Computer underground Digest Mon Sep 7, 1992 Volume 4 : Issue 42 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Copy Editor: Etaion Shrdlu, Jrr. Archivist: Brendan Kehoe Shadow-Archivist: Dan Carosone CONTENTS, #4.42 (Sep 7, 1992) File 1--Moderators' Corner - COMP hierarchy and future issues File 2--Problem with refused back issue requests is resolved File 3--Call for Papers File 4--Updates to CPSR Listserv File Archive File 5--TAP and Bringing Gov't into the Electronic Age File 6--Reflections on INFOWEEK's CU-related stories File 7--Software Piracy--The Social Context Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au For bitnet users, back issues may be obtained from the mail server at mailserv@batpad.lgb.ca.us European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: 06 Sep 92 19:01:27 CDT From: Moderators Subject: File 1--Moderators' Corner - COMP hierarchy and future issues We're back to a once-a-week schedule (we hope), although Labor Day disrupted the normal Sunday posting. The next three issues will be thematic: #4.43 will be a collection of retrospective reviews on Cliff Stoll's The Cuckoo's Egg; #4.44 will be a fairly neutral summary and description of the Software Publisher Association's policies, goals, and activities; and #4.45 will be a critique/response to some of these policies. We will invite the SPA to respond in #4.46. We also remind users that alt.society.cu-digest will be gone soon, replaced by comp.society.cu-digest. If you sub through the alt group, be sure to join the comp version instead. If you're a sysad, be sure you facilitate the change ASAP, because we have received a number of queries asking why the comp version is not yet available on some systems. If your system is one on which it's not available in the comp group, ask your sysad, not us. We just work here. ------------------------------ Date: 06 Sep 1992 21:44:51 +0000 (GMT) From: mike@BATPAD.LGB.CA.US Subject: File 2--Problem with refused back issue requests is resolved When I set up the mailserv the handle the AOT-D list and the archive of back issues, I neglected to add the AOTD directory to the valid paths file that the mailserv checks before sending a file. This is why you have been getting refused messages when requesting a back issue. This is fixed now. I just tested it, and a request for vol1.zoo was correctly queued to send. Sorry for the confusion. ------------------------------ Date: Thu, 3 Sep 92 21:36:03 EDT From: "Jay A. Wood" Subject: File 3--Call for Papers *AN INVITATION FOR THE SUBMISSION OF ARTICLES TO THE JOURNAL* The Editorial Board of the Journal invites you to participate in our continuing exploration of computers, technology, and the law by submitting your article or commentary for publication. Appropriate material would include articles, essays, comments, and other items of interest in the area of technological advancement. The Journal is published twice annually. Manuscripts should be double-spaced, including footnotes in accordance with the format rules set forth in _A Uniform System of Citation_. All manuscripts submitted for publication are acknowledged and duly considered for publication. Editors work closely with prospective authors to ensure timely and accurate publication. Send your submission to: Rutgers Computer and Technology Law Journal Rutgers School of Law 15 Washington Street Newark, NJ 07102 or call 201/648-5549 or mail jwood@andromeda.rutgers.edu *RECENT ARTICLES INCLUDE* - Copyright and trade secret protection for chips, screen designs, computer manuals, and computer created works. - The patent, tort, and regulatory implications of recent biotechnology developments. - New environmental technologies and waste treatment techniques. - Government acquisition of software and copyrights. - The use of computer, biological, or other high technology evidence in civil and criminal trials. - Copyright, free speech, and regulatory issues of new transmission techniques; satellites, electronic bulletin boards, and cable television. - The ethical and malpractice issues arising from professional reliance on artificial intelligence systems. - Sales and property taxation problems in the computer hardware and software industries. - The use of computerized legal research systems. - Automated data processing systems in governmental agencies and courts. Because the nexus between computers, technology, and the law is constantly changing, any topic list can give only a general indication of the scope of this Journal. Thus, this list highlights - but does not exhaust - topics covered in recent issues. *UP-TO-DATE LEGAL GUIDE TO NEW TECHNOLOGIES* First to enter the field and now in its third decade of publication, the Journal provides attorneys and scholars with a guide to issues arising from the interaction of computers, emerging technologies, and the law. The JournalUs broad national and international circulation has established its reputation as an effective and respected forum for technology issues. The Journal has been cited in numerous texts and articles, both foreign and domestic, and by the United States Supreme Court. In addition to provocative articles by leading commentators and jurists, the Journal publishes timely book reviews by authorities in the field and includes a comprehensive research source: _The Index and Annual Selected Bibliography on Computers, Technology, and the Law_. The Journal is an effective means of staying abreast of the latest judicial and theoretical developments in the rapidly changing computer and high technology areas. ------------------------------ Date: Fri, 4 Sep 1992 16:05:05 EDT From: Paul Hyland Subject: File 4--Updates to CPSR Listserv File Archive To CPSR List subscribers, Welcome to new subscribers -- in case you haven't noticed, we try to keep traffic on this list to a minimum, reserving it for important announcements and information about CPSR and the issues it tries to address as an organization. We have substantially more information stored on a Listserv file server. The complete list of files is stored in the file CPSR ARCHIVE, and periodically updates to the archive are posted to the list. To obtain any of the files listed below, or others on the archive, send commands to listserv@gwuvm.gwu.edu. In a mail message, put one command per line, starting with the first one. The command: GET will retrieve files. For example: GET CPSR ARCHIVE GET CPSR BROCHURE GET NRENPRIV TESTMONY Any questions, comments, or complaints about the listserv should be directed to me, phyland@gwuvm.gwu.edu. Any questions about CPSR, address changes for members, and the like, should be directed to cpsr@csli.stanford.edu. Paul Hyland Owner, CPSR List +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Filename Filetype Lines Description ++++++++ ++++++++ +++++ +++++++++++ CPSR-92 PROGRAM 213 CPSR Annual Meeting Program w/ confirmed speakers Palo Alto, CA -- October 17-18, 1992 PDC-92 PROGRAM 126 CPSR Participatory Design Conference Program Cambridge, MA -- November 6-7, 1992 NREN PRIVACY 0 **added as this, then updated and renamed to -- NRENPRIV TESTMONY 396 "Proposed Privacy Guidelines for the NREN" presented at a hearing of the National Commission on Libraries and Information Sciences (NCLIS), July 21, 1992. CRYPTO LETTER 380 Letter from CPSR to Rep. Jack Brooks, chair of of House Judiciary Committee, on computer security and cryptography policy CPSRBERK 3Q92 573 CPSR/Berkeley Electronic Newsletter Third Quarter, 1992 CPSR-DC JUNE1992 251 CPSR/DC Electronic Newsletter -- June 1992 HR2772 FACTS 0 **Deleted** (superseded by GATEWAY FACTS) GATEWAY FACTS 161 Taxpayer Assets Project Fact Sheet on GPO WINDO and GPO Gateway to Government Bills GATEWAY STATEMENT 244 Taxpayer Assets Project statement on GPO WINDO/ Gateway submitted for joint hearing 7/23/92 AOT SAMPLE 815 Sample Issue of Art of Technology Digest - #2 August 4, 1992 ------------------------------ Date: Wed, 9 Sep 1992 11:59:46 CDT From: James P Love Subject: File 5--TAP and Bringing Gov't into the Electronic Age Comments on Proposed Revisions of OMB Circular A-130 Taxpayer Assets Project P.O. Box 19367 Washington, DC 20036 Internet: tap@essential.org August 27, 1992 1. THE TAXPAYER ASSETS PROJECT The Taxpayer Assets Project (TAP) was started by Ralph Nader to monitor the sale and management of government property. Among the public assets that we have investigated are government information resources, government-funded software, and government-funded information systems. We have been particularly interested in issues relating to the pricing of government information products and services, public access to taxpayer- funded information and information systems, and the quality and nature of government information products and services. TAP has also undertaken a number of case studies of the impact of federal efforts to privatize the dissemination of government information. TAP is also engaged in research on a wide range of other topics, including, for example, the management of federally owned mineral and timber resources, licensing of federally funded inventions such as pharmaceutical drugs, the allocation of rights to use public airwaves, public infrastructure investments, and many other items. In *all* of these endeavors, TAP is a consumer of government information. We need to obtain information from dozens of federal agencies on many different topics. Consider just two examples: i. In our study of federal oil and gas resources, we need access to Department of Interior (DOI) databases on OCS oil and gas lease auctions, Department of Energy (DOE) databases on oil output, consumption, and prices, and Federal Reserve databases on bond yields for federal debt. ii. In our research on government licensing of pharmaceutical drugs we need access to databases on FDA approvals of new drugs, federally funded medical research, patents, and federal tax expenditures for orphan drugs. For many projects we need access to information on corporations that are reported in SEC filings, or agency notices that are published in the Federal Register. This list could be expanded with countless other federal information products and services. TAP uses these information resources to do research and produce reports and studies. Thus, TAP is both a consumer of government information resources, and a producer of value added information products and services. 2. CITIZENS NEED MECHANISMS TO TELL AGENCIES HOW INFORMATION POLICIES CAN BE IMPROVED The federal government spends billions of tax dollars every year to collect and store of information. These expenditures create resources that often have multiple uses, including uses that are beyond the agency's mission. But agencies are often indifferent to the public interest in the information resources that they manage. Agencies should be required to accept comments from the public on a wide range of information management issues, including policies on the collection and the dissemination of information. Citizens should have mechanisms to regularly inform agencies of changes in policies and practices that will allow citizens to better utilize federal information resources. 3. PUBLIC NOTICE SECTIONS IN A-130 SHOULD BE EXPANDED TO ADDRESS A WIDE RANGE OF PUBLIC INTEREST CONSIDERATIONS The proposed Circular requires agencies to provide notice and accept public comments before an agency can create or terminate a major information program. This is too narrow a scope for public notice and comment. Citizens should have opportunities to tell agencies when services are inadequate or poorly designed, and citizens should also have opportunities to ask agencies to create new information products and services. Agencies often commit errors of omission. Failures to provide public access to taxpayer-funded information systems, or to embrace new technologies (online systems, CD-ROMs, etc) or standards are common and important errors of omission. Regular opportunities for public comment on agency information management policies and practices would provide an important mechanism to identify such errors. 4. AGENCY PUBLIC NOTICE REQUIREMENTS SHOULD INCORPORATE THE PROPOSALS IN H.R. 3459, THE IMPROVEMENT OF INFORMATION ACCESS ACT. H.R. 3459, the Improvement of Information Access Act (IIA Act), provides a model for public notice and comment on federal information policy. The proposals in the IIA Act were developed by a large working group of librarians, researchers, and agency officials. The public notice sections would provide the following mechanism: i. Every year all federal agencies would be required to publish a report which describes: - plans to introduce or discontinue information products and services, - efforts to develop or implement standards for file and record formats, software query command structures, and other matters that make information easier to obtain and use, - the status of agency efforts to create and disseminate comprehensive indexes or bibliographies of their information products and services, - how the public may access the agencies information, - plans for preserving access to electronic information that is stored in technologies that may be superseded or obsolete, and - agency plans to keep the public aware of its information resources, services, and products. i. Agencies would be required to solicit public comments on this plan, including comments on the types of information collected and disseminated, the agency's methods of storing information, their outlets for disseminating information, the prices they charge for information, and the "validity, reliability, timeliness, and usefulness to the public of the information." The agency would be required to summarize the comments it received and report each year what it had done to respond to the comments received in the previous year. The issues addressed in H.R. 3459 are the types of things that are needed to make agencies more responsive to citizens who use federal information resources. In comparison, the public notice and comment provisions of the current draft of A-130 are limited and static. We need the flexible and dynamic approach embraced in H.R. 3459, to address the concerns of data users as technologies change and as the uses of federal information resources change. 5. THE USE OF STANDARDS MAKES GOVERNMENT INFORMATION EASIER TO OBTAIN AND USE Few citizens are highly trained in using computers. Standards for file formats, software interfaces, query commands and other items will make it easier for the public to obtain and use agency information resources. A-130 should require agencies to use standardized record and file formats and software interfaces. Computer technologies are rapidly changing. Because technologies and standards are constantly evolving, agencies should be required to accept regular and frequent input from data users. 6. DATA COLLECTION ISSUES ARE IMPORTANT Citizens need information to understand the world around them. Agencies should encourage public debates over information collection issues. For example: - The SEC should regularly accept public comments on the types of information that should be reported in corporate disclosure filings. Investors or citizens who monitor corporate activities should have opportunities to tell the SEC the types of the information that should be included on corporate 10k reports, insider trading reports, stock prospectuses, and other filings. - Historically the taxpayers finance about half of all U.S. R&D expenditures. One measure of the efficacy of those investments are patents from inventions that were financed by the taxpayers. The Patent and Trademark Office should collect information on patent applications that identify the role of federal funds in the development of the inventions. - Prescription drugs are one of the fastest growing elements of the nation's enormous health care bill. The federal government funds more than $10 billion in medical research, and provides a wide array of special marketing monopolies and tax expenditures to the pharmaceutical industry. In order to evaluate the reasonableness of the prices for prescription drugs, particularly those developed with federal funds, the federal government should collect data on the costs of drug development. The government should also collect information on drug prices and revenues and the amount of money the government spends buying government developed but privately marketed drugs through medicaid and medicare. - Many economists say the recent boom and bust in commercial real estate was a major contributor to the collapse of the savings and loan industry and the weakening of the commercial banking system, which has contributed to the current recession. Pensions funds have also lost billions of dollars in commercial real estate markets. The Bureau of the Census spends millions of dollars every year on a monthly survey of building permits. This survey collects information on the *value* of permits issued. Most real estate researchers want Census to collect information on the *square feet* of building permits, since that statistic is a much better predictor of real estate supply. Better information on the supply of commercial real estate would help prevent costly investor mistakes. These are just a few of the countless data collection issues that deserve far more debate. Agencies are often out of touch with citizen concerns about information collection issues, and they need to be required to accept suggestions on these issues. 7. CONFLICTS OF INTEREST ARE IMPORTANT, AND SHOULD BE ADDRESSED IN A-130 Many agencies contract out data processing services to firms that sell agency information to citizens. Conflicts of interest abound. Frequently the contractor has an interest in restricting public access to the agency information systems, so the contractor can sell the data through its own retail outlets. For example: - Mead Data Central will receive $13.5 million from the SEC to provide online full text searching of the EDGAR database system. Mead is also the SEC subcontractor in charge of providing public access to the EDGAR database. But since Mead wants to sell SEC information to the public through its own LEXIS service, it has restricted public access to taxpayer financed EDGAR system. - Westlaw has a contract to create a digital version of federal caselaw for the Justice Department's JURIS online database system. But Westlaw wants to sell the public those same records thought its own high priced online service, and it has obtained a contact that restricted public access to the Department of Justice's very important JURIS system. In doing so Westlaw has not only denied the taxpayers access to an important government database, but it has also prevented rival database vendors from obtaining the JURIS database in order to compete with Westlaw and Lexis, the two firms that currently enjoy a duopoly in the market for online access to federal legal opinions. A-130 should address these types of agreements, instructing agencies to insure that private contractors do not use federal data processing contracts to obtain unfair advantages over their rivals, or to deny the public access to information and information systems that they have already paid for through taxes. 8. HIGH PRICES FOR INFORMATION PRODUCTS AND SERVICES CREATES LARGE DISPARITIES BETWEEN CITIZENS BASED UPON THEIR ABILITY TO PAY The Taxpayer Assets Project is a nonprofit organization with a small budget. We simply cannot afford to buy many of the commercial services that provide access to government databases. The groups that are most able to afford these expensive services are those with large financial interests in narrow aspects of government policy. For example, most pharmaceutical firms have armies of lawyers, lobbyists and policy analysts who can afford to monitor every actions of the FDA, PTO, NIH, Congress and other government agencies, not to mention their private sector rivals. When access to government information is rationed according to willingness to pay, we find ourselves at an enormous disadvantage. Not only do the pharmaceutical companies have the resources to finance congressional and presidential campaigns, to dangle high paying jobs to former government officials, and to vastly outstaff groups that represent consumers and taxpayers, but they also are the only ones who can afford to use the databases that are funded by the taxpayers. This scenario, repeated throughout the government, is among the reasons that special interest groups can manipulate and control the government, at the expense of the broader public interest. A-130 should instruct agencies to consider the impact of information management policies on the prices that consumers will pay for access to taxpayer funded information resources. For example, if an agency can produce CD-ROM products for $35 or less, why should citizens be required to pay $500 to $10,000 to buy the information from commercial vendors? Likewise, if it costs between $15 and $35 an hour to provide online access to the PTO's APS, why should citizens be forced to pay $340 per hour to receive the same information through Lexis? Agencies should avoid policies that deliberately restrict public access to taxpayer funded information systems in order to bolster the business interests of commercial vendors, since this leads to even greater concentrations of political power. Low cost access to government information is needed to strengthen citizen involvement in government policy making. 9. OMB'S PROPOSED LIMITS ON PRICES FOR INFORMATION PRODUCTS AND SERVICES ARE NEEDED Among the best features of the proposed A-130 revision are the provisions that would limit agency prices for information products and services to the costs of dissemination. This is sorely needed. 10. AGENCIES ARE USING NTIS TO RAISE PRICES FOR INFORMATION PRODUCTS AND SERVICES FAR ABOVE DISSEMINATION COSTS Many agencies now have contracts that give NTIS exclusive rights to sell information at prices that far exceed dissemination costs. For example, the Federal Reserve sells its "bank call" reports on magnetic tape for $560 per quarter. Information from the Home Mortgage Disclosure Act (HMDA) is also very expensive. OMB should clarify an agency's responsibility to provide access to information at cost, when NTIS is simultaneously selling the information at huge markups. This is an enormous issue, given the large and rapidly growing electronic collections that NTIS currently manages. 11. THE FEDERAL DEPOSITORY LIBRARY PROGRAM SHOULD NOT BE SUBJECT TO A TECHNOLOGICAL SUNSET The federal Depository Library Program (DLP) provides 1,400 libraries with free access to federal information. This program, which has been around since the middle of the 19th century, is not a welfare program. It serves scholars, business persons, and many others who need access to federal information. We frequently use federal depository libraries. We cannot afford to buy all the government publications that we use, but even when prices are not an issue, we rely upon the library staff's expertise and indexing resources to discover publications that may be useful to us. The fact that information is disseminated in electronic formats should not eliminate an agency's responsibility to this important program. 12. ACCEPTING PUBLIC COMMENTS VIA ELECTRONIC MAIL OMB deserves a pat on the back for its efforts in using electronic mail networks such as the Internet to disseminate information about the proposed changes in the Circular, and to receive comments by electronic mail. These steps will broaden public awareness of the Circular, and allow a wider group of citizens to participate in the debate. We urge OMB to address this issue in the final draft of A-130. That is, OMB should encourage all federal agencies to use electronic mail networks to disseminate public notices *and* to accept public comments. It is particularly appropriate here, when many citizens who are interested in government information policy have access to such networks. Of course, these efforts should supplement and not replace other methods of providing public notice and accepting comments. +++++++++++++ James Love, Director VOICE: 215-658-0880 Taxpayer Assets Project FAX: call 12 Church Road INTERNET: love@essential.org Ardmore, PA 19003 ------------------------------ Date: 06 Sep 92 16:08:07 EDT From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 6--Reflections on INFOWEEK's CU-related stories Information Week and "Weak Links" The August 10, 1992 issue of INFORMATION WEEK (IW) features a story on "weak links" in data security. IW Editor Jerry Colonna writes that "We're not talking about hackers breaking into data centers. Much attention has been paid to the obvious targets, and many data centers now resemble medieval fortresses." We will try to ignore the fact that just a few weeks ago IW criticized the Computer Security Institute for using 'hacker' in reference to computer intrusion. (see "Pirate is PC?" in CuD 4.35) Colonna continues..."The problem is the low-tech access to your network. If the deli down the road has your fax number, chances are your competitors - or someone they hired - has it, too, and they can read everything you send or receive. Orders from customers, invoices from suppliers, Bank statements. Everything." (page 2) Later in the same editorial he discusses the dangers of forgetting that cellular phones can be overheard using a radio scanner. The featured article has some good advice, ranging from buying an encrypting phone for confidential conversations, to using fake names when discussing business on an unsecured channel. (Although the article didn't go so far as suggesting appropriate pseudonyms, I enjoyed using 'Red Rooster Four' back in the Radio Shack walkie-talkie days of my childhood. My friend Spencer was Red Rooster One. There were no 'Two' or 'Three', but we wanted it to sound like we had a bigger "army" then we actually did. A technique that might also be handy on your car phone.) And speaking of good advice, former Sun Devil mastermind Gail Thackeray is quoted in the article as urging businesses to stop being 'promiscuous' with their fax numbers. Also, she advises, all outgoing faxes should include a cover sheet saying that the fax is intended only for the addressee. She reportedly stresses that this is particularly important if the material in the fax is confidential. Unfortunately there is no further explanation of just what good stating this would do. It sounds vaguely like the "no cops allowed" sign-ons found on some CU bulletin boards, which Thackeray and her troops have no doubt ignored themselves. Another interesting, but questionable, tidbit is found on page 30... "If a corporate spy had to pick one 'darling' of the trade, it would undoubtedly be the fax machine, says a report from the American Institute For Business Research in Framingham, Mass. The report, 'Protecting Corporate America's Secrets In the Global Economy,' asserts that the fax is one of the easiest ways for spies to steal corporate information. For one, the report says, thieves can tap into the victim's fax line and create a shadow version of every fax the victim sends or receives." Now I'm not an electrical engineer, but doesn't this seem about as easy as getting three modems talking to each other all at once? I'm not saying that a fax can't be intercepted, through a data trap, but I don't think tapping a phone line and hanging an extra fax machine in the circuit is going to get you anywhere. Reminding people that faxed documents are inherently unsecure is a Good Thing, but this vague statement might only lead to additional paranoia and unwarranted concern. Unless, of course, this *is* something that is easily accomplished. In which case it should have been stated even more emphatically, and with more authority and credibility. The four page article ends with an appropriate quote from the security director at The Bank of Boston : "Technology can be your best friend. But it can also be your mortal enemy". All in all, not a bad thing to keep in mind. CompuServe Magazine and Death in Cyberspace. --------------------------------------------The September 1992 issue of CompuServe Magazine features "The Mourning After" by Hank Nuwer. (pp 32-34) Nuwer is a prolific author, including a recent book about Fraternity Hazing. (_Broken Pledges: The Deadly Rite of Hazing) In this article Nuwer discusses the grieving process, as experienced by online friends, when someone dies. The article touches upon four types of situations where online communities are affected by the death of a member, or in some cases the a death in the family of a community member. In the case of the latter, online communities can provide a supportive network, removed from the tragedy itself... People often feel threatened when required to express grief, but may be less intimidated expressing these thoughts online, according to Dr. Dorothy DeMoya, a consultant in {Compuserve's} Human Sexuality Information and Advisory Service. 'Among patients who've lost loved ones, strangers became family and family became strangers,' she says. 'To be able to establish online relationships like this is wonderful.' Another example of how virtual communities are affected by death and dying is illustrated by the unexpected death of Glenn Hart, sysop of the Fox Software Forum, and contributing writer to PC Magazine. After his death in January the forum was flooded with messages as members expressed their sorrow and memories of him. In this case, and in many others that Nuwer cites, the messages were captured and printed by a forum member. They have been given to Hart's widow, who is saving them for her younger children to read at the appropriate time. Finally, the article discusses the role of cyberspace in dealing with deaths of other than family members. Participants in the RockNet forum grieved the deaths of Bill Graham and Freddie Mercury, while the Space and Astronomy Forum dealt with the loss of the six US Astronauts lost in the 1986 Challenger Space Shuttle accident. Even members of the Pet Forum have found that online friends can help in adjusting to the loss of a favorite pet. Moderators' Note: This is an area that is ripe for additional research. CuD welcomes additional resources and references in this area. Readers may also be interested in 'Online Suicide' by Preston Gralla in the May 1991 issue of PC Computing. (p132+) "No Piracy Shield" Information Week reports that a US bankruptcy court in Los Angeles has ruled a defendant cannot avoid paying damages for software piracy by failing for bankruptcy. The ruling came down in Novell Inc v. Medperfect Systems Inc (owned by Ronald S. Frank). The article states that bankruptcy, in the past, has been used to avoid lawsuits over copyright infringement and the like. Information Week also reports that Medperfect admits to using unlicensed NetWare as the basis for systems sold in dentist offices in Southern California. Information Week July 13, 1992 p16 Phreak Insurance Information Week is reporting that Travelers Corporation is going to offer phone fraud insurance. The policy will be available in $50K and $1 million dollar amounts to cover remote access fraud, those calls made by hackers breaking into corporate phone systems and placing outgoing calls. The policy will reportedly require that certain minimum safeguards are met, such as making all passwords more than three digits long. (INFORMATION WEEK, August 31, 1992 p16) ------------------------------ Date: Tue, 1 Sep 1992 10:22:44 -0700 From: James I. Davis Subject: File 7--Software Piracy--The Social Context ((MODERATORS' NOTE: Jim Davis raises a number of interesting issues regarding piracy and the SPA. CuD 4.44 and 4.45 will be devoted to some of these issues, and Jim will be invited to elaborate there on some of the themes he addresses here)). Anne Branscomb, a strong advocate of property rights in information -- admits that there is nothing "natural" about property rights (see her essay "Property Rights in Information"). Property rights are social conventions that are struggled over. And we shouldn't give up that fight to the SPA. Re: software "piracy" in schools, perhaps we should see an extension of "Fair Use Doctrine" to software use in schools. A bit of recent history -- broadcast TV shows were not intended to be copied and viewed at leisure at home. But to have stuck to that point, the courts would have criminalized a substantial number of adults who were time-shifting with their VCRs to watch soaps or football games or whatever. So "fair use", originally intended to allow book reviewers to quote from works, was de jure extended to a de facto reality -- people "stole" TV shows, and enjoyed them. I understand that fair use extends to school use as well. Why don't people just see that loaning disks, copying programs, etc. is wrong? Because it's not obvious, and it certainly isn't "naturally" wrong. The SPA has to cultivate a mindset that isn't there. You give me knowledge, you still have use of it; now I can use it too. The more it is shared, the more useful it becomes. It doesn't really wear out, and it doesn't get used up. So people (naturally) say, where's the harm? It's not like I stole your silverware or pinched your car. A rather noble attribute, sharing, is turned into a crime! And we are all to be enlisted in this SPA scheme for policing property rights of software companies. No thanks. Property rights and information just don't go together: (1) The enforcement of property rights in information requires a police state. The SPA encourages people to squeal on each other by calling an 800 number. If the laws were enforced, I would bet that _most_ computer users would be guilty. Hence, the population is criminalized, and subject to police and court control. Just because the laws aren't enforced in totality doesn't mean that they can't be used. (2) Enforcing property rights in information prevents the "storehouse of knowledge" from being used optimally. Hence society and civilization is held back. The lost productivity due to conflicting standards and interfaces required because of proprietary interfaces etc. is one example. The lost educational opportunities resulting from schools not getting the software they need in the quantities they need is another. The lost time of researchers who must duplicate research because they are prevented from sharing information because of trade secrecy or international competition is another. The unavailability of textbooks in poor countries because they cost as much as a month's wages (or software that costs as much as a year's wages) is another . (3) Property rights in information aren't needed to ensure software production, creativity, advancement of society, etc. The freeware and public domain library testify to this. People create for many reasons, of which financial gain is only one, and I would argue, not the most important. The challenge of doing it, peer or public recognition, service to humanity are important motivators. Much valuable research has been carried out in the public sector -- via federal research institutions or via publicly funded universities. Obviously financial gain wasn't the main motivator there (except until recently, brought on by the de-funding of universities, forcing them to go begging. Most engineers, I would guess, must sign work-for-hire agreements in order to obtain work, effectively signing away any rights to the products of their creativity. The beneficiaries of property rights in information aren't the creators, but the entrepreneurs. Finally, is the software industry profitable today? Yes. Even with the $24 billion in "piracy". How can this be so? Because what the software companies "lose" is revenue with no associated cost (the "pirate" has done the labor, and presumably provided the equipment and disk). This is the difference between stealing cars and duplicating software. (4) But but but, how will software get written, who will finance it? Knowledge is a _social_ treasury, and should be funded socially. Public competitions, grants, a social fund supported by users, whatever. We have some models already: the university and federal research model; the arts funding model; the GNU experiment; the freeware and public domain experience. We're a creative and energetic group -- we can figure it out. ------------------------------ End of Computer Underground Digest #4.42 ************************************