Domain: nsi.org
Stories and comments across the archive that link to nsi.org.
Comments · 29
-
Government Regs on How to Transmit Classified Data
Check out the DoD's guidelines for securing classified data:
http://nsi.org/Library/Govt/Nispom.html
Especially pertinent here is Transmission policy for different types of classified data
http://nsi.org/Library/Govt/Nispom.html#link5
and network security
http://nsi.org/Library/Govt/Nispom.html#link8
Not exactly scintillating reading, but them's the rules. -
Government Regs on How to Transmit Classified Data
Check out the DoD's guidelines for securing classified data:
http://nsi.org/Library/Govt/Nispom.html
Especially pertinent here is Transmission policy for different types of classified data
http://nsi.org/Library/Govt/Nispom.html#link5
and network security
http://nsi.org/Library/Govt/Nispom.html#link8
Not exactly scintillating reading, but them's the rules. -
Government Regs on How to Transmit Classified Data
Check out the DoD's guidelines for securing classified data:
http://nsi.org/Library/Govt/Nispom.html
Especially pertinent here is Transmission policy for different types of classified data
http://nsi.org/Library/Govt/Nispom.html#link5
and network security
http://nsi.org/Library/Govt/Nispom.html#link8
Not exactly scintillating reading, but them's the rules. -
Re:Maybe it's the wrong charge.
I'm pretty sure that there are laws against industrial espionage. "Spying" is a sort of general, while industrial espionage is more specific. Describing the above offense as "spying" is fairly accurate.
http://nsi.org/Library/Legis/bill1556.html
The person who committed the crime is obviously liable. The people who payed him for the information are only slightly less obviously liable.
And, oh yeah. There are a myriad of conspiracy laws on the books. Everyone involved in stealing the information obviously conspired to perform the act, and to pay for the information.
While the espionage charges are pretty serious, it must be pointed out that the conspiracy is FAR MORE serious. Ask any judge, lawyer, legal advisor, or even a cop.
An INTELLIGENT prosecutor can put some people into prison over this, with some pretty serious sentencing time.
-
Re:Why not just block their ads?
I would not bet on that. A quick look at the California law shows plenty of ambiguity.
http://nsi.org/Library/Compsec/computerlaw/Californ.txt
Here are a couple of catchy little numbers from that page, all under the sub heading "any person who commits any of the following acts is guilty of a public offense":
Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.
Knowingly and without permission uses or causes to be used computer services.
Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.
A lawyer would tell you there is a LOT of wiggle room just in those phrases. For example "causes the disruption of computer services" seems to be just what is advocated here.
Depending on exactly what section was applied, fines run up to $10,000 and the cost free, forced accommodations is up to three years. Google is in California, right? -
This article makes no sense.
Ok, 502 is referring to the California Penal Code, 502 which is all about computer hacking. I just read the entire thing. The law is pretty clear on how this guy can be charged and PROTECTS administrators that operate with in the scope. Just because an admin has a modem or some other device (it could be a satellite uplink/downlink, or DSL modem, or a direct Network-over-Radio connection) to connect to their employer network does not mean they are breaking the law, in fact, most of the time, it is protected under the law. Read the Penal Code! http://nsi.org/Library/Compsec/computerlaw/Californ.txt
-
Re:Mmmmm... No.
What law? In this case, the State's trying t'use "disrupting computer services", which is a California-specific law. From a look at the text, it looks like you only must give the password to your boss if he or she is "authorized" to have it. I'm assuming the charges are based on:
This one, among others probably. Your work passwords are the intellectual property of your employer.
Don't take my word for it. Ask an attorney.
(5) Knowingly and without permission
... causes the denial of computer services to an
authorized user of a computer, computer system, or computer network.I also admit, this isn't the best written set of charges out there. Just that it's correct on the essential point. He had lots of legal options and chose to use none of them. He stole his employer's property, he went to jail.
The question is whether his bosses were "authorized".
No. Not your job to decide what's authorized. Your manager decides what's authorized. He/she gives you an order, you follow it or quit, your choice. Just don't steal anything on the way out.
As a layman, it looks to me as though Childs was correct in refusing to give out the passwords (although I'm not familiar with any relevant city policies granting authorization, again I'm pretty darned sure the HR guy isn't supposed to have 'em).
Thank you for at least admitting you are a layman.
Giving out incorrect passwords was a bad move, but easily attributed to the pressure of the surprise party.
Nope. It's pretty much making him look guilty.
-
Re:Mmmmm... No.
These articles imply that it's not "good practice" to give passwords out. If that's really his defense, it's specious and deceptive. If your boss demands a password, you have to give it, by law.
What law? In this case, the State's trying t'use "disrupting computer services", which is a California-specific law. From a look at the text, it looks like you only must give the password to your boss if he or she is "authorized" to have it. I'm assuming the charges are based on:
(5) Knowingly and without permission
... causes the denial of computer services to an authorized user of a computer, computer system, or computer network.The question is whether his bosses were "authorized". If they -aren't-, it's criminal to give them the passwords, under the same section. Tricky. This is a government network in question, so the matter of authorization may not be clear. I have trouble with the scenario in which the police CIO, a military information defense worker, a couple of engineers, and especially a human resources rep would have authorization for administrative control of the city's network without a city policy-level decision being made at the mayoral or legislative level.
Even in a business environment, the question of authorization can be sticky, and again is best-handled by a top-level policy decision.
Other states have different laws; check your local listings. There's no universal law I'm aware of that says your boss has the right to any passwords. Quite the opposite, in California; if you give it up to your boss on demand when he shouldn't have it, and hijinks ensue, you could theoretically be prosecuted. I've trouble picturing that actually happening, but it clearly is not the case that you have to hand it over on request.
As a layman, it looks to me as though Childs was correct in refusing to give out the passwords (although I'm not familiar with any relevant city policies granting authorization, again I'm pretty darned sure the HR guy isn't supposed to have 'em). Giving out incorrect passwords was a bad move, but easily attributed to the pressure of the surprise party.
-
Relevant statuteCalifornia Penal Code 502
502. (a) It is the intent of the Legislature in enacting this section to expand the degree of protection afforded to individuals, businesses, and governmental agencies from tampering, interference, damage, and unauthorized access to lawfully created computer data and computer systems. The Legislature finds and declares that the proliferation of computer technology has resulted in a concomitant proliferation of computer crime and other forms of unauthorized access to computers, computer systems, and computer data. The Legislature further finds and declares that protection of the integrity of all types and forms of lawfully created computers, computer systems, and computer data is vital to the protection of the privacy of individuals as well as to the well-being of financial institutions, business concerns, governmental agencies, and others within this state that lawfully utilize those computers, computer systems, and data. (b) For the purposes of this section, the following terms have the following meanings: (1) "Access" means to gain entry to, instruct, or communicate with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network. (2) "Computer network" means any system that provides communications between one or more computer systems and input/output devices including, but not limited to, display terminals and printers connected by telecommunication facilities. (3) "Computer program or software" means a set of instructions or statements, and related data, that when executed in actual or modified form, cause a computer, computer system, or computer network to perform specified functions. (4) "Computer services" includes, but is not limited to, computer time, data processing, or storage functions, or other uses of a computer, computer system, or computer network. (5) "Computer system" means a device or collection of devices, including support devices and excluding calculators that are not programmable and capable of being used in conjunction with external files, one or more of which contain computer programs, electronic instructions, input data, and output data, that performs functions including, but not limited to, logic, arithmetic, data storage and retrieval, communication, and control. (6) "Data" means a representation of information, knowledge, facts, concepts, computer software, computer programs or instructions. Data may be in any form, in storage media, or as stored in the memory of the computer or in transit or presented on a display device. (7) "Supporting documentation" includes, but is not limited to, all information, in any form, pertaining to the design, construction, classification, implementation, use, or modification of a computer, computer system, computer network, computer program, or computer software, which information is not generally available to the public and is necessary for the operation of a computer, computer system, computer network, computer program, or computer software. (8) "Injury" means any alteration, deletion, damage, or destruction of a computer system, computer network, computer program, or data caused by the access, or the denial of access to legitimate users of a computer system, network, or program. (9) "Victim expenditure" means any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was or was not altered, deleted, damaged, or destroyed by the access. (10) "Computer contaminant" means any set of computer instructions that are designed to modify, damage, destroy, record, or transmit information within a computer, computer system, or computer network without the intent or permission of the owner of the information. They include, but are not limited to, a group of computer instructions commonly called viruses or worms, that are self-replicating or self-propagating and are designed to co
-
Re:CCTVHey I could ignore it, I guess, but if I was in their positions I would have prepared an emergency response plan that includes response to bomb threats in addition to the usual of theft, medical crisis and fire. The place I would go to get started on that plan might be somewhere like here.
If I followed the directions in that document it would be unlikely that my employees would be running around with butcher knives threatening my fingers, while 100 fat middle aged Americans got naked on the floor.
That document outlines 3 reactions - the third being the one you didn't mention - search and then decide on evacuation. It also outlines the fundamentals of establishing a chain of command that is able to communicate effectively with police and bombers. It describes the requirements for search and evacuation teams in order to execute on the plan. But hey what do I know?
On a side note, you said:
You could ignore it yes, most likely false. But what if its not? Its easy to say they are idiots when you're not in their positions.
I said 'embarrassed people'. I didn't call anyone an idiot...idiot. -
Re:Hallelujah!
Well, first off disclosure of trade secrets isn't a crime. It's a civil tort, specifically breach of a non-disclosure agreement. Of course the Web sites in question hadn't signed any NDA with Apple, so they couldn't have breached the (non-existent) agreement. Under the law the burden of keeping a trade secret secret rests on the company that owns it, not the general public.
The Uniform Trade Secrets Act, adopted by almost every state, including all of those relevant to this case, says otherwise. -
Re:Putting quotes around "trade secrets"
Putting quotes around "trade secrets" doesn't make them not trade secrets. Telling them to a reporter does though.
Actually, according to the Uniform Trade Secrets Act, it doesn't:
(2) "Misappropriation " means: (i) acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; or (ii) disclosure or use of a trade secret of another without express or implied consent by a person who (A) used improper means to acquire knowledge of the trade secret; or (B) at the time of disclosure or use knew or had reason to know that his knowledge of the trade secret was (I) derived from or through a person who has utilized improper means to acquire it; (II) acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or (III) derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use; or (C) before a material change of his position, knew or had reason to know that it was a trade secret ad that knowledge of it had been acquired by accident or mistake.
Given that rumor sites operate on the principle of soliciting inside information, it's hard to make the case that they didn't know they had gotten some unless they admit that most of what they print isn't inside information (i.e., that they make it up). -
More education
Check this out, covers the Clinton S. 390 bill:
From the middle:
Loosening the rules on wiretaps. Subsection (e) would exempt terrorism cases from the carefully crafted and balanced standards developed in 1986 for so-called "roving taps." When Congress adopted the Electronic Communications Privacy Act of 1986, it struck a careful balance between privacy and law enforcement. Because of the Fourth Amendment's specificity requirement, federal law has always required applicants for wiretap orders to specify the location to be tapped. Some criminals were attempting to evade surveillance by using pay phones, the location of which could not always be anticipated for inclusion in the wiretap application. Therefore, Congress in 1986 created a limited exception to the specificity requirement where the target of an investigation has been taking steps to thwart interception by changing facilities. This bill would dispense with that standard, allowing roving taps to be used anytime a person is suspected of being involved in a terrorist crime, regardless of the law's requirement that there be a basis for the roving tap authority.
Some people were concern about people's basic rights long before Bush ever came into office. -
Re:Not a bad patent...
You are dangerously incorrect.
Read this and then feel free to comment: http://nsi.org/Library/Espionage/usta.htm
If you misappropriate (steal, bribe, etc.) a trade secret, the owner of that trade secret can turn around and sue you, and win an injunction against you to prevent you from using it to gain a competitive advantage in the marketplace, or force you to pay them royalties.
A third-party who acquired the secret once the "cat was out of the bag" but was not involved in the original misappropriation would be scot-free, but you couldn't just break into the Coca-Cola vault, steal the secret recipe, and start churning out Joe's Cola and expect not to get hammered in court for it. -
Re:Err....If I recall my reading of the so-called CanSpam act, only ISPs can bring suits against spammers.
You're wrong. And this isn't about spam. It's about computer tampering, which has been a crime since before the Internet. People who break into other peoples' computers and compromise them are breaking laws. (Port scanning may or may not be criminal, but it's the precursor to criminal activity) I'm just pointing out that the most significant group doing this are obviously the spammers. Anyone who is paying attention can see that, and they are clearly breaking the law. If you break in and take over someone else's computer, that's a felony.
Unfortunately, we probably won't see law enforcement do anything about it until a spammer accidently breaks into the computer that contains the formula for McDonald's special sauce.
Every state has laws like this:
Breaking into someone's computer may seem like fun, but the consequences are not: Under the Arizona Computer Crime Act of 2000, computer tampering is a felony. Offenders can face up to 12½ years in prison and fines of up to $150,000.
Here's a list of computer crime laws by state
Here's info on Federal computer crime laws
Also see:
- 18 U.S.C. 1029. Fraud and Related Activity in Connection with Access Devices
- 18 U.S.C. 1030. Fraud and Related Activity in Connection with Computers
- 18 U.S.C. 1362. Communication Lines, Stations, or Systems
- 18 U.S.C. 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral Communications
- 18 U.S.C. 2701 et seq.Stored Wire and Electronic Communications and Transactional Records Access
- 18 U.S.C. 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information
- 18 U.S.C. 1029. Fraud and Related Activity in Connection with Access Devices
-
Re:Counterfeiting is actually a real problem ...
How do you know this? I'm asking seriously: what is your evidence or sources of information that supports the claim that "counterfeiting (money, CDs, DVDs, designer labels, etc.) is popular with terrorists"?
First off, I'm going to ignore the newspaper articles and network/cable news reports that go back decades. Apparently you missed those. However I will offer an advanced internet based research technique: I typed "terrorist counterfeit" into google.
First hit, the training manual thing sounds familiar: "... the recovery of Al-Qaeda training manuals had shown that the organization recommends the sale of counterfeit products to raise funds ..."
http://www.fraudaid.com/ScamSpeak/conprods.htm
In other words cells should make money locally. If money doesn't flow from headquarters to the cells there is nothing for the FBI/CIA/etc to trace up or down.
"What makes this activity so popular among criminals - and, it appears, attractive to terrorists as well - are its low risks and high rewards. In other words, the penalties and the risk of getting caught are minimal, while the potential for making money is maximal."
"... the Terrorist Financing Operations Section of the FBI provided an unclassified document to our Committee three years ago - in the context of another investigation - that listed the sale of counterfeit goods among various criminal activities the terrorist organization Hezbollah uses to raise cash in the United States."http://www.senate.gov/~gov_affairs/index.c fm?FuseAction=PressReleases.Detail&Affiliation=R&P ressRelease_id=997&Month=5&Year=2005
"... The link between organized crime groups and counterfeit goods it well established. But Interpol is sounding the alarm that Intellectual Property Crime is becoming the preferred method of funding for a number of terrorist groups ..."
http://wwwa.house.gov/international_relations/108/ nob0716.htm
Again, none of this is anything new to someone who has paid attention the last few decades. The Iranians pioneered the field with their fal $100 bills. Of course it helped that we sold the overthrown Shah the same printing presses that the US treasury department uses. The $100 bills have been handed out to terrorist organization all over the middle east and spurred redesign of our currency.
http://nsi.org/Library/Law/counterfeit2.txt
You can do you own googling from here on out ... -
The Uniform Trade Secrets Act
Apple is enforcing their rights under the the Uniform Trade Secrets Act(UTSA). Here's the pertinent parts of that law.
(1) "Improper means" includes theft, bribery, misrepresentation, breach or inducement of a breach of duty to maintain secrecy, or espionage through electronic or other means.
(2) "Misappropriation " means: (i) acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; or (ii) disclosure or use of a trade secret of another without express or implied consent by a person who (A) used improper means to acquire knowledge of the trade secret; or (B) at the time of disclosure or use knew or had reason to know that his knowledge of the trade secret was (I) derived from or through a person who has utilized improper means to acquire it; (II) acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or (III) derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use; or (C) before a material change of his position, knew or had reason to know that it was a trade secret ad that knowledge of it had been acquired by accident or mistake.
(3) "Person" means a natural person, corporation, business trust, estate, trust, partnership, association, joint venture, government, governmental subdivision or agency, or any other legal or commercial entity.
(4) "Trade secret" means information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from no being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.1. TradeSecret induced breach of the NDA(or a duty to maintain secrecy), by asking readers for Apple Secrets. Go to their webpage, and click on the "Got Dirt?" link.
2. Misappropriation - ThinkSecret had reason know the information was "acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use."
3. ThinkSecret would qualify as "a natural person, corporation, business trust, estate, trust, partnership, association, joint venture, government, governmental subdivision or agency, or any other legal or commercial entity."
4. Finally, as defined by the UTSA, Project: Asteroid "derives independent economic value, actual or potential, from no being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and is the subject of efforts that are reasonable under the circumstances to maintain its secrecy."
Is Apple wrong for using the law? Apple is entitled to the protections of law, just as much as I am. Is the UTSA unconstitutional? That's for the courts to decide.
-
Re:what is journalism?
According to federal laws, it does not matter if you are a journalist or not. According to most state's laws revealing what you know, or can reasonably be expected to know is a trade secret is illegal (again it does not matter if you are a journalist.)
However, the Uniform Trade Secrets Act is primarily concerned with economic harm done to the company's who has had its secrets revealed. The recoverable damages are limited to a maximum of three times the actual damages and any unjust enrichment.
This particular case, it is highly doubtful that Apple lost any money at all. If there was any unjust enrichment, it was the ad revenue generated by the site and it is not clear, to me at least, if that even counts as unjust enrichment since it was not a use of the trade secrets in the regular way of using them to gain a competitive advantage over Apple by either the website owner or anyone who read about them. -
Re:Yeah, its great
What property right justifies the application of restrictions imposed by an agreement on someone that never signed that agreement?
The right to possess trade secrets. The Uniform Trade Secets Act, which factors heavily into this case, is just an extention of the common law right to hold trade secrets.
Now, the definition of "trade secret" varies quite a bit, but I can't imagine any jurisdiction where secret internal information regarding unannounced products can not be considered a trade secret. -
Re:Maybe you forgot...
You only think it's legal. That's beside the point though. They aren't being sued for protecting their sources. They are being sued for publishing trade secrets. If you are going to vilify Apple, get the story right.
Trade secrets are protected by the law.
Publishing information you have reason to believe is a trade secret (protected under NDA in this case) is therefore reasonably illegal. -
Re:Oh, please
So you make a value judgement on how valuable leaked information is and disqualify one leak while qualifying another.
I'm sorry, but there is at least some members of the public who would find your personal very valuable; people who would use it to sign up for credit cards in your name. So for the sake of argument the question still holds. IF someone published your private information, what kind of legal recourse do you have? I claim exactly the same as Apple: subpoena to determine who/how it was acquired, and lawsuit for damages from the person who published it.
Your NSHO only matters in that if someone had misappropriated valuable information from you it is your choice whether to pursue legal action; in Apple's eyes, they have the means and the recourse to protect their private information. Just because you don't think trade secrets aren't worth protecting doesn't mean everyone else agrees with you. -
I believe the First Amendment doesn't apply here
Amendment I
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Where does it say anything that applies here? Has Apple moved Congress to pass laws that make it illegal to publish rumors online? To make it illegal for fansites to exist?
Better yet, have you heard of the UTSA, Uniform Trade Secrets Act, which I believe applies here?
Where the existence of Apple's products being announced too early harms it in two ways:
Stalls sales of existing products as people await new products
Gives competing companies an unnecessary advantage in the market
All we have to do is imagine this: ThinkSecret publishes that Apple, in May, will make all iPods with color screens and photo capabilities, drop the price by $100, and increase storage one step.
If this is believed widely, then why would people, with a choice, buy an iPod until May, when they could save $100, get extra storage, get color, and free photo abilities?
Then imagine this: ThinkSecret publishes the existence of a new product, called the iPod mini, which is half the size of the iPod and uses a 1" hard drive, four months before it's announced by Apple, and someone at Creative and someone at Sony read this and think, "Hey, we can do this!" and releases their product two weeks before Apple announces.
So tell me, why does the First Amendment apply, and why doesn't the UTSA apply in a situation like this? -
Re:It shouldn't be lo priorityNorth Korea because they've done things in the past like print counterfeit american money AKA Note Family C14342 AKA "The SuperDollar"
China for a variety of reasons. I'm sure Israel, Russia and every other country that can, will put some effort into this.
Corporate espionage... I'm sure most corps have a minimal level of security (if for no other reason than their insurance company says so) but wouldn't it be nice to just yank all document you can fit on a thumb drive and not worry about passwords, physical security, or god forbid... a paper trail.
Just by mentioning botnets and teenagers, even talented ones, you've shown the same limited scope as the grandparent post.
Its not about a million portscans per day, though North Korea (yes, them again) are busy training a small army of hackers, its about being able to trivially break encryption employed by the most common OS and office suite on government, corporate and personal desktops.
Botnet that.
-
I hate posting AC, but...politics
Never bring a gun to work?
Why not?
According to some (old, suspect, perhaps unrelated) statistics, workplace murder is a leading cause of death for American males.
I'm an American male.
I'd rather not have some Ed Norton wannabe pwn my bitch ass.
I've got a license to carry a handgun.
I'm not a maniac.
But I am in a position to protect myself.
-
Re:NDA - BzzztTo karma whore a little here, here's a reference to the Uniform Trade Secrets Act (which I'll call UTSA for short). In particular, they define a number of the terms:
(4) "Trade secret" means information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from no being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
Some avenues of approach for the defense here: 1) this application of the act would violate the First Admendment, 2) Apple didn't take reasonable efforts to protect its trade secret, and 3) the information didn't have economic value (no way).
I think a successful lawsuit here would be harmful to the First Admendment. While I don't know legal relevance, IMHO a description of future Apple products is legitimate journalism while publishing a phone book of Apple employees wouldn't be. Both would be and frankly should be considered trade secrets. Media sources should have a good deal of freedom in publishing trade secrets.
-
Re:NaturalNo, it isnt't. It's only partially backed up.
From the US Treasury FAQ: In another sense, because they are legal tender, Federal Reserve notes are "backed" by all the goods and services in the economy. thus currency is equivalent to physical objects and labour. While it is true that you no longer can come to a bank and demand that your greenback be exchanged for an equivalent gold bullion, this was eliminated due to practical reasons but it did not eliminate the requirement that all currency be strictly backed. Otherwise a government if it gets in debt could simply print some more money. One has only to take a look at the fun some tin-pot dictatorships had with this idea to see where it leads to (hints: fraud, hyper-inflation, economic collapse)
You also say that things like songs are just "conceptual vapour". However people are willing to pay for them.
The fact that people are willing to pay for something does not make it a valid subject of commerce: some idiot will pay you to own the Sun or a square kilometer of vacuum or the integers from 1 to 9, yet neither of these are valid subjects of economic exchange. You assertion that as soon as some drooling moron wants to part with his money in exchange for some abstract concept, that concept becomes a valid subject of trade is silly.
Everything is trade, even if it involves money
Only a believer in Capitalism as Religion would make such a claim. There are many, many things excluded from the realm of trade, simply because they do not have the pre-requisites to be "private property" or "labour" and those are the only two kinds of things you can "trade" on a free market. Show me how do you trade integer numbers or love of a mother for her child and I will believe you.
You do realize that before copyright there was severe information hording and attacks against leakers to the point of murder in order to keep it secret?
You mean something like this?
-
Feinstein on Speech and WeaponryDiane Feinstein was also the US Senator who said, "the doctrine of prior restraint is one we have to look at" with respect to web sites that describe the construction of weapons because such information "isn't what this country is all about."
I suspect Thomas Jefferson would have a few choice speeches to make to the Senate about the First Amendment as a rejoinder. Then again if he saw folks like Feinstein running the Senate he might just bypass the exercise of his First Amendment rights and proceed directly to the Second Amendment.
-
Definitely illegal
Remember all those frighteningly vague and overbroad "computer crime" and "anti-hacking" laws that most states have passed over the last 20 years? You know, like the one that got that college kid a felony indictment for installing SETI@Home at his university?
This CD is illegal under almost all of them.
http://nsi.org/Library/Compsec/computerlaw/statela ws.html
Of course, so is all "spyware," including RealPlayer/CometCursor/RealJukebox/etc., and for that matter, perhaps even Windows Media Player 8 (silent reporting) and Microsoft Word (silent GUID/CPUID tagging). Not to mention all spam/UCE. Then again, so is even portwalking or attempting to log in to a computer that's not yours... And I could go on.
Then again, if the government is corrupt enough for Bono/DMCA/UCITA/SSSCA, it's way more than corrupt enough to conveniently forget to enforce these laws to any good end. -
Sources of interesting informationThe NSI is security consultant to large corporations and government contractors as well as some government oranizations. Their website located here contains an extensive library, including excerpts from the NSA Employee Handbook on Security which they drafted.
Also, if you are really interested in the theoretical groundwork behind trusted, compartmentalized OS design, the article at this link may be interesting; it has links to some federal and military security requirements documents as well as to wang-federal, which makes the first ever system to hold a B3 TCSEC certification.