Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Software protection debate in European Parliament in deadlock?
"If builders built houses the way programmers write programs,
the first woodpecker coming along would destroy civilization"
(Anonymous, attributed to Murphy)
Following the proposed Community Directive on Software Protection of 1988 to
which legislation in all twelve member states of the European Community should
adhere, various committees in the European Parliament have occupied themselves
with the proposed regulations. Today, June 7, 1990, is a renewed and delayed
deadline for submission of amendments to the Committee on Legal Affairs and
Citizen's Rights who hope to come to an agreement on 18 and 19 June 1990. If
agreement is reached, the final proposal will be submitted to the plenary
meeting of the European Parliament in Strasbourg, France, to be voted upon
during July 1990. However, there appears to be considerable disagreement on
the proposed copyright exemptions under Article 5.
In the final report by the parliamentory Committee on Financial and Monetary
Affairs and Industrial Policy (Draftsman: Mr K. Pinxten M.E.P., 22 March 1990,
PE 134.05/fin.) to the Committee on Legal Affairs, the following copyright
exemptions were proposed:
Article 5(1). Where a computer program has been made available to the
public IN A LEGAL MANNER, the acts enumerated in Article 4(a) and (b)
shall not require the authorization of the rightholder, in so far as they
are necessary for the use OR SCIENTIFIC ANALYSIS OR TESTING of the program.
Article 5(2). Where a computer program has been made available to the
public IN A LEGAL MANNER, THE RIGHTHOLDER MAY NOT PREVENT THE NORMAL USE
OF THE PROGRAM BY THE PUBLIC IN PUBLIC LIBRARIES.
Article 5(3). A LICENCE AGREEMENT OR OTHER WRITTEN AGREEMENT MUST NOT
CONTAIN ANY CLAUSES WHICH CONFLICT WITH THE PROVISIONS LAID DOWN IN
PARAGRAPHS 1 AND 2.
The acts in Article 4 refer to copying, translation (assembling/compiling),
viewing and running for normal operation of a `program' in, presumably, source,
object, or executable form. Interestingly, the explanatory notes to these
amendments dwell extensively on normal use, library exemptions, and the
mandatory nature of these conditions, but not at all on the `scientific
analysis and testing' provision as proposed for Article 5(1).
Under the Berne Author's Rights (`Copyright') Convention upon which the
European Community wishes to base its Directive, personal CREATIVITY rather
than engineering / corporate EFFORT determines whether a work is protected. It
is in this respect that software quality and safety are at stake. Any creative
activity is bound to be error prone (and especially so under competition-based
time constraints), and it has only been since recently that this is being
recognized by legislative and regulating bodies. In a recent U.S. report BUGS
IN THE PROGRAM (*), a serious lack of testing norms for safety-critical
software is apparent (e.g., aircraft control, medical equip ment),
"At the present level of understanding in software engineering, Federal
agencies cannot be assured the software they oversee and use is correct;
they CAN determine whether the software developer understands good
practices that are necessary to produce quality software. Further,
review and analysis and test results are useful, though this offers
no safety guarantee."
If legislative and regulating bodies in a major software producing country
like the U.S.A. recognize their limitations to assert software quality, it
would seem that new regulations should provide room for such validation and
testing by others. One such a regulation might be the proposed amendment on
analysis and testing, insofar it cannot be excluded by contract, AND insofar
it extends to third parties like consumer societies and other investigating
entities, including the right to publish the findings from such (scientific)
endeavor.
(*) Bugs in the program — Problems in Federal Government Computer Software
Development and Regulation. Subcommittee on Investigations and Oversight
to the Committee on Science, Space and Technology, U.S. House of Represen-
tatives, August 3, 1989 (submitted by James H. Paul, Staff Member and
Gregory C. Simon, Staff Director and Councel). See also Michael Rogers &
David L. Gonzalez, Can We Trust Our Software? Newsweek, 29 January 1990,
pp. 42-44.
[Note: the library exemption does not seem to encompass the custom in many
university computer centers that software can be borrowed by staff
and students for exclusive use on local PC's]
Herman J. Woltring, CAMARC partner (NL)
Brussellaan 29, NL-5628 TB Eindhoven
The Netherlands, tel & fax +31.40.413744
CAMARC ("Computer Aided Movement Analysis in a Rehabilitation Context") is a
project under the Advanced Informatics in Medicine action of the Commission
of the European Communities (AIM/DG XIII-F/CEC), with academic, public-health,
industrial, and independent partners from Italy, France, U.K. and The Nether-
lands. Its scope is pre-competitive.
[From the _Wall Street Journal_; June 1, 1990, p. B1.] COMPUTER AIDS MAY HURT IN DECISION MAKING Computer programs designed to assist managers in making decisions don't always help, and sometimes can hamper performance, a team of researchers finds. Jeffrey E Kottemann, assistant professor of computer information systems at the University of Michigan, simulated a manufacturing-production process in a growth industry. He had M.B.A. students decide on output and staffing, given uncertain demand, over 24 mock quarters. One group used a spreadsheet-oriented computer aid that helped members evaluate alternatives. The other group was on its own, relying on intuition and experience. Contrary to Mr. Kottemann's expectations, the computer-assisted people significantly underperformed unaided, in the initial experiment as well as two follow-ups. With the computer aids, he says, people appear to have sought short-term results by understaffing and underproducing. But those decisions, over time, meant lost sales and extra costs. Oddly, the computer-aided group didn't recognize that using the programs led to poor decisions. "They were significantly more confident in their performance than the unaided group," Mr. Kottermann says. He and two colleagues, Fred D. Davis Jr. and William Remus, plan further work to help explain when and how computer aids affect actual and perceived performance. Brad Dolan Science Applications International Corp.
Mark Anacker (marka@dsinet.UUCP) writes about "Another egregious database".
The database that Mark reported on is not merely "egregious", but is
excessively intrusive and constitutes a massive invasion of privacy as well.
The inventors of this scheme posit that closely kept records would motivate
disadvantaged students to attend classes more regularly and strive harder to
perform. There seems to be no basis for these claims. A more effective
argument could be made such that such record keeping would discourage students
-- any minor slip would be recorded and permanently held against them. The
system would appear to be designed to hold them back, thus further alienating
them from the school and society as a whole.
The data collected in this system could be used as a basis to disqualify or
downgrade students for jobs and college acceptance based on their
well-documented poor attendance, lack of motivation, and poor performance.
Standardized tests provide some objective measure of skills and capabilities of
students. This new system seems to provide a mechanism for rejecting students
on more subjective grounds.
>If the system is successful, says Elford, it would provide an incentive for
>apathetic students to do well.
This logic is backwards. The success of a tracking/incentive system should
be judged on how well it motivates students and effects their learning. A
perfectly implemented system that negatively effects the students cannot be
considered a success.
>Is it just me, or does anyone else have a problem with this?
It's not just you. This proposal is offensive, and the article is amazingly
blind to its problems. Hopefully the communities involved will do better. If
not, perhaps they'll give it an appropriate name and slogan: Long Live Big
Brother!
Steve Philipson
In RISKS-10.05, from the June 3rd 1990 Seattle Times, courtesy of Mark Anacker: > Imagine if an employer could find out how many times a prospective employee > had been late for school, or if a business could tap into a pool of high > school graduates and find the model employee. (Article about "Worklink, the program designed to connect education and business") Who *wants* to employ these paragons? An article in New Society many years ago carried an article about how research grants were awarded. The discussions of an imaginary committee were reported, considering the following two cases: Student A had hypochondriac tendencies, and a noted aversion to serious work. A completely undistinguished undergraduate career at Cambridge had been spent mainly indulging in drink and sport, apart from his hobby of collecting insects. He now wanted to go on a round-the-world cruise on some research ship with no well-defined research objectives whatsoever in mind. Student B was rather withdrawn and given to boughts of introspection on obscure and irrelevant topics understood only by himself. His medical records reveal that he did not speak until the age of four. His habits were eccentric: he sometimes wore no socks, and had been caught wearing his landlady's tablecloth as a scarf. This general neurotic impression was confirmed by the fact that examinations reduced him to a state of nervous collapse for several months before and after. Since graduation, he had been employed as a clerk in a patents office. Needless to say, the committee did consider either student worthy of an grant. Unfortunately, the first was Charles Darwin, and the second was Albert Einstein. Still, we can't all be eccentric geniuses. If you want a reliable guy to serve on a burger stand, try Worklink! :-) Pete Mellor
Yes, I too had a problem with this, until I ran across
the following paragraph...
>Under the voluntary program, everything from prose reading and document
^^^^^^^^^^^^^^^^^
>reading to punctuality would be assessed and, subject to student approval,
^^^^^^^^^^^^^^^^^^^^^^^^^^^
>entered into the student's record.
Since the program is voluntary, and the information in it is "subject to
student approval", I have fewer problems with the database itself. Yes,
unscrupulous school administrations could indeed enter data that the student
had not aproved, but discovering this should be as easy as getting a copy of
your school transcript is now. (It's VERY easy for me.)
However, all it has done is moved the 'disadvantage' from the "post-school"
period (i.e. writing impressive resumes), to the "in-school" period (i.e.
getting sufficient counseling to have 'impressive' data in your records). At
my high school, this would have been something of a lost cause. There were
only two counselors for the entire school. Fortunately, I was well motivated
and already knew what I wanted, so I didn't need much counseling.
Youth has such an ability to disregard unpleasant consequences....
Edwin Wiles, NetExpress, Inc., 1953 Gallows Rd. Suite 300, Vienna, VA 22182
David desJardins writes:
> If you walk up to my door and knock, I can find out who you are (by taking a
> photograph through my peephole). So logically police informants don't expect
> to be able to walk up to doors anonymously. Neither should they expect to be
> able to enter homes via telephone anonymously.
Let us be clear about who Caller ID benefits and who it does not benefit.
As far as residential phone users are concerned, Caller ID is not much
better than receiving anonymous calls. That is, having the number of
the calling phone is *not* sufficient information to decide how to
handle the call, since the vast majority of calls will be from
unrecognized numbers, which could just as easily be from a spouse
stranded with a broken-down car as from a stranger. A real name — a
simple ascii string — typed by the caller at call time or sent from a
card that the caller placed in the calling phone, would be be far more
useful to the callee for call screening purposes.
For businesses on the other hand, Caller ID is *much* better than
receiving anonymous calls. That is because businesses want the number
for a *different* reason than residential customers do: they aren't
trying to screen calls; they are trying to collect marketing
information. Thus, they need an ID that can serve as a link back to
the caller. Phone numbers — via reverse directories that are readilly
accessible — serve this purpose. For businesses, a simple string like
"John" or even "Mergatroyd D. Fitzsimmons" wouldn't be useful because
it can't serve as a unique link back to the caller.
My preference would be to hold out for a solution that provides real benefits
for residential users, and that does *not* provide benefits for businesses.
JJ
In a recent RISKS, Jim Harkins (correctly) writes that we consider books con-
taining all sorts of details about how to commit crimes to be legal. He then
says:
I [haven't] done anything wrong by offering a suggestion on improving
your monthly income [by holding up gas stations] :-) Of course, if I
suspect that you did use my suggestion then by not finking on you I am
breaking the law.
This last sentence is FALSE. You have, in general, no positive duty to report
your knowledge of a crime, much less your suspicions. There are some special
cases, mainly having to do with "officers of the court" or police; if you fall
into one of these special categories, you should know. In fact, under some
conditions your reports, if false, MIGHT be actionable as libel or slander.
(There's a fine balance of interests here - society's interest in seeing
crimes punished and, if possible prevented; and individuals' interest in
seeing their privacy and "good name" protected. As an analogy - one where the
"damage" is considered more severe - anyone has the right to make a "citizen's
arrest" of the committer of a felony. But beware: If you exercise this
right, you MUST be right in your claims! If the person you "arrest" did not
in fact commit the felony you "arrested" him for, he can successfully sue you
(probably for battery). That you BELIEVED he had committed a felony, even had
very good reason for such a belief, is insufficient. This is one place where
police officers have much, much broader lattitude than the average person.)
On the other side, one thing you have to watch out for in this context is
conspiracy laws. These were great favorites for going after people unpopular
with the authorities back during the anti-Vietnam-war protests of the '60's,
since they are so broadly drafted. As I recall, if 2 (3?) or more people
discuss an illegal act, and at least one of them then goes out and performs
any concrete action in furtherance of that act, all can be found guilty of
conspiracy, a crime for which the penalty can be more severe than that for the
underlying act. (In fact, I believe conspiracy to commit a misdemeanor can be
a felony!) The example a lawyer friend of mine came up with was: He says to
two of us "Why don't we get together and monopolize sales of used cars in this
state." One of us later goes to a used-car dealership and looks around. The-
oretically, all three of us are guilty of conspiracy. Fortunately, conspiracy
laws are used mainly as "add-ons" to provide bargaining chips for plea bargin-
ing in cases where crimes really have occurred. If they were abused, they
might very well be tossed out as unconstitutional - though given the tenor of
the times and today's court system, even that is hard to be sure of.
And you thought programming hard real-time systems was hairy!
Disclaimer: I'm not a lawyer, though I sometimes talk a bit like one. :-)
The above is what I've gleaned from many discussions with lawyers over the
years. (My wife's a lawyer. Many of her friends are lawyers. Many of MY
friends are lawyers. A consulting contract I had not long ago was reviewed
by no less than 5 lawyers on my side; had they all been charging me at their
full rates, I would likely have gotten nothing out of the contract. Arrgh....)
It is based on American law, and probably applies in more or less the same way
under any system based on the Common Law - but who can tell.
— Jerry
In RISKS 10.04 Henry Spencer (henry@zoo.toronto.edu) reports on
an article in the April 30 issue of Aviation Week. In commenting on
the article, Henry writes:
>(for example, NASA Ames, a major center of work on such things,
>has no simulator representative of modern cockpits).
This is not quite what appeared in the article. Hart A. Langer
(United Airlines VP flight operations) was reported to have said that
"the center has no research simulator based on the glass cockpits that
are in use today". [The quote is of Aviation Week paraphrasing Langer].
This is in fact true, however the Center does have a simulator on which
the glass cockpits of today are based. This is the Advanced Concepts
Flight Simulator (ACFS) at the Man-Vehicle Systems Research Facility
(MVSRF) at NASA Ames.
This simulator had its origins about 10 years ago. It's display
technology had definitely fallen behind the times, but was upgraded
about a year ago with current technology computer graphics workstations
which drive its displays. The displays are "representative of modern
cockpits". My knowledge of this is first hand — I designed and
implemented the displays and software that drive the primary flight
displays in the ACFS. They were intended to model prototype displays
that Boeing was working on for the 747-400. NASA has now upgraded all
of the displays and is actively performing human factors research on
electronic flight instrumentation systems.
The general point of the article is correct however — the technology
is moving very fast, and it is difficult for the research institutions
to keep up, let alone forge ahead. Thus new technologies are being
fielded before their impact can be adequately assessed.
Steve Philipson
Back in March (shortly before the "Poll Tax" was introduced in England) I was having a little trouble persuading my local district council that I am a student, and as such need only pay 20 percent of the charge. During one of my many telephone calls to their offices, I was informed that their computer system (with all the data storage) was being upgraded, and I would therefore have to wait a long time while they tried to find my "real" file. I was given the distinct impression that it would be better if I rang back once the upgrade was finished, in a few weeks! Since this was only 4 weeks from the introduction of the Tax and I had no desire to pay 400 percent too much, I was quite prepared to wait and did so. My student status was eventually sorted out. I don't believe for a second that my district council was trying anything clever, or that the situation was in any way other than as stated. However, it now seems to me that this would be an effective stalling measure for someone who wished to deny clients access to their records — imagine a company in financial trouble stalling enquiries about outstanding orders with tales of an unavailable computer system (and hence unavailable records), while they quietly fled the country with the bank balance. This is something new (to me), and while it is not all *that* chilling in its implications, it's a thought. Simon Turner, Robotics Research Group, University of Oxford, Dept. of Engineering Science, 19 Parks Road, Oxford OX1 3PJ, UK
Please report problems with the web pages to the maintainer