Copy Link
Add to Bookmark
Report
Legal Net Newsletter Volume 1 Issue 14
±±‹ ±±±±±±‹ ±±±±±±‹ ±±±±±±‹ ±±‹ ±±±‹‹ ±±‹ ±±±±±±‹ ±±±±±±‹
±±€ ±±€flflflfl ±±€flflflfl ±±€fl±±€ ±±€ ±±€±±€±±€ ±±€flflflfl fl±±€flfl
±±€ ±±±±±‹ ±±€±±±‹ ±±±±±±€ ±±€ ±±€ fl±±±€ ±±±±±‹ ±±€
±±€ ±±€flflfl ±±€ ±±€ ±±€ ±±€ ±±€ ±±€ ±±€ ±±€flflfl ±±€
±±±±±±‹ ±±±±±±‹ ±±±±±±€ ±±€ ±±€ ±±±±±±‹ ±±€ ±±€ ±±±±±±‹ ±±€
flflflflflfl flflflflflfl flflflflflfl flfl flfl flflflflflfl flfl flfl flflflflflfl flfl
±±±‹‹ ±±‹ ±±±±±±‹ ±±‹ ±±‹ ±±±±±±‹
±±€±±€±±€ ±±€flflflfl ±±€ ±±€ ±±€flflflfl
±±€ fl±±±€ ±±±±±‹ ±±€ ±±€ ±±±±±±‹
±±€ ±±€ ±±€flflfl ±±€±±‹±±€ flflfl±±€
±±€ ±±€ ±±±±±±‹ fl±±±±€flfl ±±±±±±€
flfl flfl flflflflflfl flflflfl flflflflflfl
Legal Net Newsletter
Volume 1, Issue 14 -- August 1, 1993
Legal Net Newsletter is dedicated to providing information
on the legal issues of computing and networking in the 1990's
and into the future.
The information contained in this newsletter is not to be
misconstrued as a bona fide legal document, nor is it to be taken
as an advocacy forum for topics discussed and presented herein.
The information contained within this newsletter has been
collected from several governmental institutions, computer
professionals and third party sources.
"Legal Net News", "Legal Net Newsletter"
and the Legal Net News logo are
Copyright (c) 1993 Paul Ferguson -- All rights reserved.
This newsletter may be freely copied and distributed in its entirety.
Legal Net News can be found at the following locations:
Publicly Accessible BBS's
-------------------------
The SENTRY Net BBS Arlington Software Exchange
Centreville, Virginia USA Arlington, Virginia USA
+1-703-815-3244 +1-703-532-7143
To 9,600 bps To 14,400 bps
The Internet
------------
tstc.edu (161.109.128.2) Directory: /pub/legal-net-news
Login as ANONYMOUS and use your net ID (for example: fergp@sytex.com)
as the password. Or send e-mail to
postmaster@tstc.edu
E-mail submissions, comments and editorials to: fergp@sytex.com
- --
In this issue -
o "Cypherpunks and Privacy," Julian Dibbell on Code Warriors in the
Information Age, excerpted from the Village Voice
o "Shareware Emerges from the Underground," by Lance Rose, excerpted
from Boardwatch Magazine
o CPSR speaks out against access to Credit Report information under
the auspices of threatened National Security
o Call for Papers: Computer Network Use and Abuse Conference
- --
reprinted without permission from the Village Voice:
The Village Voice
August 3, 1993
Vol. 38, No. 31
pages 33 through 37
Code Warriors
Battling for the Keys to Privacy in the Info Age
by Julian Dibbell
It's difficult enough to say what the Information Age is, let
alone when it began. But if forced to name a starting point, you
could probably do worse than pick the moment the United States
government decided to declare children's drawings contraband.
The time was World War II, and the rationale, as with many of the
U.S. government's more surreal policy decisions, was national
security. Military censors, charged with weeding secret
communications from the international mails, feared the tremulous
lines of toddler art might too easily hide the contours of a
spy-drawn map, and so, rather than examine every grandparent-bound
masterpiece that crossed their desks, they chose to forbid the
public from sending them at all. The censors raised similar
objections to the mailing of crossword puzzles -- who knew what
messages might lurk in their solutions? So crossword puzzles too
were placed on the interdiction list -- as were student
transcripts, postal chess games, song requests phoned into radio
stations, and any floral orders that specified the kind of
flowers to be delivered. Wherever information signified to
unpredictably, too quirkily, too privately, the censors shut down
the flow. And where they couldn't ban outright,, they meddled;
the stamps on letters were routinely rearranged so as to scramble
any coded order; affectionate X's and O's were excised at random;
knitting instructions were held up long enough to produce and
analyze the resulting sweater; and on at least one occasion the
dials were spun on an entire shipment of watches, obliterating
whatever hidden meaning might have resided in the placement of
the hands.
State paranoia has always thrived in wartime, of course, but the
fear of secret writing that gripped the government during World
War II was something novel. Like the war itself, this fear was
total, projecting sinister meaning onto the full spread of
communications -- all the random traces of love and commerce,
study and play, hobbies and enthusiasms, that register a
society's transactions. Taking arms against this entropic haze of
human details and differences, the state got a taste of life in a
world oversaturated with information, the kind of world whose
central challenge is to snatch elusive signals from the jaws of
ever-proliferating noise. Today, we who live increasingly in just
such a world might diagnose the censor's panic response as a
simple, if dramatic, case of information anxiety -- that sinking
sense that buried somewhere in the overwhelming chaos of mediated
data surrounding us lie messages of life-or-death importance. But
back then the panic was something more: it was the premonition of
a dizzying new cultural order on the brink of emergence. It was,
like so many paranoid visions before it, a prophecy.
And a self-fulfilling one at that. For the wartime struggle
against secret communications didn't just envision the
Information Age -- it invented it, in a literal and technological
sense. The world's first digital electronic computer, after all,
was created by Alan Turing and a team of British scientists in
the war's grim early days, for the express and ultimately
successful purpose of cracking the German's key Enigma cipher.
Likewise, Bell engineer Claude Shannon's momentous postwar
discovery of the foundations of information theory -- a
sophisticated mathematical abstraction of the dynamic between
chaos (noise) and intelligibility (signal) in communications
channels -- was directly related to his ground-breaking war work
in cryptology -- the wickedly complex theory and practice of
codes and ciphers. And between computers and the high-speed
networks made possible in part by Shannon's insights, the
necessary tools for the info-saturation of society were in place.
Half a century later, the business pages like to portray the
emergent digital universe as a gift from the Apples and AT&Ts and
Time Warners of the world, brought to you in the name of
efficiency, entertainment, and, above all, profit. But ride the
information superhighway back to its ultimate sources and you end
up in the heat and dust of World War II's secret-code battles.
It's hardly an accident, then, that as the future foreseen in the
censor's cryptophobic nightmares approaches fruition, the code
wars are heating up again. As digital networks have evolved, the
technology of secrecy has evolved along with them, and just like
the computers that populate those networks, it has gotten
radically personal. Thanks to advances in practical cryptography,
anyone who wants it now has the ability to scramble their
communications into a digital hash readable by no one but the
intended recipient -- and increasing numbers of commercial and
individual computer user do want it. No longer the exclusive
domain of soldiers and diplomats, automated encryption systems so
powerful no government can break them now fit snugly into
software easily installed on any home computer. If the spread of
civilian encryption continues unabated, the day may soon come
when wiretap-addicted law-enforcers and the deep-dished
eavesdroppers in the National Security Agency find themselves
stripped forever of their accustomed power to penetrate the noise
the rest of us make just to talk to each other.
Terrified once again of an information landscape pregnant with
unreadable messages, the government is moving to head off this
new bad dream before it becomes a reality. On April 16 of this
year, the Clinton administration announced the development (by
the National Institute of Standards and Technology, with
"guidance" from the NSA's tight-lipped code-breaking gurus) of an
encrypting microchip designed for use in telephones, powerful
enough to thwart most intruders but rigged so that cops and other
warranted government agents can tap in to the encrypted
communications at will.
The White House presented the new system (code-named Clipper -- a
chip for computer modems, called Capstone, is soon to follow) as
a Solomonic compromise between the growing demand for
communications privacy and "the legitimate needs of law
enforcement," but its effect so far has been anything but
pacifying. Clipper's announcement brought to boil a
long-simmering battle between the state security establishment
and an accidental confederacy of high-tech business interests,
civil libertarians, and guerrilla cryptographers. It's been
blazing openly ever since, in online discussion groups, in
congressional committee groups, in the pages of The New York
Times, The Washington Post, Newsweek, and a slew of computer
trade magazines, with the Clipper chip at its center but with
much more than the fate of a cleverly etched silicon wafer at
stake. "The future of privacy in America" might best sum up the
usual understanding of what the fight is about, but even that
phrase seems inadequate given how far the warp-speed evolution of
information technology is stretching the very meaning of privacy.
Better, then, to say simply that if secret codes tell us where
the Information Age began, they may also hold an answer to the
difficult question of what it is. Or even, perhaps, to the still
more challenging one of what it could be.
"You can get further away in cyberspace than you could in going
to Alpha Centauri," says Tim May, and he should know. Before he
retired seven years ago, a wealthy man at age 34, May was a
reasonably illustrious corporate physicist. Now he's a
Cypherpunk, part of a loose-knit band of scrappy,
libertarian-leaning computer jockeys who have dedicated
themselves to perfecting and promoting the art of disappearing
into the virtual hinterlands. Concentrated in Silicon Valley but
spread out across the country and as far away as Finland, the
Cypherpunks maintain daily e-mail contact, collaboratively
creating and distributing practical software answers to modern
cryptography's central question: How to wrap a piece of digital
information in mathematical complexity so dense only literally
astronomical expenditures of computer time can breach it?
"Some of these things sound like just a bunch of fucking
numbers," May explains. "But what they really are is they're
things which in computability space take more energy to get to
than to drive a car to Andromeda. I'm not kidding. I mean, you
can work the math out yourself."
Well no, you probably can't, but even those unversed in rocket
science can appreciate the social value of such calculations. As
computer-driven technology comes more and more to mediate
people's connections to society -- and as computers grow in their
abilities to store and sift the information generated by those
connections -- it gets harder for individuals to escape the
prying attentions of state and corporate bureaucracies. Medical
records, credit histories, spending patterns, life stories --
these are being swept up by the millions into a massively
connected web of chatty, chip-laden consumer toys and
institutional data factories, all of them potential informers on
the individuals whose lives pass through them. With every new
info-tech plaything that shows up under society's Christmas tree,
the hydra-headed surveillance machine moves in a little closer,
snuggling up to our skin and our wallets and intensifying the
urge to flee, to find a far-off, secret place to hide in.
Cryptography's power to carve such places out of the very
structure of cyberspace is its obvious selling point -- and
further evidence of computers; textbook-dialectical tendency to
offer liberatory solutions for every oppressive situation they
create. Yet, while the privacy afforded by cryptography seems to
be the main reason the Cypherpunks gather in its name, not all of
them see privacy as an end in itself. The most farsighted see it
as a beginning, a first step toward reshaping society in the
image of computer networks themselves: decentralized, fluid,
fault-tolerant, a fuzzy, nonhierarchical unity of autonomous
nodes.
"Cryptography is a greater equalizer than the Colt .45, " says
Eric Hughes, the long-haired, cowboy-hatted, and not entirely
lapsed Mormon who, along with may, conceived the Cypherpunks just
seven months before the Clipper hit the fan. "These are
power-leveling techniques," he adds, pointing out that the
hermetically sealed voice-and-data channels that could arm every
citizen against state wire-surveillance are just the simplest of
the crypto toys the Cypherpunks are playing with. Anonymous
remailers are another -- labyrinths of forwarding computers
through which encoded e-mail messages bounce, confounding any
attempt to trace them back to their sources and thus providing an
impenetrable anonymity ideal for whistleblowers and other
transgressors of local codes of silence, from Mafia turncoats to
isolated members od stigmatized sexual minorities. Building on
encryption and remailers, experimental digital cash schemes test
the possibility of untraceable electronic transactions, the basic
ingredient for unregulated worldwide information markets, where a
brisk commerce in trade secrets could spell doom for the
corporation as we know it. Hopelessly untaxable, such
crypto-markets, if they grew large enough, could also critically
sap the economic strength of governments. All of these mechanism,
then, conjured into existence by myriad small desires for simple
privacy, would tend on a large scale to siphon power away from
the huge, impersonal concentrations it likes to gather in. Five
years ago Tim May came up with a name for this vision of a
networked society brought to the brink of ungovernability by the
ubiquity of secret codes. He calls it "crypto-anarchy."
The U.S. government, on the other hand, has not yet dared call
it treason, but its Clipper maneuver does appear to be a step in
that direction. Hughes' comparison of encryption to firearms is
one of the Cypherpunks; favorite rhetorical moves, but for the
feds, cryptography's status as weaponry is more than a metaphor
-- national export laws classify encryption hardware and software
as munitions, right alongside tanks and artillery -- and the
agenda of the Cypherpunks and other crypto-privacy advocates
looks like the info-political equivalent of passing out Uzis on
street corners. Small wonder, then, that the opening move in the
government's preemptive counterrevolution works so much like gun
control: Clipper is in essence a system for registering dangerous
info-weapons, requiring the logging of every chip's secret key
with the government at the time of manufacture. The key would
then be split in two and the halves turned over for safekeeping
to two separate and "trustworthy" non-law enforcement agencies
(yet to be designated) till such a time as the government gets
the urge to take a peek.
So far, however, the government has refrained from mandating use
of the Clipper chip by law -- the feds claim they're counting on
government-wide use of the chip to coax its adoption by the
market as an exclusive standard. But it's hard to imagine this
inherently compromised system beating out more secure competition
even among the most law-abiding consumers, and never mind the
terrorists, drug dealers, mafiosi, and child pornographers
Clipper is meant to protect us from. In the end, then, the only
way to make the Clipper system universal would be to pass a law
against all other forms of encryption, an option the
administration has coyly admitted it's weighing.
But the opposition has been weighing it too. On the Cypherpunk's
mailing list, on the high-volume Usenet newsgroups like
sci.crypt, and in briefs and testimony filed at Representative
Edward Markey's congressional hearings on computer security
policy in June, critics of the Clipper chip have amassed a
heaping list of problems with the move toward crypto
criminalization that the proposal represents. Economic. political,
and legal arguments have all been hurled at the possibility of an
anti-encryption law, but the most basic difficulty with such a ban
seems to be an essential epistemological one: namely, that
there's almost no way of knowing what the law prohibits, since in
practice it's rarely easy to tell the difference between
encrypted information and random noise. Indeed, the gist of
Claude Shannon's formative contribution to crypto theory was that
the most effective encryption systems are those whose output most
closely resembles raw static, drained as much as possible of the
structure that makes their hidden messages intelligible. Any
serious ban on cryptography would therefore have to go to the
rather loopy extreme of prohibiting the transmission of garbage
data as well.
Yet even so sweeping a law couldn't overcome the laws of
information theory, which say that communication channels are
always infected with a certain amount of ineradicable fuzz.
Crypto-heads are already seeking out and finding ways to exploit
this omnipresence of noise -- for instance by removing the bits
representing barely detectable hiss in sound recordings and
replacing them with virtually indistinguishable cipherdata. As
Tim May likes to point out, a DAT cassette of a Michael Jackson
album could thus easily conceal the digitized blueprints of the
Stealth bomber, and in fact it's more than likely that among the
thousands of photographs currently flowing through computer
networks, at least a few go bearing the secret communications of
amateur and not-so-amateur cryptographers, stowed away as digital
blur. Who knows then? If the campaign against nonstandard
encryption proceeds to its logical conclusions, the government
might one day find itself again looking with suspicion on the
transport of children's drawings -- or children's records,
children's videos, or for that matter any of the dense and
digitized info-chunks that will fill the fiber-optic supply lines
of tomorrow's bit-peddling markets.
But the potential for absurdity is just one of the forces lined
up against crypto control (and probably the weakest, given the
government's historic taste for absurdity in its communications
policy). The Constitution may be another. Since Clipper's public
debut, cyber-rights groups like Computer Professionals for Social
Responsibility and the Electronic Frontier Foundation have raised
questions about the system's legality, drawing out the
privacy-protecting implications buried in the Fourth and Fifth
Amendment freedoms from unreasonable search and seizure and
self-incrimination. And ultimately, as EFF counsel Mike Godwin
has suggested, any government regulation of cryptography may even
fall to the First Amendment arguments -- though courts have
historically excluded certain categories of speech from the
amendment's protection, unintelligible statements have never been
among them, and the government would probably have a hard time
showing why statements made unintelligible by mathematical
scrambling should be treated any less generously.
These are airy, theoretical objections, though, compared to the
howls coming from the quarter most immediately threatened by the
Clipper scheme: American business, especially the sector of it
that's already making money meeting the growing demand for
digital security, which stands to pay dearly if the government's
plans go through. For one thing, products with Clipper tech built
in will be worthless for export purposes -- in the currently
warming climate of industrial espionage, no foreign company in
its right mind would buy security the U.S. owns a master key to.
More ominously, domestic firms saddled with Clipper in their own
offices will be more vulnerable to spying than they might
otherwise, since the back door built in to the chip presents an
obvious soft spot for hackers to attack. Thus, the computer and
communications industries' anti-Clipper campaign has argued, the
chip may in the end do more to subvert the post-Cold War era's
new economically defined national security than to safeguard it.
And while an appeal to the notion that what's good for business
is good for America may not seem as principled as citing the Bill
of Rights, it's probably the argument that weighed heaviest in
the decision two months ago by the NIST -- the federal organ
charged with implementing the Clipper plan -- to ease up on the
program pending broader public review.
Moving quickly into the resulting breach, an ad hoc industry
group led by Novell Inc. announced mid July that it was
introducing its own set of encoding standards -- back-doorless
and cryptographically ironclad. The government's so far
acquiescent response ("I think this won't drive us crazy," one
unnamed White House honcho told the Times) is an encouraging sign
for the anti-Clipper coalition. But it's not much more than that;
this battle is far from over and its outcome is far from clear.
If only because of the massive bureaucratic bulk behind the
proposed standard (its patron the NSA has, to the best of
anyone's knowledge, the largest budget by far of any federal
intelligence agency), the government isn't likely to drop it.
Clipper might survive through sheer inertia, and if it does its
effects on widespread use of cryptography could be much more
devastating than its patent impracticality suggests.
Why? Because the spread of unbreakable personal crypto depends
heavily on what's known as the FAX Effect -- i.e., the fact that
the value of a given communications system increases in direct
proportion to the number of people of use it. So even though the
government will never succeed in keeping top-grade encryption out
of the hands of criminals and anyone who believes passionately in
its use, the vast majority of digital citizens might never adopt
strong crypto systems if government pressures make it even
moderately inconvenient to use or market them. Merely perfunctory
enforcement of key-registration laws could do the trick, but
legal measures of any kind might not even be necessary. If the
government simply sticks with its current strategy of tempting
manufacturers with a huge, ready-made federal market for
Clipper-equipped technology, then genuinely secure cryptography
could end up playing Beta to Clipper's VHS. At which point the
digital-info industries, would no doubt drop their current
freedom-fighter stance and get with the government program.
There's nothing inevitable about this scenario, of course --
except perhaps its preview of rapidly shifting battle formations
among the factions involved. The crypto wars won't end when the
Clipper debate does, and as they rage across the culture their
shape will change with that of the underlying terrain. For
instance, as the personal data of consumers grows more and more
valuable to information-hungry businesses, corporate America will
become an increasingly unreliable friend to any technology that
hides data. Likewise, civil libertarians, pure of heart though
they may be, will remain an effective force only as long as the
case for strong crypto can be translated into constitutional
terms -- an easy enough trick while the government has its heavy
hand in the matter, but harder to pull off once the contest moves
out into the open marketplace of competing standards.
In the long run, then, the core resistance in the hard fight for
crypto-privacy will likely come from people whose commitment
rests not purely on economic self-interest or on larger social
concerns but also on a fascination with the intricate
machinery of cryptography itself. In other words, people like
Phil Zimmerman -- the free-lance programmer and political
activist who grew up engrossed with secret codes and then went on
to dedicate his leisure time writing and updating PGP, a free
e-mail encoding program that is rapidly becoming the encryption
system of choice among the cryptosocially aware. Or people like
Tim May, and Eric Hughes, and all the other technojargon-slinging
Cypherpunks. People whose relationship to cryptography has grown
so personal they cannot bear the thought of not having direct
access to its full power right from their desktops.
This army of hobbyists may not seem like the most formidable
agents of revolution. Yet in a time that demands increasingly
subtle understanding of the relationship between technology and
social transformation, their passionate intimacy with
revolutionary gadgetry is helping shape crucial strategies for
change. The Cypherpunks and their ilk are elaborating the latest
variation on the digital counterculture's Hacker Ethic, a
technoactivist outlook that crosswires commonplace theories of
how technology and society interact, buying neither the
technological determinism of pocket-protected engineers and glib
sub-McLuhanites nor the humanist line that technology is mere
putty in the grip of contending social forces. Hackers, who know
firsthand both technology's enthralling power and its empowering
malleability, tend instead toward a creative juggling of the two
opposing outlooks.
And Cypherpunks are hackers to the bone. "Encryption always
wins," Tim May insists with the serene confidence of one
convinced he's a mere conduit for historical tendencies built
into information technology itself -- and yet by definition no
Cypherpunk takes the ultimate achievement of the group's goal for
granted. A pragmatic activism hardwires the group's collective
identity, their very motto ("Cypherpunks write code") signals a
commitment to making the proliferation of cryptographic tools
happen now rather than waiting on big business, big science, or
Big Brother to determine its fate. Nor is this commitment limited
to the creation of tools; indeed, an even better motto might be
"Cypherpunks use code," since the essence of the revolution the
'punks seek to effect lies in making encryption a cultural habit,
as common and acceptable as hiding letters inside envelopes. Thus
the Cypherpunks' almost religious use of PGP and of their use
their own primitive remailer systems isn't just a grown-ups' game
of cloak and dagger, as it sometimes seems, or a matter of
testing out the crypto hackers' experimental creations. It's an
attempt to nudge ciphertech toward that pivotal accumulation of
users that finally makes the forward rush of the technology's
far-reaching social implications irresistible.
At some stage of the game, in other words, encryption does not
always win. But whether we as a society choose to play the game
is another matter. The Cypherpunks have made their choice, but
should the rest of us necessarily follow them in it? The time to
decide is now, because if public use of crypto-ware ever reaches
that elusive critical mass, debate won't be an option:
crypto-anarchy will be upon us, woven into the technological
fabric of daily life and about as easy to give up as breathing.
The resulting flood of privacy into politic will no doubt do the
body good, but it's worth considering whether the side effects
will in the end outweigh the benefits. Anonymous networks flushed
with digital cash, for instance, may dilute the power of
corporations, but they will also nurture extortion schemes,
bribery, and even brazen markets in no-strings-attached contract
murder. Less luridly, but perhaps more significantly, the
untaxability od enciphered transactions in an economy
increasingly composed od such transactions might wither whatever
mechanisms for meaningful sharing of social responsibilities
remain in this country. This prospect tends not to bother
Cypherpunks, at least not the hippie-hacker millionaires among
them, but libertarians less enchanted with marketocracy may end
up wondering whether crypto-anarchy, for all its power-leveling
potential, is quite the freedom they're fighting for.
It's no use to try and answer these doubts with the cheerful
counterresponsibilities -- with visions of the small-town,
closeted queer boy who explores sex and identity without fear of
discovery in a worldwide, cipher-secured on-line community of his
peers, or of cryptographically armored reproductive-rights info
networks standing by to keep choice alive in the event of a
sudden and drastic rightward lurch in national abortion policy.
For every heartwarmer a corresponding bummer can doubtless be
found -- the digital dialectic swings both ways, after all. The
option for strong cryptography, therefore, ultimately requires a
leap of faith, an intuitive confidence that a society which
unflinchingly honors the right to make illegible noise on the
whole be more just, more free, and more exciting than one that
doesn't.
For what it's worth, that confidence comes easier all the time.
More and more, the Information Age is looking more or less like
the hype doctors want you to think it is: the most radical
extension of minds and bodies into representational space since
humans first learned to talk. What it could become, however, is
not nearly as clear. Will it be a time of unimaginably refined
surveillance and control of those minds and bodies? Or a time of
freely and furiously propagating connections among them? To
suggest that the answer depends on the failure or success of
unbreakable personal cryptography flirts recklessly with the
romance of the technological fix. But given the deeply
technological nature of the challenge, it's hard to imagine what
kind of fix could be more appropriate. Then again, given the
complexities and multiple strategies involved in the current
struggle over access to absolute digital inscrutability, it's
hard to envision anything as simple as a fix emerging anytime
soon. Call strong cryptography a technical wager, then. It's a
smart bet that the state's long-running worst nightmare -- a
society whose entire informational texture is woven out of
unreadable secret codes -- turns out to be our own best dream of
the future.
- --
Reprinted without permission from:
Boardwatch Magazine
August 1993
pages 44, 45, 46
Legally Online
Shareware Emerges from the Underground
by Lance Rose
Computer shareware may be the top business innovation of this
soon-concluded century. The shareware industry is not that big,
but it's also pretty new, and who said major business innovations
have to be explosive? Especially one as radical as shareware --
try before you buy! This is no "money-back guarantee", which too
many times turns into a commercial Mexican finger trap when you
try to keep the seller to his word and back out of the deal. It
is simply trusting the customer. The customer gets to take fully
functioning software out for a free test drive, and is trusted to
pay if he or she likes to use it. Shareware turns away from the
ancient commercial tradition of trading my hostage product for
your hostage money, with both of us keeping our pistols trained
on the other during the entire transaction. It is an early
tentative stirring of a movement in our society away from
"business" as a euphemism for organized greed. It's genesis is a
combination of the new software distribution opportunities
afforded by BBS's and networks, and the fact that we're a few
years more advanced in our slow evolution upwards from needless
brutality and mistrust of others.
A lot is going on in the shareware business these days. The most
recent major event is the Copyright Office's issuance of final
regulations for its Computer Shareware Registry. This new system
of public records was created by Congress and the Copyright
Office specifically for shareware and public domain software. It
does not replace normal copyright registration. If you write a
piece of software and market it as shareware, you can now both
register the software copyright using the normal procedures, and
file a separate registration reflecting your shareware licensing
scheme.
Shareware registration is a way for authors and publishers to
record their license terms in an official public forum. The
author can include his terms on the free trial use period,
whether permissions are required to sell the shareware on
diskettes or CD-ROMs, bundling, site licenses, and all other
matters that he wants to cover. The registry's greatest value is
to bolster the copyright claims of shareware authors in the eyes
of distributors, who might otherwise think they can copy and
distribute shareware against the authors' wishes with impunity.
Now, a federal judge faced with a federally registered shareware
license will likely side with the authors against the wily
quick-buck distributors who argue that shareware is not really
copyright-protected because it's freely available on computer
networks, or because shareware authors dare to let potential
customers try shareware before they buy it.
The shareware registry came about by accident. A couple of years
ago, the mainstream software industry was pushing a software
ant-rental bill swiftly through Congress, to combat stores that
loaned software to customers to copy illegally and then return to
the store, in exchange for a supposed rental charge. A
Congressional staffer had heard of shareware but did not exactly
know what it was, and was concerned that this new law might
somehow unwittingly squash the fledgling shareware industry. He
threw together some laws quickly to save the shareware business
and tacked them onto the main bill. As it turned out, the special
shareware provisions were not necessary because the anti-rental
bill would simply not have affected shareware at all. Shareware
is not rented out, but literally given away with the hope of
receiving registration fees later. Nonetheless, the staffer's
hastily assembled new legal provisions were made law as part of
the anti-rental bill in December, 1990, and they directed the
Copyright Office to set up an official shareware registry.
The Copyright Office issued interim shareware registry
regulations in October, 1991, over a year ago, and requested
public comments to assist them in preparing the final
regulations. Only one organization responded, the Association of
Shareware Professionals, and it made suggestions for only minor
changes, most of which where accepted. The only suggestion the
Copyright Office did not act on was the most important, namely
creating a standard or sample form for the license document that
shareware authors should file in the registry. There is clearly a
need for such a form. As of a couple of months ago, the Copyright
Office reported it had received exactly one license document for
the shareware registry in the entire first year of its existence.
If a standard form or two is developed and circulated throughout
the shareware industry, we should see a fare higher registration
rate in short order.
After the U.S. government saw fit to recognize shareware, Wall
Street was not far behind. On May 27th, 1993 the Wall Street
Journal, mouthpiece of the investment community, prominently
featured an article entitled,"PC Users Can Benefit and Foster
Innovation by Buying 'Shareware'." Unlike mainstream articles in
the past that too often damned shareware with faint praise, this
article finally proclaimed within corporate America the same
message shareware authors and publishers have been spreading for
years: "Shareware isn't free unless it's specifically labelled as
such (and thus becomes "freeware") and it isn't in the public
domain unless its author explicitly places it there. It is also
not to be confused with free "demo" versions of commercial
programs, which usually are passed out in crippled form -- for
instance, without the ability to print or save files.... Paying
for shareware not only is the right thing to do, it's in the
self-interest of computer users. It encourages innovation and
helps maintain a broad base of programming talent that can give
rise to great products the big companies overlook." The article
also confidently rejected the persistent myth that shareware is
rife with viruses.
What more could shareware sellers ask? How about a retractionary
column in March 15, 1993 InfoWorld, one of the computer
business' most influential rags, by its publisher Bob Metcalfe:
"In my February 1 column... I was regrettably snide about
shareware as it is today, likening it to amateur open-heart
surgery. (This brought me more angry E-mail in a week than I can
read in a month.)" Suitably chastened, he changed his tune:
"Shareware should be of great interest to PC managers because
it's a good model of how we'll all acquire software in the future
-- and because shareware is yet another reason for migrating to
ISDN and object technology.... Shareware is, in essence,
electronic try-before-you-buy shopping. Wouldn't everybody prefer
to shop for and acquire software this way, instead of paying up
front for shrink-wrapped software they're not sure they want?
Yes. So that's why shareware is the future."
There is plenty of other evidence of broad corporate acceptance
of shareware. Best-selling utilities packages from giant software
companies like Central Point and Symantec are largely composed of
shareware products acquired in bundling license deals. Some of
the most successful shareware products have gone on to mainstream
software success as well, such as PC File, ProComm, Automenu,
Wildcat, Wolfenstein 3D, and the Wilson Windowware products.
Disk vendors that sell shareware disks by direct mail have been
successful for years, the recognition of which may culminated
about a year ago when Ziff bought one of the leading disk
vendors, Public Brand Software.
Now that Corporate America realizes it's in love with shareware,
is the struggle over for this new industry? Far from it; there's
still plenty of growing pains. For example, new disputes have
arisen over the advent of retail vending of shareware. Shareware
is now sold in racks in every kind of variety store, book store,
drug store, supermarket, etc. in this country and beyond. If you
have not seen a shareware rack in your local shopping center,
that little omission will doubtlessly be cured within the next
year.
Many shareware authors believe shareware racks create a new
perception problem that seriously reduces their registration
rates. Up to now, customers got hold of shareware through BBS' or
by sending away to disk vendors. They had to be fairly in touch
with shareware culture even to know about shareware, and had a
pretty good idea that shareware authors expected to receive
registration fees, aside from whether they chose to pay. But when
a K-Mart or A&P customer who never heard of shareware sees
inexpensive packaged software for $6.95, does he or she really
expect that when they get it home, they'll be asked to stuff
another $25 to $100 in an envelope and send it to Timbuktu? No,
not nearly as likely. This does not mean there are no
registrations, but the rate of registration is reduced. Add to
this the reluctance of some rack vendors to tell customers
clearly on the disk package that additional payment will be
required (since such a message mat reduce disk sales), and the
makings of a battle royale between rack vendors and shareware
authors are all there.
Most shareware authors decided they didn't want to stop rack
vendors from distributing their software, but they also did not
want rack vendors to make lots of money selling their software
while the authors didn't receive squat from registration fees. So
they pushed for small royalties on shareware sold on racks, and
in many cases (and after some major online shouting matches)
royalties are indeed being paid. It's a minor modification of the
essential shareware concept, because as anyone who's even brushed
up against retail distribution arrangements knows, royalties are
passed along to the customers. Now customers pay the authors a
little money in advance for shareware they have not yet tried when
they get the shareware from a retail rack. It dilutes the pure
try-before-you-buy concept, but it's a small price to pay to
bring the benefits of shareware to the general public.
A related development is what the shareware industry calls LCR,
or low-cost retail software. Some companies now sell
"fully-registered" shareware for prices only slightly higher than
those charged at the retail shareware racks. Customers get he
software with no hidden costs, albeit they will not receive nice
printed manuals, extra utilities and other goodies often used by
shareware authors to encourage mail-in registration. Since LCR
software is also inexpensively packaged and sold on racks in
retail stores at low prices, there is great potential for
customer confusion between retail shareware racks and LCR racks.
Adding to the confusion is the fact that shareware and LCR racks
are often placed side-by-side by the retailer, and the same
software package may even show up on both kinds of racks. This is
a level of confusion that defies rational analysis, but we can be
confident the marketplace will sort it all out in a year or two.
The store owners will say "this approach works, that doesn't",
and the rack vendors will comply nearly instantaneously.
A final, somewhat jarring note involves some recent squabbling
between shareware authors and some Fidonet sysops. The sysops
started selling CD-ROMs of shareware ported from their boards,
without asking for permission from the shareware authors. Authors
disturbed at this pointed out that their license documents
included in the shareware required express permission for any
CD-ROM publication. The sysops' answer? Heck, they don't even
bother to read 'em! Since their BBS' are the linchpin of online
shareware distribution, they somehow have a natural right to
distribute shareware the shareware that lands on their BBS' any
way they please, regardless of whether it's online or by CD-ROM.
This raises an interesting question about the implied license to
BBS' to distribute shareware fro free -- how far does it go?
Sysops feel the implied license attaches to them personally
regardless of their activities, which can be BBS sysop one
minute, CD-ROM publisher the next. Authors feel the license
attaches strictly to the activity. Fairly unregulated BBS
distribution is okay, but anyone who wants to distribute
shareware on hard media has to talk to the author. The battle
continues, though the creation of the Copyright Office shareware
registry, carrying the government's implicit sponsorship of
shareware licensing schemes, it's a hard battle the authors are
likely to win.
So there's still some fireworks left in shareware. Good -- It may
be the most innovative business in all of creation, just don't
let it become boring.
[Lance Rose is an attorney practicing high-tech, computer and
intellectual property lay in Montclair New Jersey, and is
available on the Internet at elrose@well.sf.ca.us and on
Compuserve at 72230,2044. He is also author of the book SYSLAW, a
legal guide for bulletin board system operators, available from
PC Information Group (800) 321-8285.]
- --
Organization: CPSR Washington Office
From: Dave Banisar <uunet!washofc.cpsr.org!banisar>
Date: Fri, 23 Jul 1993 23:31:40 EST
Subject: Credit Reports and NS
Credit Reports and NS
Here is the letter opposing the provision to allow for easier access to
credit reports. As you can guess, the Senate Intelligence Committee (which
generally acts as the biggest supporter of the agencies on the Hill) did not
address our concerns at all and approved the provision.
I was unable to easily find the actualy text but will get it after I come
back from vacation.
Dave
July 12, 1993
The Honorable Dennis Deconcini
Chairman
Senate Select Committee on Intelligence
United States Senate
SH-211 Hart Senate Office Building
Washington, DC 20510-6475
Dear Chairman DeConcini;
We are writing to voice our strong opposition to the
Administration's legislative proposal to amend the Fair Credit
Reporting Act (FCRA) to allow the Federal Bureau of Investigation
(FBI) to obtain consumer credit reports in foreign
counterintelligence cases.
The FBI seeks a national security letter exemption to the
FCRA to obtain personal information from consumer reporting
agencies without a subpoena or court order. A national security
letter gives the FBI the authority to obtain records without
judicial approval and without providing notice to the individual
that his or her records have been obtained by the Bureau.
Similar FBT proposals were rejected in previous years after
Congressional leaders expressed concern over the civil liberties
issues raised.
Although the current draft proposal is more comprehensive
than those circulated in previous years, the changes and
additions do not alter significantly the central character of the
proposal. The Administration's 1993 proposal includes explicit
limits to'dissemination of obtained information within the
goverrment, penalties for violations including punitive damages,
and reporting requirements. These provisions are positive
changes from the legislation put forward in previous years, but
they do not save the proposal from its intrinsic flaws.
Therefore, the reasons for our fundamental opposition to the
current proposal remain the same: 1) the FBI has not demonstrated
a compelling need for access to consumer credit reports; and 2)
legislation that implicates civil liberties should be addressed
separately and not as part of the authorization process.
There are only two instances in which Congress has
authorized the FBI, in counterintelligence investigations, to
obtain information about individuals pursuant to a national
security letter but without a subpoena, search warrant or court
order. First, the Electronic Communications Privacy Act (ECPA)
of 1986 included a provision requiring common carriers to
disclose subscriber information and long distance toll records to
the FBI in response to a national security letter. Second,
congress included in the 1987 Intelligence Authorization Act an
amendment to the Right to Financial Privacy Act (RFPA) that
requires banks to provide customer records to the FBI in response
to a similar letter. In that case, the FBI presented to Congress
its case for obtaining financial records in foreign counter-
intelligence cases and the difficulty of obtaining those records
without a court order.
in both instances when congress has previously authorized
the national security letter, Congress recognized that the
procedure departs dramatically from the procedure necessary to
obtain a court order.
The FBI's current proposal seeks similar access to
individuals' credit records held by consumer reporting companies.
The FBI has yet to adequately justify its need to add such highly
personal, sensitive information to the narrow category of records
subject to the national security letter exemption.
The Bureau claims obtaining credit reports will allow it to
more easily determine where a subject of an investigation banks
-- information the FBI claims will help them effectuate their
ability to access bank records under the RFPA. We opposed the
national security letter exemption in the RFPA and do not endorse
the FBI's slippery slope approach to ensuring that they can more
easily obtain financial information in foreign
counterintelligence cases. This information can be and is
routinely gained without credit reports. We do not believe
convenience is a sufficient justification for this significant
exception to the law.
The FBI further argues that obtaining banking information
through a credit report is preferred because it is actually leas
intrusive than those investigative methods that would otherwise
be used. While we too are frustrated that other information-
gathering techniques are frequently too intrusive, our objections
to the other techniques do not lead us to endorse yet another
technique that is also intrusive and that weakens existing
privacy law.
Finally, we object to using the authorization process as the
vehicle for pursuing this change. The national security latter
exemption, because it diminishes the due process and privacy
protections for individuals, must be given the most careful
consideration. The FBI's proposal should be introduced as
separate legislation on which public hearings can be held. only
in this way can the Committee test thoroughly the FBI's case for
the exemption and hear from witnesses who object to the change.
We urge you to reject the FBI's proposal in its current
form. We are available to work with you on this issue.
Sincerely,
Janiori Goldman Michelle Meier
Privacy and Technology Project Consumers Union
American civil Liberties Union
Marc Rotenberg Evan Hendricks
Computer Professionals for U.S. Privacy Council
Social Responsibility
cc: Members, Senate Select Committee on Intelligence
The Honorable George J. Mitchell
Senate Majority Leader
The Honorable Donald W. Riegle, Jr., Chairman
Senate Committee on Banking, Housing and Urban Affairs
The Honorable Patrick J. Leahy, Chairman
Subcommittee on Technology and the Law
- --
Date: Mon, 26 Jul 1993 16:31:36 EDT
Sender: Computer Professionals for Social Responsibility
<uunet!VTVM2.CC.VT.EDU!CPSR%GWUVM.BITNET>
From: Paul Higgins <uunet!VTVM2.CC.VT.EDU!VALUES%GWUVM.BITNET>
Subject: Call for Papers: Computer Network Use and Abuse Conference
CALL FOR PAPERS
The National Conference of Lawyers and Scientists (NCLS) invites
proposals for original papers to be presented at a two-and-a-
half-day invitational conference on "Legal, Ethical, and
Technological Aspects of Computer and Network Use and Abuse."
The conference, which will include 40 participants representing a
diverse set of perspectives and areas of expertise, will be held
in southern California in mid-December 1993. Up to three
successful applicants will receive travel expenses and room and
board at the conference. Papers will be included in the
conference proceedings and may be published subsequently in a
book or journal symposium.
The conference will focus on the ways in which the law, ethics,
and technology can contribute to influencing and enforcing the
bounds of acceptable behavior and fostering the development of
positive human values in a shared computer environment. Primary
attention will be on unwanted intrusions into computer software
or networks, including unauthorized entry and dissemination of
viruses through networks or shared disks. Discussions will deal
with such issues as access to information, privacy, security, and
equity; the role of computer users, academic institutions,
industry, professional societies, government, and the law in
defining and maintaining legal and ethical standards for the use
of computer networks; and a policy agenda for implementing these
standards.
Papers are invited on any aspect of the conference theme.
Especially welcome would be papers reporting on empirical
research, surveys of computer users, and case studies (other than
those that are already well-known). Interested persons should
submit a summary or outline of no more than 500 words, together
with a brief (one-page) resum and a statement (also brief) of
how one's expertise or perspective might contribute to the
meeting. Proposals will be reviewed by an advisory committee
convened by NCLS and successful applicants will be asked to
prepare papers for the meeting. Papers must be the original work
of the author, not previously published, in good academic form,
and between about 5,000 and 8,000 words (25-30 double-spaced
pages) in length.
Deadline for receipt of proposals is 5 p.m. Eastern Time,
September 15, 1993. Applicants who are selected to prepare
papers will be informed by October 1, 1993. Draft papers will be
due December 3, 1993. Final versions of the papers, revised in
light of conference discussions, will be due approximately two
months after the conference.
NCLS is an organization sponsored jointly by the American
Association for the Advancement of Science and the American Bar
Association, dedicated to improving communication between members
of the legal and scientific/technical professions and exploring
issues at the intersection of law, science, and technology.
Funding for this meeting has been provided by the Program on
Ethics and Values Studies of the National Science Foundation.
For further information please contact Deborah Runkle,
Directorate for Science & Policy Programs, American Association
for the Advancement of Science, 1333 H Street, NW, Washington, DC
20005. Phone: 202-326-6600. Fax: 202-289-4950. E-mail:
values@gwuvm.gwu.edu.
- --
End of Legal Net News, Volume 1, Issue 14
