Computer underground Digest Sun Sept 17, 1995 Volume 7 : Issue 74 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson CONTENTS, #7.74 (Sun, Sept 17, 1995) File 1--Correction (CuD 7.73) File 2--Text for Computer Underground Digest File 3--Changes in the CuD homepage File 4--(fwd) 2600 Case in Court, 9/14 (fwd) File 5--Computers & The Law Press Release File 6--The Computer Law Report - August 1995 (fwd) File 7--"Child-porn" Busts on AOL.COM File 8--Cu Digest Header Info (unchanged since 19 Apr, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 17 Sep 1995 15:43:22 CDT From: CuD Moderators Subject: File 1--Correction (CuD 7.73) In CuD 7.73, we listed the source of information for Martin Rimm's "The Pornographer's Handbook" as "books in print" and "Library of Congress." Both pointers were intended to be "Books in Print." The PH does not appear in the Library of Congress records. ------------------------------ Date: Sat, 26 Aug 1995 14:29:19 -0400 (EDT) From: Charles Platt Subject: File 2--Text for Computer Underground Digest ------------------------------------------------------------- [Not Much] News from Florida by Charles Platt In December of 1994, a polemical Usenet post on alt.comp.talk.eff claimed that half-a-dozen Florida BBSs had been shut down by the FBI, who had gone in with their guns drawn and had forced innocent sysops to lie facedown on the floor while most of their worldly belongings were impounded. During one raid, a crippled BBS owner was allegedly hauled out of his home and placed on a chair on his front lawn where he shivered helplessly for several hours in 50-degree weather. It all sounded excitingly outrageous. But was it true? The initial post was challenged by a couple others that accused it of exaggeration. A more moderate version appeared in CuD, but no one seemed to have really reliable first-hand information, and after a couple of weeks the story disappeared. Since I'm currently researching local BBS busts for an article for Wired, I wanted the facts. I made several phone calls, placed a couple of appeals for information on Usenet, sent similar plea through Fidonet ... and received no response. So I headed down to One BBScon, the annual event aimed at BBS owners which was held this year at the Tampa Convention Center in Florida from Wednesday August 16th through Sunday August 20th. Last year the convention attracted almost 4,000 people. This year the crowd looked thinner (in numbers, certainly not in kilos) but the convention center was so huge, it would have made any attendance under 10,000 seem insignificant. A couple-hundred exhibitors were doing business in the main hall, net access being the dominant theme. Many BBS owners, wandering from booth to booth, seemed tormented with an traumatic mixture of fear and greed. On one hand they feared being wiped out overnight by Microsoft Network, while on the other hand they couldn't help hoping that if they plugged their existing users into the Internet, they could charge twice as much for access and clean up. How should this net access be accomplished? Via a fractional T1 ... or maybe a satellite feed ... the possibilities seemed endless, and were endlessly confusing. On the retail side, I counted at least six different AOL-inspired user-friendly GUIs developed by hopeful nationwide providers making themselves accessible via local POPs. Microsoft Network was there (with a barren booth that attracted virtually no interest at all) and The Well was pushing its now-nationwide service from a sickeningly folksy, rustic booth all made of unfinished wood, complete with park benches and free bottled springwater. Beneath a big sign saying "Let's Talk!" an earnest salesperson told me that while The Well's per-hour charges were indeed a bit high, a flat rate would be offered "real soon." The Association of Online Professionals (AOP), a relatively new group founded by David McClure, was soliciting new members from its booth at $95 apiece. AOP promises to lobby in Washington to protect the interests of BBS owners and is particularly concerned by any move to make sysops responsible for content. By the end of the convention, AOP was claiming about 600 members total. (Check out http://www.wdn.com/aop for more information.) I stopped at the Telix booth to pay homage to my favorite modem software, was pleased to see them selling a new Windows version, but was disconcerted to learn that it's for Windows 3.1, not Windows 95. Several booths were pushing CD-ROMs stuffed with games or graphic images (yes, folks, for $9.95 you can own 10,000 shareware games--literally). Only two booths were selling hardcore adult material, and I was told that many sysops are dumping their XXX-rated photo libraries out of fear of being busted. One vendor was Lee Noga, a tough, no-nonsense young woman with a blond crewcut, running a business named Lion's Den International, which creates its own photo-CDs using its own models and sells the packages via mail order. Noga, who impressed me by matter-of-factly referred to herself as a pornographer, listed various companies (including Playboy) that had sued her for copyright infringement before she started originating photographs instead of borrowing them. She lives in Florida and was happy to talk to me about the busts that occurred there last year. In fact, one of them had occurred just half a mile from her own home. But she said that so far as she could tell, it had been purely a local matter; the FBI were not involved and there was no dramatic show of force. According to Noga, the people who were hit have subsequently refused to say anything about it, and the action resulted from allegations of copyright infringement. That's as close as I got to any hard data, but it was sufficient to invalidate most of what I had seen posted last December. BBScon closed each evening at 6 PM and the shuttle buses to neighboring hotels stopped running at 7 PM, suggesting that attendees were expected to go back to their rooms and stay there. To me this seemed bizarre compared with the scores of science-fiction conventions I've attended, where programming always runs till at least midnight and free movies may be shown on a 24-hour basis. But then, science- fiction conventions are not primarily about making money. The only officially sponsored evening entertainment at BBScon seemed to be a Saturday night "exhibitors only" party on a boat. I crashed it using a borrowed invitation only to find myself lectured at length by an amiable businessperson who insisted that I could get rich by selling my science- fiction novels through his fledgling online service. I also listened to an insistent monologue by the founder of ClariNet (for some reason, his name escapes me) who was adamant that people *will too* read fiction online if the video text is big enough and the video margins are wide enough. Later, back at my hotel room, I flipped through the cable channels and found that one of them was being fed with tapes of the previous day's BBScon seminars. I was just in time to catch Jack Rickard, editor/publisher of Boardwatch magazine and patron saint of BBScon, telling an audience of sysops that so long as they offer internet access without impairing the individuality of their boards, they will make good money and will not be squeezed out by the large service providers. Bearing in mind that each sysop at BBScon paid up to $295 just to attend, and most of them seemed panicky enough to splurge additional hundreds or thousands of dollars on hardware or software in the exhibition hall ... I certainly hope Rickard is right. ------------------------------ Date: Thu, 11 Sep 1995 11:12:04 CDT From: CuD Moderators Subject: File 3--Changes in the CuD homepage The CuD homepage has been re-organized to make it easier to find links and move around. To reduce traffic on the EFF and mirror sites (which should be used during off-peak hours to reduce the burden), we encourage especially Midwest readers to use the CuD site at: http://www.soci.niu.edu/~cudigest We've added a security section, including links to Gene Spafford's sites. His sites are exceptionally complete and well-organized. They're the cyber equivalent of the Smithsonian: You can browse them for weeks and still want more. We've also linked the site to the American Criminological Society's Critical Criminology Division for those preferring a more social-science oriented set of information and links. You'll also find links to timely issues (eg, the "Rimm Study," the Church of Scientology flap), newsletters (Jim Warren's GovAccess newsletter, BillWatch, Phrack, Crypt, and more), and information about and links to computer-related issues. ------------------------------ Date: Fri, 15 Sep 1995 00:11:00 -0500 (CDT) From: David Smith Subject: File 4--(fwd) 2600 Case in Court, 9/14 (fwd) ---------- Forwarded message ---------- From--sobel@epic.org (David L. Sobel) Subject--2600 Case in Court, 9/14 Date--Wed, 13 Sep 1995 12:41:25 -0500 The so-called "Pentagon City Raid" FOIA case will be argued in the U.S. Court of Appeals in Washington, DC on Thursday, September 14 at 3:00 p.m. The hearing is open to the public. The case involves the withholding of Secret Service documents concerning the break-up of a 2600 meeting at the Pentagon City Mall in November 1992. The Secret Service lost in the lower court and appealed the case. More information is available at EPIC's Web site -- http://www.epic.org/computer_crime/2600// The appellate argument will be held at the United States Courthouse, Third & Constitution Ave., N.W., Fifth Floor (U.S. Court of Appeals courtroom). David Sobel EPIC Legal Counsel ------------------------------ Date: Wed, 13 Sep 1995 12:24:13 -0400 (EDT) From: Charles Sumner Subject: File 5--Computers & The Law Press Release FOR IMMEDIATE RELEASE Contact: Charles Sumner September 11, 1995 Sun User Group (617) 232-0514 SUN USER GROUP CONFERENCE HELPS DEFINE CYBERCRIME Speakers from the FBI and the Electronic Frontier Foundation will be featured at the second annual "Computers & The Law" Conference, November 12-15, Tampa, Florida. This November 12 through 15, the Sun User Group will sponsor the second annual "Computers & The Law" symposium in Tampa, Florida. As computers and the Internet invade more and more corners of everyday life, the once distinct areas of technology, security, legislation, and law enforcement begin to collide -- often with disastrous results. In an effort to help members of these professions deal with a rapidly changing world, the Sun User Group founded the "Computers & The Law" conference. This year's conference is a unique forum in which members of these once diverse fields can meet to share experiences and ideas, and address the growing connections between their professions. Last year's symposium was critically acclaimed and this year's, with featured speakers from the FBI's Economic Espionage Unit and the Electronic Frontier Foundation, is expected to be even more successful. "The explosive growth of cyberspace is straining the law's ability to keep up. Issues such as privacy, copyright, jurisdiction, and the liability of system administrators are currently being played out in the courtroom in uncharted territory," said Edward A. Cavazos, chair of the "Computers & The Law" legal track. The question of 'uncharted territory' is a central theme of the conference, and one which plays a pivotal role in one of the many highlights -- a debate between Michael Froomkin, of the University of Miami Law School, and Jared Silverman, former New Jersey Securities Commissioner, on whether existing laws can be applied to Cyberspace. "It's the variety of security and legal speakers, discussing complex real-world cases, that has sparked so much interest in this conference," said Charles Sumner, the Sun User Group's Director of Marketing. The keynote addresses present three very different examples of the interaction between computers and laws, from three speakers who are at the forefront of these changes. The development of computer legislation is represented in Tuesday's keynote by Mike Godwin, the Legal Counsel of the Electronic Frontier Foundation, and the enforcement of those laws is addressed by Monday's keynote speaker, Ken Geide, Chief of the FBI's Economic Espionage Unit. Last, the results of crossing those legal bounds is detailed by Randall Schwartz. Mr. Schwartz, a noted UNIX consultant who was recently convicted in a landmark case brought by Intel, will discuss his experiences in Tuesday's endnote address. With the dramatic increase in the population of cyberspace and corporate America's new love affair with technology, system administrators are being confronted with many new shades of morality and ethics. "In order to thrive in today's swiftly changing world, a system administrator must be a technician, an attorney, a cop and a politician." says Alexander Newman, Executive Director of the Sun User Group. "He or she must establish and enforce fair-use policies, keep users from violating copyright laws, and deal with outside complaints about those users." The administrator must often accomplish this job with little or no knowledge of the rapidly growing web of laws surrounding the field. Cavazos, who is also co-author of "Cyberspace and the Law: Your Rights and Duties in the On-Line World" said that "This conference addresses these issues with an emphasis on making sense of a confusing and often contradictory set of precedents". What cybercrime is and how to protect yourself from it are two of the main themes of "Computers & The Law" and will be covered during a variety of talks throughout the four days. Some of the additional topics to be discussed at the symposium include: privacy, cyberporn, copyright infringement, on-line legislation, encryption, internet fraud, how to recover information if your site has been comprimised, and what to do if the government decides to investigate you. Featured instructors at "Computers & The Law" include: John C. Smith, an investigator with the High Tech Crime Unit of the Santa Clara County District Attorney's Office; Peter Galvin, the security columnist for "SunWorld On-line"; Lee Hollander, Florida's State Attorney; Bob Friel of the Electronic Crimes Branch of the U.S. Secret Service; and Richard Ress of the FBI Computer Crime Squad in addition to many other technical and legal speakers. "Computers & The Law", November 12-15, 1995, will be held at the Camberley Plaza, Sabal Park in Tampa, Florida, and features two days of talks and panels and two days of workshops. It will draw speakers and attendees from all over the world. The symposium is sponsored by the Sun User Group, an international, not-for-profit technical and professional association which serves the workstation industry. To register, or for more information on the conference or the Sun User Group, contact the Sun User Group via email at conference@sug.org, on the World Wide Web Page at http://sug.org, or by calling 617/232-0514. # # # ----------------------------------------------------- Charles Sumner | Now some people say that you shouldn't tempt fate Director of Sales | and for them I would not disagree. Sun Users Group | But I never learned nothing from playing it safe, e: sumner@sug.org | I say fate should not tempt me. v: 617/232-0514 | "I Take My Chances" - Mary Chapin Carpenter ------------------------------ Date: Mon, 11 Sep 1995 20:38:18 -0500 (CDT) From: David Smith Subject: File 6--The Computer Law Report - August 1995 (fwd) ---------- Forwarded message ---------- Date--Fri, 1 Sep 1995 10:03:46 -0400 From:Galkin@aol.com To--CompLawLst@aol.com Subject--The Computer Law Report - August 1995 ******************** THE COMPUTER LAW REPORT - AUGUST, 1995 PREPARED BY WILLIAM S. GALKIN, ESQ. galkin@aol.com ******************** *** NOTICE *** ALL LIST RECIPIENTS ARE **ENCOURAGED** TO FORWARD COPIES OF THE COMPUTER LAW REPORT TO OTHERS WHO MAY BE INTERESTED IN BEING ON THE LIST! ARTICLES CONTAINED IN THIS ISSUE: (1) Negotiating royalty agreements in the information age (2) New domain name registration rules (3) Protecting Software [* PLEASE READ *: If you have any questions about the material contained in The Computer Law Report, or would like to discuss issues related to computer or technology law, please contact William S. Galkin, Esq.: e-mail (galkin@aol.com), telephone (410-356-8853), fax (410-356-8804), or mail (10451 Mill Run Circle, Suite 400, Owings Mills, MD 21117). To subscribe, please respond via e-mail to galkin@aol.com. The Computer Law Report is distributed free, and designed for the non-lawyer. All information contained in The Computer Law Report is for the benefit of the recipients, and should not be relied on or considered as legal advice. When necessary, proper professionals should be consulted.] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 - Negotiating royalty agreements in the information age ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ The author of a work (i.e., software, drawings, photographs, novels, etc.) owns, among other exclusive rights, the right to reproduce and market the work, as well as the right to create works derived from the original work, like movies from novels, or translating a novel from English to French, or software from a Macintosh to a Windows platform. The author may transfer all or a portion of these rights. Where the author is not marketing the work and has another person or company doing this, royalty payments will be the usual means of compensation to the author. A common example of royalty payments is where a publisher of a book pays to the author a percentage of the amount received on the sale of each copy of the book. In the past, there was a limited universe of means of distributing works, and a limited universe of works that could be derived from such works. Now, with communication technology evolving daily, the universes of distribution and derivation have greatly expanded. Furthermore, it is now extremely difficult, or impossible, to predict where future expansion will occur. However, the better these expansions can be predicted, the better an author will be able to protect his or her rights when transferred to a distributor. Royalty arrangements can be extremely complex. This article discusses a number of issues that it is particularly important to keep in mind. 1 - Derivative works: The distributor may or may not have the right to create derivative works. If the distributor does have this right, the distributor may want to decrease the royalty rate for the revenue received from derivative works. The rationale for this decrease is that as derivative works are created, the original work will represent a smaller and smaller portion of the work as a whole. This same concept will apply where the distributor has the right to merge the original work into other works (e.g., merging a photograph into a collage). If the author agrees with the concept of decreasing royalty, the author should make sure that there is a clear mechanism for determining an appropriate decrease. For example, if the modifications to the work are primarily cosmetic, then the decrease should be small. 2 - Sales price: Since royalties are usually based upon the sales price of the work, it is important to determine how this price is arrived at. For example, if the distributor is given complete discretion over the price, it would be possible that the distributor could decide to give the work away free, bundled with other products that are being sold. In such a case, the author would receive no royalties. On the other hand, if the author has too much control over price, then this may become intrusive on the exercise of marketing judgment of the distributor. One solution is to require a minimum royalty on each transfer of copies of the work. 3 - Guaranteed royalties: Amazingly, many royalty arrangements do not require the distributor to sell even one copy. The author may be all too appreciative that the distributor wants to distribute the work that there is no thought that the distributor will make less than a full effort to market the work. However, what if the day after you grant the distributor exclusive rights to market the work that you've spent the last two years developing, the distributor purchases the right to distribute a competitive work that the distributor thinks is better and leaves your work on the shelf? Or worse, what if the distributor's goal was just to get your work off the market so as not to compete with another product that the distributor has? These scenarios are not far fetched and need to be planned for. One solution is to require minimum royalty payments or sales, as mentioned above. This offers some protection, but it is better to also prohibit the distributor from marketing any competitive product. The definition of what is competitive must be carefully worded. 4 - Sublicensing rights: Sublicensing rights of a distributor can severely affect royalties earned by the author. For example, assume that you have negotiated a royalty of 15% of the gross revenue received by the distributor on sales. This royalty amount recognizes that the distributor has overhead expenses in addition to the expense of marketing. What if the distributor decides sublicense the work to another company to market. They will now receive 15% of the sales revenue as royalties from the new distributor, and you will only receive 15% of 15%, which only 2.25% of the gross sales price! The solution here is to either prohibit sublicensing or agree that the royalty will be higher (perhaps 50%) for revenues from sublicensing. 5 - Marketing efforts: It is important to require the distributor to begin marketing the work by some specific date. The work may need further development, and therefore a realistic date should be selected. Additionally, it is very beneficial to require the distributor to spend a certain amount of money on marketing within a specific time period (e.g., $100,000 in the first year). 6 - Royalty payments: In brief, royalty payments take the following forms: (1) Some cash up front plus royalty payments as sales are made; (2) Some cash up front which represents an advance against royalties earned in the future; and (3) Only royalties as sales are made, with no cash up front. These three forms represent a shift in risk from the distributor to the author. Cash up front represents a risk to the distributor, whereas royalty payments to the author only upon sales represents a higher risk assumed by the author. The level of rights granted by the author should take into account how much risk is assumed by either the author or the distributor. 7 - Audit rights: The author should have clear rights to audit the books of the distributor to determine the accuracy of the royalty payments the author receives. These audits will usually be at the expense of the author, however, the agreement can provide that where the distributor has underpaid, the cost of the audit is paid by the distributor. There could also be a penalty for such underpayments. 8 - Reversion of rights: There should be provisions that under certain circumstances rights immediately and automatically revert to the author. For example, if sales fall below a specified level, or if the distributor breaches the agreement. 9 - Arbitration: Lastly, it is often useful to have disputes that arise resolved by arbitration. Arbitrators can be selected in advance, which will facilitate a quick resolution of the issues, which otherwise could be dragged out in litigation, beyond the valuable commercial life of the work. However, arbitration is not a perfect solution, and the terms of the arbitration need to be carefully worked out in advance. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 -New domain name registration rules ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Network Solutions, Inc. is a private corporation that receives funding from the National Science Foundation for managing the Internic (Internet Network Information Center) Registration Services. Internic is the registry for all Internet domain names. Until recently, the registration policy for domain names was simple - first come, first served. This policy worked fine until recently when the presence of commercial forces (i.e., addresses ending with ".com") exploded. For example, in the past year .com registrations have increased from 18,000 to 82,600. The result has been an increase in the number of disputes between those with registered names and those holding trademarks to the registered names. In some instances, get-rich-quick types rushed and registered domain names that they hoped would be purchased from them by the trademark holder. In other cases, disputes arose because of honest disagreements as to the rights to registered names. Some examples of domain names registered not by the "known" trademark holder include: mcdonalds.com, ford.com, coke.com and mtv.com. A recent suit illustrates how Network Solutions could be caught in the middle. Frenchy Frys, a catering company in Seattle, Washington, registered the domain name "frys.com." Fry's Electronics, a large retail electronics chain that wants to register the same name, has sued Frenchy Frys as well as Network Solutions and the Internet service provider, Octave Systems, which originally requested the name for Frenchy Frys. Given the volume of commercial registrations, Network Solutions cannot pre-check that all such registrations do not infringe any trademark. Accordingly, Network Solutions has instituted a new policy to reduce its exposure to lawsuits. The new policy requires that applicants state that they have a legal right to the name they seek to register. Additionally, applicants must indemnify all persons involved in the registration process if a dispute arises. This means that the applicant will have to pay all damages, legal fees and other expenses that Network Solutions, or others covered by the indemnification incur as a result of a dispute. Under the old policy, where a dispute arose, the registrant kept the name until the dispute was resolved. However, under the new policy, if the registrant does not have a trademark registration for the name, then use of the name is immediately suspended. It should be noted, however, that to register a domain name, an applicant does not need to have a registered trademark. The bottom line is that before applying for a domain name, a search should be performed to make sure that it does not infringe a registered trademark. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 - Protecting software ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ There are three forms of protection available for software: patent, copyright and trade secret. These protections, properly implemented, greatly enhance the commercial value of software. When they are ignored or not known, a business risks inadvertently losing the right to rely on such protections in the future. Patent and copyright protections are provided for under federal statutes. Trade secret protection in many states is provided for under a version of the Uniform Trade Secrets Act. These protections are not exclusive and are most effectively used in combination. 1 - Patent Patent protection is the most powerful of the three methods of protection. Unlike copyright and trade secret protection, a patent prevents a competitor from using the technology reflected in the software patent, even if the competitor developed the technology independently without any knowledge of the software patent. Patent protection prevents anyone else from making, using or selling the technology reflected in patented software for a period of seventeen years. The expense of filing and prosecuting a patent application is far greater than to maintain copyright and trade secret protection; and it may take more than two years from the date of application to receive a patent for software. Although only recently becoming a popular form of protection for software, patent protection cannot be ignored for two important reasons. First, a patent must be applied for within twelve months of its first sale or the owner is barred from applying for a patent for the technology reflected in the software. Second, a patent granted to software may preclude another business, which is relying on trade secret protection, from using and selling its own similar software that is in existence and being used prior to the patent. 2 - Copyright Copyright protection is available for both source code and object code and is the most widely used method for protecting software. The copyright owner has certain exclusive rights which include the right to copy and distribute the software. Unlike patents, copyright protection applies immediately upon development of software. The software should nevertheless be registered with the U.S. Copyright Office to obtain important advantages for enforcing the copyright against infringers. The period of exclusive rights for copyright are substantially longer than for patents. Copyright protection on software created after 1977 will last for either 50 years after the death of the author or 75 years after registration of software developed for an employer by full-time employees. It is more difficult to inadvertently forfeit copyright protection than to forfeit patent and trade secret protection. However, prior to the United States joining the Berne Convention in 1989, distribution of a software program without a copyright notice could cause a forfeiture of the copyright. Under the current law, copyright notices are not required to be placed on software or other works. Copyright protection only applies to the expression of an idea rather than the idea itself. For example, the idea of a desktop publishing program is not protected, but the program code of a particular desktop publishing program is protected. The scope of copyright protection for software is currently uncertain because the law is struggling with how to apply the idea/expression dichotomy to software. Additionally, as stated above, unlike for patent protection, copyright protection does not prevent a competitor from selling identical software if the competitor developed its software independently without copying another's software. 3 - Trade Secret Trade secret protection prohibits the unauthorized disclosure or use of trade secret information. Unlike patents and copyrights, trade secret protection does not require the filing of any public documents and does not terminate after a specific number of years. Trade secret protection begins upon initial development or discovery, but may be forfeited in a variety of ways. Under most state laws, a trade secret is defined as information that has economic value because it is not generally known. If a business does not make reasonable efforts to maintain the secrecy of such information, trade secret protection will be forfeited. Elements of software that trade secret law will protect include source code, object code, flow charts, data structures and algorithms. Before enforcing a trade secret, a court will want to verify that a trade secret is valuable to the business and that reasonable efforts have been made to maintain secrecy. A court determines the "value" of a trade secret by examining the effort expended to develop the software and the ease with which competitors can develop similar software. Accordingly, maintaining records of expenses and employee time is essential to establish value. Value for trade secret purposes can be relatively modest. For instance, in one case, trade secret protection was granted for software even though a similar program could have been developed in four months at a cost of $18,000. However, most cases involving misappropriation of trade secrets focus on whether reasonable efforts were made to protect the trade secret. For instance, to what extent is the information known by the employees and by other businesses? The best evidence of efforts to maintain secrecy are confidentiality agreements signed by all employees with access to the software. Other evidence includes security procedures such as locking up confidential documentation, limited access to information accessible on local area networks, and conferences with incoming and outgoing employees advising them of the confidential nature of information that they will be or have been exposed to. Many businesses do not realize that licensing source code along with software will make any trade secrets within the source code public thereby forfeiting trade secret protection, unless adequate confidentiality restrictions are contained in the license. Similarly, if a program can be decompiled to discover trade secrets, then trade secret protection may be lost. To preserve a trade secret in such a case the license should prohibit decompiling of the software. Businesses should be aware that the enforceability of shrink-wrap type licenses is currently uncertain, therefore the effectiveness of confidentiality restrictions contained in shrink-wrap licenses for preserving trade secret status is also uncertain. Conclusion To enhance and preserve the value of software, businesses should do an intellectual property audit, in conjunction with a team composed of knowledgeable employees and professionals, in order to identify all patents, copyrights and trade secrets possessed by the business and to evaluate whether they are adequately protected. Such an audit should be done periodically. ------------------------------ Date: Sun, 17 Sep 1995 21:40:22 CDT From: CuD Moderators Subject: File 7--"Child-porn" Busts on AOL.COM ((MODERATORS' NOTE: Last week's busts of alleged child pornographers on AOL.COM has been covered. Below, we reprint Pat Townson's summary from Telecomm Digest, and include the New York Time's first paragrapher as a pointer for those wanting more information. We note that the NYT's Peter Lewis added a story that put the busts in perspective. Lewis suggests looking at AOL.COM as a large city. With 3.5 million users, this would make it roughly the same size as Cleveland or Detroit. All large cities have back-alley establishments, shady characters, and even a few who enjoy looking at pictures of children. This is useful to keep in mind: There is "porn on the net," there are crooks on the net, and--in fact--there is everything on the net that there is in the non-net world. That is, afterall, where most Net-users come from. And, when it comes right down to it, there is proportionally far less predatory behavior on the Net than there is in our daily lives, where nearly two percent of the U.S. population is currently under some form of correctional supervision. So, regardless of the hysteria of some media and congressional personnel, the Net remains a pretty safe place. ============== TELECOM Digest Thu, 14 Sep 95 12:14:00 CDT Volume 15 : Issue 383 From--TELECOM Digest Editor Subject--FBI Arrests Dozens of America OnLine Users Date--Thu, 14 Sep 1995 10:00:00 GMT The FBI made dozens of arrests and searched 120 homes and personal computers on Wednesday as part of an investigation into child pornography on America OnLine. Management of America OnLine has, over a two year period, supplied the FBI with the names and addresses of users 'suspected' of 'being involved in' child pornography and/or arranging sex with children. The raids on Wednesday marked the first time federal agents were called upon by an online service to investigate the behavior of their subscribers in private chat rooms. Attorney General Janet Reno spoke in support of the actions of America OnLine and FBI agents, noting, "We are not going to permit exciting new technology to be misused to exploit and injure children." The raids were conducted throughout the day Wednesday in 57 of the 94 FBI districts in the United States. They were mostly concentrated on the east coast, however arrests and confiscation of computer equipment took place all over the country in such diverse cities as Miami, New York, Dallas and Trenton, NJ. Carlos Fernandez, an FBI spokesperson in Washington, DC said that 'quite a few more arrests are expected in the next several days' and that the Bureau would wait until those arrests had been effected before discussing the case in detail. Pam McGraw, a spokesperson for America OnLine, based in Viennna, VA admitted that the company monitored email and private conversations seeking out persons who use their network to transmit pornographic material. She said they always provide the FBI with the names of users suspected of involvement in child pornography. Ms. McGraw also discussed an online 'neighborhood watch' program in effect on AOL where users are encouraged to oberve each other's activities and report on them to management of the online service. Although child pornography certainly is not allowed in public areas of AOL, according to Ms. McGraw it 'usually is transmitted in email between users, or in private chat rooms'. She did not indicate how AOL's interception of email for the purpose of examining it for 'pornography' or their monitoring of private conversations between subscribers could be reconciled with various privacy laws, apparently because it can't be. FBI spokesperson Fernandez said the federal investigation of AOL users showed that child pornographers are turning to online networks 'more and more' to lure curious children. He said, "the utilization of online services and bulletin board systems is rapidly becoming one of most prevalent tech-niques for individuals to create and share pornogrpahic pictures of children as well as to identify and recruit children into sexually illicit relation-ships." Raids and arrests of other AOL subscribers 'suspected of being involved in child pornography' will continue over the next few days until all the user-suspects have been located. I don't know about you, but I'm going to purge all the AOL sofware from my computer today. Child porn does not interest me in the least, but having AOL scanning my mail and checking up on my in private conversations with other users there is of great concern. It is hard for me to imagine how any online service could violate the trust of their users in this way, by getting into their email and personal files, regardless of the intentions. We have known for some time that AOL was 'cooperating' with federal agents in their investigation of child pornography, but until the massive raids and arrests commenced on Wednesday followed by AOL's admission that the 'evidence' was found in email and private chat, we did not know the extent to which AOL was abusing their subscribers in the process of cooperating. PAT =============== From the New York Times: September 14, 1995 Use of Computer Network for Child Sex Sets Off Raids By DAVID JOHNSTON WASHINGTON - The Justice Department on Wednesday announced a dozen arrests in a two-year investigation into the use of America Online, the country's largest computer network, to distribute child pornography and to lure minors into sex. The searches of 125 homes and offices around the country represented the first time that federal agents investigated the misuse of a nationwide computer network, in which information and graphic material is exchanged between computers. ------------------------------ Date: Sun, 19 Apr 1995 22:51:01 CDT From: CuD Moderators Subject: File 8--Cu Digest Header Info (unchanged since 19 Apr, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CUDIGEST Send it to LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu:80/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.74 ************************************