Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The Washington Post printed a full page of old stock prices one day last week in their business section. According to their explanation, the data is normally stored in a file named "ap stox 2". In preparing the erroneous page, a user saw "ap stox2" (i.e. no space) "elsewhere in the machine" and used it instead. The article also says that "Steps have been taken to prevent a recurrence". I wonder what kind of steps? Educating users? Probably the most useful thing to do would be to have the date in the filename, so an old file could not be mistaken for current data. Bill Fenner fenner@cmf.nrl.navy.mil
The Associated Press newswire for 94.12.26 @ 02:43 EST (via CompuServe's Executive News Service) reports a case of failed identification and authentication: Sting Backfires. MIAMI (AP) — FBI agents thought they were setting a trap by buying copies of 35 Medicare cards and selling them to a suspected fraud operation. But now the cards are being used to buy expensive leg braces and other medical equipment — and the FBI can't track them. "The FBI lost control of the cards. Now they have a monster on their hands," a government investigator familiar with the case told The Miami Herald for a story in Sunday's issues. According to the story, Medicare spokesperson "Faye Baggiano, associate administrator of the Health Care Financing Administration in Washington," admits that they have used the social insurance number as the Medicare identifier; therefore "Medicare says it can't cancel the copied cards, which have been circulating for 16 months, because that would wipe out legitimate federal benefits to the people whose names are on those cards." Normally, Medicare "provides phony numbers that can be canceled; it is unclear why the FBI used real numbers. An analysis of just 10 of the 35 stolen cards shows "a total of $163,745 for services that the real card holders say they never got or tried to get." <<Comments by MK: yet another case where inadequate identification and authentication leads to problems--not to speak of the design error of using production data for test purposes!<> M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn.
The attached is from the headline story Tuesday 27 December of the Courier-Mail newspaper (ph: +61 7 2526011, fax: +61 7 2526696) in the state of Queensland, Australia. I thought it may be of interest to readers of "Risks" as it covers a number of themes discussed before: $25m power bungle - Report slams hi-tech move Exclusive by Ed Southorn A $25 million project to turn one of the state's power stations into an automated plant created an unsafe workplace requiring twice the number of engineers to run, a confidential report reveals. The new automatic control systems also caused more than $1.5 million damage to machinery at the Swanbank station near Ipswich. ...The audit found the Swanbank automatic control system had failed to protect the plant from damage. The system had been unable to prevent a "trip" (temporary shutdown) cutting oil flow to a turbine. This had resulted in a bent shaft leaving the turbine with reduced generating capacity. ...The automatic alarm system which tells operators how the plant is functioning was not properly operating almost two years after it was installed. ...The report found lack of adequate testing before commissioning and "waving of proper commissioning and acceptance testing procedures" and "a single-minded drive to meet target dates." [Posted by Tom Worthington, Director of the Community Affairs Board, Australian Computer Soc. Inc. tomw@adfa.oz.au http://www.peg.apc.org/~tomw
Police in Israel have started an investigation last week to determine how the entire population registry of the country has ended up being offered for sale by a private company, on a CD ROM disk for $1200. Political parties are entitled to get the voters registry (which includes people's names, addresses, birth dates and ID number) from the Ministry of the Interior. The latest elections in 1992 were the first time this information was disseminated on a CD ROM and not just printouts; these disks should have been returned to the Ministry after the elections, and were coded and numbered, but it's not clear from newspaper reports here how this coding was done, and how this was supposed to prevent the parties or their employees from keeping their own copies. In addition to the registry (which is actually public information, though not freely available) the government-owned phone company sells a disk containing all phone books, and the government's companies registry is also available (I'm not sure if it is sold legally). All this information enabled a TV reporter to demonstrate getting the list of all companies privately directed by the minister of Finance (including the names of all other directors), or the private address and phone number of the chief of the Mossad and all of his neighbors (which were shown on screen, though with illegible resolution). Israel is a small country, but it's only a matter of time and computing power before this kind of personal information processing is available everywhere. Amos Shapir, The Hebrew Univ. of Jerusalem, Dept. of Comp. Science, Givat-Ram, Jerusalem 91904, Israel +972 2 585706,586950 amos@cs.huji.ac.il
Perhaps it didn't happen on Mary Payne's watch; but I do recall there was a problem with floating point in early VAX-11/780 machines. Believe it required a microcode change, and a board swap for machines equipped with a floating point accelerator. Then there was the early production G.E. 635 floating point problem which resulted from truncating, rather than rounding, a 2's complement number, giving a negative bias to the results. Supposedly (urban legend alert!) this was recognized as important when a tape calculated on one of the machines was used to operate a numerically-controlled cutting torch. The torch was supposed to cut a circular plate out of a thick piece of steel. The actual cut had a jog in it, resembling (coincidentally, I'm sure) the "Intel Inside" logo. Then there was the floating point problem early in the life of the IBM 360 series. As I recall this was not so much an error as a surprisingly sudden loss of significance resulting from the base-16 fractions, such that a shift for exponent alignment shifted four bits at a time. And I recall some allegation about an early CDC machine (1604? 3600?) in which fixed point -1 x -1 = -1.
> Is this just a ploy to line their pockets from their captive market? No. Take another look at the figures you quoted. It costs *more* to support pulse dialing. They can't go 100% touchtone until all their subscribers quit using old gear. So they have to keep the "pulse counters" around (and maintained) until then. Therefore, if you want pulse dialing, they are going to charge you $2 extra each month. This is the most *sensible* thing I've seen a phone co. do in a long time. It encourages folks to quit using pulse/rotary phones. And it gives them hard figures on how many folks still can't use touchtone.
A local newspaper in Minneapolis recently ran a short article about the year 2000 problems, and pointed out that in 1995 any five-year planning programs are at risk. Scot E. Wilcoxon sewilco@fieldday.mn.org +1 612 936 0118
[With regard to Brian's "Computing Science" column in the Jan-Feb 1994 issue of _American Scientist_ (Vol. 83, No. 1, pp. 12-15), <P.O. Box 13975, Research Triangle Park, NC, 27709, 800-282-0444>, which PGN noted in RISKS-16.67, Brian has made the following offer:] For net denizens who don't read ink on paper, I can supply a plain-ASCII version of the article's text by E-mail. Send me a request at bhayes@mercury.interpath.net. [The column is based largely on material that has appeared in the RISKS Forum over the years. (Thanks, folks!) BH]
In an article by Andrew Lawler in _Science_ magazine (94.11.25; 266:1315) entitled "Court says no to copying articles," we read of a recent case which may affect anyone who collects news, newspaper, magazine and journal articles: Thinking of photocopying an article from your favorite journal? Think again. Last month [in October 94] a three-member federal appeals court in New York ruled that a Texaco Corp. scientist violated copyright laws by making one copy each of eight articles in a scientific journal and placing them in his files. The 2-1 ruling dramatizes the uncertainty over what constitutes fair use of copyrighted material, say lawyers familiar with the case, adding that the ruling should prompt companies and universities to review their policies toward copying. According to the author, the suit was launched by the American Geophysical Union (AGU) and more than 80 other plaintiffs. They accused Texaco of "copying and distributing hundreds of scientific articles to hundreds of researchers" and picked a sample case for the civil suit. The court ruled that because the scientist in the sample case (David Chickering, who copied the eight articles from the journal _Catalysis_) filed the papers away in his library rather than use them immediately, he was in violation of the fair use laws governing copyrighted materials. The dissenting judge wrote that because the defendant used the copied materials for research only, that use fell under existing fair use doctrine. "Jon Baumgarten of Proskauer. Rpse. Gpetz & Mendelsohn in Washington," one of the lawyers for the plaintiffs, said that it's not true that "all educational use is fair use." He advised academic researchers to "Consult with your university counsel before making copies." <<Comments by M.K.: This ruling has serious implications for anyone who uses online databases of bibliographic material; e.g., the Computer Database Plus owned by Information Access Company (IAC) and available on CD-ROM and online via CompuServe. The terms of use for the online service include the following text: TERMS AND CONDITIONS Computer Database Plus and its contents are copyright (c) 1988-1994 by Information Access Company (IAC) and/or its data suppliers. Copying, retransmitting, redistributing or publishing any part of this database, either in hardcopy or electronically, is prohibited. The material contained in this database is provided only to individual users. Users may electronically store downloaded material only to facilitate changing the format or presentation of the material. If the user is retrieving information on behalf of another, the user may supply only one (1) printed copy. Copyright notices must not be removed from any material retrieved from this database. Judging from the ruling described above, the IAC may very well be able to argue that its rules are _not_ superseded by fair use doctrine. Thus storing specific articles in files on one's own hard disk for later search and use may be prohibited regardless of intention or actual use. Similarly, the Executive News (ENS) Service on CompuServe, which provides news wire feeds in real time, allows users to store captured stories ("clippings") for a maximum of 14 days, after which they are discarded automatically. The introductory text for this service makes no specific restrictions on storage. In ENS, individual newswires have different copyright wording: * AP includes, "All rights reserved. The information contained in this news report may not be republished or redistributed without the prior written authority of The Associated Press." * Reuter's entries state, "Copyright Reuters America Inc. 1994. All rights reserved." * UPI articles include only, "Copyright 1994 United Press International" * Washington Post has, "Copyright 1994 The Washington Post." It may be that storing copies of these articles in one's own online archives is actionable. For those unfamiliar with fair use doctrine, I include the following commentary to stimulate further thought and discussion: -------------------- %<>== -------------------------- US COPYRIGHT OFFICE CIRCULAR ON FAIR USE (1993) One of the rights accorded to the owner of copyright is the right to reproduce or to authorize others to reproduce the work in copies or phonorecords. This right is subject to certain limitations found in sections 107 through 120 of the copyright act (title 17, U.S. Code). One of the more important limitations is the doctrine of "fair use." Although fair use was not mentioned in the previous copyright law, the doctrine has developed through a substantial number of court decisions over the years. This doctrine has been codified in section 107 of the copyright law. Section 107 contains a list of the various purposes for which the reproduction of a particular work may be considered "fair," such as criticism, comment, news reporting, teaching, scholarship, and research. Section 107 also sets out four factors to be considered in determining whether or not a particular use is fair: (1) the purpose and character of the use, including whether such use is of commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work. The distinction between "fair use" and infringement may be unclear and not easily defined. There is no specific number of words, lines, or notes that may safely be taken without permission. Acknowledging the source of the copyrighted material does not substitute for obtaining permission. The 1961 _Report of the Register of Copyrights on the General Revision of the U.S. Copyright Law_ cites examples of activities that courts have regarded as fair use: "quotation of excerpts in a review or criticism for purposes of illustration or comment; quotation of short passages in a scholarly or technical work, for illustration or clarification of the author's observations; use in a parody of some of the content of the work parodied; summary of an address or article, with brief quotations, in a news report; reproduction by a library of a portion of a work to replace part of a damaged copy; reproduction by a teacher or student of a small part of a work to illustrate a lesson; reproduction of a work in legislative or judicial proceedings or reports; incidental and fortuitous reproduction, in a newsreel or broadcast, of a work located in the scene of an event being reported." Copyright protects the particular way an author has expressed himself; it does not extend to any ideas, systems, or factual information conveyed in the work. The safest course is always to get permission from the copyright owner before using copyrighted material. The Copyright Office cannot give this permission. When it is impracticable to obtain permission, use of copyrighted material should be avoided unless the doctrine of "fair use" would clearly apply to the situation. The Copyright Office can neither determine if a certain use may be considered "fair" nor advise on possible copyright violations. If there is any doubt, it is advisable to consult an attorney. ***Last update 6/10/93 (raa)*** -------------------- %<>== -------------------------- Another useful document is the following: (DRAFT VERSION) COPYRIGHT LAW AND MULTIMEDIA DEVELOPMENT IN EDUCATION Section 106 of the Copyrights Act (P.L. 94-553) describes the exclusive rights of copyright owners. "[T]he owner of copyright...has the exclusive rights to do and to authorize any of the following: 1. To reproduce the copyrighted work in copies or phonorecords; 2. To prepare derivative works based upon the copyrighted work; 3. To distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending; 4. In the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly; and 5. In the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly." The fair use provision of the Copyrights Act is found in Section 107 which is reproduced below. "Notwithstanding the provisions of section 106, the fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include-- 1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; 2. the nature of the copyrighted work; 3. the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and 4. the effect of the use upon the potential market for or value of the copyrighted work." The legislative history which speaks to the fair use provision acknowledges: "The judicial doctrine of fair use, one of the most important and well established limitations on the exclusive right of copyright owners, would be given express statutory recognition for the first time in section 107. The claim that a defendant's acts constituted a fair use rather than an infringement has been raised as a defense in innumerable copyright actions over the years, and there is ample case law recognizing the existence of the doctrine and applying it." It should be noted that at this point, the legislative history reiterates the four points listed above from section 107. Fair use must meet all four criteria to be a protected activity. "Although the courts have considered and ruled upon the fair use doctrine over and over again, no real definition of the concept has ever emerged. Indeed, since the doctrine is an equitable rule of reason, no generally applicable definition is possible, and each case raising the question must be decided on its own facts. On the other hand, the courts have evolved a set of criteria which, though in no case definitive or determinative, provide some gauge for balancing the equities. These criteria have been stated in various ways, but essentially they can all be reduced to the four standards which have been adopted in section 107...." There are no definitive standards or guidelines governing the use of copyrighted materials in the preparation of multimedia courseware for instruction, or classroom presentations utilizing multimedia. However, while developing these products, faculty should be governed by the same criteria which are prescribed for the use of copyrighted print materials. In essence, the use of copyrighted print materials is governed by three criteria: Spontaneity: The "fair use" of copyrighted materials in an educational setting should be at the "instance and inspiration of the individual teacher...." Further, the "inspiration and decision to use the work and the moment of its use for maximum teaching effectiveness" must be so close together in time "that it would be unreasonable to expect a timely reply to a request for permission." In other words, the decision to use the material must be the instructor's and not dictated by management or administration and it must be a spontaneous decision. Brevity: With regard to print media, the guidelines are specific even to the point of specifying the maximum length of an excerpt from poetry or prose. Though these limits do not apply to non-print media, they clearly indicate that the intent is for a small portion of the original to be copied under fair use, and not a substantial portion of the work. Cumulative Effect: "...copying of...material is for only one course in the school in which the copies are made." The guidelines for copying of print media, states "[n]ot more than one short poem, article, story, essay or two excepts from the same author, nor more than three from the same collective work or periodical volume during one class term" is permitted. Even though the media may be different, faculty can best avoid copyright infringement by following the spirit of these guidelines when dealing with other forms of media in a multimedia presentation. For instance, using 8 minutes from a 10 minute video tape (in a multimedia presentation) would appear to violate the fair use guidelines by diminishing the "potential market" and value of the copyrighted work. Instructors should be aware that when relying on the fair use provision, the use of copyrighted materials must meet all three tests (spontaneity, brevity, and cumulative effect). Instructors are encouraged to procure copyright releases for materials which they anticipate using for longer than one term. Finally, the guidelines (developed by the Ad Hoc Committee on Copyright Revision, the Author-Publisher Group, and the Association of American Publishers) also indicate that 1. "Copying shall not be used to create or to replace or substitute for anthologies, compilations, or collective works..." 2. Copying is not allowed from consumable works such as "workbooks, exercises, standardized tests and test booklets and answer sheets...." 3. "Copying shall not substitute for the purchase of books, publisher's reprints or periodicals...(and shall not) be repeated with respect to the same item by the same teacher from term to term." It should be noted that clip art, clip video, and clip audio are marketed and available for use in developing multimedia materials. These forms of "clip media" are licensed to the purchaser (individual, school, or faculty member) for use in multimedia presentations. In many cases, clip media can be used to substitute in a presentation for copyrighted materials that might violate the fair use provision. Assembled by the Academic Computing Technologies Group, Johnson County Community College, Overland Park, KS 66210. -------------------- %<>== -------------------------- Given the nature of the RISKS FORUM and NCSA FORUM membership, I think these issues warrant further clarification. I invite legal counsel with expertise in the field to comment.<> Mich M.E.Kabay,Ph.D./DirEd/Natl Computer Security Assn
Please report problems with the web pages to the maintainer