January 11, 1995
Privacy, Security and Intellectual Property Task Force
International Center for Communications
In Attendance: Beth Givens, Privacy Rights Clearinghouse; Peter Anderson, SDSU; Howard Stapleton, City of San Diego; Barry D. Fraser, Privacy Rights Clearinghouse; Clare Maudsley, AIDS Foundation San Diego; Herman W. Land, SDSU; Guylyn R. Cummins, Gray, Cary, Ware & Freidenrich; Martin Lazarow, Compro Consulting; Al Ferris, Ferris & Britton; Sa'id Mosteshar, Mosteshar & MacKenzie; R. Alan Smith, Law Offices of R. Alan Smith; George J. O'Tool, AARP-San Diego.
The meeting was called to order at 3:10 p.m. The agenda was approved with the following changes: item no. 3, discussion of security issues was tabled until the following meeting; discussion of item no. 4, intellectual property issues, was postponed until 4:00 p.m. to accommodate a guest speaker; and discussion of item no. 5, remaining privacy principles issues was moved to the beginning of this meeting.
The minutes from the preceding meeting on January 11, 1995 were approved. Several members commented favorably regarding the thoroughness and accuracy of the transcribed minutes of these meetings.
Agenda Item no. 5: Discussion of Remaining City Privacy Principles.
Principle 8: Education.
Howard Stapleton was asked how these privacy policies will be implemented by the city. He explained that policy information flows through departments or that someone wanting information contacts the City and is informed of policy.
Several possibilities for providing City policy information to the public were discussed.
Info-San Diego is a possible vehicle for making policy information available.
The City has an internet World Wide Web (WWW) page for public access. Policies could be made available there. All City policies should be available on something like a WWW server; all written City policies could be available on-line. Mr. Stapleton noted that there is no policy against publication of City policies on-line. The debate may be over what should be public and what should not.
Local newspapers want to provide on-line services; perhaps they could provide City information as well. However, there may be a tension with private newspapers; they perceive Info-San Diego as competition because they will make available much of the info that newspapers currently sell.
What methods of dissemination will be available for citizens who are not yet on-line? Some alternatives discussed were public libraries, informational kiosks, and publications other than newspapers.
Ms Givens noted that libraries and kiosks are both highly touted as the on-ramps to the information superhighway for computer illiterates.
Libraries could be the setting for weekly lectures by the City on privacy policies. The City doesn't do anything like this currently.
Dissemination of printed pamphlets, brochures etc. were discussed. These could be provided to the public in conjunction with other transactions, inserted into mailings, etc. Mass mailings to the public would require the compilation of mailing lists. Mr. Stapleton noted that there are no broad-based lists, but that various departments maintain smaller lists of interested parties. Cost may be an adverse factor to such mailings.
Educational materials could be placed as inserts in regular mailings, such as water bills, that are under-weight for the postage paid. Only cost for city would be printing.
Mailing lists of public interest groups should be maintained by the City. These groups can be provided policy information to disseminate to the public.
More than merely making the policy information available to the public is required; policies must be effectively and actively marketed to the public. The City pointed out that there is a distinction between the policy of disclosure and the mechanism of disclosure.
There are three kinds of information in which public awareness needs to be raised:
The third category includes education regarding how to access and use City information services, as well as how to do so without subjecting the citizen to privacy risks.
There also may be a need to explain some information made available to the public (e.g. raw building permit info).
Other possible educational tools:
Mr. Stapleton noted that additional costs incurred for City- provided educational services would be problematic. Perhaps private sector donations could fund these services.
Privacy Principle no. 9: Oversight.
Mr. Stapleton noted that the City Manager has ultimate responsibility for ensuring that City policies are followed. Each City department head has a duty to comply with Council policies or be subject to sanctions.
The Department of Telecommunications can perform oversight functions by reviewing departmental policies for consistency with the Privacy Principles.
Oversight and enforcement will be accomplished by private parties who threaten to bring suit to enforce specific rights.
Additionally, watchdog and public interest groups will closely scrutinize City actions.
There should be a task force or other entity to oversee the observance of these policies. This entity could perform a yearly review of municipal practices.
This review should include City practices related to the collection, retention and maintenance as well as the dissemination of data. These are areas where the real abuses can occur. This task force should examine what types of data the City collects and actual need for the information.
The entity could be patterned after the Human Rights Commission. The rapid changes in information practices and increasing demand for information will require periodic review of the City's policies in this area.
Privacy Principle no. 10: Review:
There was general agreement that the preceding discussion of the Oversight Principle applied equally to the review process. The issue was adequately covered by that discussion, and no additional comments were necessary.
Agenda Item no. 4: Discussion of Issues Surrounding Intellectual Property Rights.
Elizabeth Eisner, attorney for Gray Cary Ware & Freidenrich, was introduced to the group. Her area of expertise is intellectual property law. Ms. Eisner gave the task force a general overview of intellectual property rights.
There are three important characteristics of intellectual property: the property is an asset, it consists of personal property, and it is intangible property.
The task force is probably most concerned with electronic property. This type of property includes computer software and files.
There are three methods of protecting electronic property: patent; copyright; and trade secret.
Patent protection is the strongest of these protections. A patent owner does not need to prove theft or appropriation of the property to show infringement. A patent is essentially a 17 year monopoly on the use of the property.
However, until recently there was no patent protection for software, because traditionally algorithms could not be patented.
Today patents of software may only be obtained for breakthrough technology. Two requirements of patentable technology are novelty and nonobviousness. These two qualities are often difficult to prove with software applications.
Copyright protection is not a monopoly on the use of the property, but a set of exclusive rights to reproduce, distribute and create derivative works from the protected work. To show infringement the owner must prove that the infringer had access to the work and that the infringing work is substantially similar to the protected work.
For this reason, "purposeful bugs" are often embedded in a software product, and when these bugs are detected in suspect copies, access and substantial similarity may be shown.
Another requirement for copyright protection is that the work be "fixed in a tangible medium." There is no longer a requirement of notice that a work is copyrighted, and the copyright symbol is no longer required. However, clear notice of copyright is still highly recommended.
The primary difference between patent and copyright protections is that patent protects the underlying function or process, while copyright protects only the work itself.
Trade secret is the third type of protection. The first requirement is that the property must be secret. If disclosed, it may no longer be protected, unless the person to whom it is disclosed is bound not to tell.
Furthermore, the owner of the trade secret must undertake "reasonably adequate security" measures to protect the secrecy of the property. The owner must guard against any foreseeable methods of entry to the system.
For this reason transmission of trade secrets on the internet raise substantial security questions. There must be a means to ensure the availability of adequate security on-line.
Protection of data as intellectual property is problematic. Until recently works of compiled data could be copyrighted if a substantial amount of work was put in to it.
The Supreme Court, in the Feist decision, held that raw data is information, not expression. The property at issue in that case was a compilation of phone numbers in a phone book. A rival telephone company copied the numbers into its own phone book. The original owner sued for copyright infringement. The Court held that the compilation of numbers was merely a list of factual information. A "fact" as such cannot be owned.
This reasoning has been extended to deny protection to the factual material obtained in research, so long as no "value- added" work is involved (such as writing a book incorporating the factual materials).
As another example, lists of mailing addresses are not copyrightable but may be protected as trade secrets, if not disclosed to the public, or if license limitations or confidentiality agreements are imposed on customers.
How may data be protected:
The problem with intellectual property law today is that the law cannot keep up with technology. For example,"shrink wrap agreements" to protect software programs from unauthorized copying have been used for years, but only recently have courts held them to be enforceable. A similar problem arises with "shareware" agreements on the internet. Are they enforceable?
Congress is considering a series of amendments to the Copyright Act of 1976. The City should be aware that there may be substantial changes in the law as technology develops.
There will most likely be a push for more enforceable rights to protect intellectual property on the information superhighway.
How does intellectual property law relate to the City's use of information? There may be foreseeable problems with the City's ability to control the raw data it disseminates to the public.
When the infrastructure is developed by private investment and expertise, who will own the "compilations and reports" derived from local government raw data?
Significant problems could arise from agreements with private business to compile information and create reports which may be protected. These businesses may attempt to place restrictions on dissemination of this information to others. May the City be prohibited from providing information which is otherwise public record merely because it has been compiled into a report which is copyrighted?
Another intellectual property problem might arise if the City were to provide any type of electronic "public forum" or bulletin board service which provides space to upload or post public announcements. The possibility exists that unauthorized copies of copyrighted material might be posted thereon, and the City may have a duty to ensure that such materials be removed if so requested by the owner.
This may require that someone oversee or manage this public space to ensure compliance with intellectual property laws.
Time and Date of Final Meeting:
The next meeting of the task force was set for March 15, 1995, at 3:00 p.m., in the City's conference room. The meeting was adjourned at 4:40 p.m.
Notes compiled by Barry D. Fraser,
Privacy Rights Clearinghouse.
Return to Previous Page
Return to City of the Future Page
Return to the ICC Home Page