Computer underground Digest Sun Jul 2, 1995 Volume 7 : Issue 55 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson la Triviata: Which wine goes best with Unix? CONTENTS, #7.55 (Sun, Jul 2, 1995) File 1--Another Cinci BBS comment File 2--Are We Sheep? - LA Times Op-Ed on online censorship (fwd) File 3--Big Brother Covets the Internet (fwd) File 4--Legal Bytes 3.01 (part 1) File 5--Cu Digest Header Info (unchanged since 19 Apr, 1995) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Fri, 30 Jun 95 15:40:00 -0500 From: JOHN BAILEY Subject: File 1--Another Cinci BBS comment ((MODERATORS' NOTE: We ran several articles on the Cincinnati BBS busts in CuD 7.53. Below is another comment from a Cincinnatian)). Dear CUD, I was wondering if you ever did anything in regards to computer rights. This is becoming a very big issue lately, especially with the Exon bill eeking its way through the government. The reason I ask, on Friday, June 16, this became a very critical issue for some 5000 users of one BBS here in Cincinnati. A local sheriff and his group took it upon themselves to raid 5 local BBSs for what he considers "adult material". These BBSs by the way, were not all in the sheriff's jurisdiction. The largest BBS (Cincinnati Computer Connection, CCC) was a 25 node PCBoard BBS with 5000 users. These users used the board for personal mail, conducting business, playing games and downloading files. The users are outraged and have begun to try and understand what prompted this action and why it was executed in the manner it was. The Cincinnati media has provided excellent coverage of this situation and the CCC users have already held a "town meeting" to try and discover what has actually happened and what rights the users really have. Unfortunately, the sheriff and his group refused to attend or provide any explanation as to what is really happening. According to the warrant, "adult material" seemed to be the issue but this was very vague and far reaching. If there was offensive material on the board, it was unbeknownst to the users. The sheriff apparently had a plant on the board for 2 years. This person, in all good conscience, would have to have seen that the BBS was a very friendly and open "family type" community of users who had nothing to hide. Parents and their children (of all ages) used the board. If something was wrong, nobody ever bothered to suggest to the Sysop there might be a problem, which certainly would have been rectified. Instead, a Gestapo type raid was performed (very poorly, I might add), seizing some equipment here, some there without full knowledge of how the equipment even worked. What the CCC users are trying to do is gain some exposure, and insight, in to the rapidly growing problems regarding the censorship issues the government (and police agencies) seem to have with computer on-line networks and the way in which they brutalize computers (and their users) instead of trying to remedy the situation through discussion and education. If legal action is considered a viable alternative, many CCC users have shown support for that type of action in order to protect their rights. Does your publication offer any kind of editorial facility to not only review, but help in the research of these types of on-line network problems that seem to be occurring more frequently? Users need to be aware of potential seizure of their personal information without their knowledge or without a warrant specifically identifying their property as part of the seizure. Regardless of the outcome of any type of legal proceedings, this incident in Cincinnati could be a far reaching landmark case. Your assistance and knowledge would be greatly appreciated. Sincerely, Cincinnati Computer Connection BBS Users John M. Bailey (CCC User) 1570 Citadel Place Cincinnati, Oh 45255 Home: 513-474-9114 Work: 513-624-8844 ext 239 Internet: john.bailey@cccbbs.cincinnati.oh.us ------------------------------ Date: Wed, 28 Jun 1995 08:11:48 -0500 (CDT) From: David Smith Subject: File 2--Are We Sheep? - LA Times Op-Ed on online censorship (fwd) From--dewelch@earthlink.net (Douglas E. Welch) Date--Tue, 27 Jun 1995 14:11:55 -0700 Previously published in the Los Angeles Times, Tuesday, June 27, 1995. Page B11 Note: Electronic re-posting is ALLOWED but NO PAPER REPRINTS or inclusion in online digests without written permission (paper or email) from the author. All re-postings must retain this notice. The complete article is available on the web site listed below. Copyright (c) 1995 Douglas E. Welch dewelch@earthlink.net dewelch@pop.com 76625,3301 http://www.earthlink.net/~dewelch/ ------------------------------------------ Are We Sheep? By Douglas E. Welch DOUGLAS E. WELCH, a writer and computer analyst from North Hollywood, is concerned about calls for government control of electronic media in the guise of protecting children. He told The Times: The thought of anti-violence and anti-sex technology built into our televisions and computers is appalling and unnecessary. The ultimate control device is already built into every piece of technology manufactured today: the "off" switch. We need to use our own best censors, our values and morals, to decide what we and our children watch. If we took control and stopped watching, advertisers would quickly learn that we expected better entertainment. Instead, we have become lazy, whining neo-children who want our governmental parents to tell us what is right and wrong, what is good and bad, so that we don't have to think for ourselves. We want to continue grazing peacefully like a herd of sheep while the shepherd keeps the wolf at bay. What we don't realize is the shepherd might be the wolf in disguise. We should not be so willing to give our government the power to control what we see and hear. If we give these rights away, they will only be bought back at a very high price, if they are to be bought back at all. ------------------------------ Date: Mon, 19 Jun 1995 23:21:46 -0500 (CDT) From: David Smith Subject: File 3--Big Brother Covets the Internet (fwd) ---------- Forwarded message ---------- From: nyt@nyxfer.blythe.org (NY Transfer News Collective) Via NY Transfer News Collective * All the News that Doesn't Fit From Flatland, No. 12, May 1995, pp. 44-46. Big Brother Covets the Internet by Daniel Brandt "The Internet offers intelligence agencies an amazing potential source for information collection and for monitoring the activities of their targets. They not only can plug into communications through the names of senders and receivers of e-mail, but also through keyword monitoring of messages as they have done for many years. If you add e-mail to their monitoring of telephone and other credit card transactions, they can get a very complete picture of a given person's activities. "On my long trips to the United States for university lecturing and other activities, such monitoring enables them to know my every flight, hotel and car rental, and local contacts, not to mention my complete itineraries. All this prior to my flight from Germany to the U.S. Add to this my other calls and bank transactions and you ahve almost every imaginable detail. It is a perfect system for spy agencies and getting better all the time." -- former CIA officer Philip Agee What the government giveth, the government can taketh away. This message has been received by Internet watchers recently, as Big Brother begins to confront the issue of online computer security. Internet hacking is at an all-time high, the Pentagon claims, just as big business is buying into the Internet in a big way. Something has to give. "Hackers are even better than communists," says one Washington activist who deals with civil rights and electronic privacy issues. Several weeks later, on November 22, 1994, NBC News with Tom Brokaw underscored his point with an alarmist segment by Robert Hager: A Pentagon unit is poised to combat unauthorized entries into some of the world's most sensitive computer systems. But despite all the safeguards and a computer security budget in the hundreds of millions of dollars, attempts were made to break into the Pentagon's computers on 254 separate occasions in the last twelve months alone, almost always through the Internet.... NBC News has learned that intrusions into the Defense Department's computers go unreported 98 percent of the time -- 98 percent! -- often because no one is aware information is being pirated. Pentagon officials are worried the nation's security is being compromised. Only Joe McCarthy knows how Robert Hager came up with a figure of 98 percent for undetected break-ins, and then pretended it was worth repeating. Hager continued with his voice-over and began talking about hackers breaking into one nameless hospital's records and reversing the results of a dozen pap smears. Patients who may have had ovarian cancer, Hager claimed, were told instead that they were okay. If this were an isolated story, then the Newsgroup subscribers on who reacted to Hager's segment, by speculating that something must be behind it, might be dismissed for weaving yet another paranoid thread. But here I have to agree that even if you're paranoid, they still might be after you. On this story, at least, NBC seems to be the mouthpiece for larger forces. "Organized Crime Hackers Jeopardize Security of U.S." reads the headline in "Defense News" (October 3-9, 1994). This article reported on a conference sponsored by the Center for Strategic and International Studies, a prestigious Washington think tank with close connections to the intelligence community. Dain Gary from the Computer Emergency Response Team in Pittsburgh, a hacker-buster group funded by the Pentagon, claimed that "there are universities in Bulgaria that teach how to create more effective viruses." Mr. Gary did not respond to my letter requesting more information. The government started the Internet, and then over a period of years it lost control. This was partly due to the unique architecture of the Internet, which has its roots in a 1964 Rand Corporation proposal for a post-Doomsday network. Rand's idea was that information packets could contain their own routing information, and would not have to rely on centralized switching. Anarchy, it seems, is the best antidote to vulnerable communications systems. Recently the government, due to a combination of tight budgets and a trend toward deregulation, has allowed big business to take over the main conduits, or "backbone" of the Net. Corporations smell a huge potential cybermarket, and are investing money to get themselves positioned on the Net. They want to be ready when it comes time to harvest the expected profits. Today we have a global network with 30 million users. No one is in control, and no one can pull the plug. If one telecommunications company decided to shut off the segment of the Net that they administer, other companies could simply route their traffic around them. And if it weren't for password protection and the "firewalls" installed by corporations to protect their local turf from other computers, each of Internet's users would have access to all the other computers on the Net. Passwords and firewalls don't always work. A hacker who burrows in and obtains the right sort of access can watch the passwords of other users fly by, and can capture them for later use. In November 1994, General Electric's robust firewalls were circumvented by hackers, according to a company spokeswoman, and GE had to pull their computers off the Net for a week to revamp their security procedures. In two other incidents, a group of hackers calling itself the Internet Liberation Front managed to break into systems. On one they posted a message warning corporate America against turning the Internet into a "cesspool of greed." So Big Brother has a problem. But it's not so much a problem of national security, except perhaps in the broad sense of economic vulnerability. Defense and intelligence systems that are classified are not connected to the Internet. When the Pentagon complains to NBC about national security, what they really mean is that they might have to forego the convenience of Internet contacts with their contractors, and use other means instead. No, Big Brother in this case is not the Pentagon, it's really big business. They're chomping at the Net's information bits, while the computer security problem is reining them back. Until this problem is solved, the Net cannot be used for serious commercial transactions. Big business seems to be feeding scare stories to the media, and the Pentagon is helping them out by raising the time-tested bugaboo of national security -- the only surefire way to scare Congress into repressive legislation. America leads the world in information technology, and the Internet is potentially a lucrative link in tomorrow's profit chain. If only those pesky hackers would go away. The hackers that do exist are grist for the system's disinformation mill, so if they didn't exist the system would probably have to invent them. The bottom line for those whose opinions matter is that the Internet has potential to help the rich get richer. Hackers belong in jail, of course, but there's also the Net surfer who's clogging bandwidth with idle chatter, or even swapping copyrighted material with their friends. Frequently this unprofitable silliness is subsidized by the universities. All big business wants from these folks is consumption -- they may browse through online catalogs and debit their credit lines, but forget all this virtual community stuff. It's got to go. The way to reboot the system is to boot the little guy, and the best way to do this has always been to let the government bash some heads. The digital equivalent of this is the one-two punch of the Clipper chip and the Digital Telephony Bill. Clipper is an ongoing government effort to encourage the mass marketing of a encryption standard that can be tapped by them. It was developed with help from the National Security Agency (NSA), which is worried about the emergence of encryption that can't be easily broken by their supercomputers. The FBI's favorite is the Digital Telephony Bill, which was passed without debate by Congress last October. It forces telecommunications companies to modify their digital equipment so that the government has access to wiretapping ports when they come calling with a warrant. Warrants? When was the last time the intelligence community took warrants seriously? Just in case a few of them get nervous while breaking the law, the Foreign Intelligence Surveillance Act of 1978 set up a secret court to issue warrants in situations involving a foreign threat. This court has yet to turn down a single request put before it -- even rubber stamps don't perform this well. All it would take is a vague rumor of a Bulgarian virus with Russian organized crime lurking close behind, and presto, a secret warrant is issued to tap the Internet backbone so that U.S. spooks can look for nasty digital germs. The judges aren't competent to evaluate technical rumors, and with their track record, no one pretends that they will call in their own experts. Why bother, since the proceedings are secret and there's no accountability? But then, who needs a warrant? According to reports, the NSA, Britain's Government Communications Headquarters (GCHQ), and Canada's Communications Security Establishment, all practice what might be termed the "sister agency gambit." They do this by stationing liaison officers in each of the other agencies. When they want to tap their own citizens without a warrant, they just call over the liaison officer to throw the switch. Now it's called "intelligence from a friendly foreign agency" and it's all legal. Particularly with the Internet, where jurisdictional problems involve many nations, this sort of transnational cooperation will be the rule rather than the exception. The excuse for monitoring the Net today might be the security problem. Tomorrow the security problem may be solved, one way or another, and the Net will be used for commercial transactions. Then the excuse for monitoring will be the need to detect patterns of commerce indicative of money laundering, much like FinCen does today. FinCen, the Financial Crime Enforcement Network, monitors Currency Transaction Reports from banks, and other records from over 35 financial databases, as well as NSA intercepts of wire transfers into and out of the U.S. This data is shared with the DEA (Drug Enforcement Administration), CIA, DIA (Defense Intelligence Agency), IRS, FBI, BATF (Bureau of Alcohol, Tobacco, and Firearms), and the Secret Service. FinCen, which began in 1990, is an attempt to track, cross-reference, and apply artificial-intelligence modeling to all the relevant data from government agencies. Now they are floating a proposal for a deposit tracking system. When the Internet begins carrying financial transactions, FinCen is sure to be poking around behind the scenes. One characteristic of the Internet is that surveillance on a massive scale is easy to accomplish. With telephone voice or fax transmissions, the digital signal is an approximation of the analog signal. Massive computing power, relatively speaking, is needed to extract the content in the form of words or numbers. This is called "speech recognition" for voice, or "optical character recognition" for fax. Data on the Internet, on the other hand, is already in the form that computers use directly. Moreover, each packet conveniently includes the address of the sender and receiver. It's a simple matter to tap an Internet backbone and scan every packet in real time for certain keywords. With voice and fax, it's only practical to capture specific circuits, and then examine them later for content. On the Internet, even encryption doesn't solve the privacy problem, because the Net is also ideal for message traffic analysis. A stream of encrypted messages between two points could be detected by a computer, which then spits out a report that's sure to attract attention. Each end of this stream is now identified as a target, which means that other types of surveillance are now practical. The Internet, in other words, increases opportunities for surveillance by many orders of magnitude, with or without encryption. Those who have the resources can try to befuddle the spooks who monitor them by disguising their transactions. Shell corporations, off-shore banks, and cash-intensive businesses will still be popular with money launderers. Seemingly innocent transactions will slip through the net, and for the most part only the little guy without transnational resources will get caught. Which is exactly the point. The little guy on the Net is surfing on borrowed time. There are too many pressures at work, too many powerful interests to consider. The Net is too important to the Suits -- if not now, then soon. If it were only a case of Us and Them, it would be easier to sort it all out. But the self-styled Internet Liberation Front, and similar types with hacker nonethics, are part of the problem as surely as the greedy capitalists. Nor is it easy to see much hope in the way the little guy -- the one who obeys the law -- has used the Internet. The entire experiment has left us with 30 million connections but very little public-sector content. Apart from the sense of community found in Newsgroups, list servers, and e-mail, not much is happening in cyberspace. And just how deep is this community when the crunch comes? Not nearly as deep as the counterculture of the 1960s, and look what happened to them. Rand Corporation, meanwhile, is churning out studies on cyberwar, netwar, and information warfare. The Defense Department, at the urging of their Advanced Research Projects Agency (which started the Internet), recently signed a memorandum of understanding with the Justice Department, at the urging of the FBI and the National Institute of Justice. This memorandum anticipates a coordinated effort on high-tech applications for "Operations Other Than War" and "Law Enforcement." The game is on, and the high-tech high rollers are getting it together. The neat graphics and sassy prose in "Wired" and "Mondo 2000" magazines notwithstanding, the Net-surfing culture is more virtual than real. Cyberspace cadets are no match for the real players, and it's going to be like taking candy from a baby. Lots of squeals, but nothing to raise any eyebrows. It's all so much spectacle anyway. Guy Debord (1932-1994) summed it up in "Society of the Spectacle" in 1967, when Rand was still tinkering with their Doomsday idea: The technology is based on isolation, and the technical process isolates in turn. From the automobile to television, all the goods selected by the spectacular system are also its weapons for a constant reinforcement of the conditions of isolation of "lonely crowds." The spectacle constantly rediscovers its own assumptions more concretely.... In the spectacle, which is the image of the ruling economy, the goal is nothing, development everything. The spectacle aims at nothing other than itself. Then again, the Spectacle does make for excellent Internet watching, once silly notions like "information wants to be free" are discarded, and the drama can be enjoyed for what it is. Basically, it's one more example of something that happens frequently in history. The little guy thinks he has created something new and powerful. He's so busy congratulating himself, that when the Big Dogs begin to notice, the little guy doesn't. In the end, it's merely another dog-bites-man nonstory that won't be found on NBC News. This just in: "Little guy gets screwed." END END END Flatland can be reached at PO Box 2420, Fort Bragg CA 95437-2420, Tel: 707-964-8326. Reposting permitted by the author. ------------------------------ Date: Tue, 13 Jun 1995 00:31:00 -0500 (CDT) From: David Smith Subject: File 4--Legal Bytes 3.01 (part 1) ---------- Forwarded message ---------- Date--Fri, 2 Jun 1995 11:40:42 -0500 From--owner-legal-bytes@io.com By George, Donaldson & Ford, L.L.P. Attorneys at Law 114 West Seventh Street, Suite 1000 Austin, Texas 78701 (512) 495-1400 (512) 499-0094 (FAX) gdf@well.sf.ca.us ___________________________________ Copyright (c) 1995 George, Donaldson & Ford, L.L.P. (Permission is granted freely to redistribute this newsletter in its entirety electronically.) ___________________________________ David H. Donaldson, Jr., Publisher <6017080@mcimail.com> Peter D. Kennedy, Senior Editor Jim Hemphill, Contributing Editor Jeff Kirtner, Law Clerk ___________________________________ IN THIS ISSUE: 1. WILL THE SHRINK-WRAP LICENSE DILEMMA PLAGUE ON-LINE SALES? 2. SOME LEGAL RISKS POSED BY ON-LINE ADVERTISING 3. LOTUS LOSES FIGHT TO PROTECT ITS USER INTERFACE 4. COPYRIGHT LAW UPDATE: COPYING BY COMMERCIAL RESEARCHERS IS NOT NECESSARILY A FAIR USE ____________________________________________________ 1. WILL THE SHRINK-WRAP LICENSE DILEMMA PLAGUE ON-LINE SALES? Can software companies unilaterally decide what terms govern the sale of their software? What's the point of those long, complicated, one-sided licenses that come with most commercial software packages? Are they enforceable? The Purpose of Shrink-wrap Licenses. Everyone has seen these licenses -- they come with commercial software and state that opening the package or using the software means the buyer is agreeing to abide by their terms. While these documents may be slightly aggravating, software companies use them for two important reasons -- to protect their copyrights and to limit their exposure to lawsuits. Software is terribly easy to copy and distribute; software developers understandably want to protect themselves from losing revenue from unauthorized copying. Shrink wrap licenses include terms restricting the copying of the software in order to help insure that the sale of a single copy of the software does not give rise to any implied license to make, distribute or use additional copies. The licenses might also try add further restrictions, such as prohibiting resale or leasing of the software. Shrink-wrap licenses have a second goal: to limit the software company's legal liability. This need arises not from copyright law, but from the general laws governing contracts and the sale of goods -- which in all states (except Louisiana) is the Uniform Commercial Code, or UCC. Article 2 of the UCC sets "default" rules that automatically become part of just about every sale of goods, unless the buyer and seller agree to change the defaults to something else. Despite some theoretical questions, most legal authorities agree commercial software is a "good" under the UCC. The problem for a software vendor is that the UCC reads into every sale implied terms that favor the buyer. Rather than adopt the doctrine of "caveat emptor," the UCC assumes that the seller has made certain promises or warranties about the quality of the product. If the product does not live up to these implied warranties, the buyer can sue. Most importantly, the UCC assumes that the seller always promises that the product is "merchantable," that is, fit for the customary use that such products are put to. Further, the UCC also assumes that the seller has promised that the product was fit for the buyer's particular intended use, if the seller had reason to know of that use. The seller and buyer can agree to change these terms, such as when a used car is sold "as is." The buyer and seller can also agree to limit the scope of the seller's liability if the product does not live up to the promises that were made. However, when the seller tries to make these limitations himself, through terms on an invoice or other document, the limitations must be "conspicuous," they must mention "merchantability," and they cannot be "unreason- able." Moreover, the buyer has to agree to the limits. Are Shrink-wrap Contracts Enforceable? There is serious question about how effective a typical shrink-wrap license is. Various criticisms are made. First, and most obviously, is whether a purchaser has really "agreed" to the terms of the shrink wrap license. Typically, the buyer does not know what the license says when she buys the software; the purchase is made before the terms are revealed. How can the buyer "agree" to the terms without knowing what they are? After a sale is made, one party cannot add new terms. The federal court of appeals sitting in Philadelphia discussed these issues in STEP-SAVER DATA SYSTEMS, INC. v. WYSE TECHNOLOGY, 939 F.2d 91 (3rd Cir. 1991), and decided that a particular shrink-wrap license was not enforceable. See also David Hayes, Shrinkwrap License Agreements: New Light on a Vexing Problem, 15 Hastings Comm. Ent. L.J. 653 (1993). A second, related objection is one raised to all take-it-or- leave it contracts, which are derisively named "contracts of adhesion." These tend to get rough treatment by courts, and shrink-wrap licenses are a special strain. Other concerns relate to the technical question of contract formation -- the sale is usually made between a retailer and the consumer, but the shrink-wrap license is between the consumer and the software company. Is that a contract at all? What did the software company give the consumer that the consumer did not already have when she bought the product? There are also some concerns about whether particular restrictive terms in these licenses (or more accurately, state laws that state that the terms are enforceable) violate the federal Copyright Act. See VAULT CORP. v. QUAID SOFTWARE, LTD. 847 F.2d 255 (5th Cir. 1988). Can These Problems be Fixed by On-line Transactions? Do these same objections to shrink-wrap licenses apply to on- line transactions? Maybe not. The unique nature of interactive on-line transactions offers vendors the ability to get and record the buyer's agreement to license terms before a purchase is made. Much of the software that is distributed on-line, shareware particularly, comes with a license.doc zipped up with the program files. These licenses will have the same troubles a shrink-wrap licenses, because they are an after-the-fact "surprise". However, most bulletin board systems, and now the World Wide Web, can easily be configured to require short interactive sessions before a transaction is consummated. The vendor can display the license terms, require the buyer's assent before the software is made available, and importantly, the buyer's assent can be recorded -- written to a log file. While an on-line seller cannot force the buyer to read the terms, it surely can record the fact that the terms were displayed, and that the buyer gave affirmative responses -- "Did you read the terms of the license?" "I did." "Do you agree to the terms?" "I do." This type of interaction before the sale makes the transaction appear far less one-sided. While take-it-or-leave-it terms might still be criticized as "adhesion contracts," the unique give-and- take that's possible on-line removes much of the inequitable sting that "surprise" shrink-wrap license terms leave on many observers. ___________________________________________________________________ 2. SOME LEGAL RISKS POSED BY ON-LINE ADVERTISING Advertising on the Internet is booming -- not with crass "spamming" on Usenet newsgroups, but with flashy, multi-media home pages on the World Wide Web that show off pictures, sound and even video. Most commercial World Wide Web sites combine a mix of advertising, information, and entertainment -- honoring the Internet tradition that tasteful, non-intrusive self-promotion is acceptable if it comes along with something neat or valuable. Are there legal risks involved in on-line advertising? There are, just like any other endeavor. Any business that extends its advertising to cyberspace must take the same care as it does with print or broadcast advertising. Electronic advertising also introduces new questions of jurisdiction -- whose laws apply? On- line service providers that accept advertising must consider their own potential liability, too. What is their duty concerning the content of other companies' ads? Advertisements are "publications." Companies that put their ads on the Internet are "publishers" and face the same potential risks of defamation, invasion of privacy, etc., from these ads as from print ads. Moreover, electronic service providers that accept paid advertisement may be "publishers" of those ads as well, and responsible to some degree for their content. Absent particular exceptions, advertisements carried by a publisher are viewed as that publisher's own speech. For example, the landmark 1964 Supreme Court libel case, New York Times v. Sullivan, concerned the liability of the New York Times for a paid advertisement written by others. The Supreme Court's ruling, although favorable to the Times, made no distinction between advertisements and other content of the newspaper. Compuserve, in the now-famous Cubby v. Compuserve case, successfully defended itself from a libel suit by proving its ignorance -- that it knew nothing of the content of a newsletter carried on its service, but provided by an outside contractor. This defense -- based on the traditional protection granted bookstores from libel suits -- is unlikely to be available when it comes to paid advertisements. Publishers, whether on-line or in print, generally review the content of advertisements before they are accepted and published, if only to determine pricing. They usually retain the right to refuse an advertisement based on its content. (Recall the recent attempts by revisionist "historians" to place ads in college papers denying that the Holocaust took place). Because of this potential exposure to liability, electronic publishers should be guided by two general principles: (1) review all proposed advertisements for potential legal problems, and (2) obtain an agreement that the advertiser will indemnify the publisher for any legal liability that arises from the ad. This article reviews several areas of potential concern for electronic advertisers. Ads for illegal transactions. You can't legally advertise marijuana for sale. (Or, more accurately, the First Amendment does not protect ads for illegal transactions.) A publisher can't knowingly carry such ads, even if the publisher would not be a party to the illegal transaction. A publisher's liability for carrying ads for illegal transactions has been hashed out in an interesting series of lawsuits involving the magazine Soldier of Fortune, which unintentionally carried several classified advertisements submitted by real live hit men offering the services of a "gun for hire." The hit men were hired through the magazine ads, and the families of those people "hit" sued the magazine. Two federal appeals courts came to entirely opposite conclusions about very similar Soldier of Fortune ads. The Eleventh Circuit upheld a multi-million dollar damage award against the magazine; the Fifth Circuit reversed a finding of liability. The legal principles these courts announced were relatively consistent, though: if an advertisement poses a "clearly identifiable unreasonable risk that it was an offer to commit crimes for money" the publisher can be held liable if it was negligent in running the ad. BRAUN v. SOLDIER OF FORTUNE MAGAINZE, INC., 968 F.2d 1110, 1121 (11th Cir. 1992), cert. denied, 113 S. Ct. 1028 (1993). A publisher must make sure that the ad, on its face, does not present a "clearly identifiable unreasonable risk" that the advertisement is soliciting an illegal transaction. On the other hand, the courts are less likely to impose liability for ambiguous advertisements that could have an innocent meaning. See EIMANN v. SOLDIER OF FORTUNE MAGAZINE, INC., 880 F.2d 830 (5th Cir. 1989), cert. denied, 493 U.S. 1024 (1990). This recognizes courts' reluctance to impose a duty on publishers to investigate advertisements beyond what the advertisements say. There is no reason to believe that this standard is different for advertisements of so-called "victimless" crimes like prostitution, although the likelihood of a civil lawsuit might be less. Ads for regulated businesses. Many businesses are regulated, and so is the content of their advertisements. The First Amendment permits some government regulation of commercial speech; for example, lawyer advertising is regulated by state bar associations or courts (although lawyers are constantly fighting over how far the regulations can go). Businesses placing ads should know what rules regulate their advertising. Companies accepting ads have two choices: (1) know the regulations for all companies for which it accepts ads; or (2) require the advertiser to guarantee that its ads comply with applicable regulations, and indemnify the publisher for losses if they don't. An example of the difficult legal questions raised by local regulation in the new borderless world of cyberspace are lottery and gambling ads. Some states (and territories) regulate or ban advertising lotteries and gambling. Puerto Rico, for instance, allows casino gambling. It also allows advertisement of gambling aimed at tourists, but prohibits such ads aimed at Puerto Ricans. The U.S. Supreme Court says that this odd regulatory scheme is constitutional. POSADAS DE PUERTO RICO ASSOCIATES v. TOURISM CO. OF PUERTO RICO, 478 U.S. 328 (1986). More recently, the Supreme Court also upheld the constitutionality of a federal law that forbids radio or television stations from broadcasting lottery ads into states that don't have a lottery -- even if the broadcasts are primarily heard in a state that has a lottery. UNITED STATES v. EDGE BROADCASTING CO., 113 S. Ct. 2696 (1993). This federal law only regulates airwave broadcasts of lottery ads. However, some states have similar statutes banning lottery advertising in any medium. For example, North Carolina prohibits advertising a lottery "by writing or printing or by circular or letter or in any other way." N.C. Stat.  14-289. Could North Carolina enforce this law against electronic publishers who carry lottery ads? Answering that question raises a host of difficult, unanswered jurisdictional questions and is beyond the scope of this short article. As a practical matter, it seems unlikely that North Carolina officials would try to prosecute the State of Texas, for example, if Texas set up a Web site to advertise its lottery that of course could be accessed from North Carolina. On the other hand, a local North Carolina service provider that accepted and posted ads for the Texas lottery (or even the results of the Texas lottery) might have something to worry about: the language of the law prohibits it; the service provider is in easy reach of local prosecutors; and the U.S. Supreme Court has already looked kindly on a similar law. Misleading and deceptive ads. The First Amendment does not protect false advertisement; state statutes (and some federal laws) routinely prohibit false, misleading and deceptive ads. For example, the broad Texas Deceptive Trade Practices-Consumer Protection Act ("DTPA") prohibits all sorts of deceptive advertising, and gives deceived consumers very powerful remedies in court. Such statutes are primarily aimed at those who place advertisements, rather than the publishers. Where do electronic publishers fit in? As usual, it's not clear. Newspapers cannot be sued under the Texas DTPA because that law does not apply to "the owner or employees of a regularly published newspaper, magazine, or telephone directory, or broadcast station, or billboard." Tex. Bus. & Comm. Code  17.49(a). Is an internet service provider a "magazine" or "broadcast station?" Maybe. Is a BBS or a World Wide Web page a "billboard"? Maybe. The question has not come up yet. While it would be more logical and consistent with the purpose of the statute to exempt electronic publishers that perform the same function as a newspaper, courts are supposed to apply the DTPA "liberally" to provide consumers with as broad a remedy as possible from deceptive ads -- leaving the answer in doubt. Some things are clear. An entity distributing information regarding its own goods or services cannot claim the "media exemption" -- a newspaper or BBS that publishes false information about its goods or services can be sued by consumers under the DTPA. Also, an entity that has a financial stake in the sale of the goods advertised is also subject to DTPA liability. This means that internet service providers that accept a percentage of sales generated by on-line advertising will be subject to the restrictions of the DTPA, and should insure that the ads they place are not deceptive, and that the seller has agreed (and can) indemnify them for liability. Finally, no publisher -- whether earthbound or in cyberspace -- is exempt from DTPA liability if the outlet and/or its employees know an ad is false, misleading or deceptive. Remember: It's YOUR service. Unless an electronic publication accepts all advertisements, regardless of content, and does not review the content of that advertising in any way or reserve any right to reject advertisements (and can prove this in court), the presumption will be that the service "published" the ad and is responsible for its content. No one has a First Amendment right to place their advertisement with any given Internet service provider or on any commercial information service. Despite lots of on-line rhetoric, the First Amendment only restricts what the government can do, not what businesses (even big ones) can do. Remember that a publisher always has the right to reject an ad for any reason at all and can require changes before an ad is placed. For ads that are obviously illegal, slanderous or misleading, the safest bet is to refuse the ad. ------------------------------ Date: Sun, 19 Apr 1995 22:51:01 CDT From: CuD Moderators Subject: File 5--Cu Digest Header Info (unchanged since 19 Apr, 1995) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CUDIGEST Send it to LISTSERV@VMD.CSO.UIUC.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) Brussels: STRATOMIC BBS +32-2-5383119 2:291/759@fidonet.org In ITALY: Bits against the Empire BBS: +39-464-435189 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/ ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp://www.rcac.tdi.co.jp/pub/mirror/CuD The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu:80/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #7.55 ************************************