Problem solve Get help with specific problems with your technologies, process and projects.

Protecting online copyright

In this week's tip, Mike Chapple highlights intellectual property responsibilities, and provides principles and recommendations for protecting Web copyright.

Oftentimes, security admins get so caught up in the technical nature of the work -- analyzing vulnerabilities, building in perimeter protection and complying with technical standards -- that some content-related legal requirements are overlooked. Failing to protect online intellectual property, specifically against copyright infractions is a top concern that's often missed.

Basically, there are three major classes of intellectual property: copyright, trademarks and patents, which can be used to protect online content. These are the same legal mechanisms used to protect print, broadcast and other traditional media. This overview focuses on copyright, which explicitly protects "original works of authorship." That means some of the elements on an enterprise Web site may require protection (if the company developed or owns the rights to the information) including page text, graphics, photos and music. In contrast, trademarks protect words and images used to identify the source of a product, such as a brand name or logo. Patents, on the other hand, protect inventions or processes for 20 years. In fact, many companies have used patents to protect novel ways of doing business on the Web. For example, has registered patents to protect their "one-click" shopping process and their advertising auction process.

Certainly, these intellectual property classes are each a specialized area of law, and require specific advice from competent legal counsel. This introduction highlights Web copyright intellectual property responsibilities. Here are some principles and recommendations to consider:

  • Copyright protection is automatic. What's more, because copyright protects an "original work of authorship" from unauthorized reuse, it generally means that users can't simply duplicate a copyrighted work because they want their own copy -- that violates the author's intellectual property rights. In fact, as soon as the words flow off the author's fingers and onto the computer screen it's fully protected by the law. The United States Copyright Office within the Library of Congress oversees this enforcement, granting official copyright registration -- though there's no requirement to seek this protection for online content. The laws of other nations provide similar protections. However, it's advisable to officially register the copyright for Web content that has high business value, since official registration provides irrefutable proof of authorship.
  • It's not necessary to explicitly state that an online work is protected by copyright law to preserve its rights. But it's a good idea that copyright holders (who may own the rights from the original author, i.e., via work-for-hire contracts) include "© 2004, Your Name" just to remind people that the Web site is vigilant about protecting online copyright. The fact is, when visitors encounter a Web page without a copyright notice, they can't simply reuse the content without the author's/owner's permission -- unless they are using a brief portion that falls under the "fair use" doctrine. For specifics on the "fair use" doctrine, visit the U.S. Copyright Office page on the topic.
  • Be vigilant about protecting your rights! There are commercial services such as NetEnforcers that can monitor the Web for unauthorized copies of your content. Of course, you can also do it yourself -- just select a phrase in your content (a complete sentence or two) that's unlikely to appear elsewhere on the Web, and plug it into a search engine. You might be surprised at what you find!
  • Educate employees about copyright infringement. And, make sure that employees running the company Web site are educated on intellectual property responsibilities so that they don't put unauthorized copies of other people's work on the site, which could expose the company to legal liability.
  • Copyright protection lasts for a long time! For online works created after 1977, copyright lasts for 70 years after the death of author. If the work is prepared on a work-for-hire basis or by an anonymous author, copyright protection lasts 95 years from publication. Since copyright is a time-based protection, it's a good idea to include a date on your protected content to ensure that someone infringing on copyright can't claim that they thought the copyright had expired. While this won't absolve them of blame, it could be a mitigating factor when determining damages.
  • Computer software, including Web scripts, is specifically covered by copyright law. There's precedent for applications and scripts created by computer programmers to get protected by copyright law (i.e., the code text used to include advertisements on this page). It's important to note that the ideas in those programs aren't protected (unless otherwise protected by an approved patent), but the words (i.e. the exact code) used to implement the ideas are protected. Therefore, it's not a violation of copyright law to write your own program that does something similar to a program written by someone else (i.e., Microsoft Word versus WordPerfect), but it is a violation to copy code directly. Users can't, for example, cut and paste a Web script onto their Web page without the owner's permission -- which is another area where user education is critical. Companies can't prevent visitors from stealing code from their site, but they can be vigilant about copyright-protecting high-value content.

    These principles outline the basics of copyright law. Still, it all boils down to common sense -- site visitors can't use the work of other authors, Web designers or computer programmers, etc., without permission!

    About the author
    Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the author of the Guide to Databases.

This was last published in November 2004

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.