SCL Conference 2011-Day 2

Balancing risk in outscoring contracts -Mark Crichard, Andrew Collyer, Richard Bligh. Interesting comments on and insights into some of the complexities of developing outsourcing contracts. To what extent has the Centrica case made it necessary to clearly specify what will be considered as direct and indirect losses? Do customers understand the difference between losses that are indirect and those that are simply remote? And how do you cater for customers who want to outsource but to host their data and services on their own systems? (A: with carefully worded exclusion clauses, so it seems.)

Social Media: strategy for business - Gillian Cordall, Nina Barakzai, Chris Reed. How to best use social media? Engage with customers by talking not just about yourself but about developments potential clients are interested in. Dangers of getting it wrong, e.g. recent Toyota social marketing lawsuit - over-focussed campaigns may damage your reputation with other customers. And who 'owns' the contact list for successful social media - the front face of the media, or the employer?

Social media strategy can be reactive and responsive, e.g. Dell's 'Global Listening' - engage with commenters and respond. Does work better if you have the resources to monitor, filter and resound to social media, but for a well-known brand can have significant impact!
It's important to have clear policies and codes of conduct (especially re transparency) and to comply with relevant laws. Above akk, you have to engage, not just broadcast.

Litigation: the cancer of disclosure - Ben Rooney, Alexander Carter-Silk, Edward Rippey, Kim Lars Mehrbrey. A US, English and German lawyer walk into a bar discuss discovery/disclosure. US discovery can take years and cost millions, but you go into a case knowing pretty much everything. German civil law barely has disclosure: parties present their case based on what documents they choose. English disclosure is very much based on proportionality, albeit subject to the risk of costs penalties for improper disclosure. Which is 'best'? Modern search tools make it almost impossible for someone to convincingly hide evidence, but can this lead to over-enthusiastic searching and excessive preparation costs. We are also seeing forum-shopping, as litigants look for the jurisdiction with the disclosure regime most favourable to their case.

SCL Conference 2011 - Day 1

I'm at the Society for Computing and Law's 2011 Conference in Bath, with the theme of New Technology v High Risk. I'll aim to blog updates on the sessions as we go along, so refresh for details.

Technology, Risk and Law - Dr Andrew Martin, University of Oxford.
A heartfelt plea for professionalism in the IT industry, in the context of properly understanding what risk is and what technology can and cannot do. Andrew Martin observed how we are increasingly reliant on security entities we have no knowledge of (eg certification authorities) and, with more and more of our household devices not only being connected to the Internet but having multiple sets of our credentials, this poses risks of security failures it is hard to be aware of, let alone properly quantify. He put forward three wishes for the genie that we have let out of the bottle: better technology, in the sense of understanding and removing vulnerabilities; more realism as to what IT can and can't do; and more focus on reliability and robustness in place of pushing the state of the art.

Cyber-crime - Prof Ian Walden (QMUL), Det Sup Charlie McMurdie (Met Police), Neil Hare-Broom (QCC Forensics)
Cyber-crime is getting more sophisticated; we are seeing seized PCs with over a dozen virtual machines, or more than 8TB of data to be examined. Some suspects have literally dozens of online IDs. The problem is made worse by the declining effectiveness of anti-malware protection, the growing pressure (from economy and convenience) for businesses to allow use of employee devices for work, and the jurisdictional challenges of cloud computing. The panel couldn't offer a simple answer, with views from "it can only get worse" to "we have to do what we can to help ordinary users and shouldn't just accept that this happens". Again, the question of how much we accept poor reliability in software came up - should we extend consumer protection law to cover the quality of software security? Ditto for enforcing pervasive use of encryption to protect payment details. Interestingly, the police officer was wary of adding more and more laws, on the basis that threats of prosecution can deter reporting - carrots are better than sticks.