coolidge@cs.uiuc.edu (John Coolidge) (06/28/91)
[Newsgroups widened to other groups that might be interested] ts@cup.portal.com (Tim W Smith) writes: >< There's a lot to be said for adding your own encrypted partitions to >< your office desktop computer... >And what happens when you are sick for a few days, and your boss needs >to have someone take over some rush project you were working on, and >that person comes back and reports to the boss that he can't get the >files because they are on an encrypted partition? And what happens when you are sick for a few days and the essential documents are locked in your desk instead of your computer? Court rulings (to my understanding) indicate that employers cannot search your desk without due process; I think the same should apply to your computer (note: not a legal expert; my understanding could be wrong). A different horror story no one has (quite) mentioned: Suppose our Fred is a real jerk, a complete kneebiter, who hates the company and is about to be fired anyway. Fred really doesn't like the company much at all, so he goes out and pirates 5 or 10 high-prices packages and throws them madly onto every workstation he can find. The next day he's fired. So he calls the SPA and tells them "Hey, XYZ Inc. has hundreds of pirated copies of the following 15 packages." The SPA descends and, indeed, finds the pirated programs. Now, these are all $250 packages, and there are (let's say) 50 that survived people noticing and deleting them. That's $12,500 Fred just cost his former employer (remember, he hates them, so he's dancing in the street about now). What's the moral of the story? Framing someone of software piracy, especially on a "we found one copy, so it must be deliberate piracy" basis, is way too easy. Organizations like the SPA should _always_ allow their victims the option of deleting the unlicensed programs with no fee or other payment or of paying the vendor the appropriate payment. Without such an option, the SPA is just a glorified protection racket; more on the up-and-up than the similar mafia operation, but not so much more that it makes a real difference. There's no analogy, here, to sneaking into a movie (I can't be framed for that; I either snuck in or not), stealing more conventional items of property (too easily traced; thief is to blame, not the company; owner notices the loss, etc), or any other common sort of frame. Software (and data in general) is much more easily forged than physical property. Of course, you say, the company could audit _every day_ and find Fred's malicious programs before the SPA did. Au contraire! Fred is a clever jerk, and he changes the type and creator fields of package XYZ to match public domain package ABC. But (clever fiend) he tells the SPA about the changes, claiming that it's just more evidence that his former company is an unrepentant bunch of pirating swine. In other words, Mr. Mora's program isn't the demon here (necessarily), nor is it the savior. It's just another tool for the protection racket, just like the guns and knives, which aren't evil in themselves, that the mafia use. There's plenty of good that the SPA can do in the world --- don't get me wrong. Faced with the choice of paying for useful programs or deleting them, many companies will pay. But as long as there's some fee to be paid whether or not the company involved deletes the offending program, it's much too easy for the SPA to abuse its power, intentionally or not. --John -------------------------------------------------------------------------- John L. Coolidge Internet:coolidge@cs.uiuc.edu UUCP:uiucdcs!coolidge Of course I don't speak for the U of I (or anyone else except myself) Copyright 1991 John L. Coolidge. Copying allowed if (and only if) attributed. You may redistribute this article if and only if your recipients may as well.