Slashdot Mirror

http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html# IsItIllegalToAsk

" Is this even true that I would have to have my photo and SSN taken when I buy a used DVD?"

The short answer to the part about the SSN is probably not. As this site points out, there are specific restrictions on the use of the Social Security Number, and you generally don't need to give it. From the site:

"In addition, that section makes it illegal for Federal, state, and local government agencies to deny any rights, privileges or benefits to individuals who refuse to provide their SSNs unless the disclosure is required by Federal statute, or the disclosure is to an agency for use in a record system which required the SSN before 1975. ( 5 USC 552a note)."

More than likely, when they're talking about "personally identifiable information", they're talking about simple things like name, address, telephone number. Basically, they want to be able to find the person should there be a problem with the sale at a later date. I personally don't see where they have any right to require this, but unless you have the funds to fight it in court, chances are you have little choice.

Welcome to the land of the free, now please step this way so we can get your name, address, telephone number, date of birth, social security number, current occupation, annual income, political allegiances, place of origin, ethnicity, financial history, medical history, criminal history, political beliefs, religious beliefs, shopping habits, list of friends and aquantences, sexual preferences, and a list of books you like to read. In addition, we would also ask that you be fingerprinted, submit to a retinal scan and a polygraph, give a blood sample, hair sample, handwriting sample, urine sample, and wear this GPS-enabled chip under the skin of your left arm after we stamp your barcode there.

Well that's great, but Microsoft (and many others) argue that you need to agree to the EULA to use the software. It's even law in some places.

Not in the US, it isn't.

Ever heard of UCITA?

If you don't like it, don't buy, it's really that simple.

How could he know that he doesn't accept the license terms until he sees them?

Here, the "return it" refers to the software product. Why should Microsoft be able to prevent the sale of the computer (or put another way: why should Microsoft be able to dictate the terms of the sale of the hardware - what authority gives them the right to say to the vendor "you must refund the whole package, not just our part")?

Microsoft shouldn't be able to dictate the terms of the sale. That's why their EULA is not binding on the person who sold you the software. As for the authority to tell the vendor what the vendor can and cannot accept, if Microsoft actually does that (and I doubt they do), the authority is a contractual agreement.

So in other words, he should be able to get a refund on just the software?

Perhaps he assumed there was a EULA that was acceptable.

Perhaps so, but I doubt it.

Why? You are automatically assuming he's a troublemaker, and like I said, it makes you sound pretty prejudiced.

That makes you sound pretty prejudiced - assume he's a dick because he wants his money back for something that he bought in good faith?

I doubt he bought it in good faith.

Why?

In any other industry, dictating terms after the sale would be considered amazingly poor business, doubly so if you refused to take back the goods.

The only one trying to dictate terms after the sale is the purchaser.

That's blatantly false. Microsoft is dictating terms after the sale with the EULA.

The seller sold a computer system with a CD, nothing more.

I think you'll find that everywhere advertises it as Windows, not "A CD that contains Windows, which you may license if you accept the terms inside the box that you only get after you pay us".

But none of that is applicable for most users, because most users don't need to agree to the EULA in the first place.

If that's true, then why does it exist in the first place?

>What a load of FUD.

Pull the wool off in the new few paragraphs. This is one of the many reasons to detest MS.

>Do you know how much of a backlash there would be if MS put a trojan in their products, and it was discovered by anyone, possibly by noticing their computers randomly connect to the US?

Not much.

>That would be a absolutely stupid business decision.

Not really.

TTYL + HTH!

But seriously, does anyone thing they have an absolute Constitional Right to anonymity when they use the internet or check out books in the library?

The general case is that you have a right to anonymously publish or read. Without this right, our right to free speech is shallow and nearly meaningless. The right to anonymously read ensures that if you're curious about the principles of Communism, you won't be dragged in front of the House Unamerican Activities Comission or any similar modern witch hunt. It ensures that your teenage fling with Anarchism isn't going to taint your job record twenty years later. Without anonymity, you put yourself at risk of future loss for what you read today, or you limit what you read to official sanctioned materials.

The right to anonymously publish ensures that you can get your work out even if powerful forces attempt to silence you. Sure, in the long run the First Amendment should protect you, but in the short run your life can be destroyed. Our founding fathers (assert(reader.nationality==AMERICAN)) used anonymous publications to raise public support against the British and for the new Constitution. The Supreme Court has ruled in favor of anonymous speech (repeatedly).

Given that anonymous speech and reading is essential to free speech, it's only natural that the same rules would apply to the internet and libraries. The internet is simply a new way to express yourself. Allowing anonymous pamphlettering, publishing, and speech, but prohibiting anonymous speech on the internet is silly. Similarly, public libraries exist in part to support an educated citizenry. If citizens are afraid to check out "dangerous" books to educate themselves, we're stifling the democratic process which requires free access to information.

I understand that the CPSR was formed out of concern for the reliability of the software that would operate the Strategic Defense Initiative (Star Wars) - the problem being that there was only one way to test the full system in action, and that's to have a nuclear war. They argued that the SDI couldn't provide adequate protection because it wouldn't be reliable. Here's a page full of links on CPSR & Star Wars.

But they do all kinds of work in trying to inform the public and policy makers about the social issues involved in computing.

I don't see anything on their site about TCPA but I think they would be enthusiastic about taking the issue up.

I understand that the CPSR was formed out of concern for the reliability of the software that would operate the Strategic Defense Initiative (Star Wars) - the problem being that there was only one way to test the full system in action, and that's to have a nuclear war. They argued that the SDI couldn't provide adequate protection because it wouldn't be reliable. Here's a page full of links on CPSR & Star Wars.

But they do all kinds of work in trying to inform the public and policy makers about the social issues involved in computing.

I don't see anything on their site about TCPA but I think they would be enthusiastic about taking the issue up.

Something like has happened before, just on a much smaller market/scale: Radio Scanners, at the behest of the Cell Phone Industry in the Electronic Communications Privacy Act of 1986 were required to NOT BE ABLE TO SCAN the 800Mhz analog cell phone band. Previously, under 1930's communication laws, someone with a radio could listen to anything, altho it was illegal to use or act on such information. Anyway, here we are, cell band scanners are outlawed and only outlaws own cell enabled scanners. Again, scanner enthusiasts are a very small crowd - forcing such draconian measures on the PC market may be much more difficult.

When the Social Security system, everyone received a social security number that we were assured that it would not be used as a personal ID number. But, there was never a law passed to keep it from being an ID number.

Then, of course, we got used to it... everyone has a social security number. It became a defacto ID number. At my school, each student is given an id number, but rarely does anyone know it, because you can use your SS# anywhere you need your id#.

Now, with the war on terrorism, I'm sure someone will get the bright idea of changing the SS# into an identification number, and across the country, millions of people will scratch their heads and say, "What was it before?"

The ACLU has a a long track record of defending spam as somehow Frea Speach that's worthy of First Amendment protection.

Looking at the ACLU's website, the only things I can find about spam are: several suggestions that they are looking closely at the problem and the proposed legislation, which is unarguably sound; and the assertion that the disputed e-mail in the Hamidi/Intel case is not spam, which does not seem to be supportive of spam in itself. Can you provide a current link to ACLU policy on spam?

Spammer.

The article linked to (from 1997) says that the many bills that seek to control commercial e-mail on the basis of content face First Amendment issues, and that state-specific legislation also has jurisdictional problems. Personally, I'd rather see spam fail for social and technical reasons, rather than legislative. Certainly if I had to choose between Free Speech and eliminating spam, I know what my choice would be.

And if that isn't enough, how 'bout another word:

Spammer.

The ACLU has a a long track record of defending spam as somehow Frea Speach that's worthy of First Amendment protection.

1997: "commercial speech restrictions on telemarketing calls and unsolicited fax advertisements have passed First Amendment challenges but direct mail and door-to-door solicitations enjoy much greater protection. Given the Supreme Court decision in ACLU v. Reno, on-line messages should receive the same First Amendment protection given traditional print media, which includes commercial mailings."

2000: "...and groups like the American Civil Liberties Union that oppose any restrictions on commercial e-mail"

2001:The argument raised by the ACLU and other memters of the First Amendment lobby is that spam, like junk mail in our offline mailboxes, is a nuisance that still must be protected."

In fact, ACLU has always supported spammers, going back to 1995.

Source: CuD (Computer underground Digest) 7.50

This issue of CuD quotes from Canter and Siegel's (the original "Green Card Lawyers" spammers) as follows:

"In May of 1994, believing that the EFF really did support freedom of speech in the same broad and democratic manner as did the ACLU, we initiated a discussion with Mike Godwin, an EFF lawyer. We wanted his views on the censorship issues raised by the behavior of electronic vandals and access providers who had pulled our account for performing the perfectly legal act of Internet advertising. We were amazed when Godwin stated to us that he was so busy sympathizing with those who opposed us, that he had no sympathy left for the other side. So much for freedom of speech (p. 194)."

-- Canter and Siegel, "How to make a FORTUNE on the Information Superhighway: Everyone's Guerilla Guide to Marketing on the Internet and other On-line Services", 1995

To which I can only add:

"Fuck the ACLU and the pigload of potted meat product it rode in under."

-- Me, 2002.

And if that isn't enough, how 'bout another word:

Spammer.

The ACLU has a a long track record of defending spam as somehow Frea Speach that's worthy of First Amendment protection.

1997: "commercial speech restrictions on telemarketing calls and unsolicited fax advertisements have passed First Amendment challenges but direct mail and door-to-door solicitations enjoy much greater protection. Given the Supreme Court decision in ACLU v. Reno, on-line messages should receive the same First Amendment protection given traditional print media, which includes commercial mailings."

2000: "...and groups like the American Civil Liberties Union that oppose any restrictions on commercial e-mail"

2001:The argument raised by the ACLU and other memters of the First Amendment lobby is that spam, like junk mail in our offline mailboxes, is a nuisance that still must be protected."

In fact, ACLU has always supported spammers, going back to 1995.

Source: CuD (Computer underground Digest) 7.50

This issue of CuD quotes from Canter and Siegel's (the original "Green Card Lawyers" spammers) as follows:

"In May of 1994, believing that the EFF really did support freedom of speech in the same broad and democratic manner as did the ACLU, we initiated a discussion with Mike Godwin, an EFF lawyer. We wanted his views on the censorship issues raised by the behavior of electronic vandals and access providers who had pulled our account for performing the perfectly legal act of Internet advertising. We were amazed when Godwin stated to us that he was so busy sympathizing with those who opposed us, that he had no sympathy left for the other side. So much for freedom of speech (p. 194)."

-- Canter and Siegel, "How to make a FORTUNE on the Information Superhighway: Everyone's Guerilla Guide to Marketing on the Internet and other On-line Services", 1995

To which I can only add:

"Fuck the ACLU and the pigload of potted meat product it rode in under."

-- Me, 2002.

This technology means that if I want to upgrade my BIOS, I can't just download the latest BIOS image from DELL. Now, DELL needs to jump through the M$ hoops and get the code signed by a private key.

Sure, you might assume that many vendors will hold a signing key, and that they will all be able to sign their own code. However, you only need to compromise one master key to defeat the system. It is unlikely that there will be more than a handfull of signing keys (One each for Microsoft, Intel, AMD, and IBM).

This means than any software vendor who wants to write code that runs in kernel space (device drivers... goodbye Ethereal) or handles digital media (music, video, images... goodbye Mozilla, GIMP, etc) or interacts with any of these things, will need to be signed. Once they've won the initial battle, they sign IE, WMP, and Office, but create a bureaucracy to sign competitor's products. (You thought OS licensing was expensive?) Also, every new release will need to be signed. Sound like an open-source killer? Sounds like blatant anti-trust to me.

You might think this is not a big deal, because open source media players suck anyway. But if this catches on, then a few years from now, you won't have a choice of media players (or web browsers or whatever...) Not that it would matter which one you picked because M$ gets royalties for them all... And since they can sign a piece of code with an expiration date, they can always force you to upgrade to the latest version!!! (They call it a "feature" which requires you to apply security patches...)

The best part of all this is that it's now enforced by Hardware! Which means that you won't be able to turn it off. It could prevent you from booting from a (non-signed) floppy disk. Goodbye Linux... Goodbye BSD...

Guess I'll be getting an Apple...

When is the security end-user community going to come together and fight this as a united front? Make the repurcussions for releasing exploit code so financially devastating, that companies will tremble in fear of releasing -anything- without following proper disclosure [vulnwatch.org].
Perhaps litigation and financial awards would be a good start.

UCITA allows software publishers to sell their products "as is" and to disclaim liability for product shortcomings.

IANAL, but until very recently, your suspicions were basically correct; company lawyers have their field day with shrink-wrap licenses but they're very very careful not to test the more exotic provisions in court.

That is, until they're safely set up inside a UCITA-adopting state.

Why, you ask? What's this UCITA anyway? Not another acronym. I'm too lazy to write another letter. Trying to keep my phone bill down. And I can never keep my boycotts straight once I get to the store.

From the mouth of the beast...

And on a slightly more ethical tip...

The FSF's writeup

And the CPSR's writeup...

Google will give you more.

Think your EULA's not binding? UCITA gives it all that 100%-All-American Bought and Paid For Congressional Stamp of Approval. Some democracy we have, huh?

-David

Let's hope the hardware encryption is as robust as the XBox (or any other encryption hardware for that matter)

Xix.

Denning was one of the main professors pushing Clipper.

It helps to develop a set of goals. What I think are the goals of copyright. As an American, I'll start with the US constitution:

"The Congress shall have power . . . to promote the progress of science and useful arts . . . by securing for limited times to authors and inventors the exclusive rights to their respective writings and discoveries."

Will more books or music be created because exclusive rights to the works will be granted for 75 years past the author's death rather than 50 or 25 years? The answer is probably yes. Someone, somewhere, will write more or put in extra effort because the effort may support their grandchildren. And a company, looking into the far future, may feel that 75 years will be enough time to make a project profitable, while 25 years may not. That said, less works may also be created. Authors who have written a story based upon `Lord of the Rings' may be unable to have their work distributed during their lifetime. It seems clear to me that very long copyright terms will actually hurt advancement.

So I argue that if the sole goal of copyright is to promote progress, the real goal is to provide economic modivation of authors while not overly restricting the rights of others to use those works.

My proposal

I'd claim that a short period of exclusive rights, followed by a longer period of exclusive commercial rights would best solve this problem. Say that the author has exclusive rights for 5 years and exclusive commercial rights for another 30 years. So, for example, a book written 5 years ago could be distributed for free, with no commercial gain (payment, advertisements, etc.) but only the author could sell the book or use it in a commercial situation (using a character from the book to sell soap for example.) An author who wrote a book dirivative of the first could freely distribute it 5 years after the original book came out, but could not sell it until 35 years had passed (without the original authors permission). Just my thoughts. Let me close with someone else's thoughts:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of everyone, and the receiver cannot dispossess himself of it.

In this pleading, Microsoft themselves admit that their stuff is widely installed on Federal Interest Computers.

Microsoft's use of so-called operating system patches to disable user mail applications and replace them with the Outlook mail server application is unauthorized hacking of Federal Interest Computers, a Federal felony under US Code Title 18 Section 1030 (the COMPUTER FRAUD AND ABUSE STATUTE: see http://www.cpsr.org/cpsr/privacy/crime/fraud.act.t xt).

Microsoft's pervasive practice of using their upgrade/patch excuse for hacking Federal computers and replacing relatively secure software like Eudora with nightmares like Outlook (which is itself responsible for something like 80% of the viruses and worms on the net!)is a violation by my reading of the Act (but IANAL). I think that Paragraph (b)(1)(B) ought to be applied!

If they make you give out a SSN, there's a series of numbers that are approved for use in advertisements, etc. Check out:
http://www.cpsr.org/cpsr/privacy/ssn/SSN-addendum. html#FakeNumbers
for more info on numbers you may be able to give out in lieu of your real one. Of course be careful, because in some cases giving out a false SSN can expose you to criminal penalties.

The thing is, SSNs aren't unique IDs. Oh, they're supposed to be, but screw-ups by the SSA and by people innocently using numbers that weren't theirs means that there are plenty of duplicates around.

And any database designer worth his paycheck should bloody well know that (there's a good summary of the problems here). And any software designer worthy of the name should include a "Generate Unique ID" button on any data entry screen that otherwise might want SSN just as a key.

Heck, even if there's a requirement for SSN in the database (eg tax-related info), don't use that as the bloody key. Banks don't use your SSN as your account number, after all. (At least, not the ones I deal with.)

However, Physicians are centrally licensed by the American Medical Association in order to prevent the widespread public harm by quacks. The same goes for Psychiatrists, Architects, Lawyers, etc. All of these groups are able to enforce their own oaths because you can be disbarred, de-licensed, etc. for violating them. Once that has happened it is a crime to practice your profession and many countries will send you to jail (for fraud if nothing else) for trying.

Similarly most patients, plaintiffs, etc. are not in a position to go over national (or even state) borders to find a cheaper (unlicensed) practitioner. Nor are many in a position of being their own legal counsel or physician (although many are forced to economically). As a result the oaths and their violations have teeth.

There is no central body controlling software developers or engineers in this way, nor do I think that there should be, per se. I believe that ethics in engineering is a valid thing (see works by Samuel C. Florman for more discussion.)

Yet, I do not think that the field can be so easily regulated. Physicians say "Do no Harm" that means "Do not kill people" Lawyers say "Do not lie" (and they mean it whatever common wisdom holds). But what does that mean for software developers?

"Do not help the wrong people get information?" Who are the "wrong people" many people (myself excluded) feel that "the government" should have any and all information it can on people as "Innocent People have nothing to hide" (John Ashcroft). Many others do not.

Similarly many people (myself included) feel that the RIAA is overstepping its bounds on trying to control users and should not be allowed to mandate national copyright control. Many others disagree, not because they are greedy bastards but because they support strong copyright.

The same questions could be made about developing weapons, Blue Boxes, and working for the DEA, etc. Because such ideas are not so clear-cut I don't think that you could easily put together a national consensus (or even a local consensus) on just what is and is not "harm." As endless language debates have shown "Clean code" is a debatable point.

That having been said, I think that ethics are a good thing, and that we as geeks should enforce them in our peers and ourselves as much as possible. This may include returning to the age-old custom of shunning sinners. At the very least we can work to see that what we do in our professional and personal development is good, and ensure that, when we have a say, no-one gets hired to our companies who doesn't measure up.

You might see also:

Computer Professionals for Social Responsibility
The Association for Computing Machinery
and their working group on Computers in Society

My $0.02.
Irvu.

the creating community connection project might be of interest. while it's a little dated, an online paper [pdf], gives "...an overview of the C3 system, a description of the research design and methodology, a summary and discussion of the results obtained via one-on-one interviews with each family conducted in August 2000, as well as follow-up site-visits with a targeted sample of families during the months of March and April 2001, and finally, lessons learned and a step-by-step recommendations for future initiatives."

if you're in the seattle area around may 16-19 you might want to check out the shaping the network society, which is going to have presentations galore on wired and wireless community networks.

On organization called "Computer Professionals for Social Responsiblity" recently submitted a letter to the Senate Judiciary committee, the five Senate sponsors, and Representatives Boucher and Schiff, to express their concerns regarding the CBDTPA.

Support the EFF. Support the Computer Professionals for Social Responsibility. Support any organization that can rally opposition. Donate as much as you can. And if you happen to make the Forbes list one day, then start your own foundation.

Remember, money doesn't come with citizenship. Washington D.C. is lousy with lobbyists representing foreign interests.

I guess it was far more important to discuss MSN, MP3s, ATI and the like rather than THE LOSS OF CIVIL LIBERTIES AND UNIVERSAL MONITORING OF NETWORK TRAFFIC. Good Job Slashdot! Toys are much more important than life, right?

Any business that demands your SSN for service can get into trouble with the Federal Govt. for doing so.

Bzzzt. Not true. A private business can ask for your SSN, and you can refuse to give it, but they can also refuse service. See the SSN FAQ at networkusa.org, the CPSR SSN FAQ or the SSA FAQ

What about the list of books I've checked out from the library? The list of movies I've rented? To the best of my knowledge both are protected; in the case of video rentals by the video rental privacy act which allegedly came about as a direct result of some reporters checking into their congressmen's video rental habits. Shouldn't web sites visited fall into the same general category? Maybe posting a list of websites visited by selected congressmen would have the same effect as it did with movie rentals. (-:

I'll bet you did not have to show your SS card to the clerk. Few people ever ask to see an SSN card; they believe whatever you say.

If someone absolutely insists on getting your Social Security Number, you may want to give a fake number. There are legal penalties for providing a false number when you expect to gain some benefit from it. For example, a federal court of appeals ruled that using a false SSN to get a Driver's License violates federal law.

Making a 9-digit number up at random is a bad idea, as it may coincide with someone's real number and cause them some amount of grief. It's better to use a number like 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it. There were at least 40 different people in the Selective Service database at one point who gave this number as their SSN. The Social Security Administration recommends that people showing Social Security cards in advertisements use numbers in the range 987-65-4320 through 987-65-4329.

There are several patterns that have never been assigned, and which therefore don't conflict with anyone's real number. They include numbers with any field all zeroes, and numbers with a first digit of 8 or 9.

Follow this link to see more details on the structure of SSNs and how they are assigned.

I look at the things the ACLU has written, and although I do not disagree with a single thing they say, it seems a little light on facts. I feel I am in the "know" about computer security issues and how they impact my rights, however this stuff just seems to be written on a very low level. This has made me wonder, usually when I talk to someone about why the actions of the US government are creepy right now I get into details - I explain the whole clipper chip fiasco, and I get them to ponder the real reason the feds case was dropped (google cache) so quickly against Phil Zimmerman. Anyway, this means almost always gets others to be more in the "know." But is this approach not appropriate in dealing with my representatives? I realize that for many in congress the little people's letters are just read by someone else and tallied and maybe a few are handed over with the stats... But should I send a cookie-cutter boxing-gloves-on letter, or a diatribe explaining not just things are bad - but WHY?

another good reason to use the cryptix library.

There is a bunch of good info on open source crypto and how US govt restrictions on crypto will simply mean that the rest of the world has better crypto than they do at cpsr.org.

europe has gone open source crypto mad. the germans are keen, the eu has just busted eschelon wide open and their conclusion is that everyone in the eu should be using oscrypto. you can bet your ass that everyone will use the strongest cheapest crypto they can - and that will be open, free and so tough you'll need a quantum computer to crack it.

still, thinking about it, quantum computers are so small they'll probably be spray on everywhere things . - so perhaps all this talk is already redundant. software based encryption is already redundant.

dave

UCITA in the states

Pushing one bill through Congress is one thing, pushing the same bill through 50 states is something else entirely.

http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html -c

Actually since 1943 FDR has been a liar. The SS Numbers have been used as national ID ever since. They are supposed to be required by all states for Driver Licenses as well (airports are required by law to reject any DL without the number on it.), but most states and airports allow you to ignore that rule. The problem really isn't government use, but the fact that every coorperation on the planet has decided this will be the primary key for the user, instead of making up their own. And then they'll use the number for both authentition and identification, compounding the problem even more. Is it really that hard for someone to generate a new random number for a user. I'm sure RSA could help somehow on this one, since they really like generating random numbers. I doubt we'll ever get rid of the silly things now, even if the Social Security department collaspes.

http://www.cpsr.org/cpsr/privacy/ssn/ssn.structure .html

...you *can* legally change your SS# *if* you can prove that your current one has been used in ID theft and exposes you to similar crimes in the future.

Link here.


this .sig really belongs to my purusa

But:
The constitution doesnt guarantee anonymous speech. In Talley v California (1960), three of the justices said "I stand second to none in supporting Talley's right of free speech -- but not his freedom of anonymity. The Constitution says nothing about freedom of anonymous speech."
--

So, in other words, a business effectively can force you to give your SSN. For example, your electric utility wants your SSN. They can't force you to give it, but if you don't, they don't have to provide electricity to your home. That's a pretty good hammer they have there. (N.B., my utility companies provided service without an SSN, but required a deposit, on which they paid 8% interest, heh).

The SSN FAQ goes into some detail on the business question, and states that "Private companies aren't required to follow this law [the Privacy Act], and in general your recourse is to find another company to do business with if you don't like their policies."

I'm gratified to hear the SSA answered your call quickly and courteously. It's all too uncommon in both enterprise and government anymore.

--

RE: I'm not sure what law prevents you from reverse engineering a file format!

UCITA has another indirect consequence that would hamstring free software development in the long term -- it gives proprietary software developers the power to prohibit reverse engineering. This would make it easy for them to establish secret file formats and protocols, which there would be no lawful way for us to figure out.

This was some time ago, so I had to refresh my knowledge base:

good description
Epic's rundown
Computer Security Resource Center version

Also useful is this interesting coverage of the exact aims of AFFECT, and their issues with UCITA, which I also found to be useful, and so I cited it.
--
Clarity does not require the absence of impurities,

"I stand second to none in supporting Talley's right of free speech -- but not his freedom of anonymity. The Constitution says nothing about freedom of anonymous speech. "
--

Is it illegal for someone to ask for my SSN?

The short answer is that there are many restrictions on government agencies asking for your number, but few on individuals or companies. When someone from a government agency asks for your number, they are required to provide a Privacy Act Disclosure Notice, which is required to tell you what law allows them to ask, whether you have to provide your number, and what will happen if you don't provide the number.

Private companies aren't required to follow this law, and in general your recourse is to find another company to do business with if you don't like their policies.

And Mom and Dad probably have a good FERPA case against the school district for mentioning that little fact to the media, regardless of the outcome of this case. If a school districted tried that with my kid, I'd pony up for counsel and own their sorry butts.

Is legal to

• Perform such a surprise audit ?
• Implicitly act as if they were guilty and just waste the state's money ?
• Accept this money if there's a doubt it may not be due ?

Two factors are at work here:

1. The City of Virginia Beach is a public entity, and as such is subject to open records laws, including federal, state, and local statutes.
2. The shrinkwrap licenses included with Microsoft products permit Microsoft to "demand" an audit of installed software and associated licenses.

Whether a shrinkwrap license is an enforceable contract is a subject of considerable debate. However, because Virginia has passed UCITA, cities (and other customers, including individuals) in that state would appear to have little recourse.

So, it appears that "that" is legal.

Do they actually have any right to check on whether the software you use is legal?

Two factors are at work here:

1. The City of Virginia Beach is a public entity, and as such is subject to open records laws, including federal, state, and local statutes.
2. The shrinkwrap licenses included with Microsoft products permit Microsoft to "demand" an audit of installed software and associated licenses. Whether a shrinkwrap license is an enforceable contract is a subject of considerable debate. However, because Virginia has passed UCITA, cities (and other customers, including individuals) in that state would appear to have little recourse.

I hope this information helps.

If the media would give any attention to this issue at all, it could only help to further the spread of GPL'ed software.

GREAT WEBSITE>>>> www.thelinuxpimp.com

Computer Professionals for Social Responsibility concludes their analysis of the Hollerith readers used to score the ballots as follows:

"CPSR has been studying Vote-O-Matic-type vote counting systems for over ten years. Experts, including CPSR's own project personnel, have concluded that the Vote-O-Matic system has inherent accuracy limitations. Furthermore, careful manual counting of Vote-O-Matic ballots should always be more accurate than machine counts."

this is largely a result of the now-infamous "chads."