ETYK III-vaihe (Tasavallan Presidentin esittämä Suomen puheenvuoro 31.7.1975 = Conference on Security and Co-operation in Europe = main speech of Finland delivered by President Urho Kekkonen July 31, 1975)

Puhe

Balancing knowledge sharing and protection in collaborative innovation - The roles and dynamics of contracts, IPR's and trust

Pro-gradu tutkielman tavoitteena on tutkia, miten yritykset tasapainoilevat tiedon jakamisen ja suojaamisen välillä innovaatioyhteistyöprojekteissa, ja miten sopimukset, immateriaalioikeudet ja luottamus voivat vaikuttaa tähän tasapainoon. Yhteistyössä yritysten täytyy jakaa tarpeellista tietoa kumppanilleen, mutta toisaalta niiden täytyy varoa, etteivät ne menetä ydinosaamiseensa kuuluvaa tietoa ja kilpailuetuaan. Yrityksillä on useita keinoja tietovuodon estämiseen. Tutkielmassa keskitytään patenttien, sopimusten ja liikesalaisuuksien käyttöön tietoa suojaavina mekanismeina. Kyseiset suojamekanismit vaikuttavat luottamukseen kumppaneiden välillä, ja täten myös näiden halukkuuteen jakaa tietoa kumppaneilleen. Jos kumppanit eivät jaa tarpeeksi tietoa toisilleen, voi yhteistyö epäonnistua. Sopimusten, immateriaalioikeuksien ja luottamuksen rooleja ja vuorovaikutusta tutkitaan kahdenvälisissä yhteistyöprojekteissa. Tutkielmassa esitellään neljä case-esimerkkiä, jotka on koottu suomalaisen metsätoimialan yrityksen haastatteluista.

Wireless Technologies in e-Business; Services, Security and Management

Uusien mobiilien laitteiden ja palveluiden kehitys ovat herättäneet yritysten mielenkiinnon soveltaa langattomia sovelluksia omassa liiketoiminnassaan. Erilaisten tekniikoiden myötä myös mahdollisuuksien kirjo on laajentumassa, mikä johtaa erilaisten verkkojen ja laitteiden yhtenäiselle hallinnalle asetettavien vaatimusten kasvuun. Yritysten siirtyessä soveltamaan uusia langattomia palveluita ja sovelluksia on myös huomioon otettavaa sovellusten sekä palveluiden vaatima tietoturva ja sen hallittavuus. Tutkimuksessa esitetään langattoman sähköisen liiketoiminnan määritelmä sekä kyseisien teknologioiden käyttöä edistävät tekijät. Tutkimus luo viitekehyksen yrityksen langattomien teknologioiden käytölle ja siihen olennaisesti vaikuttavista tekijöistä. Viitekehystä on käytetty todelliseen esimerkkiin, liikkuva myyntihenkilö, kyseisten teknologioiden, palveluiden, tietoturvan ja hallittavuuden näkökulmasta. Johtopäätöksinä on arvioitu mobiilien ja langattomien teknologioiden sekä palveluiden, tietoturvan ja hallittavuuden tilaa ja analysoimalla niitä tulevaa ajatellen.

Security and Privacy in a Ubiquitous Information Screen

We expose the ubiquitous interaction between an information screen and its’ viewers mobile devices, highlights the communication vulnerabilities, suggest mitigation strategies and finally implement these strategies to secure the communication. The screen infers information preferences’ of viewers within its vicinity transparently from their mobile devices over Bluetooth. Backend processing then retrieves up-to-date versions of preferred information from content providers. Retrieved content such as sporting news, weather forecasts, advertisements, stock markets and aviation schedules, are systematically displayed on the screen. To maximise users’ benefit, experience and acceptance, the service is provided with no user interaction at the screen and securely upholding preferences privacy and viewers anonymity. Compelled by the personal nature of mobile devices, their contents privacy, preferences confidentiality, and vulnerabilities imposed by screen, the service’s security is fortified. Fortification is predominantly through efficient cryptographic algorithms inspired by elliptic curves cryptosystems, access control and anonymity mechanisms. These mechanisms are demonstrated to attain set objectives within reasonable performance.

Same- and Other-Sex Victimization : Risk Factors, Consequences, and Protection by Peers

Bullying can be viewed as goal-oriented behavior in the strive for dominance and prestige in the peer group (Salmivalli, 2010). To ensure the effectiveness of their power demonstrations, bullies often choose targets from among their vulnerable peers (Salmivalli, 2010; Veenstra et al., 2007). A large number of studies have also shown that victimization has severe consequences for the victims’ psychosocial adjustment (Reijntjes, Kamphuis, Prinzie, & Telch, 2010; Ttofi, Farrington, Lösel, & Loeber, 2011). In this thesis I investigate – based on three empirical studies – whether similar dynamics on the risk factors and consequences apply to same- and other-sex victimization. In the empirical studies, we used the data from the randomized control trial of the KiVa antibullying program for the elementary school grades 4–6 (2007–2008), and for the middle school grades 7–9 (2008–2009). We measured same- and other-sex victimization, and victims’ defending relationships by dyadic questions: “By which classmates are you victimized?” and “By which classmates are you supported, comforted, or defended?” In addition, we used self-reports and peer reports to measure adjustment and social status. The findings imply that other-sex victimization may be challenging for antibullying work. First, although targets of bullying seemed to be selected from among vulnerable peers for the most part, perceived popularity increased the risks of other-sex victimization. Popularity of these victims may falsely lead to an impression that the victims are doing well. Second, the consequences considering victims’ later psychosocial adjustment were alarming concerning girls bullied by boys. Thus, despite the fact that the targets may be perceived as popular, other-sex victimization can have even more severe consequences than same-sex victimization. Third, we found that defending relationships were mostly same-sex relationships, and consequently, we may ask whether defending is effective against other-sex bullies. Finally, the KiVa antibullying program was less effective against other-sex victimization in the adolescent sample. The findings altogether emphasize the importance of taking into account the sex composition of the bully-victim dyad, both considering future research on bullying and in the antibullying work with children and adolescents.

Software Security Design and Testing

Elektroninen kaupankäynti ja pankkipalvelut ovat herättäneet toiminnan jatkuvuuden kannalta erittäin kriittisen kysymyksen siitä, kuinka näitä palveluja pystytään suojaamaan järjestäytynyttä rikollisuutta ja erilaisia hyväksikäyttöjä vastaan.

Formal and informal mechanisms for knowledge protection and sharing

The most important knowledge in firms is mostly tacit and embedded in individuals within the organization. This background knowledge that firms possess is used for creation of new knowledge and innovations. As firms today greatly concentrate on their core competencies, they need external knowledge from various collaboration partners. Thus, collaborative relationship governance, as well as control (use of appropriability mechanisms) over background (the input from each firm in innovative activities) and foreground knowledge (the output of collaboration activities) is needed in order to successfully create and capture value from innovative activities without losing core knowledge and competitiveness. Even though research has concentrated on knowledge protection and knowledge sharing, studies that combine both of these views and examine the effects of sharing and protection on value creation and capture have been rather limited. Studies have mainly focused on the protection of the output of innovation while forgetting the protection of the input of innovation. On the other hand, as the research concentrating on the output of innovation tends to favor formal mechanisms, informal mechanisms have remained more unknown to researchers as well as managers. This research aims to combine the perspectives of knowledge sharing and knowledge protection and their relationship with value creation and value capture. The sharing and protection are viewed from two points of view: the use of appropriability mechanisms, as well as governance of the collaborative relationship. The study consists of two parts. The first part introduces the research topic and discusses the overall results. The second part comprises six complementary research publications. Both qualitative and quantitative research methods are used in the study. In terms of results, the findings enhance understanding of the combined use of formal and informal mechanisms for knowledge protection and sharing. Informal mechanisms appear to be emphasized in the protection of background knowledge, and thus are prerequisites for innovation, whereas formal mechanisms are relied on more for protecting the results of innovative activities. However, the simultaneous use of the formal and informal mechanisms that are relevant to the particular industry and innovation context is recommendedthroughout the collaborative innovation process. Further, the study adds to the current knowledge on HRM as an appropriability mechanism: on the firm level its uses include assessing and hedging against employee-related risks such as knowledge leaking and knowledge leaving. A further contribution is to the research on HRM protection and its interrelations with other appropriability mechanisms, its constituents, and its potential use in the area of knowledge protection.

Cyber security in home and small office local area networks - Attack vectors and vulnerabilities

This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not many papers present full scale attack examples towards LAN. First this thesis categorizes different security threads and later in the paper methods to launch the attacks are shown by example. Offensive security and penetration testing is used as research methods in this thesis. As a result of this thesis an attack is conducted using vulnerabilities in WLAN, ARP protocol, browser as well as methods of social engineering. In the end reverse shell access is gained to the target machine. Ready-made tools are used in the attack and their inner workings are described. Prevention methods are presented towards the attacks in the end of the thesis.

Dynamic Runtime Variation and Branding in S60 Software

Diplomityössä tutkitaan keinoja brändätä ja varioida S60-ohjelmistoja dynaamisesti ja ajonaikaisesti. S60 on kehitysalusta, jota käyttävät useat puhelinvalmistajat ja heidän puhelimiaan käyttävät lukuisat eri operaattorit. Operaattorit haluavat puhelimiensa tai osan puhelimen sovelluksista erottuvan kilpailijoista heidän omalla brändillään ja tämän takia täytyy olla keinot joko koko puhelimen, tai valittujen sovellusten brändäykselle. Osa sovelluksista saatetaan haluta vaihtavan käytettyä brändiä sen käyttämien resurssien, kuten verkkopalvelimen, mukaan. Variointidataa tulee myös pystyä jakamaan eri sovellusten tai sovellusten osien kesken. Työssä esitellään Symbian käyttöjärjestelmä ja S60 kehitysympäristö, sekä pohditaan Symbianin turvallisuuskäytäntöjen tuomia haasteita variointidatan jakamiseen eri sovellusten välillä. Olemassaolevia variointitapoja tutkitaan työn mahdolliseksi pohjaksi. Työ sisältää esittelyn projektista, jossa kehitettiin erään S60 sovelluksen dynaaminen brändäystoteutus, joka myös mahdollistaa variointidatan jakamisen eri sovellusten kanssa.

Database Rights in Safe European Home: The Path to More Rigorous Protection of Information

1. Introduction "The one that has compiled ... a database, the collection, securing the validity or presentation of which has required an essential investment, has the sole right to control the content over the whole work or over either a qualitatively or quantitatively substantial part of the work both by means of reproduction and by making them available to the public", Finnish Copyright Act, section 49.1 These are the laconic words that implemented the much-awaited and hotly debated European Community Directive on the legal protection of databases,2 the EDD, into Finnish Copyright legislation in 1998. Now in the year 2005, after more than half a decade of the domestic implementation it is yet uncertain as to the proper meaning and construction of the convoluted qualitative criteria the current legislation employs as a prerequisite for the database protection both in Finland and within the European Union. Further, this opaque Pan-European instrument has the potential of bringing about a number of far-reaching economic and cultural ramifications, which have remained largely uncharted or unobserved. Thus the task of understanding this particular and currently peculiarly European new intellectual property regime is twofold: first, to understand the mechanics and functioning of the EDD and second, to realise the potential and risks inherent in the new legislation in economic, cultural and societal dimensions. 2. Subject-matter of the study: basic issues The first part of the task mentioned above is straightforward: questions such as what is meant by the key concepts triggering the functioning of the EDD such as presentation of independent information, what constitutes an essential investment in acquiring data and when the reproduction of a given database reaches either qualitatively or quantitatively the threshold of substantiality before the right-holder of a database can avail himself of the remedies provided by the statutory framework remain unclear and call for a careful analysis. As for second task, it is already obvious that the practical importance of the legal protection providedby the database right is in the rapid increase. The accelerating transformationof information into digital form is an existing fact, not merely a reflection of a shape of things to come in the future. To take a simple example, the digitisation of a map, traditionally in paper format and protected by copyright, can provide the consumer a markedly easier and faster access to the wanted material and the price can be, depending on the current state of the marketplace, cheaper than that of the traditional form or even free by means of public lending libraries providing access to the information online. This also renders it possible for authors and publishers to make available and sell their products to markedly larger, international markets while the production and distribution costs can be kept at minimum due to the new electronic production, marketing and distributionmechanisms to mention a few. The troublesome side is for authors and publishers the vastly enhanced potential for illegal copying by electronic means, producing numerous virtually identical copies at speed. The fear of illegal copying canlead to stark technical protection that in turn can dampen down the demand for information goods and services and furthermore, efficiently hamper the right of access to the materials available lawfully in electronic form and thus weaken the possibility of access to information, education and the cultural heritage of anation or nations, a condition precedent for a functioning democracy. 3. Particular issues in Digital Economy and Information Networks All what is said above applies a fortiori to the databases. As a result of the ubiquity of the Internet and the pending breakthrough of Mobile Internet, peer-to-peer Networks, Localand Wide Local Area Networks, a rapidly increasing amount of information not protected by traditional copyright, such as various lists, catalogues and tables,3previously protected partially by the old section 49 of the Finnish Copyright act are available free or for consideration in the Internet, and by the same token importantly, numerous databases are collected in order to enable the marketing, tendering and selling products and services in above mentioned networks. Databases and the information embedded therein constitutes a pivotal element in virtually any commercial operation including product and service development, scientific research and education. A poignant but not instantaneously an obvious example of this is a database consisting of physical coordinates of a certain selected group of customers for marketing purposes through cellular phones, laptops and several handheld or vehicle-based devices connected online. These practical needs call for answer to a plethora of questions already outlined above: Has thecollection and securing the validity of this information required an essential input? What qualifies as a quantitatively or qualitatively significant investment? According to the Directive, the database comprises works, information and other independent materials, which are arranged in systematic or methodical way andare individually accessible by electronic or other means. Under what circumstances then, are the materials regarded as arranged in systematic or methodical way? Only when the protected elements of a database are established, the question concerning the scope of protection becomes acute. In digital context, the traditional notions of reproduction and making available to the public of digital materials seem to fit ill or lead into interpretations that are at variance with analogous domain as regards the lawful and illegal uses of information. This may well interfere with or rework the way in which the commercial and other operators have to establish themselves and function in the existing value networks of information products and services. 4. International sphere After the expiry of the implementation period for the European Community Directive on legal protection of databases, the goals of the Directive must have been consolidated into the domestic legislations of the current twenty-five Member States within the European Union. On one hand, these fundamental questions readily imply that the problemsrelated to correct construction of the Directive underlying the domestic legislation transpire the national boundaries. On the other hand, the disputes arisingon account of the implementation and interpretation of the Directive on the European level attract significance domestically. Consequently, the guidelines on correct interpretation of the Directive importing the practical, business-oriented solutions may well have application on European level. This underlines the exigency for a thorough analysis on the implications of the meaning and potential scope of Database protection in Finland and the European Union. This position hasto be contrasted with the larger, international sphere, which in early 2005 does differ markedly from European Union stance, directly having a negative effect on international trade particularly in digital content. A particular case in point is the USA, a database producer primus inter pares, not at least yet having aSui Generis database regime or its kin, while both the political and academic discourse on the matter abounds. 5. The objectives of the study The above mentioned background with its several open issues calls for the detailed study of thefollowing questions: -What is a database-at-law and when is a database protected by intellectual property rights, particularly by the European database regime?What is the international situation? -How is a database protected and what is its relation with other intellectual property regimes, particularly in the Digital context? -The opportunities and threats provided by current protection to creators, users and the society as a whole, including the commercial and cultural implications? -The difficult question on relation of the Database protection and protection of factual information as such. 6. Dsiposition The Study, in purporting to analyse and cast light on the questions above, is divided into three mainparts. The first part has the purpose of introducing the political and rationalbackground and subsequent legislative evolution path of the European database protection, reflected against the international backdrop on the issue. An introduction to databases, originally a vehicle of modern computing and information andcommunication technology, is also incorporated. The second part sets out the chosen and existing two-tier model of the database protection, reviewing both itscopyright and Sui Generis right facets in detail together with the emergent application of the machinery in real-life societal and particularly commercial context. Furthermore, a general outline of copyright, relevant in context of copyright databases is provided. For purposes of further comparison, a chapter on the precursor of Sui Generi, database right, the Nordic catalogue rule also ensues. The third and final part analyses the positive and negative impact of the database protection system and attempts to scrutinize the implications further in the future with some caveats and tentative recommendations, in particular as regards the convoluted issue concerning the IPR protection of information per se, a new tenet in the domain of copyright and related rights.

Delivery of European Cross-Border Health Care and the Relevance and Effects of EU Regulations and Judicial Processes with Reference to Delivery of Drugs and Blood Donor Information Material.

Valtion rajat ylittävät terveyspalvelut Euroopan unionissa sekä Euroopan unionin säädösten merkitys ja vaikutus erityisesti lääkejakeluun ja verenluovuttajille jaettavaan tiedotusaineistoon Valtion rajat ylittävä terveydenhuolto on suuren kiinnostuksen kohteena Euroopan unionissa. Resurssien hyödyntäminen parhaalla mahdollisella tavalla ja tiedon keskittäminen ovat tarpeen terveydenhuollon kustannusten alati noustessa. Terveydenhuoltopalvelut kuuluvat Euroopan sisämarkkinoiden vapaan liikkuvuuden piiriin. Euroopan unionilla ei ole kuitenkaan toimivaltaa säädellä terveydenhuoltojärjestelmiä, vaan sen mahdollisuudet ovat enimmäkseen kansanterveyden edistämisessä ja suojelussa, myös muilla toimialueilla kuin terveydenhuollossa. Tutkimuksen tavoitteena oli tutkia Euroopan unionin säädösten vaikutusta terveydenhuoltosektoriin, erityisesti valtion rajat ylittäviin terveydenhuoltopalveluihin. Erityiskohteena olivat lääkemääräyksen toimittaminen toisen Euroopan unionin jäsenmaan apteekista, resepti-lääkkeiden maahantuonti omaan henkilökohtaiseen käyttöön, sähköisen lääkemääräyksen käyttö kansallisesti ja mahdollisuudet sen käyttöön eri jäsenmaiden välillä, online-apteekkien soveltuvuus Euroopan unionin sisämarkkinoille sekä verenluovuttajille jaettavan tiedotusaineiston yhtenäistämistarve Euroopan unionin alueella. Tutkimuksen osa-alueiden aineisto koottiin vuosina 1999–2003, jolloin Euroopan unioniin kuului 15 jäsenmaata. Apteekit toimittivat useimmiten myös ei-kansalliset, toisessa Euroopan unionin jäsenmaassa annetut lääkemääräykset. Kaikki jäsenmaat rajoittivat lääkemääräyksen vaativien lääkkeiden maahantuontia. Rajoituksia oli maahantuontimäärissä ja -tavoissa. Lisäksi sairasvakuutuskorvausten saaminen ulkomailla lunastetuista reseptilääkkeistä oli hankalaa. Sähköiset lääkemääräykset olivat käytössä vain kahdessa maassa, mutta useissa maissa suunniteltiin niiden kokeilua. Standardit ja käyttöjärjestelmät olivat erilaisia eri maissa. Euroopan unionin alueelle on perustettu online-apteekkeja, joiden toiminta on kuitenkin vaatimatonta. Verenluovuttajille annettava tiedotusaineisto ei missään maassa täyttänyt veridirektiivin vaatimuksia. Tutkimuksen tulokset osoittivat kansallisten käytäntöjen eroavaisuuksien rajoittavan valtion rajat ylittäviä terveydenhuoltopalveluita. Vaikka Euroopan unionin tavoitteena ei ole yhtenäistää terveydenhuoltojärjestelmiä, on tarpeen arvioida uudelleen unionin ja jäsenmaiden välistä työnjakoa. Kansalliset terveydenhuoltojärjestelmät eivät ole erillään Euroopan sisämarkkinoista, jotka merkittävästi vaikuttavat terveydenhuoltoon.

Vuokratyöntekijän työsuhdeturva: Sääntelyn haasteita ja tulkintoja

Tutkimus pyrkii selvittämään, vastaako vuokratyöntekijän työsuhdeturva työlainsäädännön tavoitteita ja niiden taustalla vaikuttavaa työntekijän suojelun periaatetta. Lainsäädännössä vuokratyöntekijän työsuhdeturvan kohdalla olevat keskeisimmät aukkokohdat ja tulkinnat esitetään juridisen argumentaation avulla. Tilanteen tekee ongelmalliseksi erityisesti se, että nykylainsäädäntö ei varsinaisesti estä käyttämästä vuokratyössä toistuvia, kunkin toimeksiannon mittaisia määräaikaisuuksia. Tulokset osoittavat, että sekä kollektiivinen että individuaaliperusteinen irtisanomissuoja on käytännössä heikko. Lisäksi työsuhdeturvan ja joustavuuden tasapaino työmarkkinoilla näyttää olevan melko vaikea yhtälö ratkaistavaksi. Eräänä mahdollisena ratkaisuna tutkimuksen lopussa esitetään Ruotsissa käytössä oleva malli, jossa työntekijät ovat toistaiseksi voimassa olevissa työsuhteissa, ja saavat palkkaa myös toimeksiantojen väliseltä ajalta. Järjestelmään liittyy vahvasti myös alan järjestäytyminen ja eettisten pelisääntöjen määritteleminen liittojen välisin sopimuksin. Tällä tavalla vuokratyöntekijän työsuhdeturvaan liittyvät ongelmakohdat ratkaistaan, mutta toisaalta vuokratyön työllisyyttä ja kilpailukykyä tukeva vaikutus menetetään. Vaihtoehtoisina keinoina on esitetty lukuisia kevyempiä keinoja yksittäisten ongelmakohtien ratkaisuksi.