Software is different from other industries in that a single individual can produce very good software without specialized machinery, etc. Consider shareware, freeware, and other such software. There is also free (as in "freedom") software and open-source software. Production of software does not require a large company. Software patents could be difficult if not impossible for an individual or a small company to deal with.
With the GIF format, there was a problem in that the patent was not obvious. The article that described the LZW technique did not mention the patent. In the USA, it is possible to publish a technique and then patent the technique no later than 12 months aftewards. Another problem with the GIF situation was how the patented technique became frozen into an image format which was meant to be open. Due to backwards compatibility, it was not possible to substitute a nonpatented technique afterwards.
In 2003, a financial privacy bill came up in California. Several lawmakers voted against the bill. The Foundation for Taxpayer and Consumer Rights obtained the SSNs for 8 of these 9 lawmakers (the information was not available for one individual.) The first four digits of each SSN were posted on the Internet with the name of each individual. They also released the first three digits of the SSN for Governor Davis. The affected lawmakers were rather upset as a result.
In another incident, Citigroup supported a bill that would have overturned financial privacy protections in California. The Foundation for Taxpayer and Consumer Rights acted by publicly releasing the first five digits of the Citigroup CEO's SSN. The digits were written in the sky by a professional skywriter.
Public terminals should be secured to prevent alteration of system settings. They should also disallow the usage of unauthorized software and/or hardware. There are software packages designed to secure systems for "kiosk" setups (public access) and some Web browsers even have security options for such situations.
A company could be held liable in the form of a lawsuit. There was a recent case where a company sold information that was used to track down and murder an unsuspecting individual. The company was held liable by the family of the murder victim.
With respect to outsourcing sensitive information, it is important to be aware of who is handling the information (including any levels of subcontracting.) That applies wherever the information is processed. Also, information should be processed only in countries where privacy protections exist.
Interestingly, this page says that SSNs appeared around 1936. The uses of SSNs were extended very soon afterwards. In 1937, the Social Security Board said that states should use the SSN to identify individuals covered under unemployment insurance programs. In addition, the "Not For Identification" message on cards was to warn that a Social Security card was not to be relied on as ID by itself(!) In 1943, Executive Order 9397 required Federal agencies to use the SSN as an ID number for individuals.
On the topic of fake SSNs, there is the number 078-05-1120. It was used on sample Social Security cards in the past. The government knows this number is bogus. There is also the range of SSNs from 987-65-4320 to 987-65-4329.
Asking about an alternative number is a very good idea, even if the process for obtaining an alternative identifier is not documented in an obvious manner.
Somewhere, there was a cartoon that showed two kids, each with a corporate logo on their shirt. Their parents were talking about how they got "corporate sponsorships" for their kids. Though the corporations did pay for the advertising, it was still not necessarily a satisfactory situation for everyone.
With P2P services, those who produce the software are not able to effectively control the content upon the services. The original Napster service was in a position to exert control because all communications relied on its central location. A P2P service could have a license agreement prohibiting illegal uses, but there would be no way for the makers of the software to enforce that agreement except by tracking down individual users. Should they be required to do that? The P2P manufacturer could add copy protection technologies (which might become outdated quickly) but there would be the same problem with people defeating them. In any case, copy protection would likely not be compatible with FOSS P2P software. If there was a P2P feature with absolutely no significant non-infringing purpose, then liability just might be considered. However, it should be noted that the fact P2P is decentralized has legitimate reasons: privacy (consider leaked documents about wrongdoing), efficiency (sharing the load), and reliability (no central control that can fail or be attacked.)
Consider the Freenet service which is said to be difficult to use but extremely resistant to being censored. It is said the service cannot enforce copyright and protect free speech at the same time. The emphasis of the project is to protect free speech although the service is likely used for illegal activities by some (not all) as well. The issue of illegal P2P usage i.e. illegal porn is mentioned, but it is said that people should not be denied certain freedoms because a few individuals might misuse those freedoms. Incidentally, some of the uses of Freenet (and its likely goal) are much more serious than enjoying the latest music. It is said that the Freenet software is used in China to evade official censorship, for instance.
It is interesting that there was a case with the Madster (formerly called Aimster) service. That service appeared to be centralized, but encryption was used for the communications. This meant that the communications could not be monitored for wrongdoing. However, individuals using the service might well have wanted privacy when communicating. In the end, the service came under fire. There was no evidence of significant non-infringing use. Of course, with the communications encrypted, there was no way for the service to accurately determine how much use was or was not infringing.
If the property is found in a public area or in a commercial establishment, then the "lost and found" is probably the best idea unless the property is of extremely limited value i.e. a single coin. There is a lot of talk about the idea of "finders, keepers" concerning lost property. However, this does not apply if the owner can be easily determined or if the owner is immediately identified i.e. the property has their name on it. In addition, property that is worth more than a certain value should probably be turned over to the police station. The exact threshold for "a certain value" likely varies from one individual to another.
Imagine realizing that you had accidently missplaced a memory card containing photos. What would you want the finder to do?
Inspecting open-source or free (as in "freedom") software personally is probably one of the best ways to ensure that software is secure when security is a concern. An alternative would be to have a trusted party perform the inspection. With proprietary software, it is usually necessary to rely on the vendor to do this. Consider that items like "easter eggs" (hidden surprises e.g. messages from the developers) have probably been sneaked past quality assurance before.
It could be quite easy for a young kid or a teen to install software on a system and then apply a crack. If the software turned destructive as a result, other individuals could be caught in the middle.
This page considers defenses against software patents. Their idea is to datestamp work that is done so that prior art exists, but in a form that is difficult to search. This makes the legality of software patents questionable. Note that the idea of "prior art databases" (associated with patent offices) is mentioned, but they do not think that such databases are a good idea.
Consider software produced by individuals in such forms as shareware, freeware, or even "postcardware" or "beerware." For filling in gaps, or for individuals who do not require a written manual, etc., such software can be very useful. Users can contact the author directly for support. The cost, if any is much lower. There is less incentive for feature bloat (ads for commercial software often do feature-based comparisons which provide an incentive for excessive features.) Software from individuals does not just consist of game-type software but also includes such things as utilities designed to combat malicious software. Even young kids can produce software, possibly for future experience or for their own enjoyment. Likely, there are cases where a commercial software product initially started out as shareware or freeware produced by an individual.
This newsgroup posting mentions a copy protection method that was used in the past. Specifically, this method involved a damaged area on the program disk. During normal operation of the software, that disk area would never be accessed. Presumably, attempting to copy the entire disk would include accessing the damaged area. The disk drive would be physically damaged when the head hit the damaged area. In the end, however, developers were held liable (and rightly so.)
In the past, there may have been instances of floppy disks deliberately designed to damage drives. The disk would be physically damaged in a location which was not normally used (but which presumably would be accessed when copying the disk.) Accessing this part of the disk would damage the drive head. However, developers were held liable for damages (and rightly so) and this technique is not used anymore.
Vinyl phonorecords and videotapes can affect the user's player, because a critical part of the player is in contact with the media. However, this should not be an issue with DVD discs that are read with a laser beam. (At least in the past, videotapes from library collections sometimes included a warning label. The label warned that the library would not be responsible for damage caused to the user's player.)
For engineers and software developers, it may actually be better to not search for or examine software patents. Willfully infringing a patent is said to be much more serious than innocently infringing a patent. See this article on patents. It was written by an attorney who comments that he can no longer deal with patents in good conscience. The article mentions that the risk of examining software patents serves to defeat the supposed advantage that patents increase public knowledge of technology. Also see this article about Linus Torvalds; he comments on the idea of not looking for software patents.
The service certainly had issues concerning misuse, but the death threats were not a good idea. Consider a family member of the service owner getting caught in the middle or getting caught in the line of fire. When threats are used against a disliked party, the party can cite the threats to discredit those who target them.
Slashdot Mirror
Software is different from other industries in that a single individual can produce very good software without specialized machinery, etc. Consider shareware, freeware, and other such software. There is also free (as in "freedom") software and open-source software. Production of software does not require a large company. Software patents could be difficult if not impossible for an individual or a small company to deal with.
With the GIF format, there was a problem in that the patent was not obvious. The article that described the LZW technique did not mention the patent. In the USA, it is possible to publish a technique and then patent the technique no later than 12 months aftewards. Another problem with the GIF situation was how the patented technique became frozen into an image format which was meant to be open. Due to backwards compatibility, it was not possible to substitute a nonpatented technique afterwards.
If something goes wrong, can you hold someone responsible? This is an issue in the USA, but it might be more difficult overseas.
There are issues such as the privacy of information that is processed by others overseas. Though this is an issue with data processed anywhere, it might be harder to hold someone liable for problems if they are located overseas.
And in some cases, they are receiving training from our workers.
In 2003, a financial privacy bill came up in California. Several lawmakers voted against the bill. The Foundation for Taxpayer and Consumer Rights obtained the SSNs for 8 of these 9 lawmakers (the information was not available for one individual.) The first four digits of each SSN were posted on the Internet with the name of each individual. They also released the first three digits of the SSN for Governor Davis. The affected lawmakers were rather upset as a result.
In another incident, Citigroup supported a bill that would have overturned financial privacy protections in California. The Foundation for Taxpayer and Consumer Rights acted by publicly releasing the first five digits of the Citigroup CEO's SSN. The digits were written in the sky by a professional skywriter.
Some time ago, there was a site called JusticeFiles with information about police officers, including Social Security numbers. Not surprisingly, the site got into trouble as a result.
Facilities and providers need to be aware as to who handles sensitive information (including any levels of subcontracting.) This applies even if no information is sent overseas.
Public terminals should be secured to prevent alteration of system settings. They should also disallow the usage of unauthorized software and/or hardware. There are software packages designed to secure systems for "kiosk" setups (public access) and some Web browsers even have security options for such situations.
A company could be held liable in the form of a lawsuit. There was a recent case where a company sold information that was used to track down and murder an unsuspecting individual. The company was held liable by the family of the murder victim.
With respect to outsourcing sensitive information, it is important to be aware of who is handling the information (including any levels of subcontracting.) That applies wherever the information is processed. Also, information should be processed only in countries where privacy protections exist.
One problem was that the "not-for-ID" policy was not required by law and the Social Security Administration was not able to prevent additional uses of SSNs.
Interestingly, this page says that SSNs appeared around 1936. The uses of SSNs were extended very soon afterwards. In 1937, the Social Security Board said that states should use the SSN to identify individuals covered under unemployment insurance programs. In addition, the "Not For Identification" message on cards was to warn that a Social Security card was not to be relied on as ID by itself(!) In 1943, Executive Order 9397 required Federal agencies to use the SSN as an ID number for individuals.
On the topic of fake SSNs, there is the number 078-05-1120. It was used on sample Social Security cards in the past. The government knows this number is bogus. There is also the range of SSNs from 987-65-4320 to 987-65-4329.
As of 2001, the states of Wisconsin, Arizona, New York, Rhode Island, and Maryland prohibit using SSNs as student ID numbers. Hopefully, others will follow soon.
Asking about an alternative number is a very good idea, even if the process for obtaining an alternative identifier is not documented in an obvious manner.
There are already cases of babies being named for companies and brand names. Richard Stallman has a comment about this (see the December 6, 2003 entry.)
Somewhere, there was a cartoon that showed two kids, each with a corporate logo on their shirt. Their parents were talking about how they got "corporate sponsorships" for their kids. Though the corporations did pay for the advertising, it was still not necessarily a satisfactory situation for everyone.
Consumer Reports mentioned finding look-alike batteries that were unsafe because they leaked chemicals.
With P2P services, those who produce the software are not able to effectively control the content upon the services. The original Napster service was in a position to exert control because all communications relied on its central location. A P2P service could have a license agreement prohibiting illegal uses, but there would be no way for the makers of the software to enforce that agreement except by tracking down individual users. Should they be required to do that? The P2P manufacturer could add copy protection technologies (which might become outdated quickly) but there would be the same problem with people defeating them. In any case, copy protection would likely not be compatible with FOSS P2P software. If there was a P2P feature with absolutely no significant non-infringing purpose, then liability just might be considered. However, it should be noted that the fact P2P is decentralized has legitimate reasons: privacy (consider leaked documents about wrongdoing), efficiency (sharing the load), and reliability (no central control that can fail or be attacked.)
Consider the Freenet service which is said to be difficult to use but extremely resistant to being censored. It is said the service cannot enforce copyright and protect free speech at the same time. The emphasis of the project is to protect free speech although the service is likely used for illegal activities by some (not all) as well. The issue of illegal P2P usage i.e. illegal porn is mentioned, but it is said that people should not be denied certain freedoms because a few individuals might misuse those freedoms. Incidentally, some of the uses of Freenet (and its likely goal) are much more serious than enjoying the latest music. It is said that the Freenet software is used in China to evade official censorship, for instance.
It is interesting that there was a case with the Madster (formerly called Aimster) service. That service appeared to be centralized, but encryption was used for the communications. This meant that the communications could not be monitored for wrongdoing. However, individuals using the service might well have wanted privacy when communicating. In the end, the service came under fire. There was no evidence of significant non-infringing use. Of course, with the communications encrypted, there was no way for the service to accurately determine how much use was or was not infringing.
If the property is found in a public area or in a commercial establishment, then the "lost and found" is probably the best idea unless the property is of extremely limited value i.e. a single coin. There is a lot of talk about the idea of "finders, keepers" concerning lost property. However, this does not apply if the owner can be easily determined or if the owner is immediately identified i.e. the property has their name on it. In addition, property that is worth more than a certain value should probably be turned over to the police station. The exact threshold for "a certain value" likely varies from one individual to another.
Imagine realizing that you had accidently missplaced a memory card containing photos. What would you want the finder to do?
Inspecting open-source or free (as in "freedom") software personally is probably one of the best ways to ensure that software is secure when security is a concern. An alternative would be to have a trusted party perform the inspection. With proprietary software, it is usually necessary to rely on the vendor to do this. Consider that items like "easter eggs" (hidden surprises e.g. messages from the developers) have probably been sneaked past quality assurance before.
It could be quite easy for a young kid or a teen to install software on a system and then apply a crack. If the software turned destructive as a result, other individuals could be caught in the middle.
This page considers defenses against software patents. Their idea is to datestamp work that is done so that prior art exists, but in a form that is difficult to search. This makes the legality of software patents questionable. Note that the idea of "prior art databases" (associated with patent offices) is mentioned, but they do not think that such databases are a good idea.
Consider software produced by individuals in such forms as shareware, freeware, or even "postcardware" or "beerware." For filling in gaps, or for individuals who do not require a written manual, etc., such software can be very useful. Users can contact the author directly for support. The cost, if any is much lower. There is less incentive for feature bloat (ads for commercial software often do feature-based comparisons which provide an incentive for excessive features.) Software from individuals does not just consist of game-type software but also includes such things as utilities designed to combat malicious software. Even young kids can produce software, possibly for future experience or for their own enjoyment. Likely, there are cases where a commercial software product initially started out as shareware or freeware produced by an individual.
This newsgroup posting mentions a copy protection method that was used in the past. Specifically, this method involved a damaged area on the program disk. During normal operation of the software, that disk area would never be accessed. Presumably, attempting to copy the entire disk would include accessing the damaged area. The disk drive would be physically damaged when the head hit the damaged area. In the end, however, developers were held liable (and rightly so.)
In the past, there may have been instances of floppy disks deliberately designed to damage drives. The disk would be physically damaged in a location which was not normally used (but which presumably would be accessed when copying the disk.) Accessing this part of the disk would damage the drive head. However, developers were held liable for damages (and rightly so) and this technique is not used anymore.
Vinyl phonorecords and videotapes can affect the user's player, because a critical part of the player is in contact with the media. However, this should not be an issue with DVD discs that are read with a laser beam. (At least in the past, videotapes from library collections sometimes included a warning label. The label warned that the library would not be responsible for damage caused to the user's player.)
Some things that you can do:
The service certainly had issues concerning misuse, but the death threats were not a good idea. Consider a family member of the service owner getting caught in the middle or getting caught in the line of fire. When threats are used against a disliked party, the party can cite the threats to discredit those who target them.