Hijackers on the Information Superhighway

Piracy and anonymity in the on-line world invite regulation if not curbed

For anyone seeking instant access to information, broadly accessible on-line computer networks are a fantastic boon: They are widely contributed to, provide a vast array of information — at low cost — and are constantly changing and expanding and available almost everywhere.

On the verge of the 21st century, computer networks such as the ubiquitous Internet and a host of others have been established worldwide for those who seek such access and opportunity.

But a dark side to the on-line world has emerged. Such services have become a haven for a phenomenon which, until recently, was virtually untouched by regulation or moderation in this field: “pirating” — infringement of copyrighted or otherwise protected works, ranging from book reviews to software, in spite of the clear law prohibiting such acts in any other medium. “The quantity of information that can be stolen or the amount of damage that can be caused may be limited only by the speed of the network and the criminal’s equipment,” according to Scott Charney, chief of the Computer Crime Unit of the Department of Justice.

To pirates, who often appear and disappear anonymously, these on-line services provide immunity from the legal and ethical restraints that prohibit such activities in newspapers, magazines, radio, television or public speech. In short, pirates exploit such systems to get away with lawless conduct which they never could get away with outside the cyberworld. For their victims — creators of original, protected works — these on-line services pose a constant threat of theft and economic loss.

As Professor I. Trotter Hardy of the College of William and Mary in Williamsburg, Virginia, put it, “Anonymity is power, and I think it will be abused on the Net.”

Theft: From Games to Religious Works

The problem of piracy is serious and growing. Recently, the head of a software piracy ring invited a Los Angeles Times reporter into her home to watch the ringleader lift a new, expensive computer game from LucasArts Entertainment Company, with help from a paid inside saboteur. Using the Internet, the pirate next linked up with a programmer in Moscow who cracked the code, making it possible to play the game without an owner’s manual. The game was posted on a Seattle-based bulletin board through the Internet — days before its official release. Anyone who accessed it conveniently avoided the $65-per-copy retail price, which potentially cost LucasArts millions in retail sales.

Computer piracy extends well beyond computer games. Almost any creative work can be unlawfully exploited on the Internet — and not just when the work is posted on the Internet by the author. There is a growing problem of pirates obtaining copyrighted works and then posting them on the Internet themselves, seeking to undermine the copyright protections and underhandedly “dump” the protected work into the public domain.

This problem has emerged with alarming frequency. In Boston, a professor and book critic found many of his reviews getting posted and used without his knowledge — until after the fact. Such postings potentially denied him any livelihood he may have been able to make from his own works.

A software developer in San Jose, California, found new and unreleased programs being pilfered from computer files by pirates who broke in through the Internet on a Sunday afternoon; though he quickly pulled the plug, more than enough programs had been stolen to eat up his paycheck.

Jerry Berman of the Center for Democracy and Technology noted that “[t]he technology makes it simple, but the law still says if you copy all of USA Today and send it around the Net, you’re violating a copyright.”

Bulletin board system (BBS) operator and service provider Netcom, based in San Jose, California, refused to take action on infringement of copyrights of the Church of Scientology, even when put on notice.

Netcom’s principals insisted that they had no responsibility for their users’ postings and that they could not be held accountable for them. They even went so far as to claim that they did not have the ability to take action to remedy the violations of the law.

Freedom has learned that those assertions, while convenient to Netcom as it struggles to manufacture a defense, simply do not comport with the facts. The simple truth is that while Netcom refused to take action on a known infringer, they have often taken matters into their own hands behind closed doors. An insider reports that Netcom staff accessed and rummaged in client files, without authorization, to arbitrarily delete material which they unilaterally judged to be in violation of copyright law. Moreover, Netcom reportedly cooperated with the FBI to search client accounts in child pornography cases and even removed an entire BBS off the system in response to complaints.

There was even an incident reported of an Italian subscriber’s account being terminated by recently dislodged Netcom chairman and CEO Robert Rieger because, according to Rieger, “All Italians are hackers.”

Yet, in spite of Netcom’s willingness to act behind the scenes to remove subscribers from the Net, they have maintained a totally contrary position in court and to the public. One might legitimately ask why.

Netcom seems to have become a victim of the very people that it provides with access to the Internet. The scheme of economic blackmail goes like this: if Netcom acts overtly to remove the violators, Internet anarchists will claim Netcom is stifling the “freedom of the net,” and run a campaign to persuade Netcom’s customers to change to a different access provider. Out of fear of financial loss, Netcom has apparently elevated revenues above the law.

Netcom’s greed is confirmed by further information made available to Freedom. When notorious criminal hacker Kevin Mitnick compromised 3000 credit card numbers of Netcom customers, Netcom’s Reiger refused to warn the concerned customers. Reportedly there were other breaches that compromised personal information and involved more than 20,000 Netcom customer accounts. None of the subscribers were notified because Netcom was afraid that the scandal would adversely effect share prices in their initial public offering — in direct violation of SEC regulations requiring that potential investors be informed of information relevant to the stock value prior to consummation of the public offering.

Against that background of naked corporate self-serving opportunism, Netcom’s claims of principled motives to “protect free speech” are nothing more than a smoke screen to hide their true objective — making a buck at the expense of innocent people and the rights of law abiding citizens to protection under the law.

This is just another example of the need for ethical boundaries to be imposed on cyberspace. It is precisely these sorts of activities which jeopardize the Internet for everyone and threaten thorough legislative regulation.

But the courts are closing in on these abuses. A federal court in San Francisco issued a preliminary injunction against Internet user Chad Scherman and the “Maphia” bulletin board service after evidence showed that unauthorized copies of Sega video games had been uploaded onto the BBS, encouraged by Scherman who profited financially from the illegal postings. Scherman’s claim that his use was “fair” or for “educational purposes” was rejected by the court.

The Abuse of Anonymity

A more troubling side of high-tech abuse is anonymous postings. An Internet user, seeking to hide behind the cloak of anonymity, posts copyrighted material through another, known as a “remailer,” who acts as a conduit or relay point. The remailer strips the message or computer document of any identifying marks and posts it on the Internet.

Anonymous postings create a new problem, as the creator-author faces often unsurmountable obstacles to obtain legal remedies against a person or persons infringing on his copyright when he cannot tell who is doing it.

Esther Dyson, member of the board of directors of the Electronic Frontier Foundation and member of the National Information Infrastructure Advisory Council, spoke on the anonymity issue at the fifth Computers, Freedom & Privacy (CFP) conference in San Francisco. “I have a concern about the spread of bad behavior on the Net,” said Dyson. “Anonymity figures into this, and I feel that it has proven to not be a positive factor. It breaks down the community which we are seeking to build, and could turn the ’big cities’ of the information infrastructure into a big cesspool.”

Remailers who facilitate anonymous postings are part of the problem. They can act as conduits for those who seek anonymity as a way to act illegally without getting caught; yet remailers are able to shield themselves from responsibility or liability.

Computer experts stress that anonymous users should at least be trackable by the remailers — and that ones who act unlawfully can easily put the remailers at risk. Dyson noted that in self-regulatory schemes for almost any part of the Internet, “visibility, not anonymity, would have a strong place.”

An estimated $2.3 billion in software was anonymously pirated in 1993, much of it through the Internet, according to the Business Software Alliance. Leading consulting firm Ernst & Young conducted a study and found that 50 percent of 1,271 companies studied had suffered financial losses from computer security breaches and theft. And, with the Internet functioning and growing at a rate of up to 20 percent per month, this is sure to increase.

Wanted: Rip-off Protection

The two issues requiring address are privacy and protection of authors’ creative works.

The privacy problem is, simply, that what is put on the Internet can be, and probably is, seen by more people than just the intended recipient. Even more personal information will be available as commercial transactions increase through on-line services. This means that the opportunities for invasions of privacy through cyberspace will similarly multiply. Although the Internet as a communications medium is sometimes compared to the phone system, the flaw in this comparison is that no phone will allow someone to probe into personal information or documents unless there’s another live person at the other end of the phone line — and willing to give it. But the Internet will, and does.

The protection issue is equally important. It is also one which has grown in complexity.

Software producers have become so frustrated over losing profits due to infringement that one company started producing software for its word-processing program with six month expiration dates: the user buys the program, gets a disk, then has to replace his disk in six months as a special program renders the initial disk useless once its expiration date has come (and leaves those with pirated copies up the river as they can’t get the replacements without paying).

The field of written works such as books, religious works and the like, does not afford such programmable booby-traps to prevent theft. The Working Group on Intellectual Property of the Clinton administration’s Information Infrastructure Task Force found that copyright law is adequate to protect these and other such works from Internet hijacking.

Bruce Koball, a technology counsultant in Berkeley, California and member of the executive committee for this year’s CFP conference, told Freedom, “We need to see an extension of existing laws when it comes to the Internet. Copyright protection and privacy laws already exist and should be applied in a broad way, such that they are transparent to new wrinkles in the technology. It is not necessary to view the world of the Net as different from the rest of the world.”

Even if the laws are applied equally, a deft cyberthief can still pilfer another’s computer files so long as he isn’t caught — and anonymity certainly plays its part. According to Tsutomu Shimomura, a computer security expert who was instrumental in the arrest of computer criminal Kevin Mitnick, “Most systems do not have adequate security measures. What Mitnick was doing can still be done on many computers.”

Rick Smith of the FBI’s San Francisco office confirms, “The public should be aware that they are not secure.”

This is a problem which Koball and others associated with CFP have taken a keen interest in. According to Koball, the problems of protection and privacy have a nexus: the National Security Agency.

“Cryptography is the technology everybody needs to be able to ensure the security of their programs and networks,” Koball said. “However, agencies like NSA have actively sought to control the type of cryptography used, as computer security has somehow been viewed as a threat. They have regulated programs to ensure that their codes are simply not that difficult to crack.”

As an example, Koball cited a good encryption system which was developed but then limited to a 40-bit key — a relatively easy key to crack given a decent code-cracking program on one of today’s supercomputers. This obviously makes it easier for the government to get in, but also makes it easier for anyone else.

An even more extreme example was when the NSA introduced its own “clipper chip” which was proposed to become the standard encryption system for all computer systems — with the government holding the key. That proposal was resoundingly shouted down, with more than 50,000 petition signatures rounded up against it. “The irony,” said Koball, “is that while the government spends all its effort chasing after Mitnick, it spends its time trying to suppress the technology that could secure those networks.”

Abuse of anonymity can bring about unwanted and burdensome regulation on the Internet if it is not curbed.

A remedy to stem the abuse may take the form of requiring those who “remail” messages to identify actual sources of anonymous postings that violate the law. These remailers may then be held responsible for unlawful postings when necessary. Alternatively, users may need to provide some form of identification or registration on their communications.

Treating anonymity in this way aligns with current practices in other communications media. In news reporting, for example, publishers have long been free to print information from anonymous sources, but cannot then claim to have no responsibility if the data proves false.

With such a solution applied to the Internet, laws already on the books can protect citizens from rip-offs and other unlawful activity. To make protecting oneself possible, federal regulations which limit the quality of encryption systems should be disposed of, so that computers, software and networks can be safe.

Ultimately, the solution lies in making sure the few abusers of on-line services do not act — or are not permitted to act — above the law.

To continue reading, click here: The Future of the Internet
Click here to return to the Leisa Goodman’s home page on Scientology.
Visit the official Church of Scientology International site here.

FREEDOM and Scientology are trademarks and service marks owned by Religious Technology Center and are used with its permission. Reproduction in whole or in part is strictly forbidden without written permission from FREEDOM Magazine. Requests for permission should be directed to the editor in chief at:
FREEDOM Magazine
6331 Hollywood Blvd.
Suite 1200
Los Angeles, CA 90028