• 5.5 Legal and Ethical Concerns
  • Cost of Free
  • License Communities, License Types Guide
    • Creative Commons Zero v1.0 Universal
    • Open Source MIT License
    • Open Source GPL License
  • Legal and Ethically
• Blog Post Reflection
• 5.6: Safe Computing
  • Personal Identifiable Information (PII)
  • PII considerations
  • Beware, Establish practices for your own Safety
  • Factors to Increase Security of System (recommend Watch 5.6 Video 2)
  • Nefarious Uses of Internet
  • Blog Post Reflection:

5.5 Legal and Ethical Concerns

Cost of Free

In Mr Mortensen’s most recent years in industry, there were many Lawyers making a profession on Patents and how they can be impacted on General Public Licensing (GPL).

Qualcomm makes its money on patents, if you use GPL software you could be voiding your rights to charge for software and patents. Open Source by nature, specifically GPL, says any derivative work is free and code should be shared. Qualcomm wants all derivative work to require a royalty payment payment, also anyone who uses the idea/patent pays royalty.

image.png

From synopsis.com, “Black Duck® software composition analysis (SCA) helps teams manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers.” Qualcomm has had 20 technical jobs and 3 lawyers analyzing all the code produced, analyzing code for Open Source inclusion, and analyzing impact of such licenses to its ability to charge royalties for the use of their Patents.

This may sound like a simple problem, but think about the Students of Today, often they are given an assignment and instead of developing their own algorithm they opt to copy something off the internet. Well, don’t think the Workers of Today are entirely different. In summary, it is important to know the type of software license you are copying, it could impact billions of dollars in business.

License Communities, License Types Guide

• Adding and selecting a license GitHub instructions. An author, a licensor, needs to determine a license. This may result in asking…
  1. Do I want to waive default copyright in reuse?
  2. Do I want to allow derivative works or not?
  3. Do I want to require all derivative code to be shared?

Creative Commons Zero v1.0 Universal

The Creative Commons CC0 Public Domain Dedication waives copyright interest in a work you’ve created and dedicates it to the world-wide public domain.

Open Source MIT License

This license in friendly to someone like Qualcomm! This allows using code freely and making and distributing closed source versions. Typically, the author of software with MIT License want credit. Credit could be as simple as adding the authors name in comments.

Close source means the GitHub project could be private.

Open Source GPL License

The GNU GPLv3 also lets people do almost anything they want with your project, except distributing closed source versions.

Open source means the GitHub project must be public.

For a company like Qualcomm, they are required to institute many practices to deliver their code in parts (public vs private). Isolating their patent and secret code, far away from the GPL or Creative Commons code. In fact, a company that is protecting their patents may need to division engineers, split distribution, not deploy to public, etc. After distribution, the customer of the Patented (ie Qualcomm) product is required to put the public/private domain code back together again.

Legal and Ethically

We need to comply with the terms of licenses. We need to cite sources. (I am particularly bad with internet pictures. However, in the picture of the Black Duck above I am actually advertising the Company).

As consumers, we have become aware that Music and Movie companies own content. These companies build DRM (Digital Rights Management) software to protect, play, and/or distribute content. Most of us buy subscriptions to services. However, some figure out ways to bypass systems and allow download. Often we will see these sites disappear, as they are illegal.

In software, it can be more complicated to understand all the Creative Commons licenses and its impact to our own ideas and businesses. Mostly, if we use things in class, there is “no problem” with Open Source as our usage is considered educational use. Creative Commons software has enabled amazing innovation as we are able to do so much for free, as we have done in this class. However, Individuals and Companies are required to figure out techniques and business models in order to use Open Source software according to terms of license.

Long ago, I remember being amazed that Red Hat was not selling its Linux distribution, they were giving away the software. They had to! This was in the terms of the licenses they were using, GPL. However, as an early pioneers in Linux distributions, they established a business model around buying their support agreement. They rose in fortune, became a public company, and had an amazing Initial Public Offering (IPO). Many, many vendors have followed the Red Hat model in building free distributions and establishing unique business models. Qualcomm figured out how to mix Patent and GPL businesses and have flourished since abandoning all proprietary, to include Android in its very complicated business model using Android.

Creative Commons, Open Source are free terminologies! However, businesses will not last without income. And today, businesses won’t last without engineers pulling Open Source software.

Blog Post Reflection

1. When you create a GitHub repository it requests a license type. Review the license types in relationship to this Tech Talk and make some notes in your personal blog.
2. In your blog, summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic.
3. Make a license for your personal (blog) and Team repositories for the CPT project. Be sure to have a license for both Team GitHub repositories (frontend/backend). Document license(s) you picked and why. FYI, frontend, since it is built on GitHub pages may come with a license and restrictions. Document in blog how team made license choice and process of update.

5.6: Safe Computing

Personal Identifiable Information (PII)

As we create a Web Site and post information we are adding to the Searchable PII. However, there is a dichotomy as a site like LinkedIn is a place where we want to be known for our accomplishments. But be aware, the person that looks at your LinkedIn will, most likely, look at things like TikTok, Instagram or Facebook.

PII considerations

• Things that will be known by everyone: Name, Email (suggest a junk email), Picture, High School attended, College Attended, Properties you own, State-City of residence, all State-City of previous residence, Credit Reports, …
• Gray area items, more cautious: Birth date, Place of Birth, Street Address, Phone Number, Maiden names of Mother and Grandmother, Drivers License Number, …
• Things that you should strive to keep absolutely secret: Credentials for Access, Two-Factor Authentication on Financial accounts, Social Security Number, Tax records, …

Beware, Establish practices for your own Safety

• Multi-factor authentication often requires you to enter a code that has been texted or emailed to you. Other types of authentication are biometrics (finger print or facial recognition).
• Malware is often sent in attachments to things in email. Often they request you to click on an attachment and it starts the process of adding a virus to your computer.
• Phishing is where unknown sources try to entice you into a response, like click here and receive $500. Often such systems impersonate someone like Amazon asking for login information. Be careful to look closely at source of email (ie amzn.com vs amazon.com).

Factors to Increase Security of System (recommend Watch 5.6 Video 2)

• Most of my financials or critical systems use Multi Factor authentication
• Biometrics is something that is used secure systems, fingerprints or facial recognition
• Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information.
• Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys – one public key and one private key – to encrypt and decrypt a message and protect it from unauthorized access or use.
• SSL Uses both Asymmetric and Symmetric Encryption

Nefarious Uses of Internet

• A Virus or Malware compromise security, they are opposite of increasing security.
• Phishing is a way to get a Virus on your machine, or a way to get you to input PII.
• After a Virus or being compromised by Phishing it is advised to review all of you PII vulnerabilities.

Blog Post Reflection:

1. Describe PII you have seen on project in CompSci Principles.
2. What are your feelings about PII and your personal exposure?
3. Describe good and bad passwords? What is another step that is used to assist in authentication.
4. Try to describe Symmetric and Asymmetric encryption.
5. Provide an example of encryption we used in AWS deployment.
6. Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.