Computer underground Digest    Sun  Sept 17, 1995   Volume 7 : Issue 74
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU
       Archivist: Brendan Kehoe
       Shadow Master: Stanton McCandlish
       Field Agent Extraordinaire:   David Smith
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson

CONTENTS, #7.74 (Sun, Sept 17, 1995)

File 1--Correction (CuD 7.73)
File 2--Text for Computer Underground Digest
File 3--Changes in the CuD homepage
File 4--(fwd) 2600 Case in Court, 9/14 (fwd)
File 5--Computers & The Law Press Release
File 6--The Computer Law Report - August 1995 (fwd)
File 7--"Child-porn" Busts on AOL.COM
File 8--Cu Digest Header Info (unchanged since 19 Apr, 1995)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

---------------------------------------------------------------------

Date: Sun, 17 Sep 1995 15:43:22 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 1--Correction (CuD 7.73)

In CuD 7.73, we listed the source of information for
Martin Rimm's "The Pornographer's Handbook" as "books in print"
and "Library of Congress." Both pointers were intended to be
"Books in Print." The PH does not appear in the Library of
Congress records.

------------------------------

Date: Sat, 26 Aug 1995 14:29:19 -0400 (EDT)
From: Charles Platt <cp@panix.com>
Subject: File 2--Text for Computer Underground Digest

        -------------------------------------------------------------

                 [Not Much] News from Florida

                       by Charles Platt

     In December of 1994, a polemical Usenet post on
alt.comp.talk.eff claimed that half-a-dozen Florida BBSs had
been shut down by the FBI, who had gone in with their guns
drawn and had forced innocent sysops to lie facedown on the
floor while most of their worldly belongings were impounded.
During one raid, a crippled BBS owner was allegedly hauled
out of his home and placed on a chair on his front lawn where
he shivered helplessly for several hours in 50-degree
weather.
     It all sounded excitingly outrageous. But was it true?
     The initial post was challenged by a couple others that
accused it of exaggeration. A more moderate version appeared
in CuD, but no one seemed to have really reliable first-hand
information, and after a couple of weeks the story
disappeared.
     Since I'm currently researching local BBS busts for an
article for Wired, I wanted the facts. I made several phone
calls, placed a couple of appeals for information on Usenet,
sent similar plea through Fidonet ... and received no
response. So I headed down to One BBScon, the annual event
aimed at BBS owners which was held this year at the Tampa
Convention Center in Florida from Wednesday August 16th
through Sunday August 20th.
     Last year the convention attracted almost 4,000 people.
This year the crowd looked thinner (in numbers, certainly not
in kilos) but the convention center was so huge, it would
have made any attendance under 10,000 seem insignificant.
     A couple-hundred exhibitors were doing business in the
main hall, net access being the dominant theme. Many BBS
owners, wandering from booth to booth, seemed tormented with
an traumatic mixture of fear and greed. On one hand they
feared being wiped out overnight by Microsoft Network, while
on the other hand they couldn't help hoping that if they
plugged their existing users into the Internet, they could
charge twice as much for access and clean up.
     How should this net access be accomplished? Via a
fractional T1 ... or maybe a satellite feed ... the
possibilities seemed endless, and were endlessly confusing.
     On the retail side, I counted at least six different
AOL-inspired user-friendly GUIs developed by hopeful
nationwide providers making themselves accessible via local
POPs. Microsoft Network was there (with a barren booth that
attracted virtually no interest at all) and The Well was
pushing its now-nationwide service from a sickeningly folksy,
rustic booth all made of unfinished wood, complete with park
benches and free bottled springwater. Beneath a big sign
saying "Let's Talk!" an earnest salesperson told me that
while The Well's per-hour charges were indeed a bit high, a
flat rate would be offered "real soon."
     The Association of Online Professionals (AOP), a
relatively new group founded by David McClure, was soliciting
new members from its booth at $95 apiece. AOP promises to
lobby in Washington to protect the interests of BBS owners
and is particularly concerned by any move to make sysops
responsible for content. By the end of the convention, AOP
was claiming about 600 members total. (Check out
http://www.wdn.com/aop for more information.)
     I stopped at the Telix booth to pay homage to my
favorite modem software, was pleased to see them selling a
new Windows version, but was disconcerted to learn that it's
for Windows 3.1, not Windows 95.
     Several booths were pushing CD-ROMs stuffed with games
or graphic images (yes, folks, for $9.95 you can own 10,000
shareware games--literally). Only two booths were selling
hardcore adult material, and I was told that many sysops are
dumping their XXX-rated photo libraries out of fear of being
busted.
     One vendor was Lee Noga, a tough, no-nonsense young
woman with a blond crewcut, running a business named Lion's
Den International, which creates its own photo-CDs using its
own models and sells the packages via mail order. Noga, who
impressed me by matter-of-factly referred to herself as a
pornographer, listed various companies (including Playboy)
that had sued her for copyright infringement before she
started originating photographs instead of borrowing them.
     She lives in Florida and was happy to talk to me about
the busts that occurred there last year. In fact, one of them
had occurred just half a mile from her own home. But she said
that so far as she could tell, it had been purely a local
matter; the FBI were not involved and there was no dramatic
show of force. According to Noga, the people who were hit
have subsequently refused to say anything about it, and the
action resulted from allegations of copyright infringement.
     That's as close as I got to any hard data, but it was
sufficient to invalidate most of what I had seen posted last
December.
     BBScon closed each evening at 6 PM and the shuttle buses
to neighboring hotels stopped running at 7 PM, suggesting
that attendees were expected to go back to their rooms and
stay there. To me this seemed bizarre compared with the
scores of science-fiction conventions I've attended, where
programming always runs till at least midnight and free
movies may be shown on a 24-hour basis. But then, science-
fiction conventions are not primarily about making money.
     The only officially sponsored evening entertainment at
BBScon seemed to be a Saturday night "exhibitors only" party
on a boat. I crashed it using a borrowed invitation only to
find myself lectured at length by an amiable businessperson
who insisted that I could get rich by selling my science-
fiction novels through his fledgling online service. I also
listened to an insistent monologue by the founder of ClariNet
(for some reason, his name escapes me) who was adamant that
people *will too* read fiction online if the video text is
big enough and the video margins are wide enough.
     Later, back at my hotel room, I flipped through the
cable channels and found that one of them was being fed with
tapes of the previous day's BBScon seminars. I was just in
time to catch Jack Rickard, editor/publisher of Boardwatch
magazine and patron saint of BBScon, telling an audience of
sysops that so long as they offer internet access without
impairing the individuality of their boards, they will make
good money and will not be squeezed out by the large service
providers.
     Bearing in mind that each sysop at BBScon paid up to
$295 just to attend, and most of them seemed panicky enough
to splurge additional hundreds or thousands of dollars on
hardware or software in the exhibition hall ... I certainly
hope Rickard is right.

------------------------------

Date: Thu, 11 Sep 1995 11:12:04 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 3--Changes in the CuD homepage

The CuD homepage has been re-organized to make it easier to find links
and move around.

To reduce traffic on the EFF and mirror sites (which should be used
during off-peak hours to reduce the burden), we encourage especially
Midwest readers to use the CuD site at:

            http://www.soci.niu.edu/~cudigest

We've added a security section, including links to Gene Spafford's
sites.  His sites are exceptionally complete and well-organized.
They're the cyber equivalent of the Smithsonian: You can browse them
for weeks and still want more.

We've also linked the site to the American Criminological Society's
Critical Criminology Division for those preferring a more
social-science oriented set of information and links.

You'll also find links to timely issues (eg, the "Rimm Study,"
the Church of Scientology flap), newsletters (Jim Warren's
GovAccess newsletter, BillWatch, Phrack, Crypt, and more),
and information about and links to computer-related issues.

------------------------------

Date: Fri, 15 Sep 1995 00:11:00 -0500 (CDT)
From: David Smith <bladex@BGA.COM>
Subject: File 4--(fwd) 2600 Case in Court, 9/14 (fwd)

               ---------- Forwarded message ----------

From--sobel@epic.org (David L. Sobel)
Subject--2600 Case in Court, 9/14
Date--Wed, 13 Sep 1995 12:41:25 -0500

The so-called "Pentagon City Raid" FOIA case will be argued
in the U.S. Court of Appeals in Washington, DC on Thursday,
September 14 at 3:00 p.m.  The hearing is open to the public.

The case involves the withholding of Secret Service documents
concerning the break-up of a 2600 meeting at the Pentagon City
Mall in November 1992.  The Secret Service lost in the lower
court and appealed the case.  More information is available at
EPIC's Web site -- http://www.epic.org/computer_crime/2600//

The appellate argument will be held at the United States
Courthouse, Third & Constitution Ave., N.W., Fifth Floor (U.S.
Court of Appeals courtroom).

David Sobel
EPIC Legal Counsel

------------------------------

Date: Wed, 13 Sep 1995 12:24:13 -0400 (EDT)
From: Charles Sumner <sales@SUG.ORG>
Subject: File 5--Computers & The Law Press Release

FOR IMMEDIATE RELEASE			       Contact:	Charles Sumner
September 11, 1995				 	Sun User Group
							(617) 232-0514


        SUN USER GROUP CONFERENCE HELPS DEFINE CYBERCRIME

    Speakers from the FBI and the Electronic Frontier Foundation
     will be featured at the second annual "Computers & The Law"
             Conference, November 12-15, Tampa, Florida.


This November 12 through 15, the Sun User Group will sponsor the
second annual "Computers & The Law" symposium in Tampa, Florida.  As
computers and the Internet invade more and more corners of everyday
life, the once distinct areas of technology, security, legislation,
and law enforcement begin to collide -- often with disastrous results.
In an effort to help members of these professions deal with a rapidly
changing world, the Sun User Group founded the "Computers & The Law"
conference.  This year's conference is a unique forum in which members
of these once diverse fields can meet to share experiences and ideas,
and address the growing connections between their professions.  Last
year's symposium was critically acclaimed and this year's, with
featured speakers from the FBI's Economic Espionage Unit and the
Electronic Frontier Foundation, is expected to be even more
successful.

"The explosive growth of cyberspace is straining the law's ability to
keep up.  Issues such as privacy, copyright, jurisdiction, and the
liability of system administrators are currently being played out in
the courtroom in uncharted territory," said Edward A. Cavazos, chair
of the "Computers & The Law" legal track.  The question of 'uncharted
territory' is a central theme of the conference, and one which plays a
pivotal role in one of the many highlights -- a debate between Michael
Froomkin, of the University of Miami Law School, and Jared Silverman,
former New Jersey Securities Commissioner, on whether existing laws
can be applied to Cyberspace.

"It's the variety of security and legal speakers, discussing complex
real-world cases, that has sparked so much interest in this
conference," said Charles Sumner, the Sun User Group's Director of
Marketing.  The keynote addresses present three very different
examples of the interaction between computers and laws, from three
speakers who are at the forefront of these changes.  The development
of computer legislation is represented in Tuesday's keynote by Mike
Godwin, the Legal Counsel of the Electronic Frontier Foundation, and
the enforcement of those laws is addressed by Monday's keynote
speaker, Ken Geide, Chief of the FBI's Economic Espionage Unit.  Last,
the results of crossing those legal bounds is detailed by Randall
Schwartz.  Mr. Schwartz, a noted UNIX consultant who was recently
convicted in a landmark case brought by Intel, will discuss his
experiences in Tuesday's endnote address.

With the dramatic increase in the population of cyberspace and
corporate America's new love affair with technology, system
administrators are being confronted with many new shades of morality
and ethics.  "In order to thrive in today's swiftly changing world, a
system administrator must be a technician, an attorney, a cop and a
politician." says Alexander Newman, Executive Director of the Sun User
Group.  "He or she must establish and enforce fair-use policies, keep
users from violating copyright laws, and deal with outside complaints
about those users."  The administrator must often accomplish this job
with little or no knowledge of the rapidly growing web of laws
surrounding the field.  Cavazos, who is also co-author of "Cyberspace
and the Law: Your Rights and Duties in the On-Line World" said that
"This conference addresses these issues with an emphasis on making
sense of a confusing and often contradictory set of precedents".

What cybercrime is and how to protect yourself from it are two of the
main themes of "Computers & The Law" and will be covered during a
variety of talks throughout the four days.  Some of the additional
topics to be discussed at the symposium include: privacy, cyberporn,
copyright infringement, on-line legislation, encryption, internet
fraud, how to recover information if your site has been comprimised,
and what to do if the government decides to investigate you.  Featured
instructors at "Computers & The Law" include: John C. Smith, an
investigator with the High Tech Crime Unit of the Santa Clara County
District Attorney's Office; Peter Galvin, the security columnist for
"SunWorld On-line"; Lee Hollander, Florida's State Attorney; Bob Friel
of the Electronic Crimes Branch of the U.S. Secret Service; and
Richard Ress of the FBI Computer Crime Squad in addition to many other
technical and legal speakers.

"Computers & The Law", November 12-15, 1995, will be held at the
Camberley Plaza, Sabal Park in Tampa, Florida, and features two days
of talks and panels and two days of workshops.  It will draw speakers
and attendees from all over the world.  The symposium is sponsored by
the Sun User Group, an international, not-for-profit technical and
professional association which serves the workstation industry.

To register, or for more information on the conference or the Sun User
Group, contact the Sun User Group via email at conference@sug.org, on
the World Wide Web Page at http://sug.org, or by calling 617/232-0514.

				# # #

        -----------------------------------------------------
Charles Sumner    | Now some people say that you shouldn't tempt fate
Director of Sales |    and for them I would not disagree.
Sun Users Group   | But I never learned nothing from playing it safe,
e: sumner@sug.org |    I say fate should not tempt me.
v: 617/232-0514   | "I Take My Chances" - Mary Chapin Carpenter

------------------------------

Date: Mon, 11 Sep 1995 20:38:18 -0500 (CDT)
From: David Smith <bladex@BGA.COM>
Subject: File 6--The Computer Law Report - August 1995 (fwd)

               ---------- Forwarded message ----------
Date--Fri, 1 Sep 1995 10:03:46 -0400
From:Galkin@aol.com
To--CompLawLst@aol.com
Subject--The Computer Law Report - August 1995

                         ********************
THE COMPUTER LAW REPORT - AUGUST, 1995
PREPARED BY WILLIAM S. GALKIN, ESQ.
galkin@aol.com
                         ********************

*** NOTICE *** ALL LIST RECIPIENTS ARE **ENCOURAGED** TO FORWARD COPIES OF
THE COMPUTER LAW REPORT TO OTHERS WHO MAY BE INTERESTED IN BEING ON THE LIST!


ARTICLES CONTAINED IN THIS ISSUE:

(1) Negotiating royalty agreements in the information age
(2) New domain name registration rules
(3) Protecting Software


[* PLEASE READ *: If you have any questions about the material contained in
The Computer Law Report, or would like to discuss issues related to computer
or technology law, please contact  William S. Galkin, Esq.:  e-mail
(galkin@aol.com), telephone (410-356-8853), fax (410-356-8804), or mail
(10451 Mill Run Circle, Suite 400, Owings Mills, MD 21117).

To subscribe, please respond via e-mail to galkin@aol.com. The Computer Law
Report is distributed free, and designed for the non-lawyer.

All information contained in The Computer Law Report is for the benefit of
the recipients, and should not be relied on or considered as legal advice.
When necessary, proper professionals should be consulted.]

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 - Negotiating royalty agreements in the information age
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The author of a work (i.e., software, drawings, photographs, novels, etc.)
owns, among other exclusive rights, the right to reproduce and market the
work, as well as the right to create works derived from the original work,
like movies from novels, or translating a novel from English to French, or
software from a Macintosh to a Windows platform. The author may transfer all
or a portion of these rights.

Where the author is not marketing the work and has another person or company
doing this, royalty payments will be the usual means of compensation to the
author.  A common example of royalty payments is where a publisher of a book
pays to the author a percentage of the amount received on the sale of each
copy of the book.

In the past, there was a limited universe of means of distributing works, and
a limited universe of works that could be derived from such works. Now, with
communication technology evolving daily, the universes of distribution and
derivation have greatly expanded. Furthermore, it is now extremely difficult,
or impossible,  to predict where future expansion will occur. However, the
better these expansions can be predicted, the better an author will be able
to protect his or her rights when transferred to a distributor.

Royalty arrangements can be extremely complex. This article discusses a
number of issues that it is particularly important to keep in mind.

1 - Derivative works:

The distributor may or may not have the right to create derivative works. If
the distributor does have this right, the distributor may want to decrease
the royalty rate for the revenue received from derivative works. The
rationale for this decrease is that as derivative works are created, the
original work will represent a smaller and smaller portion of the work as a
whole. This same concept will apply where the distributor has the right to
merge the original work into other works (e.g., merging a photograph into a
collage). If the author agrees with the concept of decreasing royalty, the
author should make sure that there is a clear mechanism for determining an
appropriate decrease. For example, if the modifications to the work are
primarily cosmetic, then the decrease should be small.

2 - Sales price:

Since royalties are usually based upon the sales price of the work, it is
important to determine how this price is arrived at. For example, if the
distributor is given complete discretion over the price, it would be possible
that the distributor could decide to give the work away free, bundled with
other products that are being sold. In such a case, the author would receive
no royalties. On the other hand, if the author has too much control over
price, then this may become intrusive on the exercise of marketing judgment
of the distributor. One solution is to require a minimum royalty on each
transfer of copies of the work.

3 - Guaranteed royalties:

Amazingly, many royalty arrangements do not require the distributor to sell
even one copy. The author may be all too appreciative that the distributor
wants to distribute the work that there is no thought that the distributor
will make less than a full effort to market the work. However, what if  the
day after you grant the distributor exclusive rights to market the work that
you've spent the last two years developing, the distributor purchases the
right to distribute a competitive work that the distributor thinks is better
and leaves your work on the shelf? Or worse, what if the distributor's goal
was just to get your work off the market so as not to compete with another
product that the distributor has? These scenarios are not far fetched and
need to be planned for.

One solution is to require minimum royalty payments or sales, as mentioned
above. This offers some protection, but it is better to also prohibit the
distributor from marketing any competitive product. The definition of what is
competitive must be carefully worded.

4 - Sublicensing rights:

Sublicensing rights of a distributor can severely affect royalties earned by
the author. For example, assume that you have negotiated a royalty of 15% of
the gross revenue received by the distributor on sales. This royalty amount
recognizes that the distributor has overhead expenses in addition to the
expense of marketing. What if the distributor decides sublicense the work to
another company to market. They will now receive 15% of the sales revenue as
royalties from the new distributor, and you will only receive 15% of 15%,
which only 2.25% of the gross sales price!

The solution here is to either prohibit sublicensing or agree that the
royalty will be higher (perhaps 50%) for revenues from sublicensing.

5 - Marketing efforts:

It is important to require the distributor to begin marketing the work by
some specific date. The work may need further development, and therefore a
realistic date should be selected. Additionally, it is very beneficial to
require the distributor to spend a certain amount of money on marketing
within a specific time period (e.g., $100,000 in the first year).

6 - Royalty payments:

In brief, royalty payments take the following forms: (1) Some cash up front
plus royalty payments as sales are made; (2) Some cash up front which
represents an advance against royalties earned in the future; and (3) Only
royalties as sales are made, with no cash up front.

These three forms represent a shift in risk from the distributor to the
author. Cash up front represents a risk to the distributor, whereas royalty
payments to the author only upon sales represents a higher risk assumed by
the author. The level of rights granted by the author should take into
account how much risk is assumed by either the author or the distributor.

7 - Audit rights:

The author should have clear rights to audit the books of the distributor to
determine the accuracy of the royalty payments the author receives. These
audits will usually be at the expense of the author, however, the agreement
can provide that where the distributor has underpaid, the cost of the audit
is paid by the distributor. There could also be a penalty for such
underpayments.

8 - Reversion of rights:

There should be provisions that under certain circumstances rights
immediately and automatically revert to the author. For example, if sales
fall below a specified level, or if the distributor breaches the agreement.

9 - Arbitration:

Lastly, it is often useful to have disputes that arise resolved by
arbitration. Arbitrators can be selected in advance, which will facilitate a
quick resolution of the issues, which otherwise could be dragged out in
litigation, beyond the valuable commercial life of the work. However,
arbitration is not a perfect solution, and the terms of the arbitration need
to be carefully worked out in advance.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 -New domain name registration rules
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Network Solutions, Inc. is a private corporation that receives funding from
the National Science Foundation for managing the Internic (Internet Network
Information Center) Registration Services. Internic is the registry for all
Internet domain names.

Until recently, the registration policy for domain names was simple - first
come, first served. This policy worked fine until recently when the presence
of commercial forces (i.e., addresses ending with ".com") exploded. For
example, in the past year .com registrations have increased from 18,000 to
82,600.

The result has been an increase in the number of disputes between those with
registered names and those holding trademarks to the registered names. In
some instances, get-rich-quick types rushed and registered domain names that
they hoped would be purchased from them by the trademark holder. In other
cases, disputes arose because of honest disagreements as to the rights to
registered names. Some examples of domain names registered not by the "known"
trademark holder include: mcdonalds.com, ford.com, coke.com and mtv.com.

A recent suit illustrates how Network Solutions could be caught in the
middle. Frenchy Frys, a catering company in Seattle, Washington, registered
the domain name "frys.com." Fry's Electronics, a large retail electronics
chain that wants to register the same name, has sued Frenchy Frys as well as
Network Solutions and the Internet service provider, Octave Systems, which
originally requested the name for Frenchy Frys.

Given the volume of commercial registrations, Network Solutions cannot
pre-check that all such registrations do not infringe any trademark.
Accordingly, Network Solutions has instituted a new policy to reduce its
exposure to lawsuits. The new policy requires that applicants state that they
have a legal right to the name they seek to register. Additionally,
applicants must indemnify all persons involved in the registration process if
a dispute arises. This means that the applicant will have to pay all damages,
legal fees and other expenses that Network Solutions, or others covered by
the indemnification incur as a result of a dispute.

Under the old policy, where a dispute arose, the registrant kept the name
until the dispute was resolved. However, under the new policy, if the
registrant does not have a trademark registration for the name, then use of
the name is immediately suspended. It should be noted, however, that to
register a domain name, an applicant does not need to have a registered
trademark.

The bottom line is that before applying for a domain name, a search should be
performed to make sure that it does not infringe a registered trademark.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 - Protecting software
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

There are three forms of protection available for software: patent, copyright
and trade secret. These protections, properly implemented, greatly enhance
the commercial value of software. When they are ignored or not known, a
business risks inadvertently losing the right to rely on such protections in
the future.

Patent and copyright protections are provided for under federal statutes.
Trade secret protection in many states is provided for under a version of the
Uniform Trade Secrets Act. These protections are not exclusive and are most
effectively used in combination.

1 - Patent

Patent protection is the most powerful of the three methods of protection.
Unlike copyright and trade secret protection, a patent prevents a competitor
from using the technology reflected in the software patent, even if the
competitor developed the technology independently without any knowledge of
the software patent.

Patent protection prevents anyone else from making, using or selling the
technology reflected in patented software for a period of seventeen years.
The expense of filing and prosecuting a patent application is far greater
than to maintain copyright and trade secret protection; and it may take more
than two years from the date of application to receive a patent for software.


Although only recently becoming a popular form of protection for software,
patent protection cannot be ignored for two important reasons. First, a
patent must be applied for within twelve months of its first sale or the
owner is barred from applying for a patent for the technology reflected in
the software. Second, a patent granted to software may preclude another
business, which is relying on trade secret protection, from using and selling
its own similar software that is in existence and being used prior to the
patent.

2 - Copyright

Copyright protection is available for both source code and object code and is
the most widely used method for protecting software. The copyright owner has
certain exclusive rights which include the right to copy and distribute the
software.

Unlike patents, copyright protection applies immediately upon development of
software. The software should nevertheless be registered with the U.S.
Copyright Office to obtain important advantages for enforcing the copyright
against infringers. The period of exclusive rights for copyright are
substantially longer than for patents. Copyright protection on software
created after 1977 will last for either 50 years after the death of the
author or 75 years after registration of software developed for an employer
by full-time employees.

It is more difficult to inadvertently forfeit copyright protection than to
forfeit patent and trade secret protection. However, prior to the United
States joining the Berne Convention in 1989, distribution of a software
program without a copyright notice could cause a forfeiture of the copyright.
Under the current law, copyright notices are not required to be placed on
software or other works.

Copyright protection only applies to the expression of an idea rather than
the idea itself. For example, the idea of a desktop publishing program is not
protected, but the program code of a particular desktop publishing program is
protected. The scope of copyright protection for software is currently
uncertain because the law is struggling with how to apply the idea/expression
dichotomy to software. Additionally, as stated above, unlike for patent
protection, copyright protection does not prevent a competitor from selling
identical software if the competitor developed its software independently
without copying another's software.

3 - Trade Secret

Trade secret protection prohibits the unauthorized disclosure or use of trade
secret information. Unlike patents and copyrights, trade secret protection
does not require the filing of any public documents and does not terminate
after a specific number of years. Trade secret protection begins upon initial
development or discovery, but may be forfeited in a variety of ways.

Under most state laws, a trade secret is defined as information that has
economic value because it is not generally known. If a business does not make
reasonable efforts to maintain the secrecy of such information, trade secret
protection will be forfeited. Elements of software that trade secret law will
protect include source code, object code, flow charts, data structures and
algorithms. Before enforcing a trade secret, a court will want to verify that
a trade secret is valuable to the business and that reasonable efforts have
been made to maintain secrecy.

A court determines the "value" of a trade secret by examining the effort
expended to develop the software and the ease with which competitors can
develop similar software. Accordingly, maintaining records of expenses and
employee time is essential to establish value. Value for trade secret
purposes can be relatively modest. For instance, in one case, trade secret
protection was granted for software even though a similar program could have
been developed in four months at a cost of $18,000.

However, most cases involving misappropriation of trade secrets focus on
whether reasonable efforts were made to protect the trade secret. For
instance, to what extent is the information known by the employees and by
other businesses? The best evidence of efforts to maintain secrecy are
confidentiality agreements signed by all employees with access to the
software. Other evidence includes security procedures such as locking up
confidential documentation, limited access to information accessible on local
area networks, and conferences with incoming and outgoing employees advising
them of the confidential nature of information that they will be or have been
exposed to.

Many businesses do not realize that licensing source code along with software
will make any trade secrets within the source code public thereby forfeiting
trade secret protection, unless adequate confidentiality restrictions are
contained in the license. Similarly, if a program can be decompiled to
discover trade secrets, then trade secret protection may be lost. To preserve
a trade secret in such a case the license should prohibit decompiling of the
software. Businesses should be aware that the enforceability of shrink-wrap
type licenses is currently uncertain, therefore the effectiveness of
confidentiality restrictions contained in shrink-wrap licenses for preserving
trade secret status is also uncertain.

Conclusion

To enhance and preserve the value of software, businesses should do an
intellectual property audit, in conjunction with a team composed of
knowledgeable employees and professionals, in order to identify all patents,
copyrights and trade secrets possessed by the business and to evaluate
whether they are adequately protected. Such an audit should be done
periodically.

------------------------------

Date: Sun, 17 Sep 1995 21:40:22 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 7--"Child-porn" Busts on AOL.COM

((MODERATORS' NOTE: Last week's busts of alleged child pornographers
on AOL.COM has been covered. Below, we reprint Pat Townson's summary
from Telecomm Digest, and include the New York Time's first
paragrapher as a pointer for those wanting more information.

We note that the NYT's Peter Lewis added a story that put the busts in
perspective. Lewis suggests looking at AOL.COM as a large city. With
3.5 million users, this would make it roughly the same size as
Cleveland or Detroit. All large cities have back-alley establishments,
shady characters, and even a few who enjoy looking at pictures of
children.

This is useful to keep in mind: There is "porn on the net," there are
crooks on the net, and--in fact--there is everything on the net that
there is in the non-net world. That is, afterall, where most Net-users
come from. And, when it comes right down to it, there is
proportionally far less predatory behavior on the Net than there is in
our daily lives, where nearly two percent of the U.S. population is
currently under some form of correctional supervision.

So, regardless of the hysteria of some media and congressional
personnel, the Net remains a pretty safe place.

                            ==============

TELECOM Digest Thu, 14 Sep 95 12:14:00 CDT   Volume 15 : Issue 383

From--TELECOM Digest Editor <telecom@eecs.nwu.edu>
Subject--FBI Arrests Dozens of America OnLine Users
Date--Thu, 14 Sep 1995  10:00:00 GMT

The FBI made dozens of arrests and searched 120 homes and personal
computers on Wednesday as part of an investigation into child
pornography on America OnLine.

Management of America OnLine has, over a two year period, supplied the
FBI with the names and addresses of users 'suspected' of 'being
involved in' child pornography and/or arranging sex with children. The
raids on Wednesday marked the first time federal agents were called
upon by an online service to investigate the behavior of their
subscribers in private chat rooms.

Attorney General Janet Reno spoke in support of the actions of America
OnLine and FBI agents, noting, "We are not going to permit exciting
new technology to be misused to exploit and injure children."

The raids were conducted throughout the day Wednesday in 57 of the 94
FBI districts in the United States. They were mostly concentrated on
the east coast, however arrests and confiscation of computer equipment
took place all over the country in such diverse cities as Miami, New
York, Dallas and Trenton, NJ. Carlos Fernandez, an FBI spokesperson in
Washington, DC said that 'quite a few more arrests are expected in the
next several days' and that the Bureau would wait until those arrests
had been effected before discussing the case in detail.

Pam McGraw, a spokesperson for America OnLine, based in Viennna, VA
admitted that the company monitored email and private conversations
seeking out persons who use their network to transmit pornographic
material. She said they always provide the FBI with the names of users
suspected of involvement in child pornography.

Ms. McGraw also discussed an online 'neighborhood watch' program in
effect on AOL where users are encouraged to oberve each other's
activities and report on them to management of the online service.

Although child pornography certainly is not allowed in public areas of
AOL, according to Ms. McGraw it 'usually is transmitted in email
between users, or in private chat rooms'. She did not indicate how
AOL's interception of email for the purpose of examining it for
'pornography' or their monitoring of private conversations between
subscribers could be reconciled with various privacy laws, apparently
because it can't be.

FBI spokesperson Fernandez said the federal investigation of AOL users
showed that child pornographers are turning to online networks 'more
and more' to lure curious children. He said, "the utilization of
online services and bulletin board systems is rapidly becoming one of
most prevalent tech-niques for individuals to create and share
pornogrpahic pictures of children as well as to identify and recruit
children into sexually illicit relation-ships."

Raids and arrests of other AOL subscribers 'suspected of being
involved in child pornography' will continue over the next few days
until all the user-suspects have been located.

I don't know about you, but I'm going to purge all the AOL sofware
from my computer today. Child porn does not interest me in the least,
but having AOL scanning my mail and checking up on my in private
conversations with other users there is of great concern. It is hard
for me to imagine how any online service could violate the trust of
their users in this way, by getting into their email and personal
files, regardless of the intentions.

We have known for some time that AOL was 'cooperating' with federal
agents in their investigation of child pornography, but until the
massive raids and arrests commenced on Wednesday followed by AOL's
admission that the 'evidence' was found in email and private chat, we
did not know the extent to which AOL was abusing their subscribers in
the process of cooperating.

PAT

                           ===============

From the New York Times:

     September 14, 1995

     Use of Computer Network for Child Sex Sets Off Raids

     By DAVID JOHNSTON

        WASHINGTON - The Justice Department on Wednesday announced a
     dozen arrests in a two-year investigation into the use of America
     Online, the country's largest computer network, to distribute
     child pornography and to lure minors into sex.

        The searches of 125 homes and offices around the country
     represented the first time that federal agents investigated the
     misuse of a nationwide computer network, in which information and
     graphic material is exchanged between computers.

------------------------------

Date: Sun, 19 Apr 1995 22:51:01 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 8--Cu Digest Header Info (unchanged since 19 Apr, 1995)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to  LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CUDIGEST
Send it to  LISTSERV@VMD.CSO.UIUC.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org
         In ITALY: ZERO! BBS: +39-11-6507540
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES:  etext.archive.umich.edu (192.131.22.8)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

  JAPAN:          ftp://www.rcac.tdi.co.jp/pub/mirror/CuD

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu:80/~cudigest/

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #7.74
************************************