Copy Link
Add to Bookmark
Report
Computer Undergroud Digest Vol. 02 Issue 18
****************************************************************************
>C O M P U T E R U N D E R G R O U N D<
>D I G E S T<
*** Volume 2, Issue #2.18 (December 28, 1990) **
****************************************************************************
MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet)
ARCHIVISTS: Bob Krause / Alex Smith
PERIPATETIC GADFLY: Brendan Kehoe
USENET readers can currently receive CuD as alt.society.cu-digest.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source is
cited. Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.
It is assumed that non-personal mail to the moderators may be reprinted
unless otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent the
views of the moderators. Contributors assume all responsibility
for assuring that articles submitted do not violate copyright
protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: Computers Under Attack
File 4: CU Resources in Germany
File 5: Trade Secrets; When are they Bad?
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----------------------------------------------------------------------
********************************************************************
*** CuD #2.18: File 1 of 5: Moderator's corner ***
********************************************************************
From: Moderators
Subject: Moderators' Corner
Date: December 28, 1990
++++++++++
In this file:
1. FTP FILES
2. RESOURCES OF CU INTEREST
++++++++++
+++++++++++++++++++++
FTP Files
+++++++++++++++++++++
The FTP archives are steadily growing. They include Network Information
Access (NIA), a few new CU magazines, and a variety of computer crime
statutes (state, federal, foreign), and a few new papers written by law
students and attorneys. Thanks to all those who send material along. If you
submit a long paper (20 pages or more), please be sure the format is
complete (biblio and footnotes not excluded if cited in the text) and line
length is not over 80 characters per line. Papers should be of publishable
quality and not simply stream-of-consciousness opinion. If you're not sure
if your paper is appropriate, send it along anyway. Papers should be timely
or of historical/archival value, and not something you happened across on a
BBS somewhere that is dated.
--------------------
Resources Worth Looking At
--------------------
There are a number of first-rate resources available on the nets for
computerists of all stripes. Among those of particular value include:
1. TAP MAGAZINE: TAP contains a variety of information and can be obtained
for only a postage stamp for each issue from:
TAP
PO Box 20264
Louisville, KY 40250
2. 2600 Magazine: 2600 covers a broad range of topics, ranging from
technical material to political analysis. It is published quarterly in
hardcopy format. It also holds periodic meetings and is an excellent
resource for information of relevance to a variety of interests. 2600
Magazine can be reached at:
2600@well.sf.ca.us OR
2600 EDITORIAL DEPARTMENT
P.O. BOX 99,
MIDDLE ISLAND, NY 11953
3. EFF DIGEST: The Electronic Frontier Foundation's first issue of EFF
Digest is out, and it is essential reading for those keeping up with the
the specifics of EFF activity as well as for following legal cases and
other issues affecting the computer world. The first issue provides a
detailed summary of the EFF goals and activities to date.
E-mail subscription requests: effnews-request@eff.org
Editorial submissions: effnews@eff.org
Or:
Electronic Frontier Foundation
155 Second St.
Cambridge, MA 02141
(617) 864-0665
(617) 864-0866 (fax)
4. BMUG (Berkeley Macintosh Users' Group) Magazine: Don't be deceived by
the name. BMUG contains a variety of articles relevant to all computerists
and is well worth reading. The Fall/Winter 1990 issue of the BMUG
newsletter will be available as of February, 1991. Cost is $25 (comes with
6 month BMUG membership). To subscribe, call BMUG at (415) 549-BMUG.
5. PHRACK CLASSIC: What can we say? Contact them at pc@well.sf.ca.us
6. TELECOM DIGEST: TCD, edited by Pat Townson, focuses primarily on telecom
issues of all kinds (technical, legal, rumor, facts, news articles). During
a period of hot topics, several issues can come out in a day. Pat chases
down rumors, keeps posts relevant, and has established TCD as the premier
e-mail source for telecom information. There is also an ftp site for back
issues. To subscribe, contact:
telecom@eecs.nwu.edu
7. NIA: Network Information Access, although fairly new, has published 68
issues to date. The first issues were relative short, but, beginning with
#68, the issues will be longer and provide a variety of detailed technical
and other information. For more information, drop a note to:
elisem@nuchcat.sccsi.com
8. NEWSBYTES: The Newsbytes News Network is an electronic news service
dealing solely with technology issues. It is published daily on GEnie and
is available in a semi-weekly format on Dialog, America On-Line, NewsNet
and a Japanese newsnetwork. Excerpts are also downloaded for publication
by Newspapers throughout the country (such as Computer Currents). The
service is international and has bureaus from Moscow to Sydney, Australia.
For more information, contact: mcmullen@well.sf.ca.us; CompuServe -
70210,172; GEnie - nb.nyc; AppleLink -- x1888 and MCI - 316-9687 with any
comments or additions.
There are other good resources out there, and we will include them in
future issues. There are also a number of good BBSs with extensive
collections of text files or discussion sections (Ripco, The Well, The
Works, Face-to-Face), and we will list a few of them next month. If you
know of exceptional boards worth mentioning, pass the names and numbers
along.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Various
Subject: From the Mailbag
Date: December 28, 1990
********************************************************************
*** CuD #2.18: File 2 of 5: From the Mailbag ***
********************************************************************
From: Carrier Wave <MERCURY@LCC.EDU>
Subject: Operation Sun Devil and Ayn Rand
To: TK0JUT1%NIU.BITNET@UICVM.UIC.EDU
Date: Fri, 21 Dec 90 09:15 EST
Operation Sun Devil and
Ayn Rand's Theory of "The Sanction of the Victim"
by Michael E. Marotta, mercury@well.sf.ca.us
Arthur Koestler's novel, Darkness at Noon, tells of the downfall of a
Bolshevik. He is purged by the party, charged with conspiring to
assassinate Stalin. Of course, he did no such thing, but he soon comes
to understand the needs of his captors. As a Bolshevik, he knows the
theory of the centralized democracy and he comes to understand that
merely questioning authority is no different than a physical assault on
the Leader. The operant theory in this true-to-life example was later
enunciated by Ayn Rand in her novel, Atlas Shrugged. She called it
"The Sanction of the Victim."
In Atlas Shrugged, the heroes are engineers and investors who learn to
reject mysticism, altruism and collectivism. They learn to be proud of
their own achievements. They identify and reconcile the contradictions
that tore them apart and allowed them to be regulated, ruled, taxed and
vilified. One of the highlights of this novel is the trial of Hank
Rearden, a steel industrialist who violated an equalization of opportunity
law. He tells the court that it can sentence him to anything and he is
powerless to prevent that but he will not help them by participating. He
does not recognize their right to try him and he will not help them pretend
that the trial is just. He is acquitted.
If this seems too unreal, consider the case of Craig Neidorf in Chicago and
compare it to the trials of the Legion of Doom in Atlanta. Neidorf stood
his ground, prepared a First Amendment defense and asked for help from the
pioneers on the electronic frontier. The government dropped its charges.
In Atlanta, the hackers co-operated with the government, informed on each
other and even testified against Craig Neidorf and they were sentenced to
prison. Neidorf incurred legal expenses near $250,000. This is also about
the size of the fines to be paid by each of the LoD hackers in Atlanta.
The difference, of course, is that Neidorf is free and they are in jail.
The decision to go to trial rested on the premise that Right makes Might.
Niedorf prepared a First Amendment argument. In point of fact, victory
hinged on the demolition of the government's evidence. A suitable defense
could have been created from any perspective. The First Amendment is a
broad shield that protects religion, speech and assembly in addition to
writing. The Tenth Amendment guarantees all those necessary and proper
rights enjoyed by the people that are not specifically enumerated in the
Bill of Rights. Niedorf could have claimed that he was performing a
challenge commanded of him by the Gods of Olympus. What counted most is
that he felt that his accusers were morally wrong.
The Legion of Doom went down the drain in Atlanta because they granted the
moral high ground to the government. They were wrong in their own eyes and
they deserved punishment by their own standards. Their viewpoint and their
standards were the same as the government's.
The question then becomes: Is hacking right? Unless you want to go to
jail, you better find a lot of reasons to believe that it is.
+++++++++++++++++++++++++
From: gnu@TOAD.COM
Subject: Re: "strangers probing for security flaws" -- another view
Date: Fri, 21 Dec 90 13:11:14 -0800
Given the existing state of computer security (i.e. it requires excessive
care by a system administrator to make a system more than nominally
secure), I think that whatever automation we can bring to bear on security
testing is welcome.
Suppose there was a free program, available in source code and scrutinized
by wizards all over the net, that you could run to test your security. If
you had the time, you might run it and fix up the things it found. If you
didn't have the time, those things would probably go unfixed.
If someone at a remote site (Italy?) volunteers to run such a program and
mail you the results as they pertain to your site, are they performing you
a service or a disservice? I don't know about you, but when a stranger
knocks at my door to tell me that I left my garage door gaping wide open
and the neighborhood hoods are eyeing my bicycles, I usually thank her
rather than knocking her down and calling the police. Then I go and fix
the garage door.
If the stranger had taken a few bicycles before coming and telling me about
the problem, that would be different. But even that is preferable to their
stealing the bicycles and not even telling me I had a problem.
Sites all over the Internet *are* being probed by people who want to do
them harm. We know this as a fact. I would prefer if we had some
volunteer "cop on the beat"s who would walk by periodically and rattle the
door to make sure it's locked.
John
++++++++++++++++++++++++++
From: snowgoose!@UUNET.UU.NET
Date: Mon, 17 Dec 90 16:16:00 -0500
Subject: Is Technology Beyond the Law?
Is Technology Beyond the Law?
There are many factors which shape events like Operation Sun Devil.
Certainly mission, political mandate, public perception, and human frailty
are forces which shaped the behavior of the Secret Service. But, the
juxtaposition of technology and the law may well be the most significant
factor.
Law is (or at least, is supposed to be) a reflection of the needs of
society for definition of and protection of its interests. Technology
presents rapidly changing circumstances with which the law, because the
people, cannot keep abreast. Technology is, and will always be, beyond the
law?
Now, I'm not a lawyer, and I haven't got a clue of how to conceptualize
this under the law, but consider the following:
One day, the Secret Service shows up at my door with a search warrant to
seize and search my computer for incriminating evidence. They get my
computer back to their lab and discover that the entire hard disk is
encrypted, (probably block by block). Upon further examination, they find
either an encryption card or a software encryption routine in the disk
driver. I'm not going to give them the key. I have used a sufficiently
difficult encryption technique as to frustrate even the NSA. Where does
that leave their investigation? Where does that leave my computer?
Is there a concept in the law which requires that a law must be
enforceable? If so, isn't investigation an enforcement procedure? If so,
and if the law isn't enforceable, what happens to my computer with its
encrypted disk?
I have intentionally exaggerated the technical circumstances to raise the
question, but it seems to me that the same situation exists today. The
Secret Service has had 40+ computers and 23,000? disks since their seizure
on May 8th, 1990. If we assume that the Secret Service has procedures
(methods and techniques) for using the seized property in their
investigation, then is there a time limit on how long the investigation
can continue? If it could be demonstrated that there were *no* procedures
for using the seized property in furtherance of the investigation, would
they have a right to have seized it?
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
Date: Thu, 6 Dec 90 15:00:32 PST
From: Peter Denning <pjd@riacs.edu>
Subject: Computers Under Attack
********************************************************************
*** CuD #2.18: File 3 of 5: Computers Under Attack ***
********************************************************************
COMPUTERS UNDER ATTACK
Intruders, Worms, and Viruses
Edited by Peter J. Denning
ACM Press and Addison-Wesley, 1990, 554pp
$18.50 ACM members, $20.50 others
On behalf of ACM Press and the authors of the 38 articles brought together
in this edition, I am proud to announce that our book on the subject of
attacks on computers is now available.
This subject continues to receive ongoing attention in the national press
--for example, the recent discovery of $12M of toll fraud at the NASA
Johnson Space Center, Operation Sun Devil, an Esquire article about
computer pirates breaking in to the Bell System, and the recent splashy
appearance of the NRC report, "Computers at Risk".
The purpose of this book is to tell the story of attacks on computers in
the words of those who are making the story and who see the broad
perspective in which it is taking place. We have painstakingly selected
the articles and have provided connective material to bring out the global
context and show that the problem is not purely technology, not purely
people, but a product of the interaction between people and computers in a
growing worldwide network.
After and introduction and preface by me, the articles are arranged in six
parts. Most of these have been previously published, but there are a few
new pieces specifically commissioned for this volume.
PART I: THE WORLDWIDE NETWORK OF COMPUTERS
Worldnet and ARPANET by Denning, overview of networks by Quarterman,
reflections by Thompson, survey of computer insecurities by Witten.
PART II: INTRUDERS
Reflections by Reid, Wily hacker story by Stoll, a followup commentary by
Mandel, and a business perspective by Wilkes.
PART III: WORMS
Internet worm overview by Denning, perspectives on the Morris worm by MIT's
Rochlis et al, Purdue's Spafford, and Utah's Seeley, executive summary of
Cornell Report, Morris indictment and trial summary by Montz, original worm
paper by Shoch and Hupp.
PART IV: VIRUSES
Virus overview by Denning, BRAIN and other virus operation by Highland,
virus primer by Spafford et al, viral protection in MS/DOS by Brothers, and
a perspective on viruses by Cohen.
PART V: COUNTERCULTURES
Computer property rights by Stallman, cyberspace literature by Paul Saffo,
a dialog on hacking and security by Dorothy Denning and Frank Drake.
PART VI: SOCIAL, LEGAL, AND ETHICAL IMPLICATIONS
A spectrum of commentaries: moral clarity and sending a signal by Denning,
global city by Morris, virus bills in congress by Crawford, GAO report
summary, legal issues by Samuelson and by Gemingani, computer emergency
response by Scherlis et al, ethics statements by various organizations, ACM
President's letters by Kocher, ACM forum letters, law and order for the PC
by Director, RISKS perspectives by Neumann, crimoids by Parker.
To order the book, run to your local bookstore or call ACM Press Order
Department. For credit card orders only call 800-342-6626 or in
Maryland and outside the continental US call 301-528-4261 and for mail
orders ACM Order Department, P. O. Box 64145, Baltimore, MD 21264. The
price for ACM members is $18.50 and for nonmembers $20.50. Shipping is
extra unless you send a check to the order department. BE SURE TO INCLUDE
YOUR ACM MEMBER NUMBER AND THE BOOK ORDER NUMBER (706900).
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: "Martin Huber" <martin@EE.UNI-SB.DE>
Subject: CU Resources in Germany
Date: Fri, 14 Dec 90 04:29:59 +0100
********************************************************************
*** CuD #2.18: File 4 of 5: CU Resources in Germany ***
********************************************************************
%Moderators' note: We in the U.S. tend to be rather insular and often think
of the CU world as limited to the 48 contiguous states. We are constantly
reminded by cybernauts elsewhere that we should be more aggressive in
recognizing that cyberspace is non-territorial. There are numerous articles
and newsbits out there that we don't often see because of language
barriers. We *STRONGLY ENCOURAGE* readers fluent in other languages to
either send over translations or send summaries of various news stories.
In addition to their general interest, we are finding that scholars, law
students, and others find this information quite helpful. Thanks to Martin
for sending the following over. When we spoke with him, he indicated that
there is considerable activity in Europe that we neglect here in the U.S.,
and he uses a comment in Pat Townson's Telecom Digest to segue into the
discussion%.
*******************
In article <15334@accuvax.nwu.edu> (of Telecom Digest the
moderator writes):
>
>Len Rose is beginning to prepare for his defense in Baltimore in
>February. He is looking for Unix experts/gurus who would be willing to
>provide general technical testimony about Unix. If anybody is willing
>to consider it, or can provide the names of others who might be
>willing, call Len at: (708) 527-xxxx.
>
>
>Jim Thomas
>Computer Underground Digest
>
>
>[Moderator's Note: Poor Len. He's a great subject-candidate for the
>old negro spiritual song, "Nobody Knows the Trouble I've Seen". PAT]
I'll side with PAT and Len (although i didn't notice what he did, but today
a seemingly funny hack can become a ghostly nightmare real fast). Please
understand that i do not side my criminal activities, but IMHO mostly the
wrong people get caught. The real criminals nearly get away with it.
Me, i can't give him help (other than moral one). But there are some guys
here in Germany who should be able to help with real expertise on any kinds
of hacks (phone, modem, nets, UNIX boxes, other). They are called CCC
(Chaos Computer Club). Their head has been charged with breaking into some
kind of NATO network (can't remember details, ask them how it went out). I
think they won or got a vote of confidence and a slight punishment because
of having alerted security people about the possibility of the hack. Again,
to state my opinion: They don't inquire into secrets in order to steal
something/rob some bank/whatever, but merely want to enwiden their
knowledge and try to pass information to others. (See below). Oh sh..... .
Can't find any of their documents in my bureau. Let me try to squeeze my
brain:
Organization: "Chaos Computer Club"
Contact: ??????? - they all have lots of nicknames
City: "DW-2000 Hamburg"
Country: "Germany"
Check like 1-3 year old infos on the famous NATO hack. Names should appear
there. I'll be searching back home and try to come up with more info ASAP.
Maybe a secondary contact in Hannover will help: This is a german computer
magazine called "c't". It is a full-fledged computer magazine for mostly
small computers and UNIX systems. The spectrum of articles ranges from
problems in information theory over product reviews, hard- und software
tests, source code listings in different languages to science-fiction
stories. They regularly feature editorials on hacking, law problems and
such and are at the approximate level of expertise as BYTE is in the US (in
fact, the magazines cooperate). [Of course, professional level in germany
is in general not as high as in the US (the states are much larger and thus
have more experts), but in science Germany is competitive.] In their
January 1991 issue (no kidding, it appears in the mid of December!) they
published a report on a sociological study on computer freaks which was
carried out by a german university (Univ. of Trier). In the following,
i'll give some quotations (transliterated to English):
[Note that this is done with no regard to copyright issues, i don't know
what position c't has regarding such matters, but i think it is perfectly
o.k. to translate something while crediting it to the original author. As
for publishing, you have my allowance to publish the english summary as
long as c't or the author is not affected by this move]
ARTICLE: "c't, Jan. 1990, p.44-46"
AUTHOR: "Claudia Schmidt" [Can't find her listed on the
publisher staff, seems to be an invited article, i bet she is
from the research group]
TITLE: Viele Vorurteile - Computerfreaks im Licht der Soziologie
[ premonitions abound - computer freaks seen from a sociologist's
point of view ]
The article starts:
"In a study sponsored by the Department of the Interior of the FRG
a group of scientists from the University of Trier tried to find
access to the world of computer freaks. The sociologists wanted
to gain a fundamental platform for the assessment of computer
technology und to unemotionalize the discussion on it.
Wherever computing centers are, young alert people with rugged
hair and deep-set eyes can be seen in front of computer consoles;
their arms are bent und their hands seem to be waiting for hitting
the buttons of their keyboards which they watch with the same inten-
sity a gambler watches the rooling dices. Seemingly more relaxed
they sit at desks loaded with computer listings and meditate like
scientists over cabalistic treats ....
This statement dating back to 1977 clearly demonstrates the
premonitions which usually are ascribed to computer freaks[1].
'Pseudo-empirical criticism on culture, mythos-conserving hearsay!'
it is termed by the authors of a 300-page report of the University
of Trier[2]. People are adopting fancy images [of freaks] all too
eagerly: most of the statements suffer from a pseudo-scientific
method of 'associative reasoning', the scientists claim ...
The sociologists visited the Chaos Communication Congress 1989
in Hamburg, ..., 'in order to get a lasting impression of the
productivity aspects of computer social life' and tested personal
attitudes of [computer] freaks in meetings with several [computer]
clubs. After field work, 62 interviews of 1 - 2 hours duration
complimented by 15 interviews gained from interviews on a BBS
were to be evaluated.
[A description of a typical freak's school and college time follows
(boring classrooms for under-rated geniuses), including the treat-
ment of the early attraction of a typical freak towards technology.
An interesting bynote states that women tend to exclude the computer
of their private live and they are said to 'be afraid to destroy
something'.
The next paragraph follows the growth of a juvenile freak to
a competent and professional specialist: ]
Evolution:
... [freaks], according to the scientists can be separated into
the classes of 'hackers', 'players', 'programmers', 'crackers' and
'crashers'.
Freaks want to use all capabilities of their machines. A high
degree of professionalism and competence, in general specialist's
knowledge, gives the benefits of good standing, being recognized
and admired among fellow professionals.
The research group noticed that the rapid evolution of technology
posed a problem. Social sciences always lag behind in assessment
of new technologies and hust helplessly see a new wave of technology
coming just as they finished evaluating it's predecessors.
Lots of questions:
The only solution to this problem is to tend towards dampening
critical opinions: Of course the freak is working all alone ...
in front of his computer, but - does he not communicate with
fellow freaks over [computer] nets?
A computer demands clear and concise commands, it cannot handle
ambiguous statements found in everyday's speech. Under the assumption
that a broad knowledge of speech is correlated with intellectual
capabilities, a person who has to adopt his syntactical capability
to abbreviations fitting a machine is in danger! ... the programming
paradigm could influence life style towards thinking in rational
terms only.
Lone guys:
On the other hand, there is a thesis that computerization is
not the reason but the effect of a culture adoring reasoning, and
that the computer is only fulfilling the wishes of men leaning
towards a technical zivilisation. ...
With the impact of lots of new media at home and at work, can
we see an 'impersonalization of learning', will the real world
be substituted by a made-up world, which is a secure place to flee
to? ... Or is this world of synthetic images the expression of a
desire to create new and singular scenarios, stimulating creativity
and emotionality in the freaks? Is not today's world by a much
higher degree plagued by rationalism and lack of emotions compared
to the computerist's world?
Summa summarum:
For public discussion, the scientists drew the following
conclusions: Since the computer is a well-known part of today's
work, it is useful for several different specialisations. To the
freak, it has become a natural part of his live and he spends a
substantial amount of time and money on it.
Only people with adequate knowledge can use a computer. A
broad knowledge of information science is indispensable for a
freak. His main method of learning is autodidactic. ... The
'process of auto-professionalisation' is found across all
social and professional levels.
Those activities do not tend to neglect leisure-time acti-
vities. Electronic media are very important, whereas books
are not so important (with the exception of cs books). Data
nets created a renaissance of the art of writing letters.
Computer freaks are not biased towards technology. From
their intimate knowledge of systems and their limitations,
their [the freaks] opinions are well balanced and often two-
sided. Dangers are seen mainly in big uncontrollable systems.
Contours of the information age of tomorrow are seen as changing
and not subject to forecast or planning in a deterministic way.
Methods of learning und practical work show a high degree
of personal autonomy. New forms of self-controlled and self-
confident use of communication medias are evolving hand in hand
with a culture which does not need federal regulations
(e.g. in form of laws). [because they are self-regulating, i
can't resist to make my point here]
The authors close with a proposal to the ministry of the
interior to inquire into the usefulness of computerclubs and
groups of hackers as critics of media, similar to the
function of ecologist's associations in environment.
[ The article closes with the perfectly natural observation
that the degree of weirdness and fanaticism does not vary
between philanthropists, hobby astrologicians and computer
freaks ]
[1] J. Weizenbaum, Die Macht der Computer und die Ohnmacht der Vernunft,
Frankfurt/a.M., 1977, p.160
[The power of computers and the impotence of common sense]
[2] R. Eckert et al., Im Schatten der Computer-Mythen. Zur kulturellen
Praxis und den Spezialkulturen von Hackern, Programmierern,
Crackern und Spielern. Eine ethnografische Untersuchung, Trier,
[In the twilight of computer myths. On the cultural praxis and the
specialized cultures of hackers, programmers, crackers and players.
An ethnografical study]
In the following some more citations from "c't", quoted from the
indices:
- c't,October 1990,Rechtliche Rahmenbedingungen fuer die Mailbox
[ Juristical Framework for BBS ]
- c't,February 1990,Es geht um Milliarden - Niederlage der Post in einem
Modem-Prozess
[ billions on stake - telco looses lawsuit concerning modems ]
- c't,May 1989,Hackordnung - Wann wird das Strafrecht fuer Datenreisende
zur Falle?
[ hacker's laws - when do hackers get trapped in penal law? ]
* This is written by a lawyer and treates the relationship *
* between german penal law and hacker's activities. - excellent. *
- c't,July 1988,Latente Bedrohung - Ueber die Verletzlichkeit der
Informationsgesellschaft
[ sleeping danger - about the vulnerability of information culture ]
* This is an interview with Prof. Dr. Klaus Brunnstein, Univ. of
* Hamburg, Inst. for applied computer science. He is specialising
* in the field of computer crimes and the security of computer systems
* Maybe a candidate for expert opinion?
The publishing company is:
"Verlag Heinz Heise GmbH"
"Postfach 610407"
"DW-3000 Hannover 61"
Tel. ++49/511/54747-10 (PBX with direct)
Fax ++49/511/54747-33 (call extensions)
The editor is:
"Christian Persson" extension -10
The vice editors are:
"Andreas Burgwitz" extension -12
"Detlef Grell", MSEE extension -13
They are reachable on "CosmoNet":
T. ++49/511/555398 300 Baud [ In fact, i think it is *their* BBS
T. ++49/511/555392 300 Baud ask PAT or other netlanders for
T. ++49/511/555686 1200 Baud more info. CosmoNet is well used in
T. ++49/511/555630 1200 Baud Germany, maybe even Europe ]
T. ++49/511/555302 2400 Baud
Datex-P NUA: 45511090835 [ This is the german packet switching
network. I have no idea of how to
access it from overseas, but a friend of mine working in CA, USA
should know it. If you need an european mail feed for this, i have
access (in principle) to internet, bitnet, uucp and thus should be
able to reach every german host. However, the transition from
%internet,bitnet,uucp% to e.g. CosmoNet is newland for me. ]
I'll stop here. I have all of the cited articles in my bookshelf.
I have a FAX and a copier around. So if Len wants to have some, he
should phone / FAX / mail me. Of course, translations are better to
be done by somebody which is a native english speaker. I can help
with nasty german sentences, no problem (with lightspeed communication?
- never!). Anyway, i'll help what i can, sticking to the old prin-
ciple: in dubio pro reo.
--
/---------------------------------
Martin / Martin Huber %
%----------------------------/ Univ. of Saarland %
%email: mahu@ee.uni-sb.de Dept. of Electr. Eng. %
%Tel: ++49/681/302-3574 D-66 Saarbruecken 11 %
%FAX: ++49/681/302-2678 Germany %
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
------------------------------
From: Dark Adept (Ripco-312-528-5020)
Subject: Trade Secrets; When are they Bad?
Date: Sat, 1 Dec 90 1:38:06 CST
********************************************************************
*** CuD #2.18: File 5 of 5: Trade Secrets: When are they Bad? ***
********************************************************************
Trade Secrets: When are they bad?
by
The Dark Adept
A trade secret is a method or procedure or information used by a company to
obtain profit. The law protects trade secrets through copyrighting and
patenting and various other laws. The main reason a company protects this
type of information is to stop competitors from producing the same product
thereby taking away from its profits. The main reason the government
protects the rights of the company to protect this information is to
promote innovation and progress (at least according to the U.S.
Constitution). But, there are times when copyrighting and patenting reduce
profits and restrict progress and innovation.
The User Interface
==================
One of the most important aspects of a computer program is the user
interface (the way in which the user is allowed to interact with the
computer). Ideally, a program should be able to perform complex tasks and
remain user-friendly. However, the user interface does not affect the way
in which the program completes its task. Two different programs with the
same user interface can perform the same task in two different ways. One
might be better or faster at the task than the other. Conversely, two
programs that perform different tasks may have the same user interface.
The point is that the user interface is generic. It can be applied to many
different programs without changing the value of the program. It merely
enhances or detracts from the program.
In the same way, the user interface of any product does not change the
integral operation of the product. Take the automobile, for example.
In all automobiles the user interface is the same. There is a wheel you
turn for direction. There are pedals on the floor to control speed, etc.
The quality of the automobiles are not judged for value by the user
interface, but by how the automobile responds to input from the user.
How fast it goes, how durable it is, etc., these are the qualities by how
an automobile is selected for purchase, and not by the fact that it has
a steering wheel. One may take this analogy further by comparing automatic
transmissions against stick-shifts. Neither changes the performance of the
car in a radical way. A purchaser selects automatic or manual as a matter
of either aesthetic preference or familiarity. If the buyer prefers stick
over automatic, but the car with the stick is way behind the automatic
in terms of performance, he would generally choose the automatic since he
is buying the car to perform a task. The way the car performs the task
is more important than how he tells the car to perform the task as long as
both are equally intelligible to the car.
Can you see the point I am trying to make? A program can work either through
a command line interface, a key-stroke interface, or a GUI (Graphic User
Interface). None of these change the performance of the program to any
great extent. They merely change the aesthetics and the ease of use. The
interface should not be allowed to be protected under law. To do so would
interfere with innovation and progress without conclusively affecting the
profits of a company. If company A holds the rights to the best interface,
but their program is worthless, then company B will still make more profit.
If it is truly the best interface possible, then progress would be slowed
since people would have to learn many different types of interfaces to go
from one program to another. Clearly, it would be in the interest of all
concerned to leave the interface open for public usage and only protect
the code behind the interface.
Algorithms
==========
To protect an algorithm is to, in effect, copyright a mathematical equation.
Since all algorithms reduce down to a mathematical model, that model would
not be able to be implemented except by whoever holds the rights. This
would greatly reduce the productivity of mathematicians. Imagine if
someone patented Integral Calculus. Don't laugh. IC is an algorithm
like any other. It is a solution to a problem. Or what if someone
patented the internal combustion engine? Most of us would be walking.
But like the engine, it is not the algorithm of the engine that is important,
but how it is implemented. All engines work on the same basic principle, but
they do so differently. This is why one engine works better than the other.
This is why a buyer would choose one engine over another.
Source Code
===========
While source code should generally be protected, there are times when it
may be more profitable to a company to release either the source code or
important information pertaining to it. A prime example is IBM and Apple.
Apple chose to keep their operating system under close wraps. IBM, in their
usual wisdom, chose to let some of it fly. This caused the market to be
flooded with "clone" PC's. Given a choice, most people bought PC's or
PC-compatibles. This generated more third-party support and even higher
sales. What is the best selling computer today? You got it. Who
practically sets the standard for every computer that comes out today? Good
guess. While some may say that IBM could have made more money if they
had not released the information, I grant you that. But, IBM has something
that Apple does not: insured existance. There is no way that IBM could
be jettisoned from the marketplace. IBM has insured that they will exist
long after Apple closes its doors. All they have to do is keep putting
out downward compatible products and people will continue to buy PC's.
The Hacker Ethic Vs. The Business Ethic
=======================================
Hackers (including programmers) view computer programs different than
businessmen do. Bits and pieces of programs are meant to be shared in order
to further innovation and increase productivity. Programmers have always
shared algorithms, traded libraries, and swapped subroutines. They do this
so that they do not have to "reinvent the wheel" every time they write a
program. If something is very basic and can be used over and over in
many programs, then programmers share it with others.
Businessmen, on the other hand, are not motivated by sharing but by making
a dollar. There is nothing wrong with this at all. The problem is that
sometimes making a dollar in the short run can be detrimental to the overall
market in the long run. Being misers with algorithms will force everyone
to spend a lot of time and MONEY to develop new products. If something
is so basic and so useful, then it should be allowed the freedom to be
developed to its fullest. Only then will the real bucks come rolling in.
The solution to this paradox is that hackers have to learn that companies
need money to keep going, and businessmen have to learn that computers
cannot be treated like most products. A compromise needs to be reached so
that both profits and innovation are protected without destroying each. Not
everything should be given away, and not everything should be kept secret.
Both should collaborate on deciding what to release and what to keep.
Lately, it has been more of a business decision than a programmer's, and
the imbalance is not good.
Conclusion
==========
There are more things to consider when protecting something in a computer
program than next quarter's profits. In the long run, it may be more
profitable to let the competition use some of your ideas. The more people
who are able to easily access computers, the bigger the market, and the
more profit. If only one company has a good interface and the price is
high, the market will be small. Obviously, not everything should be
allowed to be used freely, but the decision-making process should include
more than looking at the bottom line.
A fond farewell.....
====================
This is the last in my series of articles for CuD. I have tried to show
another side of the Underground than the one that is commonplace. There
is much more to the Underground than hacking and phreaking. It is composed
of many intelligent people who can make a valuable contribution to the
computer industry. They should not be thrown to the wayside as they have
been. While I am not a spokesman for anyone down here, and I am certainly
long-winded and less intelligent than many, I sincerely hope that these
articles have made an impact on someone somewhere.
I would also hope that I have inspired other members of the Underground
to show that they are more than people who break into systems. This
is your chance: start showing people what you really are, and then they
will take you seriously. You can do a better job than I did; I know you
can! Go out there and do it!!!
I would especially like to thank CuD and Jim Thomas for allowing me to
espouse my drivel in their fine digest. A finer and fairer publication
could not be found anywhere. I would also like to thank Dr. Ripco since
it was his BBS that first connected me to Underground when I was a mere
pup of 15, 6 years ago. I have yet to see a BBS that compares in quality
in all my years down here.
As for my future plans, I will be taking a sabbatical from being active in
the Underground for a while. I have many things to reflect over and much
to plan for my life. I have a few projects that may or may not include
programming, writing, and editing a tech journal that will contain
articles from members of the Underground of a technical nature. This
journal would be sent throughout the computer industry as a means of
communication.
I know these articles probably sucked, but I gave it my best shot.
In the words of the Darkest Adept the world has ever known:
Do what thou Wilt shall be the whole of the Law;
Love is the Law, Love under Will.
Thanks for the memories....
As always, I remain...
The Dark Adept
Email: Ripco BBS (312)-528-5020
********************************************************************
------------------------------
**END OF CuD #2.18**