Computer underground Digest    Mon Sep 7, 1992   Volume 4 : Issue 42

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Copy Editor: Etaion Shrdlu, Jrr.
       Archivist: Brendan Kehoe
       Shadow-Archivist: Dan Carosone

CONTENTS, #4.42 (Sep 7, 1992)
File 1--Moderators' Corner - COMP hierarchy and future issues
File 2--Problem with refused back issue requests is resolved
File 3--Call for Papers
File 4--Updates to CPSR Listserv File Archive
File 5--TAP and Bringing Gov't into the Electronic Age
File 6--Reflections on INFOWEEK's CU-related stories
File 7--Software Piracy--The Social Context

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted as long as the source
is cited.  Some authors do copyright their material, and they should
be contacted for reprint permission.  It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication.  Articles are preferred to short
responses.  Please avoid quoting previous posts unless absolutely
necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

----------------------------------------------------------------------

Date: 06 Sep 92 19:01:27 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Moderators' Corner - COMP hierarchy and future issues

We're back to a once-a-week schedule (we hope), although Labor Day
disrupted the normal Sunday posting. The next three issues will be
thematic: #4.43 will be a collection of retrospective reviews on Cliff
Stoll's The Cuckoo's Egg; #4.44 will be a fairly neutral summary and
description of the Software Publisher Association's policies, goals,
and activities; and #4.45 will be a critique/response to some of these
policies. We will invite the SPA to respond in #4.46.

We also remind users that alt.society.cu-digest will be gone soon,
replaced by comp.society.cu-digest. If you sub through the alt group,
be sure to join the comp version instead. If you're a sysad, be sure
you facilitate the change ASAP, because we have received a number of
queries asking why the comp version is not yet available on some
systems. If your system is one on which it's not available in the
comp group, ask your sysad, not us.  We just work here.

------------------------------

Date: 06 Sep 1992 21:44:51 +0000 (GMT)
From: mike@BATPAD.LGB.CA.US
Subject: File 2--Problem with refused back issue requests is resolved

When I set up the mailserv the handle the AOT-D list and the archive
of back issues, I neglected to add the AOTD directory to the valid
paths file that the mailserv checks before sending a file.  This is
why you have been getting refused messages when requesting a back
issue.

This is fixed now.  I just tested it, and a request for vol1.zoo was
correctly queued to send.

Sorry for the confusion.

------------------------------

Date: Thu, 3 Sep 92 21:36:03 EDT
From: "Jay A. Wood" <jwood@ANDROMEDA.RUTGERS.EDU>
Subject: File 3--Call for Papers

*AN INVITATION FOR THE SUBMISSION OF ARTICLES TO THE JOURNAL*

The Editorial Board of the Journal invites you to participate in our
continuing exploration of computers, technology, and the law by
submitting your article or commentary for publication.

Appropriate material would include articles, essays, comments, and
other items of interest in the area of technological advancement. The
Journal is published twice annually.

Manuscripts should be double-spaced, including footnotes in accordance
with the format rules set forth in _A Uniform System of Citation_.

All manuscripts submitted for publication are acknowledged and duly
considered for publication. Editors work closely with prospective
authors to ensure timely and accurate publication.

Send your submission to:

Rutgers Computer and Technology Law Journal
Rutgers School of Law
15 Washington Street
Newark, NJ  07102

or call 201/648-5549

or mail jwood@andromeda.rutgers.edu


*RECENT ARTICLES INCLUDE*

- Copyright and trade secret protection for chips, screen
  designs, computer manuals, and computer created works.

- The patent, tort, and regulatory implications of recent
  biotechnology developments.

- New environmental technologies and waste treatment
  techniques.

- Government acquisition of software and copyrights.

- The use of computer, biological, or other high technology
  evidence in civil and criminal trials.

- Copyright, free speech, and regulatory issues of new
  transmission techniques; satellites, electronic bulletin
  boards, and cable television.

- The ethical and malpractice issues arising from
  professional reliance on artificial intelligence systems.

- Sales and property taxation problems in the computer
  hardware and software industries.

- The use of computerized legal research systems.

- Automated data processing systems in governmental agencies
  and courts.

Because the nexus between computers, technology, and the law
is constantly changing, any topic list can give only a
general indication of the scope of this Journal. Thus, this
list highlights - but does not exhaust - topics covered in
recent issues.

*UP-TO-DATE LEGAL GUIDE TO NEW TECHNOLOGIES*

First to enter the field and now in its third decade of publication,
the Journal provides attorneys and scholars with a guide to issues
arising from the interaction of computers, emerging technologies, and
the law. The JournalUs broad national and international circulation
has established its reputation as an effective and respected forum for
technology issues. The Journal has been cited in numerous texts and
articles, both foreign and domestic, and by the United States Supreme
Court.

In addition to provocative articles by leading commentators and
jurists, the Journal publishes timely book reviews by authorities in
the field and includes a comprehensive research source: _The Index and
Annual Selected Bibliography on Computers, Technology, and the Law_.

The Journal is an effective means of staying abreast of the latest
judicial and theoretical developments in the rapidly changing computer
and high technology areas.

------------------------------

Date: Fri, 4 Sep 1992 16:05:05 EDT
From: Paul Hyland <PHYLAND@GWUVM.BITNET>
Subject: File 4--Updates to CPSR Listserv File Archive

To CPSR List subscribers,

Welcome to new subscribers -- in case you haven't noticed, we try to
keep traffic on this list to a minimum, reserving it for important
announcements and information about CPSR and the issues it tries to
address as an organization.  We have substantially more information
stored on a Listserv file server.  The complete list of files is
stored in the file CPSR ARCHIVE, and periodically updates to the
archive are posted to the list.

To obtain any of the files listed below, or others on the archive,
send commands to listserv@gwuvm.gwu.edu.  In a mail message, put one
command per line, starting with the first one.  The command:

GET <filename> <filetype>

will retrieve files.  For example:

GET CPSR ARCHIVE
GET CPSR BROCHURE
GET NRENPRIV TESTMONY

Any questions, comments, or complaints about the listserv should be
directed to me, phyland@gwuvm.gwu.edu.  Any questions about CPSR,
address changes for members, and the like, should be directed to
cpsr@csli.stanford.edu.

Paul Hyland
Owner, CPSR List
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Filename Filetype  Lines  Description
++++++++ ++++++++  +++++  +++++++++++
CPSR-92  PROGRAM   213  CPSR Annual Meeting Program w/ confirmed speakers
                          Palo Alto, CA -- October 17-18, 1992
PDC-92   PROGRAM   126  CPSR Participatory Design Conference Program
                          Cambridge, MA -- November 6-7, 1992
NREN     PRIVACY     0  **added as this, then updated and renamed to --
NRENPRIV TESTMONY  396  "Proposed Privacy Guidelines for the NREN"
                          presented at a hearing of the National
                          Commission on Libraries and Information
                          Sciences (NCLIS), July 21, 1992.
CRYPTO   LETTER    380  Letter from CPSR to Rep. Jack Brooks, chair of
                          of House Judiciary Committee, on computer
                          security and cryptography policy
CPSRBERK 3Q92      573  CPSR/Berkeley Electronic Newsletter
                           Third Quarter, 1992
CPSR-DC  JUNE1992  251  CPSR/DC Electronic Newsletter -- June 1992
HR2772   FACTS       0  **Deleted** (superseded by GATEWAY FACTS)
GATEWAY  FACTS     161  Taxpayer Assets Project Fact Sheet on GPO WINDO
                          and GPO Gateway to Government Bills
GATEWAY  STATEMENT  244  Taxpayer Assets Project statement on GPO WINDO/
                          Gateway submitted for joint hearing 7/23/92
AOT      SAMPLE    815  Sample Issue of Art of Technology Digest - #2
                          August 4, 1992

------------------------------

Date:         Wed, 9 Sep 1992 11:59:46 CDT
From:         James P Love <LOVE%PUCC@PSUVM.PSU.EDU>
Subject: File 5--TAP and Bringing Gov't into the Electronic Age

      Comments on Proposed Revisions of OMB Circular A-130
                     Taxpayer Assets Project
                         P.O. Box 19367
                      Washington, DC  20036
                  Internet:  tap@essential.org

                         August 27, 1992


1.   THE TAXPAYER ASSETS PROJECT

     The Taxpayer Assets Project (TAP) was started by Ralph Nader to
monitor the sale and management of government property.  Among the
public assets that we have investigated are government information
resources, government-funded software, and government-funded information
systems.  We have been particularly interested in issues relating to the
pricing of government information products and services, public access
to taxpayer- funded information and information systems, and the quality
and nature of government information products and services.

     TAP has also undertaken a number of case studies of the impact of
federal efforts to privatize the dissemination of government
information.

     TAP is also engaged in research on a wide range of other topics,
including, for example, the management of federally owned mineral and
timber resources, licensing of federally funded inventions such as
pharmaceutical drugs, the allocation of rights to use public airwaves,
public infrastructure investments, and many other items.

     In *all* of these endeavors, TAP is a consumer of government
information.  We need to obtain information from dozens of federal
agencies on many different topics.  Consider just two examples:

     i.   In our study of federal oil and gas resources, we need access
          to Department of Interior (DOI) databases on OCS oil and gas
          lease auctions, Department of Energy (DOE) databases on oil
          output, consumption, and prices, and Federal Reserve databases
          on bond yields for federal debt.

     ii.  In our research on government licensing of pharmaceutical
          drugs we need access to databases on FDA approvals of new
          drugs, federally funded medical research, patents, and federal
          tax expenditures for orphan drugs.

     For many projects we need access to information on corporations
that are reported in SEC filings, or agency notices that are published
in the Federal Register.  This list could be expanded with countless
other federal information products and services.

     TAP uses these information resources to do research and produce
reports and studies.  Thus, TAP is both a consumer of government
information resources, and a producer of value added information
products and services.


2.   CITIZENS NEED MECHANISMS TO TELL AGENCIES HOW INFORMATION POLICIES
     CAN BE IMPROVED

     The federal government spends billions of tax dollars every year to
collect and store of information.  These expenditures create resources
that often have multiple uses, including uses that are beyond the
agency's mission.  But agencies are often indifferent to the public
interest in the information resources that they manage.

     Agencies should be required to accept comments from the public on a
wide range of information management issues, including policies on the
collection and the dissemination of information.  Citizens should have
mechanisms to regularly inform agencies of changes in policies and
practices that will allow citizens to better utilize federal information
resources.


3.   PUBLIC NOTICE SECTIONS IN A-130 SHOULD BE EXPANDED TO ADDRESS A
     WIDE RANGE OF PUBLIC INTEREST CONSIDERATIONS

     The proposed Circular requires agencies to provide notice and
accept public comments before an agency can create or terminate a major
information program.  This is too narrow a scope for public notice and
comment.  Citizens should have opportunities to tell agencies when
services are inadequate or poorly designed, and citizens should also
have opportunities to ask agencies to create new information products
and services.

     Agencies often commit errors of omission.  Failures to provide
public access to taxpayer-funded information systems, or to embrace new
technologies (online systems, CD-ROMs, etc) or standards are common and
important errors of omission.  Regular opportunities for public comment
on agency information management policies and practices would provide an
important mechanism to identify such errors.

4.   AGENCY PUBLIC NOTICE REQUIREMENTS SHOULD INCORPORATE THE PROPOSALS
     IN H.R. 3459, THE IMPROVEMENT OF INFORMATION ACCESS ACT.

     H.R. 3459, the Improvement of Information Access Act (IIA Act),
provides a model for public notice and comment on federal information
policy.  The proposals in the IIA Act were developed by a large working
group of librarians, researchers, and agency officials.  The public
notice sections would provide the following mechanism:

i.   Every year all federal agencies would be required to publish a
     report which describes:

     -    plans to introduce or discontinue information products and
          services,

     -    efforts to develop or implement standards for file and record
          formats, software query command structures, and other matters
          that make information easier to obtain and use,

     -    the status of agency efforts to create and disseminate
          comprehensive indexes or bibliographies of their information
          products and services,

     -    how the public may access the agencies information,

     -    plans for preserving access to electronic information that is
          stored in technologies that may be superseded or obsolete, and

     -    agency plans to keep the public aware of its information
          resources, services, and products.

i.   Agencies would be required to solicit public comments on this plan,
     including comments on the types of information collected and
     disseminated, the agency's methods of storing information, their
     outlets for disseminating information, the prices they charge for
     information, and the "validity, reliability, timeliness, and
     usefulness to the public of the information." The agency would be
     required to summarize the comments it received and report each year
     what it had done to respond to the comments received in the
     previous year.

     The issues addressed in H.R. 3459 are the types of things that are
needed to make agencies more responsive to citizens who use federal
information resources.  In comparison, the public notice and comment
provisions of the current draft of A-130 are limited and static.  We
need the flexible and dynamic approach embraced in H.R. 3459, to address
the concerns of data users as technologies change and as the uses of
federal information resources change.


5.   THE USE OF STANDARDS MAKES GOVERNMENT INFORMATION EASIER TO OBTAIN
     AND USE

     Few citizens are highly trained in using computers. Standards for
file formats, software interfaces, query commands and other items will
make it easier for the public to obtain and use agency information
resources.  A-130 should require agencies to use standardized record and
file formats and software interfaces.

     Computer technologies are rapidly changing.  Because technologies
and standards are constantly evolving, agencies should be required to
accept regular and frequent input from data users.


6.   DATA COLLECTION ISSUES ARE IMPORTANT

     Citizens need information to understand the world around them.
Agencies should encourage public debates over information collection
issues.  For example:

     -    The SEC should regularly accept public comments on the types
          of information that should be reported in corporate disclosure
          filings.  Investors or citizens who monitor corporate
          activities should have opportunities to tell the SEC the types
          of the information that should be included on corporate 10k
          reports, insider trading reports, stock prospectuses, and
          other filings.

     -    Historically the taxpayers finance about half of all U.S. R&D
          expenditures.  One measure of the efficacy of those
          investments are patents from inventions that were financed by
          the taxpayers.  The Patent and Trademark Office should collect
          information on patent applications that identify the role of
          federal funds in the development of the inventions.

     -    Prescription drugs are one of the fastest growing elements of
          the nation's enormous health care bill. The federal government
          funds more than $10 billion in medical research, and provides
          a wide array of special marketing monopolies and tax
          expenditures to the pharmaceutical industry.  In order to
          evaluate the reasonableness of the prices for prescription
          drugs, particularly those developed with federal funds, the
          federal government should collect data on the costs of drug
          development.  The government should also collect information
          on drug prices and revenues and the amount of money the
          government spends buying government developed but privately
          marketed drugs through medicaid and medicare.

     -    Many economists say the recent boom and bust in commercial
          real estate was a major contributor to the collapse of the
          savings and loan industry and the weakening of the commercial
          banking system, which has contributed to the current
          recession.  Pensions funds have also lost billions of dollars
          in commercial real estate markets.  The Bureau of the Census
          spends millions of dollars every year on a monthly survey of
          building permits.  This survey collects information on the
          *value* of permits issued.  Most real estate researchers want
          Census to collect information on the *square feet* of building
          permits, since that statistic is a much better predictor of
          real estate supply. Better information on the supply of
          commercial real estate would help prevent costly investor
          mistakes.


        These are just a few of the countless data collection issues
that deserve far more debate.  Agencies are often out of touch with
citizen concerns about information collection issues, and they need to
be required to accept suggestions on these issues.

7.   CONFLICTS OF INTEREST ARE IMPORTANT, AND SHOULD BE ADDRESSED IN
     A-130

        Many agencies contract out data processing services to firms
that sell agency information to citizens.  Conflicts of interest abound.
Frequently the contractor has an interest in restricting public access
to the agency information systems, so the contractor can sell the data
through its own retail outlets.  For example:

     -    Mead Data Central will receive $13.5 million from the SEC to
          provide online full text searching of the EDGAR database
          system.  Mead is also the SEC subcontractor in charge of
          providing public access to the EDGAR database.  But since Mead
          wants to sell SEC information to the public through its own
          LEXIS service, it has restricted public access to taxpayer
          financed EDGAR system.

     -    Westlaw has a contract to create a digital version of federal
          caselaw for the Justice Department's JURIS online database
          system.  But Westlaw wants to sell the public those same
          records thought its own high priced online service, and it has
          obtained a contact that restricted public access to the
          Department of Justice's very important JURIS system.  In doing
          so Westlaw has not only denied the taxpayers access to an
          important government database, but it has also prevented rival
          database vendors from obtaining the JURIS database in order to
          compete with Westlaw and Lexis, the two firms that currently
          enjoy a duopoly in the market for online access to federal
          legal opinions.

     A-130 should address these types of agreements, instructing
agencies to insure that private contractors do not use federal data
processing contracts to obtain unfair advantages over their rivals, or
to deny the public access to information and information systems that
they have already paid for through taxes.

8.   HIGH PRICES FOR INFORMATION PRODUCTS AND SERVICES CREATES LARGE
     DISPARITIES BETWEEN CITIZENS BASED UPON THEIR ABILITY TO PAY

     The Taxpayer Assets Project is a nonprofit organization with a
small budget.  We simply cannot afford to buy many of the commercial
services that provide access to government databases. The groups that
are most able to afford these expensive services are those with large
financial interests in narrow aspects of government policy.  For
example, most pharmaceutical firms have armies of lawyers, lobbyists and
policy analysts who can afford to monitor every actions of the FDA, PTO,
NIH, Congress and other government agencies, not to mention their
private sector rivals. When access to government information is rationed
according to willingness to pay, we find ourselves at an enormous
disadvantage.  Not only do the pharmaceutical companies have the
resources to finance congressional and presidential campaigns, to dangle
high paying jobs to former government officials, and to vastly outstaff
groups that represent consumers and taxpayers, but they also are the
only ones who can afford to use the databases that are funded by the
taxpayers.  This scenario, repeated throughout the government, is among
the reasons that special interest groups can manipulate and control the
government, at the expense of the broader public interest.

     A-130 should instruct agencies to consider the impact of
information management policies on the prices that consumers will pay
for access to taxpayer funded information resources.  For example, if an
agency can produce CD-ROM products for $35 or less, why should citizens
be required to pay $500 to $10,000 to buy the information from
commercial vendors?  Likewise, if it costs between $15 and $35 an hour
to provide online access to the PTO's APS, why should citizens be forced
to pay $340 per hour to receive the same information through Lexis?

     Agencies should avoid policies that deliberately restrict public
access to taxpayer funded information systems in order to bolster the
business interests of commercial vendors, since this leads to even
greater concentrations of political power.  Low cost access to
government information is needed to strengthen citizen involvement in
government policy making.


9.   OMB'S PROPOSED LIMITS ON PRICES FOR INFORMATION PRODUCTS AND
     SERVICES ARE NEEDED

     Among the best features of the proposed A-130 revision are the
provisions that would limit agency prices for information products and
services to the costs of dissemination.  This is sorely needed.


10.  AGENCIES ARE USING NTIS TO RAISE PRICES FOR INFORMATION PRODUCTS
     AND SERVICES FAR ABOVE DISSEMINATION COSTS

     Many agencies now have contracts that give NTIS exclusive rights to
sell information at prices that far exceed dissemination costs.  For
example, the Federal Reserve sells its "bank call" reports on magnetic
tape for $560 per quarter. Information from the Home Mortgage Disclosure
Act (HMDA) is also very expensive.  OMB should clarify an agency's
responsibility to provide access to information at cost, when NTIS is
simultaneously selling the information at huge markups.  This is an
enormous issue, given the large and rapidly growing electronic
collections that NTIS currently manages.


11.  THE FEDERAL DEPOSITORY LIBRARY PROGRAM SHOULD NOT BE SUBJECT TO A
     TECHNOLOGICAL SUNSET

     The federal Depository Library Program (DLP) provides 1,400
libraries with free access to federal information.  This program, which
has been around since the middle of the 19th century, is not a welfare
program.  It serves scholars, business persons, and many others who need
access to federal information.

     We frequently use federal depository libraries.  We cannot afford
to buy all the government publications that we use, but even when prices
are not an issue, we rely upon the library staff's expertise and
indexing resources to discover publications that may be useful to us.
The fact that information is disseminated in electronic formats should
not eliminate an agency's responsibility to this important program.



12.  ACCEPTING PUBLIC COMMENTS VIA ELECTRONIC MAIL

     OMB deserves a pat on the back for its efforts in using electronic
mail networks such as the Internet to disseminate information about the
proposed changes in the Circular, and to receive comments by electronic
mail.  These steps will broaden public awareness of the Circular, and
allow a wider group of citizens to participate in the debate.  We urge
OMB to address this issue in the final draft of A-130.  That is, OMB
should encourage all federal agencies to use electronic mail networks to
disseminate public notices *and* to accept public comments.  It is
particularly appropriate here, when many citizens who are interested in
government information policy have access to such networks.  Of course,
these efforts should supplement and not replace other methods of
providing public notice and accepting comments.
+++++++++++++
James Love, Director               VOICE:    215-658-0880
Taxpayer Assets Project            FAX:      call
12 Church Road                     INTERNET: love@essential.org
Ardmore, PA  19003

------------------------------

Date: 06 Sep 92 16:08:07 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--Reflections on INFOWEEK's CU-related stories

 Information Week and "Weak Links"

 The August 10, 1992 issue of INFORMATION WEEK (IW) features a story
 on "weak links" in data security.  IW Editor Jerry Colonna writes
 that "We're not talking about hackers breaking into data centers.
 Much attention has been paid to the obvious targets, and many data
 centers now resemble medieval fortresses."

 We will try to ignore the fact that just a few weeks ago IW
 criticized the Computer Security Institute for using 'hacker' in
 reference to computer intrusion.  (see "Pirate is PC?" in CuD 4.35)

 Colonna continues..."The problem is the low-tech access to your
 network.  If the deli down the road has your fax number, chances are
 your competitors - or someone they hired - has it, too, and they can
 read everything you send or receive.  Orders from customers, invoices
 from suppliers, Bank statements.  Everything."  (page 2)  Later in
 the same editorial he discusses the dangers of forgetting that
 cellular phones can be overheard using a radio scanner.

 The featured article has some good advice, ranging from buying an
 encrypting phone for confidential conversations, to using fake names
 when discussing business on an unsecured channel.  (Although the
 article didn't go so far as suggesting appropriate pseudonyms, I
 enjoyed using 'Red Rooster Four' back in the Radio Shack
 walkie-talkie days of my childhood.  My friend Spencer was Red
 Rooster One.  There were no 'Two' or 'Three', but we wanted it to
 sound like we had a bigger "army" then we actually did.  A technique
 that might also be handy on your car phone.)

 And speaking of good advice, former Sun Devil mastermind Gail
 Thackeray is quoted in the article as urging businesses to stop being
 'promiscuous' with their fax numbers.  Also, she advises, all outgoing
 faxes should include a cover sheet saying that the fax is intended
 only for the addressee.  She reportedly stresses that this is
 particularly important if the material in the fax is confidential.
 Unfortunately there is no further explanation of just what good
 stating this would do. It sounds vaguely like the "no cops allowed"
 sign-ons found on some CU bulletin boards, which Thackeray and her
 troops have no doubt ignored themselves.

 Another interesting, but questionable, tidbit is found on page 30...

   "If a corporate spy had to pick one 'darling' of the trade, it
      would undoubtedly be the fax machine, says a report from the
      American Institute For Business Research in Framingham, Mass.
      The report, 'Protecting Corporate America's Secrets In the
      Global Economy,' asserts that the fax is one of the easiest
      ways for spies to steal corporate information.  For one, the
      report says, thieves can tap into the victim's fax line and
      create a shadow version of every fax the victim sends or
      receives."

 Now I'm not an electrical engineer, but doesn't this seem about as
 easy as getting three modems talking to each other all at once?  I'm
 not saying that a fax can't be intercepted, through a data trap, but
 I don't think tapping a phone line and hanging an extra fax machine
 in the circuit is going to get you anywhere. Reminding people that
 faxed documents are inherently unsecure is a Good Thing, but this
 vague statement might only lead to additional paranoia and
 unwarranted concern. Unless, of course, this *is* something that is
 easily accomplished.  In which case it should have been stated even
 more emphatically, and with more authority and credibility.

 The four page article ends with an appropriate quote from the
 security director at The Bank of Boston : "Technology can be your
 best friend.  But it can also be your mortal enemy".   All in all,
 not a bad thing to keep in mind.

 CompuServe Magazine and Death in Cyberspace.
 --------------------------------------------The September 1992 issue
 of CompuServe Magazine features "The Mourning After" by Hank Nuwer.
 (pp 32-34)  Nuwer is a prolific author, including a recent book about
 Fraternity Hazing. (_Broken Pledges: The Deadly Rite of Hazing)  In
 this article Nuwer discusses the grieving process, as experienced by
 online friends, when someone dies.

 The article touches upon four types of situations where online
 communities are affected by the death of a member, or in some cases
 the a death in the family of a community member.  In the case of the
 latter, online communities can provide a supportive network, removed
 from the tragedy itself...

      People often feel threatened when required to express
      grief, but may be less intimidated expressing these
      thoughts online, according to Dr. Dorothy DeMoya, a
      consultant in %Compuserve's% Human Sexuality Information
      and Advisory Service.  'Among patients who've lost loved
      ones, strangers became family and family became strangers,'
      she says. 'To be able to establish online relationships
      like this is wonderful.'

 Another example of how virtual communities are affected by death and
 dying is illustrated by the unexpected death of Glenn Hart, sysop of
 the Fox Software Forum, and contributing writer to PC Magazine.
 After his death in January the forum was flooded with messages as
 members expressed their sorrow and memories of him.  In this case,
 and in many others that Nuwer cites, the messages were captured and
 printed by a forum member.  They have been given to Hart's widow, who
 is saving them for her younger children to read at the appropriate
 time.

 Finally, the article discusses the role of cyberspace in dealing with
 deaths of other than family members.  Participants in the RockNet
 forum grieved the deaths of Bill Graham and Freddie Mercury, while
 the Space and Astronomy Forum dealt with the loss of the six US
 Astronauts lost in the 1986 Challenger Space Shuttle accident.  Even
 members of the Pet Forum have found that online friends can help in
 adjusting to the loss of a favorite pet.

 Moderators' Note: This is an area that is ripe for additional
 research.  CuD welcomes additional resources and references in this
 area.  Readers may also be interested in 'Online Suicide' by Preston
 Gralla in the May 1991 issue of PC Computing. (p132+)

 "No Piracy Shield"

 Information Week reports that a US bankruptcy court in Los Angeles
 has ruled a defendant cannot avoid paying damages for software piracy
 by failing for bankruptcy.  The ruling came down in Novell Inc v.
 Medperfect Systems Inc (owned by Ronald S. Frank).  The article
 states that bankruptcy, in the past, has been used to avoid lawsuits
 over copyright infringement and the like.  Information Week also
 reports that Medperfect admits to using unlicensed NetWare as the
 basis for systems sold in dentist offices in Southern California.
 Information Week July 13, 1992 p16

 Phreak Insurance

 Information Week is reporting that Travelers Corporation is going to
 offer phone fraud insurance.  The policy will be available in $50K
 and $1 million dollar amounts to cover remote access fraud, those
 calls made by hackers breaking into corporate phone systems and
 placing outgoing calls.  The policy will reportedly require that
 certain minimum safeguards are met, such as making all passwords more
 than three digits long.  (INFORMATION WEEK, August 31, 1992 p16)

------------------------------

Date: Tue, 1 Sep 1992 10:22:44 -0700
From: James I. Davis <jdav@WELL.SF.CA.US>
Subject: File 7--Software Piracy--The Social Context

((MODERATORS' NOTE: Jim Davis raises a number of interesting issues
regarding piracy and the SPA. CuD 4.44 and 4.45 will be devoted to
some of these issues, and Jim will be invited to elaborate there on
some of the themes he addresses here)).

Anne Branscomb, a strong advocate of property rights in information --
admits that there is nothing "natural" about property rights (see her
essay "Property Rights in Information").  Property rights are social
conventions that are struggled over.  And we shouldn't give up that
fight to the SPA.

Re: software "piracy" in schools, perhaps we should see an extension
of "Fair Use Doctrine" to software use in schools. A bit of recent
history -- broadcast TV shows were not intended to be copied and
viewed at leisure at home. But to have stuck to that point, the courts
would have criminalized a substantial number of adults who were
time-shifting with their VCRs to watch soaps or football games or
whatever. So "fair use", originally intended to allow book reviewers
to quote from works, was de jure extended to a de facto reality --
people "stole" TV shows, and enjoyed them. I understand that fair use
extends to school use as well.

Why don't people just see that loaning disks, copying programs, etc.
is wrong? Because it's not obvious, and it certainly isn't "naturally"
wrong. The SPA has to cultivate a mindset that isn't there. You give
me knowledge, you still have use of it; now I can use it too. The more
it is shared, the more useful it becomes. It doesn't really wear out,
and it doesn't get used up. So people (naturally) say, where's the
harm? It's not like I stole your silverware or pinched your car. A
rather noble attribute, sharing, is turned into a crime! And we are
all to be enlisted in this SPA scheme for policing property rights of
software companies. No thanks.

Property rights and information just don't go together:

(1) The enforcement of property rights in information requires a
police state. The SPA encourages people to squeal on each other by
calling an 800 number. If the laws were enforced, I would bet that
_most_ computer users would be guilty. Hence, the population is
criminalized, and subject to police and court control. Just because
the laws aren't enforced in totality doesn't mean that they can't be
used.

(2) Enforcing property rights in information prevents the "storehouse
of knowledge" from being used optimally. Hence society and
civilization is held back. The lost productivity due to conflicting
standards and interfaces required because of proprietary interfaces
etc. is one example. The lost educational opportunities resulting from
schools not getting the software they need in the quantities they need
is another. The lost time of researchers who must duplicate research
because they are prevented from sharing information because of trade
secrecy or international competition is another. The unavailability of
textbooks in poor countries because they cost as much as a month's
wages (or software that costs as much as a year's wages) is another .

(3) Property rights in information aren't needed to ensure software
production, creativity, advancement of society, etc. The freeware and
public domain library testify to this. People create for many reasons,
of which financial gain is only one, and I would argue, not the most
important. The challenge of doing it, peer or public recognition,
service to humanity are important motivators.  Much valuable research
has been carried out in the public sector -- via federal research
institutions or via publicly funded universities. Obviously financial
gain wasn't the main motivator there (except until recently, brought
on by the de-funding of universities, forcing them to go begging. Most
engineers, I would guess, must sign work-for-hire agreements in order
to obtain work, effectively signing away any rights to the products of
their creativity. The beneficiaries of property rights in information
aren't the creators, but the entrepreneurs. Finally, is the software
industry profitable today? Yes. Even with the $24 billion in "piracy".
How can this be so? Because what the software companies "lose" is
revenue with no associated cost (the "pirate" has done the labor, and
presumably provided the equipment and disk). This is the difference
between stealing cars and duplicating software.

(4) But but but, how will software get written, who will finance it?
Knowledge is a _social_ treasury, and should be funded socially.
Public competitions, grants, a social fund supported by users,
whatever. We have some models already: the university and federal
research model; the arts funding model; the GNU experiment; the
freeware and public domain experience. We're a creative and energetic
group -- we can figure it out.

-----------------------------------------------------

End Cu Digest, #4.42