- Email: [email protected]
Computer security: The federal approach
Computers
& Security, 7 (1988) 320-331
Abstracts of Recent Articles and Literature
Recent Rulings May Give States Copyright Immunity, Eric Fishman. A recent series of federal court decisions threaten the future of the market for copyrighted works by immunizing state governments and their agencies from suits for money damages arising from copyright infringement. If allowed to stand, these decisions would let a state university buy one copy of a software program and provide unlimited copies to its students. At issue is the interplay between the Copyright Act and a provision of the 11th Amendment which prohibits federal court suits against states by citizens of another state. However, a state may be sued if it has waived its 11th Amendment protection or if Congress has “abrogated” the state’s immunity. In 1985, a Supreme Court decision required “an unequivocal indication” of state consent to federal jurisdiction. Since that decision, lower courts have consistently failed to find explicit, unambiguous expressions of state waiver or Congressional intent in the Copyright Act. The copyrights
320
Week, January
18, 1988, p. 11.
HR 145: What’s Next, Vanessa Jo Grimm. The recently signed
in recent rulings have included computer software. In a 1987 decision, a federal district court in California dismissed a copyright infringement action brought by a manufacturer and seller of computer software against the University of California Board of Regents. The Court granted summary judgment for UCLA on 11th Amendment grounds. An appeal is pending. Government Computer News, January 8, 1988, pp. 77-78.
Computer Security Act requires little new action from federal agencies. Under the legislation, NBS must create security standards, verification guidelines, costeffective measures and training programs for computer security, some in conjunction with NSA and OPM. Although NBS must handle most of the legislation’s requirements, agencies must prepare two items to meet the law’s requirements. Within six months, agencies must identify existing and developing computer systems that contain sensitive information. They then have an additional six months to draft a security and privacy plan “commensurate with the risk and magnitude of the harm” that could be caused by tampering. OPM must begin government-wide security training programs within 9 months. Government Computer News, January 22,1988, pp. 1,6.
Security Act Is Signed: Copyright Bill Backed, Mark Rockwell. President Reagan has signed the Computer Security Act of 1987, and a recently introduced copyright protection bill received the support of a coalition of software, record, publishing and movie companies. The Computer Security Act places control of guidelines for “unclassified but sensitive” database information back into public hands. The copyright legislation would implement protection of copyrights under the Beme Convention for the Protection of Literary and Artistic Works. The United States is one of only two countries in the world
Computer Security: The Federal Approach, Ellen Messmer. When HR 145 became law it shifted authority to regulate computer security standards to NBS and nullified NSDD 145 which had sought to cope with the need for computer security guidelines. In addition to NBS taking the helm in issuing guidelines, HR 145 provides for an advisory board composed of four representatives from the federal government (of which one must be from NSA) and eight private sector representatives. The board is charged with identifying safeguard issues relative to computer systems security and privacy. NBS is authorized to develop
Esther H. Highland
Computer Law
not adhering to the convention. Managemertt Information Systems
0167-4048/88/$3.50
@ 1988, Elsevier Science Publishers
Ltd.
Computers and Security, Vol. 7, No. 3
broad computer security standards and provide programs in security training. Information- WEEK, February 22, 1988, p. 25. .New Security Law Compels FederalAgencies to Act, Robert V. Head. After reviewing the history
of the opposition to NSDD 145, the author states that the Computer Security Act seeks to strike a balance between legitimate national security interests and freedom of information through two key provisions. First, it provides a more specific and narrow definition of sensitive information. Second, it vests responsibility for security standards in NBS and relegates NSA to an advisory role. But the real significance of the law lies in the actions it requires of all federal agencies. They must designate sensitive’mformation, develop security plans and provide security training. Government Computer News, March 4, 1988, p. 33.
Brazil Copyright Law Could Thwart Pirates, Ed Gregory. A new Brazilian copyright law is designed to halt piracy. The lack of copyright protection in Brazil has resulted in semilegitimate and widespread piracy of U. S.-made software programs. in some cases, the pirate software is sold overseas to other countries. Whether or not the new law will work is a matter ofstrong debate and disagreement. Management Information Systems Week, January 25, 1988, pp. 1, 41.
Long Arm of the Law, Buck Bloombecker. Since 1984, Congress has strengthened the federal computer crime law, passed the Electronic Communications Privacy Act and passed the Computer Security Act of 1987 (HR 145). During 1987, three states un-
dertook the complete rewriting of their computer crime laws; laws in three other states reflected growing sophistication regarding the varied nature of computer crime threats. A seventh state passed its first computer crime law leaving only two states with no legislation on the subject. For a system that is insecure, the odds are increasing that those who set it up or maintain it may be found liable. Computerworld, February 8, 1988, pp. 17-18.
Computer Cross Sections Unite at Law Conference, Bill Dooley. High on the list of major concerns at the International Conference on Computers and Law were such topics as security particularly because of: advances in networking; computer crime; copyrights and intellectual property rights; and artificial intelligence. One major theme targeted the spread of computerrelated crime, ranging from simple trespass into government and private corporate databases, to major thefts of funds within the commercial marketplace. One of the major problems is that many of the crimes go undetected. A national study indicated that only half of computer abuse was discovered by system control, and 41% was detected by accident. Management Znformation System Week, February 15, 1988, pp. 4-5.
Personal but Not Confidential: A New Debate Over Privacy, Michael decourcy Hinds. Most existing laws protect the privacy of records held by government agencies but relatively few laws protect records that are collected by private institutions and businesses. With few exceptions, companies have broad discretion to
determine who gets customer records. Because of an incident regarded by many as an invasion of privacy, bills will be introduced in both houses of Congress forbidding retailers from disclosing video rental records without the consent of the customer or a court order. State and local legislators have also picked up on the privacy issue. Privacy laws are based on the Fourth Amendment to the Constitution. Concern about privacy began to grow as record keeping became automated in the 1950s. The New York Times, February 27, 1988, p. 56.
Hashing Out Legal Rights, Stephen Jones. The intellectual property and copyright protection of software remains an important, and as yet unresolved, issue for users and vendors. Asking the courts to deliver a verdict on the issue invites a number of problems. For one, court systems and lawyers have inadequate technical knowledge. Second, there is a confusing set of precedents and there arc several pending cases. Most of today’s copyright protection guidelines for the computer industry are modified versions of copyright principles written when computers were science fiction. Computerworld, February 29, 1988, pp. 67, 71.
Apple Slaps Microsoft, HP with Copyright Suit, Nick Arnett. Apple Computer Inc. has filed a copyright infringement and unfair competition suit over Microsoft Corporations Windows and Hewlett-Packard’s New Wave, charging that their graphic interfaces violate the “look and feel” of the Macintosh. Apple’s suit accuses both Windows and New Wave of being “unauthorized derivative works” of the visual displays and
321
& Security, 7 (1988) 320-331
Abstracts of Recent Articles and Literature
Recent Rulings May Give States Copyright Immunity, Eric Fishman. A recent series of federal court decisions threaten the future of the market for copyrighted works by immunizing state governments and their agencies from suits for money damages arising from copyright infringement. If allowed to stand, these decisions would let a state university buy one copy of a software program and provide unlimited copies to its students. At issue is the interplay between the Copyright Act and a provision of the 11th Amendment which prohibits federal court suits against states by citizens of another state. However, a state may be sued if it has waived its 11th Amendment protection or if Congress has “abrogated” the state’s immunity. In 1985, a Supreme Court decision required “an unequivocal indication” of state consent to federal jurisdiction. Since that decision, lower courts have consistently failed to find explicit, unambiguous expressions of state waiver or Congressional intent in the Copyright Act. The copyrights
320
Week, January
18, 1988, p. 11.
HR 145: What’s Next, Vanessa Jo Grimm. The recently signed
in recent rulings have included computer software. In a 1987 decision, a federal district court in California dismissed a copyright infringement action brought by a manufacturer and seller of computer software against the University of California Board of Regents. The Court granted summary judgment for UCLA on 11th Amendment grounds. An appeal is pending. Government Computer News, January 8, 1988, pp. 77-78.
Computer Security Act requires little new action from federal agencies. Under the legislation, NBS must create security standards, verification guidelines, costeffective measures and training programs for computer security, some in conjunction with NSA and OPM. Although NBS must handle most of the legislation’s requirements, agencies must prepare two items to meet the law’s requirements. Within six months, agencies must identify existing and developing computer systems that contain sensitive information. They then have an additional six months to draft a security and privacy plan “commensurate with the risk and magnitude of the harm” that could be caused by tampering. OPM must begin government-wide security training programs within 9 months. Government Computer News, January 22,1988, pp. 1,6.
Security Act Is Signed: Copyright Bill Backed, Mark Rockwell. President Reagan has signed the Computer Security Act of 1987, and a recently introduced copyright protection bill received the support of a coalition of software, record, publishing and movie companies. The Computer Security Act places control of guidelines for “unclassified but sensitive” database information back into public hands. The copyright legislation would implement protection of copyrights under the Beme Convention for the Protection of Literary and Artistic Works. The United States is one of only two countries in the world
Computer Security: The Federal Approach, Ellen Messmer. When HR 145 became law it shifted authority to regulate computer security standards to NBS and nullified NSDD 145 which had sought to cope with the need for computer security guidelines. In addition to NBS taking the helm in issuing guidelines, HR 145 provides for an advisory board composed of four representatives from the federal government (of which one must be from NSA) and eight private sector representatives. The board is charged with identifying safeguard issues relative to computer systems security and privacy. NBS is authorized to develop
Esther H. Highland
Computer Law
not adhering to the convention. Managemertt Information Systems
0167-4048/88/$3.50
@ 1988, Elsevier Science Publishers
Ltd.
Computers and Security, Vol. 7, No. 3
broad computer security standards and provide programs in security training. Information- WEEK, February 22, 1988, p. 25. .New Security Law Compels FederalAgencies to Act, Robert V. Head. After reviewing the history
of the opposition to NSDD 145, the author states that the Computer Security Act seeks to strike a balance between legitimate national security interests and freedom of information through two key provisions. First, it provides a more specific and narrow definition of sensitive information. Second, it vests responsibility for security standards in NBS and relegates NSA to an advisory role. But the real significance of the law lies in the actions it requires of all federal agencies. They must designate sensitive’mformation, develop security plans and provide security training. Government Computer News, March 4, 1988, p. 33.
Brazil Copyright Law Could Thwart Pirates, Ed Gregory. A new Brazilian copyright law is designed to halt piracy. The lack of copyright protection in Brazil has resulted in semilegitimate and widespread piracy of U. S.-made software programs. in some cases, the pirate software is sold overseas to other countries. Whether or not the new law will work is a matter ofstrong debate and disagreement. Management Information Systems Week, January 25, 1988, pp. 1, 41.
Long Arm of the Law, Buck Bloombecker. Since 1984, Congress has strengthened the federal computer crime law, passed the Electronic Communications Privacy Act and passed the Computer Security Act of 1987 (HR 145). During 1987, three states un-
dertook the complete rewriting of their computer crime laws; laws in three other states reflected growing sophistication regarding the varied nature of computer crime threats. A seventh state passed its first computer crime law leaving only two states with no legislation on the subject. For a system that is insecure, the odds are increasing that those who set it up or maintain it may be found liable. Computerworld, February 8, 1988, pp. 17-18.
Computer Cross Sections Unite at Law Conference, Bill Dooley. High on the list of major concerns at the International Conference on Computers and Law were such topics as security particularly because of: advances in networking; computer crime; copyrights and intellectual property rights; and artificial intelligence. One major theme targeted the spread of computerrelated crime, ranging from simple trespass into government and private corporate databases, to major thefts of funds within the commercial marketplace. One of the major problems is that many of the crimes go undetected. A national study indicated that only half of computer abuse was discovered by system control, and 41% was detected by accident. Management Znformation System Week, February 15, 1988, pp. 4-5.
Personal but Not Confidential: A New Debate Over Privacy, Michael decourcy Hinds. Most existing laws protect the privacy of records held by government agencies but relatively few laws protect records that are collected by private institutions and businesses. With few exceptions, companies have broad discretion to
determine who gets customer records. Because of an incident regarded by many as an invasion of privacy, bills will be introduced in both houses of Congress forbidding retailers from disclosing video rental records without the consent of the customer or a court order. State and local legislators have also picked up on the privacy issue. Privacy laws are based on the Fourth Amendment to the Constitution. Concern about privacy began to grow as record keeping became automated in the 1950s. The New York Times, February 27, 1988, p. 56.
Hashing Out Legal Rights, Stephen Jones. The intellectual property and copyright protection of software remains an important, and as yet unresolved, issue for users and vendors. Asking the courts to deliver a verdict on the issue invites a number of problems. For one, court systems and lawyers have inadequate technical knowledge. Second, there is a confusing set of precedents and there arc several pending cases. Most of today’s copyright protection guidelines for the computer industry are modified versions of copyright principles written when computers were science fiction. Computerworld, February 29, 1988, pp. 67, 71.
Apple Slaps Microsoft, HP with Copyright Suit, Nick Arnett. Apple Computer Inc. has filed a copyright infringement and unfair competition suit over Microsoft Corporations Windows and Hewlett-Packard’s New Wave, charging that their graphic interfaces violate the “look and feel” of the Macintosh. Apple’s suit accuses both Windows and New Wave of being “unauthorized derivative works” of the visual displays and
321