Computer underground Digest Sun Jul 2, 1995 Volume 7 : Issue 55 ISSN 1004-042X Editors: Ji
Computer underground Digest Sun Jul 2, 1995 Volume 7 : Issue 55
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@MVS.CSO.NIU.EDU
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Field Agent Extraordinaire: David Smith
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
la Triviata: Which wine goes best with Unix?
CONTENTS, #7.55 (Sun, Jul 2, 1995)
File 1--Another Cinci BBS comment
File 2--Are We Sheep? - LA Times Op-Ed on online censorship (fwd)
File 3--Big Brother Covets the Internet (fwd)
File 4--Legal Bytes 3.01 (part 1)
File 5--Cu Digest Header Info (unchanged since 19 Apr, 1995)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
Date: Fri, 30 Jun 95 15:40:00 -0500
From: JOHN BAILEY
Subject: File 1--Another Cinci BBS comment
((MODERATORS' NOTE: We ran several articles on the Cincinnati
BBS busts in CuD 7.53. Below is another comment from a
I was wondering if you ever did anything in regards to computer
rights. This is becoming a very big issue lately, especially with the
Exon bill eeking its way through the government.
The reason I ask, on Friday, June 16, this became a very critical
issue for some 5000 users of one BBS here in Cincinnati. A local
sheriff and his group took it upon themselves to raid 5 local BBSs for
what he considers "adult material". These BBSs by the way, were not
all in the sheriff's jurisdiction. The largest BBS (Cincinnati
Computer Connection, CCC) was a 25 node PCBoard BBS with 5000 users.
These users used the board for personal mail, conducting business,
playing games and downloading files. The users are outraged and have
begun to try and understand what prompted this action and why it was
executed in the manner it was. The Cincinnati media has provided
excellent coverage of this situation and the CCC users have already
held a "town meeting" to try and discover what has actually happened
and what rights the users really have. Unfortunately, the sheriff and
his group refused to attend or provide any explanation as to what is
According to the warrant, "adult material" seemed to be the issue but
this was very vague and far reaching. If there was offensive material
on the board, it was unbeknownst to the users. The sheriff apparently
had a plant on the board for 2 years. This person, in all good
conscience, would have to have seen that the BBS was a very friendly
and open "family type" community of users who had nothing to hide.
Parents and their children (of all ages) used the board. If something
was wrong, nobody ever bothered to suggest to the Sysop there might be
a problem, which certainly would have been rectified. Instead, a
Gestapo type raid was performed (very poorly, I might add), seizing
some equipment here, some there without full knowledge of how the
equipment even worked.
What the CCC users are trying to do is gain some exposure, and
insight, in to the rapidly growing problems regarding the censorship
issues the government (and police agencies) seem to have with computer
on-line networks and the way in which they brutalize computers (and
their users) instead of trying to remedy the situation through
discussion and education. If legal action is considered a viable
alternative, many CCC users have shown support for that type of action
in order to protect their rights.
Does your publication offer any kind of editorial facility to not only
review, but help in the research of these types of on-line network
problems that seem to be occurring more frequently? Users need to be
aware of potential seizure of their personal information without their
knowledge or without a warrant specifically identifying their property
as part of the seizure. Regardless of the outcome of any type of legal
proceedings, this incident in Cincinnati could be a far reaching
landmark case. Your assistance and knowledge would be greatly
Cincinnati Computer Connection BBS Users
John M. Bailey (CCC User)
1570 Citadel Place
Cincinnati, Oh 45255
Work: 513-624-8844 ext 239
Date: Wed, 28 Jun 1995 08:11:48 -0500 (CDT)
From: David Smith
Subject: File 2--Are We Sheep? - LA Times Op-Ed on online censorship (fwd)
Fromemail@example.com (Douglas E. Welch)
Date--Tue, 27 Jun 1995 14:11:55 -0700
Previously published in the Los Angeles Times, Tuesday, June 27, 1995. Page
Note: Electronic re-posting is ALLOWED but NO PAPER REPRINTS or inclusion in
online digests without written permission (paper or email) from the
author. All re-postings must retain this notice.
The complete article is available on the web site listed below.
Copyright (c) 1995 Douglas E. Welch
Are We Sheep?
By Douglas E. Welch
DOUGLAS E. WELCH, a writer and computer analyst from North
Hollywood, is concerned about calls for government control
of electronic media in the guise of protecting children.
He told The Times:
The thought of anti-violence and anti-sex technology built into our
televisions and computers is appalling and unnecessary. The ultimate
control device is already built into every piece of technology
manufactured today: the "off" switch.
We need to use our own best censors, our values and morals, to decide
what we and our children watch. If we took control and stopped
watching, advertisers would quickly learn that we expected better
Instead, we have become lazy, whining neo-children who want our
governmental parents to tell us what is right and wrong, what is good
and bad, so that we don't have to think for ourselves. We want to
continue grazing peacefully like a herd of sheep while the shepherd
keeps the wolf at bay. What we don't realize is the shepherd might be
the wolf in disguise.
We should not be so willing to give our government the power to
control what we see and hear. If we give these rights away, they will
only be bought back at a very high price, if they are to be bought
back at all.
Date: Mon, 19 Jun 1995 23:21:46 -0500 (CDT)
From: David Smith
Subject: File 3--Big Brother Covets the Internet (fwd)
---------- Forwarded message ----------
From: firstname.lastname@example.org (NY Transfer News Collective)
Via NY Transfer News Collective * All the News that Doesn't Fit
From Flatland, No. 12, May 1995, pp. 44-46.
Big Brother Covets the Internet
by Daniel Brandt
"The Internet offers intelligence agencies an amazing
potential source for information collection and for monitoring
the activities of their targets. They not only can plug into
communications through the names of senders and receivers of
e-mail, but also through keyword monitoring of messages as
they have done for many years. If you add e-mail to their
monitoring of telephone and other credit card transactions,
they can get a very complete picture of a given person's
"On my long trips to the United States for university
lecturing and other activities, such monitoring enables them
to know my every flight, hotel and car rental, and local
contacts, not to mention my complete itineraries. All this
prior to my flight from Germany to the U.S. Add to this my
other calls and bank transactions and you ahve almost every
imaginable detail. It is a perfect system for spy agencies and
getting better all the time."
-- former CIA officer Philip Agee
What the government giveth, the government can taketh away.
This message has been received by Internet watchers recently, as
Big Brother begins to confront the issue of online computer security.
Internet hacking is at an all-time high, the Pentagon claims, just
as big business is buying into the Internet in a big way. Something
has to give.
"Hackers are even better than communists," says one Washington
activist who deals with civil rights and electronic privacy issues.
Several weeks later, on November 22, 1994, NBC News with Tom Brokaw
underscored his point with an alarmist segment by Robert Hager:
A Pentagon unit is poised to combat unauthorized
entries into some of the world's most sensitive computer
systems. But despite all the safeguards and a computer
security budget in the hundreds of millions of dollars,
attempts were made to break into the Pentagon's computers
on 254 separate occasions in the last twelve months
alone, almost always through the Internet.... NBC News
has learned that intrusions into the Defense Department's
computers go unreported 98 percent of the time -- 98
percent! -- often because no one is aware information is
being pirated. Pentagon officials are worried the
nation's security is being compromised.
Only Joe McCarthy knows how Robert Hager came up with a figure
of 98 percent for undetected break-ins, and then pretended it was
worth repeating. Hager continued with his voice-over and began
talking about hackers breaking into one nameless hospital's records
and reversing the results of a dozen pap smears. Patients who may
have had ovarian cancer, Hager claimed, were told instead that they
If this were an isolated story, then the Newsgroup subscribers
on who reacted to Hager's segment, by speculating
that something must be behind it, might be dismissed for weaving
yet another paranoid thread. But here I have to agree that even if
you're paranoid, they still might be after you. On this story, at
least, NBC seems to be the mouthpiece for larger forces.
"Organized Crime Hackers Jeopardize Security of U.S." reads
the headline in "Defense News" (October 3-9, 1994). This article
reported on a conference sponsored by the Center for Strategic and
International Studies, a prestigious Washington think tank with
close connections to the intelligence community. Dain Gary from the
Computer Emergency Response Team in Pittsburgh, a hacker-buster
group funded by the Pentagon, claimed that "there are universities
in Bulgaria that teach how to create more effective viruses." Mr.
Gary did not respond to my letter requesting more information.
The government started the Internet, and then over a period
of years it lost control. This was partly due to the unique
architecture of the Internet, which has its roots in a 1964 Rand
Corporation proposal for a post-Doomsday network. Rand's idea was
that information packets could contain their own routing
information, and would not have to rely on centralized switching.
Anarchy, it seems, is the best antidote to vulnerable
Recently the government, due to a combination of tight budgets
and a trend toward deregulation, has allowed big business to take
over the main conduits, or "backbone" of the Net. Corporations
smell a huge potential cybermarket, and are investing money to get
themselves positioned on the Net. They want to be ready when it
comes time to harvest the expected profits.
Today we have a global network with 30 million users.
No one is in control, and no one can pull the plug. If one
telecommunications company decided to shut off the segment of the
Net that they administer, other companies could simply route their
traffic around them. And if it weren't for password protection and
the "firewalls" installed by corporations to protect their local
turf from other computers, each of Internet's users would have
access to all the other computers on the Net.
Passwords and firewalls don't always work. A hacker who
burrows in and obtains the right sort of access can watch the
passwords of other users fly by, and can capture them for later
use. In November 1994, General Electric's robust firewalls were
circumvented by hackers, according to a company spokeswoman, and
GE had to pull their computers off the Net for a week to revamp
their security procedures. In two other incidents, a group of
hackers calling itself the Internet Liberation Front managed to
break into systems. On one they posted a message warning corporate
America against turning the Internet into a "cesspool of greed."
So Big Brother has a problem. But it's not so much a problem
of national security, except perhaps in the broad sense of economic
vulnerability. Defense and intelligence systems that are classified
are not connected to the Internet. When the Pentagon complains to
NBC about national security, what they really mean is that they
might have to forego the convenience of Internet contacts with
their contractors, and use other means instead.
No, Big Brother in this case is not the Pentagon, it's really
big business. They're chomping at the Net's information bits, while
the computer security problem is reining them back. Until this
problem is solved, the Net cannot be used for serious commercial
transactions. Big business seems to be feeding scare stories to the
media, and the Pentagon is helping them out by raising the
time-tested bugaboo of national security -- the only surefire way
to scare Congress into repressive legislation. America leads the
world in information technology, and the Internet is potentially a
lucrative link in tomorrow's profit chain. If only those pesky
hackers would go away.
The hackers that do exist are grist for the system's
disinformation mill, so if they didn't exist the system would
probably have to invent them. The bottom line for those whose
opinions matter is that the Internet has potential to help the rich
get richer. Hackers belong in jail, of course, but there's also the
Net surfer who's clogging bandwidth with idle chatter, or even
swapping copyrighted material with their friends. Frequently this
unprofitable silliness is subsidized by the universities. All big
business wants from these folks is consumption -- they may browse
through online catalogs and debit their credit lines, but forget
all this virtual community stuff. It's got to go.
The way to reboot the system is to boot the little guy, and
the best way to do this has always been to let the government bash
some heads. The digital equivalent of this is the one-two punch of
the Clipper chip and the Digital Telephony Bill. Clipper is an
ongoing government effort to encourage the mass marketing of a
encryption standard that can be tapped by them. It was developed
with help from the National Security Agency (NSA), which is worried
about the emergence of encryption that can't be easily broken by
their supercomputers. The FBI's favorite is the Digital Telephony
Bill, which was passed without debate by Congress last October.
It forces telecommunications companies to modify their digital
equipment so that the government has access to wiretapping ports
when they come calling with a warrant.
Warrants? When was the last time the intelligence community
took warrants seriously? Just in case a few of them get nervous
while breaking the law, the Foreign Intelligence Surveillance Act
of 1978 set up a secret court to issue warrants in situations
involving a foreign threat. This court has yet to turn down a
single request put before it -- even rubber stamps don't perform
this well. All it would take is a vague rumor of a Bulgarian virus
with Russian organized crime lurking close behind, and presto, a
secret warrant is issued to tap the Internet backbone so that U.S.
spooks can look for nasty digital germs. The judges aren't
competent to evaluate technical rumors, and with their track
record, no one pretends that they will call in their own experts.
Why bother, since the proceedings are secret and there's no
But then, who needs a warrant? According to reports, the NSA,
Britain's Government Communications Headquarters (GCHQ), and
Canada's Communications Security Establishment, all practice what
might be termed the "sister agency gambit." They do this by
stationing liaison officers in each of the other agencies. When
they want to tap their own citizens without a warrant, they just
call over the liaison officer to throw the switch. Now it's called
"intelligence from a friendly foreign agency" and it's all legal.
Particularly with the Internet, where jurisdictional problems
involve many nations, this sort of transnational cooperation will
be the rule rather than the exception. The excuse for monitoring
the Net today might be the security problem. Tomorrow the security
problem may be solved, one way or another, and the Net will be used
for commercial transactions. Then the excuse for monitoring will be
the need to detect patterns of commerce indicative of money
laundering, much like FinCen does today.
FinCen, the Financial Crime Enforcement Network, monitors
Currency Transaction Reports from banks, and other records from
over 35 financial databases, as well as NSA intercepts of wire
transfers into and out of the U.S. This data is shared with the DEA
(Drug Enforcement Administration), CIA, DIA (Defense Intelligence
Agency), IRS, FBI, BATF (Bureau of Alcohol, Tobacco, and Firearms),
and the Secret Service. FinCen, which began in 1990, is an attempt
to track, cross-reference, and apply artificial-intelligence
modeling to all the relevant data from government agencies. Now
they are floating a proposal for a deposit tracking system. When
the Internet begins carrying financial transactions, FinCen is sure
to be poking around behind the scenes.
One characteristic of the Internet is that surveillance on a
massive scale is easy to accomplish. With telephone voice or fax
transmissions, the digital signal is an approximation of the analog
signal. Massive computing power, relatively speaking, is needed to
extract the content in the form of words or numbers. This is called
"speech recognition" for voice, or "optical character recognition"
for fax. Data on the Internet, on the other hand, is already in the
form that computers use directly. Moreover, each packet
conveniently includes the address of the sender and receiver.
It's a simple matter to tap an Internet backbone and scan
every packet in real time for certain keywords. With voice and fax,
it's only practical to capture specific circuits, and then examine
them later for content. On the Internet, even encryption doesn't
solve the privacy problem, because the Net is also ideal for
message traffic analysis. A stream of encrypted messages between
two points could be detected by a computer, which then spits out a
report that's sure to attract attention. Each end of this stream
is now identified as a target, which means that other types of
surveillance are now practical. The Internet, in other words,
increases opportunities for surveillance by many orders of
magnitude, with or without encryption.
Those who have the resources can try to befuddle the spooks
who monitor them by disguising their transactions. Shell
corporations, off-shore banks, and cash-intensive businesses will
still be popular with money launderers. Seemingly innocent
transactions will slip through the net, and for the most part only
the little guy without transnational resources will get caught.
Which is exactly the point. The little guy on the Net is
surfing on borrowed time. There are too many pressures at work, too
many powerful interests to consider. The Net is too important to
the Suits -- if not now, then soon.
If it were only a case of Us and Them, it would be easier to
sort it all out. But the self-styled Internet Liberation Front, and
similar types with hacker nonethics, are part of the problem as
surely as the greedy capitalists. Nor is it easy to see much hope
in the way the little guy -- the one who obeys the law -- has used
the Internet. The entire experiment has left us with 30 million
connections but very little public-sector content. Apart from the
sense of community found in Newsgroups, list servers, and e-mail,
not much is happening in cyberspace. And just how deep is this
community when the crunch comes? Not nearly as deep as the
counterculture of the 1960s, and look what happened to them.
Rand Corporation, meanwhile, is churning out studies on
cyberwar, netwar, and information warfare. The Defense Department,
at the urging of their Advanced Research Projects Agency (which
started the Internet), recently signed a memorandum of understanding
with the Justice Department, at the urging of the FBI and the
National Institute of Justice. This memorandum anticipates a
coordinated effort on high-tech applications for "Operations Other
Than War" and "Law Enforcement." The game is on, and the high-tech
high rollers are getting it together.
The neat graphics and sassy prose in "Wired" and "Mondo 2000"
magazines notwithstanding, the Net-surfing culture is more virtual
than real. Cyberspace cadets are no match for the real players, and
it's going to be like taking candy from a baby. Lots of squeals,
but nothing to raise any eyebrows. It's all so much spectacle
anyway. Guy Debord (1932-1994) summed it up in "Society of the
Spectacle" in 1967, when Rand was still tinkering with their
The technology is based on isolation, and the
technical process isolates in turn. From the automobile
to television, all the goods selected by the spectacular
system are also its weapons for a constant reinforcement
of the conditions of isolation of "lonely crowds." The
spectacle constantly rediscovers its own assumptions more
concretely.... In the spectacle, which is the image of
the ruling economy, the goal is nothing, development
everything. The spectacle aims at nothing other than
Then again, the Spectacle does make for excellent Internet
watching, once silly notions like "information wants to be free"
are discarded, and the drama can be enjoyed for what it is.
Basically, it's one more example of something that happens
frequently in history. The little guy thinks he has created
something new and powerful. He's so busy congratulating himself,
that when the Big Dogs begin to notice, the little guy doesn't.
In the end, it's merely another dog-bites-man nonstory that won't
be found on NBC News. This just in: "Little guy gets screwed."
END END END
Flatland can be reached at PO Box 2420,
Fort Bragg CA 95437-2420, Tel: 707-964-8326.
Reposting permitted by the author.
Date: Tue, 13 Jun 1995 00:31:00 -0500 (CDT)
From: David Smith
Subject: File 4--Legal Bytes 3.01 (part 1)
---------- Forwarded message ----------
Date--Fri, 2 Jun 1995 11:40:42 -0500
By George, Donaldson & Ford, L.L.P.
Attorneys at Law
114 West Seventh Street, Suite 1000
Austin, Texas 78701
(512) 499-0094 (FAX)
Copyright (c) 1995 George, Donaldson & Ford, L.L.P.
(Permission is granted freely to redistribute
this newsletter in its entirety electronically.)
David H. Donaldson, Jr., Publisher <email@example.com>
Peter D. Kennedy, Senior Editor
Jim Hemphill, Contributing Editor
Jeff Kirtner, Law Clerk
IN THIS ISSUE:
1. WILL THE SHRINK-WRAP LICENSE DILEMMA PLAGUE ON-LINE SALES?
2. SOME LEGAL RISKS POSED BY ON-LINE ADVERTISING
3. LOTUS LOSES FIGHT TO PROTECT ITS USER INTERFACE
4. COPYRIGHT LAW UPDATE: COPYING BY COMMERCIAL RESEARCHERS IS
NOT NECESSARILY A FAIR USE
1. WILL THE SHRINK-WRAP LICENSE DILEMMA PLAGUE ON-LINE SALES?
Can software companies unilaterally decide what terms govern
the sale of their software? What's the point of those long,
complicated, one-sided licenses that come with most commercial
software packages? Are they enforceable?
The Purpose of Shrink-wrap Licenses.
Everyone has seen these licenses -- they come with commercial
software and state that opening the package or using the software
means the buyer is agreeing to abide by their terms. While these
documents may be slightly aggravating, software companies use them
for two important reasons -- to protect their copyrights and to
limit their exposure to lawsuits.
Software is terribly easy to copy and distribute; software
developers understandably want to protect themselves from losing
revenue from unauthorized copying. Shrink wrap licenses include
terms restricting the copying of the software in order to help
insure that the sale of a single copy of the software does not give
rise to any implied license to make, distribute or use additional
copies. The licenses might also try add further restrictions, such
as prohibiting resale or leasing of the software.
Shrink-wrap licenses have a second goal: to limit the
software company's legal liability. This need arises not from
copyright law, but from the general laws governing contracts and
the sale of goods -- which in all states (except Louisiana) is the
Uniform Commercial Code, or UCC.
Article 2 of the UCC sets "default" rules that automatically
become part of just about every sale of goods, unless the buyer and
seller agree to change the defaults to something else. Despite
some theoretical questions, most legal authorities agree commercial
software is a "good" under the UCC.
The problem for a software vendor is that the UCC reads into
every sale implied terms that favor the buyer. Rather than adopt
the doctrine of "caveat emptor," the UCC assumes that the seller
has made certain promises or warranties about the quality of the
product. If the product does not live up to these implied
warranties, the buyer can sue. Most importantly, the UCC assumes
that the seller always promises that the product is "merchantable,"
that is, fit for the customary use that such products are put to.
Further, the UCC also assumes that the seller has promised that the
product was fit for the buyer's particular intended use, if the
seller had reason to know of that use.
The seller and buyer can agree to change these terms, such as
when a used car is sold "as is." The buyer and seller can also
agree to limit the scope of the seller's liability if the product
does not live up to the promises that were made. However, when the
seller tries to make these limitations himself, through terms on an
invoice or other document, the limitations must be "conspicuous,"
they must mention "merchantability," and they cannot be "unreason-
able." Moreover, the buyer has to agree to the limits.
Are Shrink-wrap Contracts Enforceable?
There is serious question about how effective a typical
shrink-wrap license is. Various criticisms are made.
First, and most obviously, is whether a purchaser has really
"agreed" to the terms of the shrink wrap license. Typically, the
buyer does not know what the license says when she buys the
software; the purchase is made before the terms are revealed. How
can the buyer "agree" to the terms without knowing what they are?
After a sale is made, one party cannot add new terms. The federal
court of appeals sitting in Philadelphia discussed these issues in
STEP-SAVER DATA SYSTEMS, INC. v. WYSE TECHNOLOGY, 939 F.2d 91 (3rd
Cir. 1991), and decided that a particular shrink-wrap license was
not enforceable. See also David Hayes, Shrinkwrap License
Agreements: New Light on a Vexing Problem, 15 Hastings Comm. Ent.
L.J. 653 (1993).
A second, related objection is one raised to all take-it-or-
leave it contracts, which are derisively named "contracts of
adhesion." These tend to get rough treatment by courts, and
shrink-wrap licenses are a special strain.
Other concerns relate to the technical question of contract
formation -- the sale is usually made between a retailer and the
consumer, but the shrink-wrap license is between the consumer and
the software company. Is that a contract at all? What did the
software company give the consumer that the consumer did not
already have when she bought the product? There are also some
concerns about whether particular restrictive terms in these
licenses (or more accurately, state laws that state that the terms
are enforceable) violate the federal Copyright Act. See VAULT
CORP. v. QUAID SOFTWARE, LTD. 847 F.2d 255 (5th Cir. 1988).
Can These Problems be Fixed by On-line Transactions?
Do these same objections to shrink-wrap licenses apply to on-
line transactions? Maybe not.
The unique nature of interactive on-line transactions offers
vendors the ability to get and record the buyer's agreement to
license terms before a purchase is made. Much of the software that
is distributed on-line, shareware particularly, comes with a
license.doc zipped up with the program files. These licenses will
have the same troubles a shrink-wrap licenses, because they are an
However, most bulletin board systems, and now the World Wide
Web, can easily be configured to require short interactive sessions
before a transaction is consummated. The vendor can display the
license terms, require the buyer's assent before the software is
made available, and importantly, the buyer's assent can be recorded
-- written to a log file. While an on-line seller cannot force the
buyer to read the terms, it surely can record the fact that the
terms were displayed, and that the buyer gave affirmative responses
-- "Did you read the terms of the license?" "I did." "Do you agree
to the terms?" "I do."
This type of interaction before the sale makes the transaction
appear far less one-sided. While take-it-or-leave-it terms might
still be criticized as "adhesion contracts," the unique give-and-
take that's possible on-line removes much of the inequitable sting
that "surprise" shrink-wrap license terms leave on many observers.
2. SOME LEGAL RISKS POSED BY ON-LINE ADVERTISING
Advertising on the Internet is booming -- not with crass
"spamming" on Usenet newsgroups, but with flashy, multi-media home
pages on the World Wide Web that show off pictures, sound and even
video. Most commercial World Wide Web sites combine a mix of
advertising, information, and entertainment -- honoring the
Internet tradition that tasteful, non-intrusive self-promotion is
acceptable if it comes along with something neat or valuable.
Are there legal risks involved in on-line advertising? There
are, just like any other endeavor. Any business that extends its
advertising to cyberspace must take the same care as it does with
print or broadcast advertising. Electronic advertising also
introduces new questions of jurisdiction -- whose laws apply? On-
line service providers that accept advertising must consider their
own potential liability, too. What is their duty concerning the
content of other companies' ads?
Advertisements are "publications."
Companies that put their ads on the Internet are "publishers"
and face the same potential risks of defamation, invasion of
privacy, etc., from these ads as from print ads. Moreover,
electronic service providers that accept paid advertisement may be
"publishers" of those ads as well, and responsible to some degree
for their content. Absent particular exceptions, advertisements
carried by a publisher are viewed as that publisher's own speech.
For example, the landmark 1964 Supreme Court libel case, New York
Times v. Sullivan, concerned the liability of the New York Times
for a paid advertisement written by others. The Supreme Court's
ruling, although favorable to the Times, made no distinction
between advertisements and other content of the newspaper.
Compuserve, in the now-famous Cubby v. Compuserve case,
successfully defended itself from a libel suit by proving its
ignorance -- that it knew nothing of the content of a newsletter
carried on its service, but provided by an outside contractor.
This defense -- based on the traditional protection granted
bookstores from libel suits -- is unlikely to be available when it
comes to paid advertisements. Publishers, whether on-line or in
print, generally review the content of advertisements before they
are accepted and published, if only to determine pricing. They
usually retain the right to refuse an advertisement based on its
content. (Recall the recent attempts by revisionist "historians"
to place ads in college papers denying that the Holocaust took
Because of this potential exposure to liability, electronic
publishers should be guided by two general principles: (1) review
all proposed advertisements for potential legal problems, and
(2) obtain an agreement that the advertiser will indemnify the
publisher for any legal liability that arises from the ad. This
article reviews several areas of potential concern for electronic
Ads for illegal transactions.
You can't legally advertise marijuana for sale. (Or, more
accurately, the First Amendment does not protect ads for illegal
transactions.) A publisher can't knowingly carry such ads, even if
the publisher would not be a party to the illegal transaction.
A publisher's liability for carrying ads for illegal
transactions has been hashed out in an interesting series of
lawsuits involving the magazine Soldier of Fortune, which
unintentionally carried several classified advertisements submitted
by real live hit men offering the services of a "gun for hire."
The hit men were hired through the magazine ads, and the families
of those people "hit" sued the magazine.
Two federal appeals courts came to entirely opposite
conclusions about very similar Soldier of Fortune ads. The
Eleventh Circuit upheld a multi-million dollar damage award against
the magazine; the Fifth Circuit reversed a finding of liability.
The legal principles these courts announced were relatively
consistent, though: if an advertisement poses a "clearly
identifiable unreasonable risk that it was an offer to commit
crimes for money" the publisher can be held liable if it was
negligent in running the ad. BRAUN v. SOLDIER OF FORTUNE MAGAINZE,
INC., 968 F.2d 1110, 1121 (11th Cir. 1992), cert. denied, 113 S.
Ct. 1028 (1993). A publisher must make sure that the ad, on its
face, does not present a "clearly identifiable unreasonable risk"
that the advertisement is soliciting an illegal transaction. On
the other hand, the courts are less likely to impose liability for
ambiguous advertisements that could have an innocent meaning. See
EIMANN v. SOLDIER OF FORTUNE MAGAZINE, INC., 880 F.2d 830 (5th Cir.
1989), cert. denied, 493 U.S. 1024 (1990). This recognizes courts'
reluctance to impose a duty on publishers to investigate
advertisements beyond what the advertisements say.
There is no reason to believe that this standard is different
for advertisements of so-called "victimless" crimes like
prostitution, although the likelihood of a civil lawsuit might be
Ads for regulated businesses.
Many businesses are regulated, and so is the content of their
advertisements. The First Amendment permits some government
regulation of commercial speech; for example, lawyer advertising is
regulated by state bar associations or courts (although lawyers are
constantly fighting over how far the regulations can go).
Businesses placing ads should know what rules regulate their
advertising. Companies accepting ads have two choices: (1) know
the regulations for all companies for which it accepts ads; or (2)
require the advertiser to guarantee that its ads comply with
applicable regulations, and indemnify the publisher for losses if
An example of the difficult legal questions raised by local
regulation in the new borderless world of cyberspace are lottery
and gambling ads. Some states (and territories) regulate or ban
advertising lotteries and gambling. Puerto Rico, for instance,
allows casino gambling. It also allows advertisement of gambling
aimed at tourists, but prohibits such ads aimed at Puerto Ricans.
The U.S. Supreme Court says that this odd regulatory scheme is
constitutional. POSADAS DE PUERTO RICO ASSOCIATES v. TOURISM CO.
OF PUERTO RICO, 478 U.S. 328 (1986).
More recently, the Supreme Court also upheld the
constitutionality of a federal law that forbids radio or television
stations from broadcasting lottery ads into states that don't have
a lottery -- even if the broadcasts are primarily heard in a state
that has a lottery. UNITED STATES v. EDGE BROADCASTING CO., 113
S. Ct. 2696 (1993). This federal law only regulates airwave
broadcasts of lottery ads. However, some states have similar
statutes banning lottery advertising in any medium. For example,
North Carolina prohibits advertising a lottery "by writing or
printing or by circular or letter or in any other way." N.C. Stat.
14-289. Could North Carolina enforce this law against electronic
publishers who carry lottery ads?
Answering that question raises a host of difficult, unanswered
jurisdictional questions and is beyond the scope of this short
article. As a practical matter, it seems unlikely that North
Carolina officials would try to prosecute the State of Texas, for
example, if Texas set up a Web site to advertise its lottery that
of course could be accessed from North Carolina. On the other
hand, a local North Carolina service provider that accepted and
posted ads for the Texas lottery (or even the results of the Texas
lottery) might have something to worry about: the language of the
law prohibits it; the service provider is in easy reach of local
prosecutors; and the U.S. Supreme Court has already looked kindly
on a similar law.
Misleading and deceptive ads.
The First Amendment does not protect false advertisement;
state statutes (and some federal laws) routinely prohibit false,
misleading and deceptive ads. For example, the broad Texas
Deceptive Trade Practices-Consumer Protection Act ("DTPA")
prohibits all sorts of deceptive advertising, and gives deceived
consumers very powerful remedies in court. Such statutes are
primarily aimed at those who place advertisements, rather than the
publishers. Where do electronic publishers fit in? As usual, it's
Newspapers cannot be sued under the Texas DTPA because that
law does not apply to "the owner or employees of a regularly
published newspaper, magazine, or telephone directory, or broadcast
station, or billboard." Tex. Bus. & Comm. Code 17.49(a). Is an
internet service provider a "magazine" or "broadcast station?"
Maybe. Is a BBS or a World Wide Web page a "billboard"? Maybe.
The question has not come up yet. While it would be more logical
and consistent with the purpose of the statute to exempt electronic
publishers that perform the same function as a newspaper, courts
are supposed to apply the DTPA "liberally" to provide consumers
with as broad a remedy as possible from deceptive ads -- leaving
the answer in doubt.
Some things are clear. An entity distributing information
regarding its own goods or services cannot claim the "media
exemption" -- a newspaper or BBS that publishes false information
about its goods or services can be sued by consumers under the
DTPA. Also, an entity that has a financial stake in the sale of
the goods advertised is also subject to DTPA liability. This means
that internet service providers that accept a percentage of sales
generated by on-line advertising will be subject to the
restrictions of the DTPA, and should insure that the ads they place
are not deceptive, and that the seller has agreed (and can)
indemnify them for liability. Finally, no publisher -- whether
earthbound or in cyberspace -- is exempt from DTPA liability if the
outlet and/or its employees know an ad is false, misleading or
Remember: It's YOUR service.
Unless an electronic publication accepts all advertisements,
regardless of content, and does not review the content of that
advertising in any way or reserve any right to reject
advertisements (and can prove this in court), the presumption will
be that the service "published" the ad and is responsible for its
content. No one has a First Amendment right to place their
advertisement with any given Internet service provider or on any
commercial information service. Despite lots of on-line rhetoric,
the First Amendment only restricts what the government can do, not
what businesses (even big ones) can do. Remember that a publisher
always has the right to reject an ad for any reason at all and can
require changes before an ad is placed. For ads that are obviously
illegal, slanderous or misleading, the safest bet is to refuse the
Date: Sun, 19 Apr 1995 22:51:01 CDT
From: CuD Moderators
Subject: File 5--Cu Digest Header Info (unchanged since 19 Apr, 1995)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
CuD is available as a Usenet newsgroup: comp.society.cu-digest
Or, to subscribe, send a one-line message: SUB CUDIGEST your name
Send it to LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
To UNSUB, send a one-line message: UNSUB CUDIGEST
Send it to LISTSERV@VMD.CSO.UIUC.EDU
(NOTE: The address you unsub must correspond to your From: line)
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown)
Brussels: STRATOMIC BBS +32-2-5383119 2:firstname.lastname@example.org
In ITALY: Bits against the Empire BBS: +39-464-435189
In LUXEMBOURG: ComNet BBS: +352-466893
UNITED STATES: etext.archive.umich.edu (184.108.40.206) in /pub/CuD/
ftp.eff.org (220.127.116.11) in /pub/Publications/CuD/
aql.gatech.edu (18.104.22.168) in /pub/eff/cud/
world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
EUROPE: nic.funet.fi in pub/doc/cud/ (Finland)
ftp.warwick.ac.uk in pub/cud/ (United Kingdom)
The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
End of Computer Underground Digest #7.55
E-Mail Fredric L. Rice / The Skeptic Tank