[risks] Risks Digest 22.54

From: RISKS List Owner (riskoat_private)
Date: Thu Feb 06 2003 - 16:48:44 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 22.55"

    RISKS-LIST: Risks-Forum Digest  Thursday 6 February 2003  Volume 22 : Issue 54
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/22.54.html>
    and by anonymous ftp at ftp.sri.com, cd risks .
    
      Contents:
    Risks of all-electronic voting systems (David L. Dill)
    NASA cultural failures on STS-107 (Andrew Main)
    Some very last Columbia data possibly rejected as "corrupted" (Eric De Mund)
    Washington Monthly's 1980 critique of the space shuttle (Mike Godwin)
    Astronauts may have the most dangerous job (Derek K. Miller)
    All AA flights down due to computer crash (Keith Marzullo)
    Air Canada "Jazz" airline grounded by computer glitch (Derek K. Miller)
    19 charged in identity theft that netted $7 million in tax refunds
      (Benjamin Weiser via Monty Solomon)
    Old data systems a health-care burden (Beth Healy via Monty Solomon)
    Monty Solomon <montyat_private>
    Feds pull suspicious AONN.gov site (Declan McCullagh via Monty Solomon)
    Spam filtering stops the democratic process... (David Wj Stringer-Calvert)
    SPAM from Microsoft (PGN)
    MS: Upgrade! HP: Don't upgrade! (Peter Kaiser)
    Caida analysis of the Sapphire worm (Colleen Shannon)
    Re: Trouble with Prime Numbers: DeCSS, DVD, ... (Bob Langford)
    REVIEW: "Cybercrime: Vandalizing the Information Society", Furnell (Rob Slade)
    Subject: REVIEW: "Cyberlaw: National and International Perspectives", Girasa
      (Rob Slade)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Sun, 02 Feb 2003 22:54:07 -0800
    From: "David L. Dill" <electionsat_private>
    Subject: Risks of all-electronic voting systems
    
    I am collecting endorsements for a statement I have written (with a lot of
    help) opposing electronic voting machines that do not produce paper ballots
    (or, in the future, some other independent voter-verifiable audit
    mechanism).
    
    A lot of communities (and whole states, in some cases) are buying these
    machines because of pressure resulting from the 2000 election.  The problem
    is that if errors or fraud are detected in an election using these machines,
    there is no way to recover, other than a revote.  Worse, and more likely,
    errors or fraud may remain be undetected.
    
    I have already collected endorsements from over 100 computer scientists,
    many of them leading experts in elections, computer security, and software
    engineering.
    
    I have a Web page with background material, the statement, and the current
    list of endorsements.  It would be great if you could join us in endorsing
    this statement.  It would also be great if you could bring the issue to the
    attention of others who might be interested.
    
      http://verify.stanford.edu/evote.html
    
    If you are especially enthusiastic, other offers of help would be
    appreciated.  This has turned out to be a bit more difficult than I thought
    it would be!
    
    Thanks a lot,  	David Dill  	Stanford University
    
    ------------------------------
    
    Date: Sun, 02 Feb 2003 22:16:58 +0000
    From: Andrew Main <zeframat_private>
    Subject: NASA cultural failures on STS-107
    
    On mission STS-107, the space shuttle Columbia (OV-102) suffered physical
    damage to its left wing during ascent.  It is possible that this damage
    contributed to the subsequent breakup and loss of the orbiter during
    descent.  During the entire flight, despite being aware that damage had
    occurred, NASA remained unaware of the extent of the damage, making
    inadequate efforts to determine the nature of the damage. This error is
    ascribed to three aspects of NASA's management of manned spaceflights:
    excessive reliance on checklists, cumbersome EVA procedures, and a lack of
    autonomy for astronauts in flight.
      http://www.fysh.org/~zefram/nasa/sts107_culture.txt
    
      [NASA is now backing off on the tile-damage theory.  PGN]
    
    ------------------------------
    
    Date: Wed, 5 Feb 2003 22:42:47 -0800
    From: Eric De Mund <eadat_private>
    Subject: Some very last Columbia data possibly rejected as "corrupted"
    
    When the Columbia shuttle stopped transmitting voice signals at 9 a.m, and
    debris began raining down over a 200-mile-long swath of Texas and Louisiana,
    some data apparently continued to flow for another 32 seconds after contact
    was lost.  However, computers on the ground rejected the data because it was
    "corrupted".  NASA is trying to reconstruct this data.  [Source: John
    M. Broder, NASA Now Doubts Tank Debris Doomed Columbia, PGN-ed] *The New
    York Times*, 5 Feb 2003; PGN-ed]
      http://www.nytimes.com/2003/02/06/national/nationalspecial/06XSHU.html
    
    One obvious solution would be to have at least one process save all data,
    corrupt or not.
    
    Eric De Mund <eadat_private> Ixian Systems, Inc., Mountain View, CA
    http://www.ixian.com/ead/
    
    ------------------------------
    
    Date: Mon, 3 Feb 2003 09:36:37 -0500
    From: Mike Godwin <mnemonicat_private>
    Subject: Washington Monthly's 1980 critique of the space shuttle
    
    *Washington Monthly* has reposted its April 1980 critique of the space
    shuttle design. It's worth reading as a reminder that there have long been
    serious criticisms of the space shuttle for safety and economic reasons.
    
    http://www.washingtonmonthly.com/features/2001/8004.easterbrook-fulltext.html
    
    ------------------------------
    
    Date: Wed, 05 Feb 2003 09:27:19 -0800
    From: Derek K. Miller <dkmillerat_private>
    Subject: Astronauts may have the most dangerous job
    
    In an extreme example of computing risk, the December 1996 issue of Fast
    Company profiled the software developers for NASA's space shuttle program
    and tremendous rigour they apply to their jobs.  Bill Pate, one of the
    senior programmers, is quoted: "If the software isn't perfect, some of the
    people we go to meetings with might die."
    
    http://www.fastcompany.com/online/06/writestuff.html
    
    The truth is, as we have been reminded, that might happen even if the
    software _is_ perfect.
    
    After the space shuttle Columbia broke up on re-entry last weekend, I
    wondered whether astronauts have the most dangerous job in (or around) the
    world.  While I'm not a statistician, my quick calculations indicate that
    they do.
    
    Fatality statistics are usually listed in numbers per 100,000, because for
    most activities they are pretty small: the risk of death is 2 per 100,000
    scuba divers; 22 per 100,000 vehicle drivers; and 122 per 100,000 loggers
    (apparently the most dangerous of "normal" jobs).
    
    We should be careful about making comparisons using astronauts and other
    occupations with very small numbers of participants, where we can only
    really calculate historical averages rather than yearly rates (which is how
    most fatality rates are reported).
    
    With that in mind, however, I did a quick Google search and figured out that
    the death rate for astronauts and cosmonauts over the past 40+ years is (as
    of this week) about 7.5%, or 7,500 per 100,000 -- something like sixty times
    the rate for loggers. It is also nearly twice the 4.3% rate calculated for
    high-altitude mountaineering (often called the world's most dangerous job).
    That is especially notable since mountaineers often die from their own
    decisions, sometimes alone, while astronauts are supported by thousands of
    people and billions of dollars in technology, but still die more frequently.
    
    Other jobs have been more hazardous in the past. Sixty-three percent of
    German U-boat crew members were lost during World War II, nearly ten times
    the death rate of astronauts. But being a frontline soldier actively hunted
    in the open ocean during wartime is a different sort of "job," I would say.
    
    I provide a bit more detail and links to my sources at:
      http://www.penmachine.com/journal/2003_02_01_news_archive.html#90270862
    with a followup here:
      http://www.penmachine.com/journal/2003_02_01_news_archive.html#90276578
    
    Again, these numbers are quick and off-the-cuff. But it seems pretty clear
    that being an astronaut has always been and will remain a very risky
    endeavour for the foreseeable future. Astronauts and cosmonauts have always
    known that very well, even if the rest of us sometimes forget.
    
    Derek K. Miller, Vancouver, Canada  dkmillerat_private
    Penmachine Media Company | http://www.penmachine.com
    
    ------------------------------
    
    Date: Thu, 30 Jan 2003 21:04:41 -0800
    From: Keith Marzullo <marzulloat_private>
    Subject: All AA flights down due to computer crash
    
    I was on a flight back from Chicago to San Diego yesterday afternoon. We
    were scheduled to leave a bit after 5, but we instead took off around 6.
    The pilot said that all American Airlines flights were unable to take off
    because "a big supercomputer in ... (I forget where; in the south, I
    believe) crashed." It seems, according to him, that all flight plans, weight
    allowances, and fuel amounts are computed at this one machine and
    distributed out to the flights.
    
    I had not known of this single point of failure. Does anyone know more? How
    large of a region does this cover? Are crashes really rare enough to not
    have a hot standby? (Okay, AA is on the verge of bankruptcy).
    
    ------------------------------
    
    Date: Thu, 06 Feb 2003 09:34:30 -0800
    From: "Derek K. Miller" <dkmillerat_private>
    Subject: Air Canada "Jazz" airline grounded by computer glitch
    
    A virus apparently attacked an AC Jazz flight-planning computer that
    provides essential information on fueling, weather, and other variables.
    Without the computer's flight information releases, aircraft cannot take
    off.  The problem affected only Air Canada's regional operations.  About 200
    flights were affected, some canceled, some delayed.  [Source: *National
    Post*, 6 Feb 2003]
      http://www.nationalpost.com/national/story.html
      ?id=%7B04638B16-6927-49FB-A548-1E8DC2D6E430%7D
    
    ------------------------------
    
    Date: Wed, 5 Feb 2003 22:23:39 -0500
    From: Monty Solomon <montyat_private>
    Subject: 19 charged in identity theft that netted $7 million in tax refunds
    
    Federal prosecutors in Manhattan have charged 19 people with being part of
    an identity-theft ring in the Bronx that received at least $7 million in
    federal tax refunds by filing thousands of fraudulent income tax returns,
    using stolen Social Security numbers for people who were deceased or
    otherwise not filing returns.  Having been implicated, one corrupt tax
    preparer in the Bronx then decided to cooperate with federal authorities,
    recording conversations and gathering evidence, and enabling the other
    culprits to be apprehended.  (They used the IRS's electronic filing system!)
    The returns yielded an average of $2500 each.  [Source: Benjamin Weiser,
    *The New York Times*, 5 Feb 2003; PGN-ed]
      http://www.nytimes.com/2003/02/05/nyregion/05TAX.html
    
    n------------------------------
    
    Date: Tue, 4 Feb 2003 17:36:02 -0500
    From: Monty Solomon <montyat_private>
    Subject: Old data systems a health-care burden
    
    Handling bills, claims sends costs climbing
    
    When President Bush took aim last week at bloated medical bills, he blamed
    lawyers, bureaucrats, and insurance companies for driving up costs. But
    there is a hidden culprit he did not mention: woefully outdated back-office
    technology. The medical system has invested heavily in new ways to heal
    patients, but it has neglected the nuts-and-bolts business of managing bills
    and records.  Of all the intractable challenges in health care, updating
    bill collecting and claims processing might seem the simplest to address.
    But the $1.4 trillion health industry for years has lagged the rest of the
    economy in high-tech spending. Only agriculture and education spend less.
    
    Even in Boston, where world-class hospitals spare no expense to treat cancer
    or deliver babies, and software gurus thrive on solving complex problems,
    health care was left behind in the drive for efficiency that changed the
    face of American business in the 1990s.
    
    Dr. Harris A. Berman, chief executive of Tufts Health Plan, said the medical
    sector's failure to harness new systems is wasting a fortune: one-third of
    every health-care dollar is spent on administration.  The piles of paperwork
    and thickets of mismatched databases make life more difficult for consumers
    and affect the care they receive.  Bankers, car dealers, and tax collectors
    have all raced past health-care providers in basic technology, he said.  ...
    
    [Source: Beth Healy, *The Boston Daily Globe*, 4 Feb 2003]
    http://www.boston.com/dailyglobe2/035/nation/Old_data_systems_a_health_care_burden+.shtml
    
    ------------------------------
    
    Date: Wed, 5 Feb 2003 22:25:11 -0500
    From: Monty Solomon <montyat_private>
    Subject: Feds pull suspicious AONN.gov site
    
    By Declan McCullagh
    Staff Writer, CNET News.com
    February 5, 2003, 4:00 AM PT
    
    In a move that raises questions about the security of governmental domains,
    the Bush administration has pulled the plug on a .gov Web site pending an
    investigation into the authenticity of the organization that controlled it.
    Until recently, visitors to the AONN.gov Web site were treated to a
    smorgasbord of information about an agency calling itself the Access One
    Network Northwest (AONN), a self-described cyberwarfare unit claiming to
    employ more than 2,000 people and had the support of the U.S. Department of
    Defense.  [HOWEVER,] no federal agency called AONN appears to exist, and no
    agency with that name is on the official list of organizations maintained by
    the U.S. National Institute of Standards and Technology.  The General
    Services Administration (GSA), which runs the .gov registry, pulled the
    domain on Jan. 24, after a query from CNET News.com.  ...
    
    http://news.com.com/2100-1023-983384.html
    
      [The entire message from Declan is at 
        http://www.politechbot.com/p-04413.html
      A mirror of AONN.gov before it was taken down is at 
        http://www.politechbot.com/docs/aonn/
      A subsequent message from Declan is at 
        http://www.politechbot.com/
      as is information on how to subscribe.  Wonderful stuff.  PGN]
    
    ------------------------------
    
    Date: Wed, 05 Feb 2003 22:06:24 -0800
    From: "David Wj Stringer-Calvert" <david.stringer-calvertat_private>
    Subject: Spam filtering stops the democratic process...
    
    Rather ironically, Members of Parliament have installed an offensive-e-mail
    filtering system that overzealously blocked distribution of a Sexual
    Offences Bill as well as a Liberal Democrat consultation paper on
    censorship, among other things.  [PGN-ed.  No surprises there.]
    
    http://www.vnunet.com/News/1138508
    
    ------------------------------
    
    Date: Wed, 5 Feb 2003 13:31:34 PST
    From: "Peter G. Neumann" <neumannat_private>
    Subject: SPAM from Microsoft
    
    A colleague of mine just received this response from Microsoft, in response
    to a request to be REMOVED from an MS spam list.  He/she remarked that "Not
    only is their SQL software buggy, it is slow too..."
    
    Date: Wed, 5 Feb 2003 12:48:26 -0800 (PST)
    From: Microsoft <TechEd2003at_private>
    Subject: Don't miss TechEd 2003: The definitive Microsoft technology event ...
    
    ... Please note that it can take up to eight weeks to update customer
    information in our database; therefore, you may receive e-mail from us
    within that time period.
    
    ------------------------------
    
    Date: Sun, 02 Feb 2003 20:56:04 +0100
    From: Peter Kaiser <kaiserat_private>
    Subject: MS: Upgrade! HP: Don't upgrade!
    
    While searching the Hewlett-Packard site for information about a particular
    model of Presario 63xx computer (which, incidentally, appears unfindable
    through their usual mechanisms) I happened on
    
    http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source
    =DO020926_CW01.xml&dt=3
    
      Customer Advisory: DO020926_CW01 - Various Issues May Occur After
      Installing Windows XP Service Pack 1 On Presario 6300 Series Computers
    
      After installing Windows XP Service Pack 1 on Presario 6300 Series
      computers and then performing a non-destructive restore, the system stops
      responding and will not boot into Windows....  The user must perform a
      destructive recovery to restore the system.  All personal data that is not
      backed up will be lost....
    
      HP recommends that customers refrain from downloading and installing SP1
      on Presario 6300 Series computers at this time.
    
    "Various issues"!  HP advises customers to "check back frequently", but the
    notice has been up for 4 months.
    
    According to Microsoft, SP1 is an important upgrade:
    
      Windows XP Service Pack 1 (SP1) provides the latest security and
      reliability updates to the Windows XP family of operating systems, and
      includes Internet Explorer 6 SP1.  Windows XP SP1 is designed to ensure
      Windows XP platform compatibility with newly released software and
      hardware, and includes updates that resolve issues discovered by customers
      or by Microsoft's internal testing team.
    
    The RISK to the normal user seems clear enough: the user may perform the
    upgrade without ever knowing about the "advisory" on HP's site.  My brother,
    for whom I was doing the research, bought his computer after the date of the
    advisory, but had never heard about it; luckily I was able to warn him
    before he did anything foolish, like attempting to install this recommended
    upgrade.
    
    ------------------------------
    
    Date: Fri, 31 Jan 2003 17:25:01 -0800
    From: Colleen Shannon <cshannonat_private>
    Subject: Caida analysis of the Sapphire worm
    
    We have completed our preliminary analysis of the spread of the
    Sapphire/Slammer SQL worm.  This worm required roughly 10 minutes to spread
    worldwide making it by far the fastest worm to date.  In the early stages
    the worm was doubling in size every 8.5 seconds.  At its peak, achieved
    approximately 3 minutes after it was released, Sapphire scanned the net at
    over 55 million IP addresses per second.  It infected at least 75,000
    victims and probably considerably more.
    
    This remarkable speed, nearly two orders of magnitude faster than Code Red,
    was the result of a bandwidth-limited scanner.  Since Sapphire didn't need
    to wait for responses, each copy could scan at the maximum rate that the
    processor and network bandwidth could support.
    
    There were also two noteworthy bugs in the pseudo-random number generator
    that complicated our analysis and limited our ability to estimate the total
    infection but that did not slow the spread of the worm.
    
    The full analysis is available at
    http://www.caida.org/analysis/security/sapphire/ (click on tech report)
    http://www.silicondefense.com/sapphire/
    http://www.cs.berkeley.edu/~nweaver/sapphire/
    
    The animation (made by Ryan Koga and Jeffery Brown) is available at
    http://www.caida.org/analysis/security/sapphire/sapphire-2f-30m-2003-01-25.gif
    
    David Moore, CAIDA & UCSD CSE
    Vern Paxson, ICIR & LBNL
    Stefan Savage, UCSD CSE
    Colleen Shannon, CAIDA
    Stuart Staniford, Silicon Defense
    Nicholas Weaver, Silicon Defense and UC Berkeley EECS
    
    Caida mailing list  <Caidaat_private>
    http://login.caida.org/mailman/listinfo/caida
    
    ------------------------------
    
    Date: Thu, 30 Jan 2003 15:26:17 -0500
    From: Bob Langford <langford@silicon-masters.com>
    Subject: Re: Trouble with Prime Numbers: DeCSS, DVD, ... (Bumgarner, R-22.52)
    
    Bill Bumgarner's message in Risks 22.52 clarifying the purposes of the CSS
    encryption used on DVDs is a clear, well-written statement of why CSS is
    used.  However, there is one point on which I think he is mistaken.  He
    said, "CSS is intended to prevent unlawful access to the content in three
    ways."
    
    The problem here is the word "unlawful".  These activities are not in
    themselves unlawful, although the MPAA would like everyone, including the
    legal system, to think that they are.  These are activities the DVD
    publishers don't want you to be able to do, but with the exception of laws
    like the DMCA, they can only enforce their wishes by making it difficult.
    But to allow them to claim that they invented CSS to prevent "unlawful"
    activity makes a lot of otherwise fair uses of DVD appear illegal.
    
    I was watching a movie the other day (Goldmember) that deactivated the fast
    forward, rewind, and pause buttons on my DVD player.  The only way to watch
    it is from the beginning, without stopping.  If the phone rings, or
    something else distracts you, too bad.  You'll have to start the movie over
    to see what you missed.
    
    Are the movie studios really wanting to claim it's unlawful to watch this
    movie any other way?
    
    Bob Langford, Silicon Masters Consulting, Inc.
    
    ------------------------------
    
    Date: Thu, 6 Feb 2003 08:03:10 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Cybercrime: Vandalizing the Information Society", Furnell
    
    BKCYBCRM.RVW   20030121
    
    "Cybercrime: Vandalizing the Information Society", Steven Furnell,
    2002, 0-201-72159-7, U$29.99/C$44.95
    %A   Steven Furnell
    %C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
    %D   2002
    %G   0-201-72159-7
    %I   Addison-Wesley Publishing Co.
    %O   U$29.99/C$44.95 416-447-5101 fax: 416-443-0948 bkexpressat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/0201721597/robsladesinterne
    %P   316 p.
    %T   "Cybercrime: Vandalizing the Information Society"
    
    The preface states that this book is a general introduction to cybercrime,
    directed at any audience, and requiring no specific technical background.
    With certain provisos, those objectives are met.
    
    Chapter one is a historical look at information and the rise of the net,
    dealing particularly with basic concepts and security.  Computer related
    crime is said to be happening, in chapter two, and some anecdotal examples
    are given.  Blackhat "celebrities" and groups are examined in chapter three.
    While the jargon that Furnell uses tends to come from the media, his
    research is obviously superior to that of many similar books on the topic.
    Chapter four lists some exploits and attack approaches.  Malware, in chapter
    five, also shows better than normal investigation, although some of the
    terminology is dated.  Societal aspects of cybercrime, in chapter six, seems
    to rely primarily on opinion surveys, but there is some interesting material
    on laws and the public perception of cybercriminals.  Recent developments,
    such as ethical hacking, hacktivism, information warfare, and
    cyberterrorism, are collected in chapter seven.  Chapter eight lists some
    recommended security practices.
    
    The book does fall into the all-too-usual trap of concentrating on the
    sensational side of information and network related crime (that of the
    outside, and targeted, intruder), and therefore fails to provide a complete
    picture.  However, within its limits, the work does present a reasonable and
    balanced view.
    
    copyright, Robert M. Slade, 2003   BKCYBCRM.RVW   20030121
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    ------------------------------
    
    Date: Mon, 20 Jan 2003 08:06:51 -0800
    From: Rob Slade <rsladeat_private>
    Subject: REVIEW: "Cyberlaw: National and International Perspectives", Girasa
    
    BKCBRLAW.RVW   20021126
    
    "Cyberlaw: National and International Perspectives", Roy J. Girasa,
    2002, 0-13-065564-3
    %A   Roy J. Girasa rgirasaat_private www.prenhall.com/girasa
    %C   One Lake St., Upper Saddle River, NJ   07458
    %D   2002
    %G   0-13-065564-3
    %I   Prentice Hall
    %O   +1-201-236-7139 fax: +1-201-236-7131
    %O  http://www.amazon.com/exec/obidos/ASIN/0130655643/robsladesinterne
    %P   433 p.
    %T   "Cyberlaw: National and International Perspectives"
    
    The back cover states that this is the "most comprehensive Internet law text
    for students of any discipline."  The preface doesn't really contradict that
    statement, but then, it doesn't really specify a particular audience.  The
    text itself, on the other hand, does not appear to be a reference, but
    rather a textbook for law students, and law students only.  (American law
    students, at that.)  While one cannot fault the author for the presumption
    of the publisher (who ultimately gets to decide on jacket copy), the overly
    broad attempt at marketing is going to be frustrating for some readers.
    
    Part one provides an introduction and examines jurisdiction.  Chapter one is
    an introduction and overview of both the technology and law.  This
    demonstrates a number of limitations (the technology is limited to the
    Internet), and, of course, the sort of bias one would expect to see in a
    legal text.  (The definition of the Internet is taken from a "Finding of
    Fact" in the case that struck down the Communications Decency Act and
    contains a number of errors in terminology and, well, fact.  The legal
    system is described only in terms of the various levels of US courts.)  A
    number of cases regarding jurisdiction, first between US states and then
    between states and foreign States, is presented in chapter two.  While this
    will undoubtedly be of value to US lawyers engaged in such battles, for the
    layman the best that can be determined is that a) the situation is
    indeterminate, and b) the material is confusing.
    
    Part two deals with contracts, torts, and criminal law aspects of
    cyberspace.  Chapter three looks at US case law regarding contracts and
    torts, including related topics such as commercial codes like UCITA.  (Many
    implications of the legislation are poorly expressed: there are several
    paragraphs describing the implied warranties under UCITA, and a brief
    mention of the fact that using the words "as is" voids them all.)  The
    construction of chapter four is very odd, since it begins with a review of
    international statutes dealing with commercial online transactions, and then
    moves on to torts, and back to US cases.  Although the first presentation of
    criminal cases is from Germany, all of the remaining material in chapter
    five, primarily on censorship, obscenity, and a little fraud, comes from the
    US.
    
    Part three looks at intellectual property rights.  Most of the copyright
    cases in chapter six, all from the US, deal with general issues unrelated to
    technology, at least not directly, while the cases presented in chapter
    seven are more directly related to technology.  Chapter eight deals with
    trademarks, and the relation to technology is primarily made in terms of
    cybersquatting (the practice of registering a domain name using a famous
    name or trademark, so that the owner must buy it from you).  Patents and
    trade secrets are covered in chapter nine, and the relation to network
    technology is rather slim.
    
    Part four addresses privacy and security issues.  Except that there is only
    chapter ten, on privacy.
    
    Part five talks about antitrust, securities regulation, and relaxation.
    Antitrust, in chapter eleven, covers Microsoft, IBM, and a number of others.
    Chapter twelve's review of securities regulation cases primarily deals with
    fraud, and the technical links are basically irrelevant.  The taxation of
    net businesses is in chapter thirteen.
    
    As a textbook for law school students, this is undoubtedly useful.  The
    cases are collected, and questions are asked to encourage students to think
    about various aspects of cases, and related precedents that might be
    applicable.  While US structures and law predominate, there is not only
    acknowledgement of foreign legislation, but some detailed case examination
    as well.  In fact, practicing lawyers would also find this volume extremely
    valuable, for the direction in terms of case research on precedent if
    nothing else.  For non-lawyers, such as security professionals, the content
    is extremely frustrating: all questions and no answers.  Still, given the
    extremely murky state of US law in regard to the net and technology, this
    tome certainly could be worthwhile, even for those outside the US legal
    system.
    
    copyright Robert M. Slade, 2002   BKCBRLAW.RVW   20021126
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    
    ------------------------------
    
    Date: 29 Mar 2002 (LAST-MODIFIED)
    From: RISKS-requestat_private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-requestat_private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomoat_private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .MIL users should contact <risks-requestat_private> (Dennis Rears).
       .UK users should contact <Lindsay.Marshallat_private>.
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risksat_private with meaningful SUBJECT: line.
    => ARCHIVES are available: ftp://ftp.sri.com/risks or
     ftp ftp.sri.com<CR>login anonymous<CR>[YourNetAddress]<CR>cd risks
       [volume-summary issues are in risks-*.00]
       [back volumes have their own subdirectories, e.g., "cd 21" for volume 21]
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue].
       Lindsay Marshall has also added to the Newcastle catless site a
       palmtop version of the most recent RISKS issue and a WAP version that
       works for many but not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 22.54
    ************************
    



    This archive was generated by hypermail 2b30 : Thu Feb 06 2003 - 17:38:26 PST