Workplace Security

Sept. 1, 2001

Workplace Security

Potential pitfalls of Internet use and how those dangers can jeopardize an organization’s intellectual property

By Fred Workley September 2001

I am not convinced that computers are labor-saving devices. And, they may be a source of real trouble. You may have heard about the recent Senate Judiciary Committee hearings, disclosing that the FBI had lost 184 laptop computers. A federal audit indicated that at least one of the missing laptops carried "classified information" related to two closed cases. Your organization may not have classified information, but you do have important information related to the way you do business. It seems that more and more we are using e-mail and the Internet in our day-to-day work activities. With this increased usage comes the need to protect our intellectual property.

The Internet as a resource
The Internet can be a valuable tool in the workplace. Recently, I was in a shop that had just taken delivery of a hazardous material to be used in a composite repair. There was no Material Safety Data Sheet (MSDS) in the shipment. Any distributor or reseller of hazardous materials products is required by OSHA and EPA to transmit this MSDS information at the time of the first shipment or whenever there is a revised MSDS. This information is to help protect your health and safety and to comply with the OSHA Hazard Communications Standard and Title III of the Superfund Amendments and Reauthorization Act of 1986. The OSHA standard requires that all personnel who may be exposed to hazardous materials be provided by their employer with accurate information on the potential hazards of the material and trained in proper work practices to minimize any risk. Since the material could not be used immediately, I suggested looking for the MSDS on the Internet. Within three minutes, it was being printed.

Know your Internet policy
If your organization has an Internet policy, know what it is and take heed. Most employers are requiring employees to sign the Internet policy; however, a person may still be bound by the policy, even if he or she refuses to sign it. If a blank copy is placed in the personnel file, along with a note that includes the date the employee personally received the policy and the printed name, title and signature of the person who did the actual distribution, the employee may be held liable for any infraction in most states. Violations of Internet policy may result in disciplinary action, loss of computer access, and may result in immediate termination.

Restricting Internet use
Internet policy often restricts Internet access to only business-related activities. This also includes e-mail. The idea is to assist and enable business communications and facilitate work-related assigned duties. These policies often state that any information, materials, and software created are the organization’s property, and thus may be accessed only by authorized personnel. Prohibited uses often include downloading, displaying or distributing proprietary information that may include trade secrets including patent information, customer data, or intellectual property. Other inappropriate activity may be defined to meet local, state and federal guidelines. The organization may reserve the right to monitor all e-mail because there are no privacy provisions. Personal passwords do not ensure confidentiality.
Many organizations make very specific statements that allow only authorized employees to communicate over the Internet on behalf of the company. Employees are often restricted from making any statement that may be misconstrued as being that of the organization unless the statement is clearly part of the assigned duties.

Screening the virtual grapevine
Internet security also includes preventing false information from being disseminated about the organization or company on the Web or in chat rooms. The Web is a vast grapevine. Lies spread quickly and just because it’s in print, doesn’t make it true. There have been many instances where even supposed reputable news organizations have passed along bogus "facts" ranging from financial information, to market news, to environmental and safety infractions, to Suspected Unapproved Parts activities. News sources are sometimes very gullible. Double-check everything that you put in print on the Web or publish in e-mail. People are routinely arrested for offering bogus information and perpetrating hoaxes. This type of bad information and bad publicity can quickly turn into a public relations nightmare.

Internet security concerns
Use of the Internet and computers is not without problems. The Internet is not a secure medium. People have been fired for sending inappropriate e-mail inside and outside the organization. People have been prosecuted for using the Internet for illegal and prohibited activities such as gambling. There have been cases where it was proven from computer records that individuals were spending the majority of their time surfing the Internet in sites that were not remotely related to their work. There are several documented situations where it was claimed that persons disclosed company confidential or restricted information in online chat rooms. Employers may be held liable for their employee’s online activities.

Deceptive practices
In some civil cases, individuals have been found to have used deceptive or false statements related to online solicitation for charity and organizing for a number of different causes. Record keeping and accountability for charities is covered under IRS (Internal Revenue Service) rules. By the way, IRS regulations require charities to send their tax returns to anyone asking for them in writing. This is to hold them accountable for the money that they spend.

Viruses
There are also virus concerns related to the Internet. If you download new software or load pirated software on your computer, you could be introducing viruses like another Melissa virus or a distributed denial-of-service attack.

Copyright issues
Internet policies usually have a lengthy section on copyright restrictions. Look for a statement that any material or software downloaded may only be used in full compliance with all copyrights and licenses or the owner’s/author’s permission. Employees are often restricted from downloading any non-work related software.
Beware of violating federal copyright laws. The International Planning and Research Corporation has issued a study titled, 1999 U.S. Software Piracy by State. For instance, in California, over 26 percent of business software applications were unlicensed. An organization called the Business Software Alliance (BSA) is working to put an end to illegal software usage. Software piracy is illegal and the BSA is cracking down. In an effort to protect intellectual property rights nationwide, the BSA is investigating organizations that use unlicensed software. Companies found to be using unlicensed software could face penalties of as much as $150,000 for each program copied.

Intellectual property considerations
Just because it’s on the Internet doesn’t mean that it’s yours to use without any cost. There is a law on the books, the Millennium Copyright Act of 1998 that makes it a crime to circumvent anti-piracy measures built into commercial software. This law outlaws the manufacture, sale and distribution of code-cracking devices used to illegally copy software. The bottom line is that information that you get over the Internet may be intellectual property. Over the years, I have written many articles and spoken to many maintenance professionals about intellectual property concerns related to Supplemental Type Certificates (STCs) and Parts Manufacturing Approvals (PMAs). You may have a considerable amount of intellectual property on your computer.

Patent infringements
Other civil cases involve infringement of standing patents through use of the Internet.
Until 1980, the United States Patent and Trademark Office (PTO) did not grant patents on software. They do, however, issue patents for computer "innovations" such as interface changes, hyperlink utilization or smart, logic tree programs. Patents are no longer issued only for processes, machines, compositions of matter, and articles of manufacture. You may be violating a patent by unauthorized use of an invention utilizing an application containing an innovation of a computer calculation, a mathematical expression or scientific truth.

Protecting your property
Ideas have become powerful collateral. There is currently a lot being written by business philosophers who refer to the "idea economy" stemming from a 1995 book by the same name. Intellectual property has to be secured on networks so that no one steals it. You may see this referred to as knowledge management. Innovations are often documented on computers and thus computers are subject to corporate espionage. You have to be constantly aware of protecting your organization’s assets, including intellectual property.
I believe that intellectual property is a valuable product of every business. This applies also to the aircraft maintenance professional who is repairing aircraft. You can easily lose your intellectual property by allowing someone to access it on your computer through the Internet, through poor security, or faulty firewalls. Many of us have been using electronic signatures for years when we make entries into aircraft maintenance records. Many of these security issues were raised and many of these same issues were addressed when the electronic signatures were introduced. Intellectual property requires the same high level of security.

Technology marches on
Technology is advancing very rapidly. In the USAToday, "Money," for July 20, 2001 there was an article titled, "In the Future, You’ll Pluck Your Info from Thin Air." The contention is that now your information is in your personal computer or laptop. When we move to the Personal Information (PI) era, PI will replace the PC. You will lose control of the information because it will be stored in cyberspace. This raises new privacy concerns. Your information becomes virtual information. Eventually, everything in your computer will be stored on the Web. The issue is how you will own and control your data. My contention is that no matter how we store the intellectual property, it must be secured and protected as a very valuable asset and resource.
Remember, information is power. Those who protect their data property will retain the power to Keep ’em Flying!