Copyright can be contentious issue for security practitioners weaned on open source and raised on Slashdot. It is important to remember that open source licenses, Copyleft, and Creative Commons are themselves imaginative hacks on traditional copyright law. It is copyright that makes these alterative licenses possible.
The purpose of Copyleft and Creative Commons is simple: disperse information as widely and as freely as possible. The purpose lines up neatly with the hacker ethic. Information wants to be free, after all, and these licenses are ways to ensure its freedom while still maintaining some protective controls for the author. The purpose is in turning works into generative pieces. Standard copyright reserves all rights for the author.
The decision on the copyright license to use lies with the organization. Specifically, the designated owner of the information asset is charged with making these decisions. As the security managers for the information networks, our responsibility is to educate the designated owner and ensure that the decisions are enforced correctly and consistently.
Copyrighting a document has a few obvious requirements. The document must be original and not infringe on other’s existing copyrights. It must be fixed form, like a document, image, or an audio/visual recording. Architectural plans and software source code can also be copyrighted. The copyright protects a given expression of an idea, but not the idea itself. Thus an architecture plan that is copyrighted protects the plan itself, but not the ideas behind designing the plan. Software copyrights are similar. The copyright protects the specific source code but not the underlying idea, method, or algorithm. Copyrighted works must be substantive. A short phrase, a brief sound clip, a plan for a room’s walls, and a short code snippet all are non-copyrightable.
Copyright provides specific protections. Other organizations cannot copy without permission (unless permission has been granted with Creative Commons or similar licensing). People and firms that buy copyrighted material, however, do have extended rights (called First Sale doctrine) to resell or redistribute the purchased copy. Similarly, the Right to Adapt exists that gives control over derivative works are produced to the original author. End user license agreements can be tailored to avoid First Sale doctrine and Right to Adapt. These licenses provide tighter control over how the property is used.
The commercial impact of unauthorized works is taken into account in copyright infringement cases. The end users can still reuse and create the document under Fair Use. Fair Use allows remixes based on four conditions: how different and unique the new content is, the nature of the work, the amount of the original copyrighted material in the new material, and the effect on the market. Evidence of the market effect may be present in the information systems. The evidence, for example, may be in sales trends, in store traffic, or in web site traffic. It is, therefore, important that copyright protection mechanism include systems that gather, correlate, and maintain statistics on use.
Copyright materials can be registered with the United States Patent and Trademark Office (USPTO). Simply affixing the © symbol to a work (or corresponding Creative Commons symbol) creates an enforceable copyright. Copyright protects intellectual property for the life of the longest living author plus a period of 70 years. Works for hire, created for a firm for pay, are protected for 95 years from the date of first published or 120 years from when the material was created, whichever is less.