Computer underground Digest Sun Apr 5, 1992 Volume 4 : Issue .16 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Associate Editor: Etaion Shrdlu Arcmeisters: Brendan Kehoe and Bob Kusumoto CONTENTS, #4.16 (Apr 5, 1992) File 1--Article on Software Patents File 2--Why form is as important as content File 3--The FBI Needs Industry's Help--OpEd in NYT File 4--ACLU's Janlori Goldman's Reply to FBI Proposal (Risks Reprint) Issues of CuD can be found in the Usenet alt.society.cu-digest news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail with the subject "help" (without the quotes) to archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 28 Mar 92 17:35:31 CST From: Net Wrider Subject: File 1--Article on Software Patents The following is available by anonymous FTP from prep.ai.mit.edu in the pub/lpf directory. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ This article by Brian Kahin appears in the April 1990 issue of Technology Review (Building W59, MIT, Cambridge MA 02139, (617)253-8250). It may be copied for noncommercial purposes provided that it is copied, along with this statement and the bio at the end of the article, without any modification whatsoever. (Copyright (C) 1990 by Brian Kahin) The Software Patent Crisis An explosion of patents on software processes may radically change the programming industry--and our concept of human expression in the computer age. Last August, Refac International, Ltd., sued six major spreadsheet publishers, including Lotus, Microsoft, and Ashton-Tate, claiming they had infringed on U.S. Patent No. 4,398,249. The patent deals with a technique called "natural order recalc," a common feature of spreadsheet programs that allows a change in one calculation to reverberate throughout a document. Refac itself does not have a spreadsheet program and is not even in the software industry. Its business is acquiring, licensing, and litigating patents. Within the last few years, software developers have been surprised to learn that hundreds, even thousands, of patents have been awarded for programming processes ranging from sequences of machine instructions to features of the user interface. Many of the patents cover processes that seem conventional or obvious, and developers now fear that any of the thousands of individual processes in their programs may be subject to patent-infringement claims. The Refac suit demonstrates the vulnerability of the industry to such claims. Patent no. 4,398,249 was applied for in 1970, granted in 1983, and only recently acquired by Refac. In the meantime, software developers have been busily creating spreadsheets and other new products unmindful of patents. The industry accepted copyright and trade secret as adequate protection for its products, and most programmers assumed that patents were not generally available for software. Never before has an industry in which copyright was widely established suddenly been subjected to patenting. As it is, only a few companies that create microcomputer software have the resources to try to defend against patent infringement claims. Most small firms will be forced to pay license fees rather than contest the claims, even though many software patents may not stand up in court. In the long run, the costs of doing business in a patent environment will radically restructure the industry. Many small companies will fold under the costs of licensing, avoiding patent infringement, and pursuing patents defensively. The individual software entrepreneur and inventor may all but disappear. There will be fewer publishers and fewer products, and the price of software will rise to reflect the costs. Especially disturbing is that the broad claims of many recent software patents appear to establish monopolies on the automation of such common functions as generating footnotes and comparing documents. Some claims even cover processes for presenting and communicating information, raising troubling questions about the effect of patents on the future of computer-mediated expression. Patent vs. Copyright Software patents, like all patents, give an inventor the right to exclude all others from making, selling, or using an invention for 17 years. In return, the patentee discloses his or her "best method" of implementing the invention, thereby relinquishing trade secrets that might otherwise be enforced forever (like the formula for Coca-Cola). To obtain a patent, an applicant must convince Patent Office examiners that the invention would not be obvious to a "person of ordinary skill in the art" who is familiar with all the "prior art," which includes previous patents and publications. In contrast, copyright inheres in books, poems, music, and other works of authorship, including computer programs, from the moment they are created. Registering one's work with the Copyright Office is a simple, inexpensive procedure that has important benefits (it is a precondition for filing suit, for example), but the copyright itself is automatic when the work is fixed on paper or on disk. Copyright and patent protect different things. Copyright protects expression but not underlying ideas. Patents protect useful processes, machines, and compositions of matter. Traditionally "processes" have included methods of physically transforming materials but not business methods or mental steps. Thus, computer programs fall somewhere between the traditional territories of copyright and patent. >From the 1960s to the early 1980s, the Patent Office and the courts grappled with the question of whether algorithms--the elemental processes on which computer programs are built--are patentable as either processes or machines. Early on, the Patent Office granted some patents for processes built into computer hardware that today would be contained in software, but it was reluctant to grant patents for programs per se. As the 1966 Report of the President's Commission on the Patent System pointed out, the Patent Office had no system for classifying programs. The report also noted that even if this were remedied, the volume of programs being created was so enormous that reliable searches of "prior art" would not be feasible or economical. However, the Court of Customs and Patent Appeals (CCPA) maintained that computer programs were patentable and overturned numerous Patent Office decisions denying patentability. The Supreme Court vindicated the Patent Office in two decisions, Gottschalk v. Benson (1972) and Parker v. Flook (1978), holding that mathematical algorithms were not patentable subject matter. Still, the CCPA continued to uphold patentability in other cases. Finally, in Diamond v. Diehr (1981), a sharply divided Supreme Court upheld the patentability of a process for curing rubber that included a computer program. The majority concluded that programs that did not preempt all uses of a computer algorithm could be patented--at least when used in a traditional process for physically transforming materials. That case has been the Supreme Court's last word on the subject. But despite the narrowness of the ruling, the Patent Office underwent a radical change of heart. Until very recently, there were no reported appeals of adverse Patent Office decisions, leading observers to conclude that the office was eventually granting almost all applications for software patents. Although articles began appearing in legal periodicals a few years ago noting that patents were being routinely granted for many software processes, not until 1988 did the industry realize that the rules were changing, or had already changed, in the middle of the game. By the spring of 1989, the patents that entered the pipeline after Diamond v. Diehr were starting to flow out in significant numbers--by one count, nearly 200 in the first four months of that year. Processing Problems Unfortunately, the Patent Office classification system remains unchanged, and the volume of software being created has grown exponentially. This makes searching for prior art--processes already in public use--time-consuming and expensive. The search is extraordinarily difficult because the field's printed literature is thin and unorganized. Software documents its own design, in contrast to physical processes, which require written documentation. Also, software is usually distributed without source code under licenses that forbid reverse engineering. This may amount to suppressing or concealing the invention and therefore prevent the program from qualifying as prior art. The search for prior art may require securing oral testimony from people who developed software at universities many years ago, an expensive proposition. Many programmers suspect that patent examiners lack knowledge of the field, especially since the Patent Office does not accept computer science as a qualifying degree for patent practice (it accepts degrees in electrical engineering). Moreover, attracting and holding individuals with expertise in a field like software, where industry demand is high, is not easy for a government agency. Less qualified examiners create problems because they naturally have a lower standard in determining the hypothetical "person having ordinary skill in the art," and are thus more apt to grant patents for obvious processes. Since the examination process is conducted ex parte (as a private matter between the Patent Office and the applicant), less qualified personnel are also more likely to be influenced by sophisticated patent attorneys and the apparent expertise of the applicant. The quality of software patents being awarded has aroused concern even among patent lawyers and other advocates of the new regime. But it will be left to firms being sued for infringement to prove that a process should not have been patented because it was obvious in view of the prior art. Meanwhile, software patents stand as intimidating weapons for those who hold them. Restructuring the Industry Perhaps because of some of these problems, applications for software patents take an average of 32 months to be approved and published. That's significantly longer than the overall average of 20 months, and a very long time given the short product cycles of the software business. Unlike copyright, independent creation is irrelevant to patent infringement. Every developer is charged with knowledge of all patents. Even if someone is not aware of a patent, he or she can still infringe against it. Furthermore, patent applications and the examination process are confidential, so there are ordinarily several years of patents in the pipeline that no search will reveal. Although no infringement occurs until the patent issues, an inventor may find that a newly awarded patent covers a feature he or she has already incorporated and marketed in a finished product. While this is a problem for the patent system as a whole, it is intolerable for software developers because of the industry's rapid pace of innovation and long patent-processing period. The problem is compounded by the fact that a modern software package may contain thousands of separately patentable processes, each of which adds to the risk of infringing patents that are already in the pipeline. Since software functions are interdependent and must be carefully integrated, developers can find it difficult to excise a process built into the original program. The patent system exacts a high penalty in an industry as decentralized as software. Programming requires no special materials, facilities, or tools: to design software is to build it. Because barriers to entry are low, the industry attracts many small players, including hundreds of thousands of individuals who work as consultants or short-term employees. Rather than a handful of competitors working on the same problem, there are likely to be dozens, hundreds, even thousands. Since under the patent system one winner takes all, many others--including developers without lawyers--are deprived of the fruits of their independent labor and investments. Patent proponents argue that this uninhibited duplication of effort wastes resources. But the "waste" could be cut only by reducing the number of players and slowing the pace of development to fit the cycles of the patent system. The result would be a handful of giants competing on a global scale, bidding for the ideas and loyalty of inventive individuals. However, many programmers believe that there are diseconomies of scale in software development--that the best programs are authored rather than assembled. The success of Visicalc, Lotus 1-2-3, WordPerfect, and other classic programs testifies to the genius of individuals and small teams. Certainly there has been no evidence that they need more incentives. Quite the contrary, the freewheeling U.S. software industry has been a model of creative enterprise. A Costly System Even software developers and publishers who do not wish to patent their products must bear the costs of operating under a patent system. While these costs may initially come out of the software industry's operating margins, in the long run, they will be borne by users. At the first level is the expense of analyzing prior art to avoid patent infringement. A precautionary search and report by outside patent counsel can run about $2,000--that's per process, not per program. Next are the direct costs of the patent monopoly--the license fees that must be paid to patent holders. If the patent holder refuses to license at a reasonable fee, developers must design around the patent, if that is possible. Otherwise, they must reconceive or even abandon the product. The third set of costs are those incurred in filing for patents. Searching for prior art, plus preparing, filing, negotiating, and maintaining a patent, can total $10,000 to $25,000, not including internal staff time. Seeking foreign patents can make the bill substantially higher. The notoriously high costs of patent litigation must be borne by both sides. Just the discovery phase of a lawsuit is likely to cost each side a minimum of $150,000, and a full trial can cost each from $250,000 to millions. Again, these figures do not include internal staff time, which could easily double the real cost. While a small patent holder may be able to secure a law firm on a contingency basis or sell an interest in the patent to speculators, the defendant has no such options. Litigation also involves the possibility and further expense of an appeal. All appealed patent cases now go directly to the Court of Appeals for the Federal Circuit (CAFC, successor to the CCPA), where panels in patent cases are usually led by patent lawyers turned judges. Whereas patents once fared poorly on appeal, the CAFC has found patents to be both valid and infringed in over 60 percent of the cases that have come before it. The CAFC has greatly strengthened the presumption of patent validity and upheld royalties ranging from 5 to 33 percent. While a large software company may be able to absorb these costs, they will disproportionately burden smaller companies. The first to suffer will be independent developers who cannot afford to market their own products. These developers typically receive royalties of 10 to 15 percent from publishers who serve as their distributors. Such modest margins, out of which developers must recoup their own costs, would be wiped out by the need to pay royalties to a few patent holders. The high costs of a patent environment give patentees considerable leverage over small firms who will, as a practical necessity, pay a license fee rather than contest a dubious claim. To establish credibility, the patentee will settle for small fees from the initial licensees. The patent holder can then move on to confront other small firms, pointing to such licensings as acknowledgments of the patent's validity and power. This tactic has a snowballing effect that can give the patent holder the momentum and resources to take on larger companies. Cross-licensing--where firms secure patents to trade for the right to other patents--seems to work reasonably well in many industries and has been touted as the answer to these problems. However, cross-licensing is of little value to smaller companies, which have little to bring to the table. And cross-licensing may prove of limited value even to large companies, since it does not protect against companies like Refac that have no interest in producing software and therefore no need to cross-license. Of course, the power that software patents afford may induce some venture capitalists to invest in them. But investing in software patents is one thing; investing in robust, complex products for a mass market is another. In fact, software publishers hold very few patents. The vast majority are held by large hardware companies, computer manufacturers that have in-house patent counsel and considerable experience in patenting and cross-licensing. Nearly 40 percent of the software patents that the U.S. Patent and Trademark Office now issues go to Japanese hardware companies. It is quite possible that the separate software publishing industry may cease to exist as companies find that they need the patent portfolios and legal resources that the hardware giants can provide. The result will be a loss of diversity in software products, reduced competition, and, many believe, a less productive software industry. Protecting Ideas and Information A deeper, more disturbing problem in patenting programs was barely evident before computers became ubiquitous personal tools and software became infinitely versatile. More than a "universal machine," the computer has developed into a medium for human expression and a mediator of human experience. Software is designed to satisfy specific needs for shaping and delivering information. Thus, what is increasingly at stake in software patents is the generation and flow of information. This becomes more threatening when the claims in a patent extend far beyond the disclosed means of implementation to cover general ideas. Broad patent claims covering abstract processes are not limited to software, or even to computer hardware. Consider patent no. 4,170,832, granted in 1979 for an "interactive teaching machine." The patent discloses a clumsy-looking combined videotape deck and television with a set of push buttons. The patent includes a process claim for a procedure commonly used in interactive video: showing an introductory video segment, presenting the viewer with a limited number of choices, registering the viewer's decision, and then revealing the likely outcome of that decision. The disclosed machine, which was never marketed, contributes nothing to the public domain: it simply reveals one person's way of implementing a basic instructional technique. In a notorious 1983 case, a federal district court upheld the patentability of Merrill Lynch's Cash Management Account system, a procedure for moving investment funds among different types of accounts. Acknowledging that the system--essentially a method of doing business--would not be patentable if executed with pencil and paper, the court nevertheless upheld the patent because it made use of a computer. The Patent Office has taken this principle one step further. Besides granting monopolies on new procedures such as the Cash Management Account system, the office is also awarding patents merely for automating familiar processes such as generating footnotes (patent no. 4,648,067) and comparing documents (patent no. 4,807,182). But software developers have been routinely automating such common office functions, bookkeeping procedures, learning strategies, and modes of human interaction for years. The principle that patents are granted to induce inventors to disclose trade secrets has no relevance here. These processes are part of everyday life, and can and should be computerized in a number of ways. What's more, information per se is traditionally the substance and territory of copyright. The intelligent ordering of information is the very heart of grammar, rhetoric, and graphic design. Why should information be subject to the pervasive restraints of patent simply because it is interactive rather than linear? Should human expression that is assembled, communicated, or assimilated with the aid of a computer be restrained by patents? If the computer is seen as an extension of the human mind rather than vice versa, the answer is no. Changing Patent Policy Software developers who understand the impact of patents are demoralized. Lawyers assure them that patents are here to stay, and that programmers must seek new patents to protect against other patents. These lawyers point to the growing torrent of software patents, the presumption of patent validity, and the fervidly pro-patent record of the Court of Appeals for the Federal Circuit. Smaller companies that cannot afford this advice can only hope that companies with deeper pockets will afford more visible and attractive targets for patent holders bringing suit. But the narrowness of the Supreme Court decision in Diamond v. Diehr remains. The Court never explicitly rejected the traditional doctrines against the patentability of mental steps and business methods, doctrines that may yet defeat many of the patents that have issued. If the hue and cry grows, Congress could amend the Patent Act to make it clear that the scope of patenting is still limited to physical processes. The software industry was not broke, but it is in the process of being "fixed." The question is whether the fixing will be done by the gush of awards from private proceedings in the Patent Office--or by a public decision about whether software patents serve "to promote the Progress of Science and useful Arts," as the Constitution requires. +++++++++++++++ Brian Kahin is an attorney specializing in information technology and policy. An adjunct research fellow in the Science, Technology and Public Policy Program at Harvard University's Kennedy School of Government, he was formerly affiliated with the MIT Research Program on Communications Policy and the MIT Communications Forum. He is a graduate of Harvard College and Harvard Law School. ------------------------------ Date: Thu, 26 Mar 92 11:20:08 EST From: ulowell!p30.f30.n231.z1.fidonet.org!Dave.Appel%harvard@HARVUNXW.BITNET Subject: File 2--Why form is as important as content I'd like to pass a message on to authors who write for electronic newsletters: If you make your article easy to read, you will get more people to read it. I've been reading electronic news in the form of computer bulletin boards and electronic newsletters since 1986. At first I mainly saw technical and hobbyist communication, but BBS and Usenet readership has changed. Your communications can no longer be directed solely to tech-weenies and computer-nerds. You must include a wide cross section of non-technical society as well. Your audience is wider than you think. For example, I get CUD from a BBS with a Usenet feed, and then distribute it to 4 other bulletin boards in town. When I see something very important, I'll post a message in the city-wide echo conference (25 BBSs) referring people to an article in CUD###.ZIP on such-an-such BBS. And, I know other folks in other cities do this too. QUESTION: What can you do to get more people to read what you write? ANSWER: ****----> MAKE IT EASIER TO READ <----**** QUESTION: How do you make it easier to read? ANSWER: Form, format (pretty-printing and line length), good sentence structure, short well-constructed paragraphs, correct grammar, correct spelling, syntax ... all those things that made you hate your high school sophomore English teacher. Yes, this stuff does make an article easier to read. And, an article that is easy to read has a better chance of being read. One key segment of your audience consists of people, such as executives or other non-technicals, who won't read "news" on a monitor or VDT. (Believe it or not, there are a lot of people who don't work in front of a computer screen.) These people need to see a hard copy. Therefore, your article not only has to look good on the screen, it also has to look good on *PAPER* without reformatting. (You might come back and say "research has shown that X percent of readers read it online." But 100 minus X percent don't. And VIPs, the ones you want to convince and motivate the most, don't. To those people hard copy is not only easier but carries more impact than the ethereal electronic version.) Additionally, those who read the hardcopy version probably don't have access to e-mail to easily respond to surveys about how and where they read it. There is a vast silent readership out there. And the better your article looks on paper, the larger that readership will be. Here we go. LINE LENGTH: Long lines are harder to read than short lines. Just because you have 80 columns on the screen doesn't mean that line length has to extend that far. Printed magazines usually have three columns per page, sometimes more, always at least two. I suggest a maximum of 65 characters for line length. It's easier to read on the screen, and will give a print-out big 1" margins when printed on standard 8.5" x 11" paper in a standard pica (10 pitch, 12 point) font. BIG margins make it easier to read. Magazine editors have a formula for determining the optimum line length: O = lca x 1.5 Mn = O - 25% Mx = O + 50% Where O= optimum line length and lca = lower case alphabet length. In essence, this formula says that a the best length for a line is one and one half times the length of all of the lower case letters printed next to each other, give 50% or take 25%. Example: I see your article online. I like it, believe it, and want to act on it. You've convinced me. But I'm staff, not management. I have to make a hard copy of your article, or the whole newsletter, and present it to management. Anyone who has presented reports to management knows that looks count. But I can't just shoot it out to the printer in a nice 11 or 12 point font and maintain decent margins. I have to remove the hard carriage returns, but not all of them, to reformat paragraphs. Headers, quotes, tables, outlines, and indented paragraphs need the hard returns left in. So neither standard search-and-replace nor conversion programs will work 100%. It's a hand job. Now it's going to take me 15 to 20 minutes in a word-processor before I can print it out and hand it to my boss. Multiply that by the 100 or 1000 people around the world who might want to show your important article to their boss. SENTENCE LENGTH: Sentence length needs to be varied similar to how a story-teller or a comedian varies the pace. This keeps the audience or reader from getting bored. If all the sentences are of equal length it gets rhythmic and monotonous. Very long sentences are hard to understand. PARAGRAPH LENGTH: Long paragraphs make a page look gray, and make it harder to read. Long paragraphs are visually unpleasant. White space is needed to break it up. A paragraph should contain just one thought and be small enough to be easily understood. If your thought takes too long to explain, break it up into smaller pieces. More complex material needs shorter elements to be easily understood. Paragraph length affects the eye-strain, attention span and fatigue level of your reader, which in turn affects whether he will finish reading it. ORGANIZATION: Good organization can be summarized in three easy steps: 1) Thesis 2) Body 3) Conclusion Tell the reader what you're going to tell him. Expound upon it and make your points. Then recap what you said. The reader should not have to read three or four paragraphs down to find out what you are writing about. Most people just read the first paragraph to find out if they want to read the rest of article. If you don't hook them in the first paragraph, you've lost them. SPELLING, GRAMMAR, ETC: Just between us, I don't care if you make typos. You don't care if I make typos. However, errors stick out like a sore thumb to scholars, businessmen and management types. Spelling and obvious grammar or usage errors give the impression that you aren't serious about what you are writing. Such errors indicate that you didn't take the time to give your piece a professional appearance. These errors give people who don't know you the impression that you aren't as intelligent as you really are. Besides, a four star restaurant does not serve haute cuisine on paper plates. You don't package a diamond ring in an old cigar box. If your piece is important, you need to make it look important. HOW TO DO IT: First, check your work yourself, keeping in mind the above suggested guidelines. Proof it two or three times, then run it through spelling and grammar checkers if possible. If your piece is very important, ask a friend to look it over. If your piece is of the utmost importance, ask someone with professional editing or proofreading experience to look it over. Even professional writers admit that proofing and final editing one's work is best done by someone else. Other people can point out things in your writing that you don't see. Most spelling and grammar checkers don't point out such usage errors as "there" instead of "their" or "they're." It takes careful proofreading two or three times. An occasional comma splice or run-on sentence will not bother most readers. But complicated, poorly constructed, or hard to understand sentences will have the reader shaking his head wondering what you meant. If you don't have friends or associates who are good at proofreading and editing, you can try professional services. Many editors, proofreaders, typesetters, etc. have started their own desktop publishing businesses. Even if all you need is electronic editing, not hardcopy output, those people can help you polish your work. This will help you get your points across, and even increase the number of people who read your article. One such business in Indianapolis is The Electronic Editor BBS at (317)293-8395, 293-1863 voice. They allow you to upload your raw copy in practically any format and from any word processor. Making files "sysop only" insures privacy. Encryption with PKZIP's password facility prior to upload can guarantee privacy. Their editors make the edited version of your file available in encrypted format for download or mail the file back to you on diskette. Hardcopy laser printer output is optional. CONCLUSION: I think that many of the issues discussed in electronic newsletters such as CUD are important. I'd like to see those issues taken to the power holders, the movers and shakers, the corporate executives and the middle managers who run the institutions in our society. I see many articles that might be described as diamonds in the rough. Polishing your articles and formatting them nicely will go a long way towards: - increasing your readership - reaching the important people - assisting your current readership in re-distributing your work beyond the electronic community. You may send comments, questions, flames, to: Fidonet: Dave Appel @ 1:231/30 RIME: Dave Appel -> IBMNET Internet: Dave.Appel@f30.n231.z1.fidonet.org ------------------------------ Date: Fri, 27 Mar 92 8:01:39 EST From: Lance J. Hoffman Subject: File 3--FBI OpEd in NYT (Risks Digest Reprint, #3.31) The debate on (son of) S. 266 and on whether and how to "dumb down" computer technology to satisfy law enforcement needs is joined in The New York Times of Friday, March 27, 1992 with articles by William Sessions, FBI director, and Janlori Goldman, director of the privacy and technology project of the American Civil Liberties Union. RISKS readers with an interest (or stake) should read these articles carefully, and consider responding with letters to the editor of the New York Times of their own if they have anything to add. If the technical community wishes to be heard, it should speak up now. (Letters to their congressional representatives may not hurt either ;-) ). Lance Hoffman Department of Electrical Engineering and Computer Science, The George Washington University, Washington, D. C. 20052 (202) 994-4955 ++++++++++++++++++++++++++++++ >Date: Fri, 27 Mar 92 07:54:31 CST >From: ks@stat.tamu.edu (Kurt F. Sauer) >Subject: The FBI Needs Industry's Help--OpEd in NYT FBI Director William Sessions wrote an interesting op-ed piece in today's New York Times (Vol. CXLI, No. 48,918, Fri., Mar. 27, 1992, p. A15) dealing with the problems which federal law enforcement expects to encounter when placing court-ordered wiretaps on data circuits. When I read between the lines, it sounds as if Mr. Sessions doesn't want us to use data security which employs end-to-end encryption; perhaps other RISKS-DIGEST readers will draw different conclusions. [Under the rubric "Dialogue/High-Tech Wiretaps"] Keeping an Ear on Crime: The F.B.I. Needs Industry's Help By William S. Sessions Advances in telecommunications technology promise to deprive Federal, state and local law enforcement officers and the public of the incalculable benefits that can be obtained only by court-authorized wire-tapping. Wiretapping is one of the most effective means of combating drug trafficking, organized crime, kidnapping and corruption in government. The Federal Bureau of Investigation does not want the new digital technology that is spreading across America to impair this crucial law-enforcement technique. Thus, after consulting with the telecommunications industry, members of Congress and executive branch agencies, the Justice Department has proposed legislation that is intended to preserve the ability of law enforcement officers to intercept conversations of people engaged in serious crimes. This bill is consistent with legislation passed in 1968 after Congress debated the constitutional problem posed by the Government's need to address both serious criminal conduct and the individual's right to privacy. Congress struck a balance by passing the Omnibus Crime Control and Safe Streets Act. That law and later amendments created the meticulous procedure by which law enforcement officers obtain judicial authorization for electronic surveillance. Wiretaps can be used to address only the most serious criminal, sometimes violent, threats facing society. Only when a judge is satisfied that all statutory safeguards have been met and all other reasonable investigative steps have failed or will likely fail, are taps permitted. Digital technology makes possible the simultaneous transmission of multiple conversations and other data over the same lines. The problem is that voice transmission will soon be replaced by an endless, inseparable stream of electronic emissions, making it virtually impossible to capture criminal conversations. The Federal Bureau of Investigation is not complaining. As the telecommunications industry develops digital technology, new services such as Caller ID are becoming available to business and private customers. The new technology already has provided benefits for the F.B.I.--for example, it helped solve the bombing of Pan Am Flight 103. But if digital technology is fully introduced with insufficient attention to public safety, the effectiveness of law enforcement officers will be greatly impaired. As society and technology evolve, so do government's needs and responsibilities. And, yes, the burden of helping to safeguard the public often falls on those who make profits from regulated goods and services. It is reasonable for the telecommunications industry to come to the aid of law enforcement. The proposed legislation relies on it to find technical solutions that are cost effective while permitting the development of its technology. Surely it can do both in a way that insures its competitiveness. Indisputably, there will be financial costs associated with whatever technical solutions the private sector might develop. These costs cannot be measured only in dollars; consider the price society would pay if the ability to solve complex crimes were thwarted by an end to wiretapping. In a recent large-scale military-procurement fraud case-- which was successful because of wiretaps--the fines, restitutions, forfeitures and savings to taxpayers exceeded $500 million. The cost to telecommunications companies would not be so substantial as to outweigh the consequences of an inability of law enforcement to act. But if nothing is done soon, as technology advances and the digital systems become more widespread, the cost of addressing the issue down the road will undoubtedly increase dramatically. The proposed legislation does not expand the authority of the F.B.I. or any other criminal justice agency. It simply preserves what Congress authorized in 1968--nothing more. In recent years, Congress has expanded the Federal criminal activities for which wiretapping may be obtained. As in 1968, it must decide if law enforcement should have this invaluable tool available. I am confident that congress will again support law enforcement by approving the necessary legislation. ------------------------------ Date: Tue, 31 Mar 92 18:23:41 PST From: central office <9958@service.com Subject: File 4--ACLU's Janlori Goldman's Reply to FBI Proposal (Risks Reprint) >Date: Mon, 30 Mar 92 20:40:26 EST >From: "Daniel B. Dobkin" >Subject: Dumbing down the FBI Lance Hoffman's posting on Friday mentioned the New York Times Op-Ed dialogue between FBI Director William Sessions and Janlori Goldman, director of the ACLU Privacy and Technology Project. Kurt Sauer posted Director Session's article; at the risk of preaching to the choir, herewith is Ms. Goldman's reply. Keeping an Ear on Crime: Why Cater To Luddites? By Janlori Goldman The Federal Bureau of Investigation says advances in the telecommunications industry are likely to make it difficult to use its old-fashioned wiretapping techniques to listen in on telephone conversations. The F.B.I.'s solution, in legislation the Justice Department is asking Congress to pass, is to force the telecommunications and computer industries to redesign their modernized systems to accommodate the bureau's needs. Unfairly, the F.B.I. wants consumers to pay for it through rate increases and higher equipment costs. The telecommunications and computer industries both oppose a bill that would mandate such sweeping regulations. The proposal makes the bureau look like Luddites, the 19th century English weavers who smashed new machines that they claimed put them out of work. Instead of keeping up with new developments, the F.B.I. wants to freeze progress. It is wrongheaded and dangerous to require the industry to put surveillance first by slowing innovation and retarding efficiency. How can the F.B.I. justify this policy at home while the White House is wringing its hands over U.S. competitiveness in the international market? The F.B.I. fears that new digital technology will make it difficult, even impossible, to listen in on conversations by using traditional wiretapping equipment. The new technology converts voices and data into electronic blips and reconverts the blips into voices and data near the receiving end on high-speed fiberoptic lines. The bureau overstates its concern. The telecommunications industry says it is not aware of a single instance in which the F.B.I. has been unable to tap a line because of the widespread new technology. Even the Director, William S. Sessions, admitted in a Congressional hearing last week that no warrant has been issued that could not be executed. At issue is the F.B.I.'s ability to wiretap in the future. But the answer is not a legislative fix that freezes technology. The F.B.I. is not only asking the industry to dumb down existing software, it wants to prohibit it from developing new technologies that might interfere with the Government's ability to intercept various oral and electronic communications. The proposed restrictions not only cover phone companies but also on-line computer services (such as as Prodigy and Compuserve), electronic mail systems and bulletin boards, and switchboards. The F.B.I. says its proposal only seeks to preserve its legal authority to wiretap. Actually, it wants to expand the power of the Federal Communications Commission, which regulates the telecommunications industry, to make the F.B.I.'s needs a priority in designing new technologies. In its legislation, the Government threatens to impose a $10,000-a-day fine on companies that develop technologies that exceed the F.B.I.'s technical competence. The F.B.I. has it backward. If the Government wants to engage in surveillance, it must bear the burden of keeping pace with new developments. Last year, Congress appropriated $80 million for a five-year F.B.I. research effort focused on telecommunications advances. There is a serious risk that rollbacks in advances may make telecommunications networks more vulnerable to unauthorized intrusion. One of the industry's main goals is to design secure systems that thwart illegal interception of electronic funds transfers, proprietary information and other sensitive data. The F.B.I. is not the only agency trying to block progress. The National Security Agency has tried to put a cap on the private development of technology in encryption, the electronic encoding of data to guard against unauthorized use. As the private sector develops more effective encryption codes to protect information in its data bases, the N.S.A. worries that it may have trouble breaking such codes in its intelligence gathering overseas. The agency is denying export licenses for certain encryption codes, thus inhibiting the private sector's development and use of the technology. Congress should defeat the proposal. Otherwise, we may be prohibited from erecting sturdy buildings if the thick walls prevent an F.B.I. agent from eavesdropping on a conversation through a cup pressed to a wall. ------------------------------ End of Computer Underground Digest #4.16 ************************************