Samsung for this infringement. The broad legal concept of “ IntellectualProperty” applies in this case. The concept is quite old but in recent years it has been specialized todeal with software property rights. The trial case has a judge and a jury, and is now being held inCalifornia. It is reported by many sources on a daily basis. However, the lessons learned are not yetknown because at this writing the trial is still incomplete. It is also not clear how long it will be beforethe trail is completed.5) REASONS FOR HOPEThere are some reasons for hope that progress will continue toward solutions for the computersoftware compliance problem. They include the increasing numbers of well-documented and relevantlegal case studies, an increasing number of law schools with programs addressing technology law, anincreasing number of lawyers and judges with significant technical understanding and expertise, andan increasing number of software engineers with awareness of software-related legal issues.6) REFERENCESSome key references for ideas in the paper are provided below as a draft list 1) IMPORTANCE references (many recent trials with high publicity US FTC v. many large US software and computer companies EU v. Microsoft, Google, Facebook Oracle v. Google (IP, Java language) Apple v. Samsung (“look and feel”, IP) Westlaw Journal Software Law 2) COMPUTER SOFTWARE COMPLIANCE PROBLEM references (many results from Google Bing, Wikipedia, IBM Systems Journal) Lessig papers and books Knoke papers and reports Samuelson papers (ACM) Stern papers (IEEE Micro) 3) SOLUTION APPROACHES references (software tools and methods of various kinds) Books by Supreme Court Justice Scalia Parnas papers on objects Financial compliance software HIPAA compliance software SOX compliance software Checkers for open source software presence Software license checkers 4) MINING LEGAL CASE STUDIES references (many media reports) Apple v. Samsung Oracle v. Google “Pirates of Silicon Valley” video (CD from 5) REASONS FOR HOPE references (law school programs, etc. reports on web) Judge actions at high interest trials Advertised specialty law practicesOpen source advocates (many lawyers. FOSS licenses are based on copyright law)Many new books on Internet Law, Cyber law, etc.A number of CS professors are also lawyers
AU - Peter J. Knoke
CY - Indianapolis, Indiana
DA - 2014/06/15
PB - ASEE Conferences
TI - The Computer Software Compliance Problem
UR - https://strategy.asee.org/23124
DO - 10.18260/1-2--23124
ER -