Hostname: page-component-cd9895bd7-fscjk Total loading time: 0 Render date: 2024-12-25T04:44:00.420Z Has data issue: false hasContentIssue false

The Future of Information Technology Law

Published online by Cambridge University Press:  16 January 2009

B. W. Napier
Affiliation:
Digital Professor of Information Technology Law, Queen Mary and Westfield College, University of London.
Get access

Extract

To entitle an article “the future of information technology law” may appear unduly adventurous to those who would argue that the subject has yet to establish a present. The purpose of this contribution is therefore to give some information about the current reach of the subject as well as the directions in which it is likely to grow.

Type
Articles
Copyright
Copyright © Cambridge Law Journal and Contributors 1992

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

1 In itself this is a reflection of the value of work done by or with the assistance of computers. The National Audit Office (The Management of Information Technology Security in Government Departments, HC 248 of 1990–91, p. 1) estimates this to be £300 billion each year, in the public sector alone.

2 Honeywell Inc. v. Lithonia Lighting Inc. 317 F. Supp. 407, 408 (N.D. Ga. 1970).

3 See, e.g., Hughes, G.Essays in Computer Law (1990)Google Scholar; Reed, C. (ed.), Computer Law (1990)Google Scholar; Tapper, C. , Computer Law (4th ed. 1989)Google Scholar; Bainbridge, D., Computers and the Law (1990)Google Scholar; Saxby, S. (ed.), Encyclopedia of Information Technology Law (1990)Google Scholar.

4 Criminal Law. Computer Misuse (Law Com. No. 186), Cm. 819, 1989, p. 6.

5 Cf. Computer-Related Crime (Report by the European Committee on Crime Problems), Strasbourg 1990, p. 11.

6 The French have already gone some way in this direction by establishing a separate offence committed by someone who falsifies computer documents. Such documents can be forged relatively easily and such forgery may jeopardise the trust generally accorded to computer-produced records. Article 662–5 Code Penal (L No. 88–19 du 5 janv. 1988). For EC developments, see Proposal for Council Decision in the Field of Information Security COM(90) 314 final SYN 288.

7 Denco Ltd. v. Joinson [1991] I.R.L.R. 63. (Noted [1990–1991] 6 Computer Law and Security Report 30).

8 E.G. Saphena Computing Ltd. v. Allied Collection Agencies Ltd., 3 May 1988, C.A. (unrep.); MacKenzie Patten v. British Olivetti, 11 January 1984 (unrep.); Eurodynamics Systems plc v. General Automation Ltd., 6 September 1988 (unrep.).

9 See, e.g., Cresswell v. Board of Inland Revenue [1984] I.R.L.R. 190; K. Miller, “Legal Issues of Employing Computer Personnel” in C. Edwards, N. Savage and I. Walden (eds), Information Technology and the Law (2nd ed. 1990); B. Napier, “Computerisation and Employment Rights” (1992) 21 l.L.J. (forthcoming).

10 Entores Ltd. v. Miles Far East Corp. [1955] 2 Q.B. 327; Brinkibon Ltd. v. Stahag Stahl und Stahtwarenhandelsgesellschaft mbH [1983] 2 A.C. 34, noted by S. Woodward [1982] C.L.J. 236.

11 The draft interchange agreement produced by the European Commission (below) provides, “Unless otherwise agreed, a contract made by EDI [Electronic Data Interchange] will be considered to be concluded at the time and place where the EDI message constituting the acceptance of an offer is made available to the information system of the receiver”.

12 In Re United Railways of the Havana and Regal Warehouses [1960] Ch. 52, 91 per Jenkins L.J. it was stated that the place of contracting is a factor in considering what is the proper law of a contract where the parties have not themselves expressed a choice. Cf. the new regime for determining the law of the contract under the Contracts (Applicable Law) Act 1990, Sched. 1, art. 4(5).

13 Timing (and in particular the point when revocation becomes impossible) can also be crucial in the operation of electronic funds transfers between banks. Cf. Momm v. Barclays Bank International Ltd. [1977] 1 Q.B. 790; J. Voroegop, “The Time of Payment in Paper-based and Electronic Funds Transfer Systems” (1990) Lloyd's Maritime and Commercial Law Quarterly 64. For predictions about future developments, see L. Kornell and P. Grabow, “Computers Push Banking Practices in the 1990s” (1990) 8 Butterworths Journal of International Banking and Financial Law 368.

14 In the USA, the conclusion reached by a committee reporting to the American Bar Association was that “in evaluating the commercial practices which result from the use of EDI, existing rules in the Uniform Commercial Code … and at common law regarding the process of contract formation, the validity of contract and the method of determining the terms and conditions of any contract prove inadequate for assuring the legal enforceability of contracts for the sale of goods formed with the use of electronic media” (The Commercial Use of Electronic Data InterchangeA Report, American Bar Association, 1990, p. 5. The Report is published in 45 Bus. Law. 1645 (1990)).

15 Katsh, M. E. , The Electronic Media and the Transformation of Law (1989), ch. 6Google Scholar.

16 Zuboff, S., In the Age of the Smart Machine: The Future of Work and Power (1988)Google Scholar.

17 Tyree, A., Expert Systems in Law (1989)Google Scholar.

18 Hastie ' Jenkerson v. Mcmahon [1991] 1 All E.R. 255; R.S.C. (Amendment No. 3) 1990, S.I. 1990/2599.Google Scholar

19 Derby & Co. Ltd. v. Weldon [1991] 1 W.L.R. 652 (Ch.).

20 Remarks made at the launch of the LIX project at the Inner Temple, London, on 12 March 1991.

21 See Barbara Mills,“The Use of Information Technology in Serious Fraud Trials” Computers and Law, Vol. 2, Issue 2, May 1991, p. 5.

22 This statement, made by Mr. John Bishop, senior partner of a leading London firm of solicitors, is contained in the record of the First Annual Conference on Litigation Support, held by the Society for Computers and Law in association with the London Solicitors' Litigation Association, 20 April 1991.

23 See Banking Services: Law and Practice Report by the Review Committee, Cm. 622, 1989. The Government's responses are set out in Banking Services: Law and Practice, Cm. 1026, 1990. The view advanced by the Association for Payment Clearing Services (APACS), which was rejected by the Jack Committee is set out in Electronic Funds Transfer, the Legal Issues, Submission of the Association for Payment Clearing Services to the Review Committee on Banking Services Law, 6 April 1988. For a succinct account of the problems of dematerialisation in relation to trade practices, see Bergsten, E. and Goode, R., “Legal questions and problems to be overcome”Google Scholar in Thomsen, H.B. and Wheble, B.W. (eds), Trading with EDI. The Legal Issues (1989)Google Scholar; Reed, C., Electronic Finance Law (1991)Google Scholar.

24 Transfer and Automated Registration of Uncertificated Stock.

25 See Frase, D., “Dematerialisation and TAURUS” (1991) 2 Butterworths Journal of International Banking and Financial Law 70Google Scholar.

26 Principally, the changes are those to be made under section 183 of the Companies Act 1985 and section 207 of the Companies Act 1989. For an account of the legal issues, see Electronic Recording and Transfer of Shares, A Consultative Paper, DTI, July 1990. The draft regulations are to be found in The Uncertificated Securities Regulations, A Consultative Document, DTI, May 1991. The TAURUS scheme was originally due to be introduced in October 1991 but has been delayed, mainly in order to allow full discussion of these substantial changes.

27 Section 158, which amends section 9(2) of the Local Land Charges Act 1975. The use of electronic means is only permitted where the recipient agrees to this method. The detailed regulations required for the implementation of this enabling measure have not yet appeared from the Lord Chancellor's department.

28 The main efforts of the EC are concentrated on the TEDIS programme on trade electronic data interchange. The first phase was established in January 1988, with a budget of 5.3 million ECU. The second phase is due to run for 36 months from 1 July 1991, with a budget of 31.5 million ECU. For an account of the TEDIS programme 1988–1989, see the Activity Report,COM(90) 361 final, and for the projected second phase of TEDIS, COM(90) 475 final. SeeA. Troye, “The European Community and EDI” in Walden, I. (ed.), EDI and the Law, (1989)Google Scholar.

29 See TEDIS Programme, European Model EDI Agreement. Final Draft, May 1991, DG XIII, Commission of the European Communities.

30 See Letter of Credit Update, February 1991, p. 13. Note the observations made by the English and Scottish Law Commissions in their joint report on Rights of Suit in Respect of Carriage of Goods by Sea (Law Com . No. 196, Scot. Law Com. No. 130), H C 250 of 1990–91, concerning use of ED I in documentary credits.

31 See Robertson, Ranald , “EDI within Europe”, Paper presented at World Computer Law Congress, Los Angeles, 04 1991Google Scholar.

32 For an illustration of the kind of new problems posed by electronic payment systems in the criminal law, see R. v. King [1991] 3 All E.R. 705 (CHAPS order held to be a valuable security for purposes of Theft Act 1968, s. 20(2)).

33 See the joint Report, Rights of Suit in Respect of Carriage of Goods by Sea (note 30 above). This proposes that legislation implementing the reforms relating to bills of lading recommended in the Report should contain enabling provisions to permit the issuing of regulations which would specifically cater for the introduction of EDI.

34 R. v. Minors: R. v. Harpur [1989] 2 All E.R. 208, 210, per Steyn ).

35 See, e.g., the Uniform Rules of Conduct for Interchange of Trade Data by Teletransmission (the UNCID Rules), Article 10, which requires the keeping of an authoritative log of all transactions and the designation of a system controller who will be able to testify to the accuracy of such a record. Wright, B., “Authenticating electronic contracts: the location of a trusted record keeper” (1990) 11 Butterworths Journal of International Banking and Financial Law 502Google Scholar.

36 Model Agreement, note 29 above, article 10.

37 For an outline of some of the problems, see Bradgate, R., “Evidential issues of EDI”Google Scholar in Walden, I. (ed.), EDI and the Law (1989); “The Computer, the Court and the Curate's Egg: is it Hearsay or not?” (1991)Google ScholarComuter Law and Practice 174; Wasik, M., Crime and the Computer (1991), pp. 172183Google Scholar; Reed, C., “Authenticating electronic mail messages—some evidential problems” (1989) 52 M.L.R. 649Google Scholar. The criticisms of Colin Tapper, contained in Computer Law(4th ed.) ch. 9 are, in this area, particularly deserving of note. He argues, broadly, that there is no need to accord computer-derived evidence a special status in the law of evidence; he sees no good reason why it should not be treated in the same way as evidence from other sources.

38 R. v. Spiby, The Times, 16 March 1990, C.A.; Sophocleus v. Ringer [1987] Crim.L.R. 422; R.v. Minors; R. v. Harpur [1989] 2 All E.R. 208. For the basis of the distinction between hearsay and non-hearsay computer evidence, see J.C. Smith, “The Admissibility of Statements by Computers” [1981] Crim.L.R. 387.

39 In R. v. Pettigrew (1980) 71 Cr.App.R. 39 an opportunity to assimilate output produced automatically by the computer with other machine-produced evidence was missed. But a different view seems subsequently to have prevailed:R. v. Wood (1983) 76 Cr.App.R. 23.

40 Eleventh Report, Cmnd. 4991, 1972, para. 259.

41 See Bradgate, R., “Evidential Problems of New Technology in Civil Litigation” Law Society Gazette, 10 02 1988, Vol. 85, no. 6, p. 12Google Scholar; Bradgate, R.“The Evidential Status of Computer Output and Communications” Computer Law and Practice, Vol. 6, no. 5 (1990), 142Google Scholar. The equivalent provision in Scots Law (now repealed) apparently applied to all computer evidence, irrespective of its status as hearsay.

42 La w Commission, Consultative Paper No . 117, The Hearsay Rule in Civil Proceedings, HMSO, 1991.

43 For a sharp critique of the (now repealed) provisions virtually identical to section 5 in Scots Law, see Scottish Law Commission, Evidence, Report on Corroboration, Hearsay and Related Matters, Scot. Law Com. No. 100, 1986, paras 3.63–3.66.

44 Op. cil., para 3.66.

45 Boardman v. Phipps [1967] 2 A.C. 46, 127.

46 Oxford v. Moss (1978) 68 Cr.App.R. 183.

47 Cox v. Riley (1986) 83 Cr.App.R. 54; R. v. Whiteley, The Times, 6 February 1991.

48 Eurodynamics Systems pic v. General Automation Ltd. (unrep.) 6 September 1988.

49 Toby Constructions Products Pty. Ltd. v. Computa Bar (Sales) Pty Ltd. [1983] 2 N.S.W.L.R. 48. See Corones, S.G., “Consumer Protection Laws Affecting Software Licences” in Hughes, G. (ed.), Essays on Computer Law (1990)Google Scholar.

50 Cf. Smith, G. , “Software Contracts” in Reed, C., (ed.), Computer Law (1990), p. 37Google Scholar.

51 Advent Systems Ltd. v. Unisys Corporation Case 90–1069, C.A., 3rd Circuit, 14 February 1991 (noted (1991)Business Law Brief (April) p. 5). The court drew an analogy between a computer program and music. Both became “goods” for the purpose of the application of the UCC when recorded on a physical medium. For the earlier US law, see Rodau, A. , “Computer Software: does article 2 of the Uniform Commercial Code Apply?” 35 Emory L.J. 853 (1986)Google Scholar.

52 Bernstein v. Pamson Motors [1987] 2 All E.R. 220. The supply of much packaged software will also meet the requirements of a sale by description (cf. Harlingdon & Leinsler Enterprises Ltd. v. Christopher Hull Fine Art Ltd. [1990] 1 All E.R. 737), and again it seems sensible to interpret the requirements of section 13 of the Sale of Goods Act to cover the description of what the software actually does, though much the same outcome may be obtained by other routes, for example by the discovery of a collateral contract between retailer and customer (McKenzie Patten & Co. v. British Olivetti Ltd., 11 January 1984 (unrep.)).

53 Council Directive of 14 May 1991 on the legal protection of computer programs, (91/250/EEC), OJ No. L122/42, 17/5/91. Higham, N., “Software Protection versus Interoperability” Law Society's Gazette, 6 March 1991, p. 27Google Scholar.

54 See Ricketson, S., The Berne Convention: 1886–1986, 1987, p. 900Google Scholar.

55 Computer Edge Pty Ltd. v. Apple Computer, Inc. (1986) 160 C.L.R. 129.

56 For the historical background in the different Member States, see Green Paper and Copyright and the Challenge of Technology, COM(88) 172 Final, 7 June 1988, p. 178.

57 Autodesk Australia Pty Ltd. v. Peter Martin Dyason 21 I.I.C. 739 (1990) (Federal Court of Australia). In New Zealand by contrast a similar outcome seems to have been produced by ingenious judicial interpretation, without need for legislation: International Business Machines Corporation and Another v. Computer Imports Ltd. and Others 22 I.I.C. 130 (1991) (High Court of New Zealand).

58 Section 3(l)(b).

59 Tapper, C., “Legal Problems Posed by Computers” in Hughes, G. (ed.) Essays on Computer Law (1990), 3 at 11Google Scholar.

60 Cornish, W.R., Intellectual Property (2nd ed. 1989), pp. 355356Google Scholar.

61 See Ricketson, op. cil., note 54 above, pp. 898–900.

62 For a discussion of the issues of principle, see Charles, D., “Rights and wrongs of software” New Scientist 29 09 1990, p. 44Google Scholar. The developments in US law centre on so-called “non-literal” copying, sometimes also described as “look and feel” copying. The question is to what extent the copying of the underlying structure of a programme may itself infringe copyright. See, e.g., Whelan Associates Inc. v. Jaslow Dental Laboratory [1987] F.S.R. 1; Lotus Development Corp. v. Paperback Software International and Stephenson Software, Ltd. (1990) 2 C.C.H. Computer Cases para 46,310 (D Mas). D. Lee Antton and Gary H. Hoffman, “Copyright Protection as a way of protecting innovation: the impact of Lotus v. Paperback Software” [1990] 9 European Intellectual Property Review 339. This development has not, so far, been replicated in English law, and there is only authority for copyright infringement based on the direct copying of code:Thrustcode v. WW Computing [1983] F.S.R. 502.

63 Cf. Reed, C. , “Reverse Engineering Computer Programs without Infringing Copyright” [1991] 2 European Intellectual Property'Reports 47Google Scholar.

64 Dworkin, G., “The Concept of Reverse Engineering in Intellectual Property Law and its Application to Computer Programs” (1990) 1 I.P.J. 164Google Scholar.

65 See Explanatory Memorandum to COM(88) final—SYN 183, p. 6.

66 See, e.g., Smith, G. , “EC Software Protection Directive—An Attempt to Understand Article 5(1)” (19901991) 7 Computer Law and Security Report 148Google Scholar.

67 Because of the different requirement of “originality” required for the protection of copyright for computer programs. The Federal Supreme Court insisted upon a high degree of originality and creative effort in the Inkasso Programm decision of 9 May 1985, and has recently re-affirmed its views in the Operating System decision of 4 October 1990. See Green Paper on Copyright, p. 187. Dreier, T., “Program protection in the Federal Republic of Germany—a new decision leaves Inkasso Programm intact” (1991) Computer Law & Practice 178Google Scholar.

68 For example, the taking of enforcement proceedings against credit reference agencies with regard to the agencies' use of third party credit information. CCN Systems Ltd. v. The Data Protection Registrar; CCN Credit Systems Ltd. v. The Data Protection Registrar, February 1991; Credit and Data Marketing Services Ltd. v. The Data Protection Registrar, October 1991. See Napier, B., “Data protection begins to bite” (1991) 141 N.L.J. 497Google Scholar. Details of the background to the litigation are to be found in the Seventh Report of the Data Protection Registrar, HMSO, 1991, ch. 4. See also Runnymede Community Charge Registration Officer v. Data Protection Registrar (1991)Current Law (August) 69 (ruling that the question whether information was “adequate, relevant and not excessive” within the Data Protection Principles is for the Registrar and not the data user to decide.)

69 Review of the Data Protection Act: Report on Structure 1990 (internal Hom e Office document).

70 For a summary, see Pearson, Hilary E., “The draft European Directives on the protection of personal data” Computer Law & Practice, March/April 1991, 182Google Scholar.

71 For details of the technical and other reasons for these changes, see Council of Europe, New Technologies: a challenge to privacy protection?, Strasbourg, 1989Google Scholar, and Early, L., “Science Technology and Human Rights: the role of Data Protection” (Paper presented at Human Rights in the Twenty First Century: A Global Challenge (Banff, Alberta, Canada, 9–12 11 1990)Google Scholar.

72 See, generally, Flaherty, David H., Protecting Privacy in Surveillance Societies (1989)Google Scholar; Seipp, David J., “English Judicial Recognition of a Right to Privacy” (1983) O.J.L.S. 325Google Scholar; Wacks, R., “The Poverty of ‘Privacy’” (1980) 96 L.Q.R. 73Google Scholar.

73 See Data Protection: the Government's Proposals for Legislation Cmnd. 8539, 1982, para. 2. The background to the introduction of the 1984 Act is set out in Chalton, S. and Dubb, S., Data Protection Law (1988), pp. 10011008Google Scholar.

74 Kaye v. Robertson and another [1991] F.S.R. 62, 70, per Bingham L.J.. See B.S. Markesinis (1990) 53 M.L.R. 802.

75 Report of the Committee on Privacy and Related Matters, Cm. 1102, 1990. The Committee adopted as a “working definition” of privacy “the right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information”(para. 3.7). Cf. Wacks, R., Personal Information. Privacy and the Law (1989), pp. 1319Google Scholar.

76 See, e.g., Seipp, op. cit., p . 333. In English law, th e use of infringement of privacy to denote interference with personal seclusion goes back at least as far as Winfield's writings. (Winfield, P., “Privacy” (1931) 47 L.Q.R. 23)Google Scholar.

77 For an exploration of these issues, see Simitis, S., “Reviewing Privacy in an Information Society” 135 University of Pennsylvania Law Review, 707 (1987)Google Scholar; Spencer, M., 1992 and All That, Civil Liberties Trust (1990), ch. 3Google Scholar.

78 European Court of Human Rights, Leander judgmentof 26 March 1987, Series A no. 116.

79 Although, on the particular facts, it was held that no breach of Article 8 had occurred, as what was done was in accordance with the law and necessary in a democratic society.

80 Other examples of this principle are to be found, in particular, within the USA. Although US law has no comprehensive federal legislation on data protection, it does have a number of measures which seek to promote the protection of privacy in particular areas of concern. For example, the Video Privacy Protection Actof 1988 prohibits the disclosure of films rented by customers of video shops, and the Family Education Rights and Privacy Actof 1974 generally prohibits the disclosure of student records without written authorisation.

81 See the decision of the German Federal Constitutional court in the National Census Case (Volkszahlungsurteil, 65 BVerfGE 1, 68–69 (1983)) which upheld the rightof “informational self-determination”. See Simitis, op. cit., pp. 734–737.

82 Schwarz, P., “The computer in German and American constitutional law: towards an American right of informational self-determination” (1989) American Journal of Comparative Law, 675CrossRefGoogle Scholar.

83 Schwarz, supra, argues that there is scope for deriving a constitutional rightof informational self-determination from the Due Process clause of the 14th Amendment, but that the US courts have so far failed to exploit this possibility. Cf. Whalen v. Roe 429 U.S. 589 (1977).

84 For example: the Netherlands; Portugal; Spain; Hungary; Sweden; Austria. See Early, op. cit., pp. 16–19.

85 Home Affairs Committee, First Report, HC 115 of 1990–91 (Annual Reportof the Data Protection Registrar), para. 15.

86 Proposal for a Council Directive concerning the protection of individuals in relation to the processing of personal data: Commission of the European Communities, COM(90) 314 final, SYN 287, articles 9, 12.

87 Greenleaf, G.“Can the Data Matching Epidemic be Controlled?” (1991) 65 A.L.J. 220Google Scholar. In his Seventh Report (for the year to June 1991), the Data Protection Registrar notes that he is currently studying the issue of the assembling of personal information from a variety of sources in the contextof a wider study of data matching. See too Jon Bing, “Reflections on a Data Protection Policy for 1992”, Paper delivered at Luxembourg Conference on Data Protection, Council of Europe, March 1990.

88 Home Affairs Committee, note 85 above, p. 12; Sixth Reportof the Data Protection Registrar, HMSO, 1990, pp. 2–3, Appendix AA1.

89 Cf. Protection ofpersonal data used foremployment purposes .Council of Europe, Recommenda tion No. R(89) 2, adopted by the Committee of Ministers on 18 January 1989, article 2. “Technology should not be used in a way which inhibits social interaction among employees… respect for human dignity relates to the need to avoid statistical dehumanisation by undermining the identity of employees through data processing techniques which allow for profiling of employees or the taking of decisions based on automatic processing which concern them” (Explanatory Memorandum, para. 25).

90 Op. cir.,pp. 733–734.

91 “Individual autonomy depends on a mixture of concealment and exposure of the self … If everyone knew everything about us, we would be unable to act freely—an independent existence and a democratically ordered State would be impossible” (Schwarz, op. cit., p. 683).

92 Thomsen, H.B. and Wheble, B. (eds.). Trading with EDI: the Legal Issues (note 23 above), p. 201Google Scholar.

93 Conveyancing Standing Committee, First Annual Report, 1985–1986, para. 2.15.