@device(PostScript) @Make(Plan) @planhead(versiondate="6 November 1985", plansection="Section H.1", copyrightdate="1985", title="Protection of Third-Party Software", author="by J. H. Saltzer") Most software vendors copyright their products and are concerned about unauthorized copying. They express their concerns in various ways such as license agreements, copy-protection systems, and aggressive enforcement programs. Because Project Athena provides a networked environment in which sharing of information and programs is strongly encouraged, and because some students have a reputation for being uncaring of copyright restrictions, vendors may feel there is reason for special concern. Occasionally, third-party software vendors have requested that, as a condition of a license to Project Athena, some kind of physical control be provided for their programs. However, the common industry technique of controlling copying by distributing programs on hard-to-copy diskettes would present a distribution nightmare if applied to 25 different software packages to be used on 1500 public workstations. The contrast in convenience of use between programs distributed that way and programs distributed on demand over the network merely by typing their name would probably eliminate the copy-protected programs from the field of competition. In addition, any installation or repair procedure that involves a visit to the workstation is quite unworkable at a scale of 1500 sites. This part of the Athena Technical Plan describes a set of procedures that Project Athena provides to protect third-party vendors' products used on public workstations while at the same time not interfering seriously with central distribution. There are four components to this protection plan: @begin(itemize) - General copyright awareness - Specific notification of copyright - Access control for disk-stored programs - Recourse in the case of discovered violations @end(itemize) The four components should be thought of as a coherent whole, rather than as four independent, free-standing approaches. @heading(General copyright awareness) One of the primary goals of Project Athena is to educate students in the possibilities that computers open up. Part of that goal includes teaching students how to use computers responsibly. To this end, Project Athena has developed and publicizes a two-page statement of "principles of responsible computer use." One component of this statement is a specific discussion of copyrighted programs, and the responsibility of every user not to make unauthorized copies of such programs. A copy of the statement is attached to the end of this section of the plan. The statement is brought to the attention of students in several ways: @Begin(Enumerate) It appears on the inside cover of all Project Athena "essential" documents, which are used by newcomers to acquaint themselves with the facilities that the project provides. A copy is framed and posted in every room containing a cluster of Project Athena workstations. It is published in the student newspaper, The Tech, at least once each school year. The M.I.T@. catalog description of Project Athena mentions the statement of principles. @end(enumerate) These publicity measures provide some assurance that every M.I.T@. student is likely to be aware of the statement of principles. @heading(Specific notification of copyright) Every individual software package that is copyrighted should provide a copyright notice in two places. First, the documentation that describes the software should have a copyright notice that specifically mentions that the software should not be copied. Second, the program itself should display a copyright notice, perhaps in the first screen of output. This on-line notice serves as a reminder to every user that the program is not to be copied, and it ties in with an assurance given in the statement of principles that software that is considered proprietary will be so identified. In addition, a notice in a public bulletin board file (and on UNIX file servers, in a read-only file named /etc/licenses) lists all software that is licensed to Project Athena, and any special conditions associated with its use. Thus a student who wishes to know of the license status of a particular vendor's package has an easy way of determining that status. Since some software is listed in this file as being public domain or as having blanket copy permission for anyone associated with M.I.T@., students have an incentive to know of the existence of the file and to examine it. @heading(Access control for disk-stored programs) The mechanism of storage and distribution of software within Athena consists of a small number of network-attached file servers that hold copies of that software. These file servers act as libraries, extensions of the local disks of the workstation. When a user invokes some program, the system reads the program into the local memory of the workstation, where it is executed. The fact that the disk copy is remote rather than local is invisible to the operating system as well as the user. However, before being able to use such a library, the workstation must open a connection to it, at which time the library server requires that the workstation present authenticated credentials as to the identity of the current user of the workstation. The library server then accepts or refuses the connection, as appropriate. A library server that contains programs licensed for general Athena use would accept connections from any legitimate Athena user, but would refuse connections from network users who cannot provide Athena credentials. A library server that contained programs licensed for use only by one M.I.T@. subject would accept connections only from M.I.T@. students who are registered in that subject. The reader is referred to the description of Kerberos, the Athena authentication and authorization system, for detailed descriptions of the mechanics of identification and credential checking. Some Athena workstations are not network-attached, or are remotely located and attached only via low-speed lines. Those workstations are supplied by Athena with removable media containing copies of the software they are licensed to use, and we expect their users to copy that software onto the local hard disk of the workstation. @heading(Recourse in the case of discovered violations) If an individual is discovered violating copyright licences, M.I.T@. will deal with the incident by using internal disciplinary measures involving either the Dean for Student Affairs and the Committee on Discipline or other officers and committees of the Institute depending on whether the individual is a student or nonstudent member of the M.I.T@. community, respectively. M.I.T@. reserves the right to determine whether to pursue any particular incident, and it generally will not reveal such disciplinary activity to outside parties. As a general guideline, the copying of copyrighted software for use on unauthorized machines is regarded by M.I.T@. as an offense comparable to theft of equipment of like value. As an aid to enforcement, M.I.T@. recommends that its vendors place a unique identification label inside the software provided to Project Athena. Software so labeled is relatively easy to identify as to its source, unless someone takes extensive steps to locate and eliminate all such identification. If a vendor finds an illicit copy that it suspects has been pirated from a Project Athena workstation, that copy may be traceable as to source, and such a trace may be useful either in prosecution or in suggesting that M.I.T@. take internal disciplinary action. @newpage @MajorHeading(Appendix: Principles Of Responsible Use Of Project Athena) Project Athena is a five-year experiment in the use of a large, networked computer system as part of the educational process at M.I.T. Athena's distributed computer system will open up entirely new ways for members of the M.I.T. community to share information. One consequence of linking the entire community together, however, is the potential for improper use of the system, a violation of M.I.T.'s high standards of honesty and personal conduct. @Heading(Intended Use) The hardware granted to Project Athena, and the software licensed for that hardware, are intended only for educational use by M.I.T. community members. Use of Athena resources by anyone outside M.I.T. requires approval of the Provost, and the sale of such use is prohibited. The use of Athena resources for financial gain is similarly prohibited. Use of Project Athena's facilities for sponsored research activities that normally would make use of other M.I.T. facilities is not permitted, except by permission of the Director. @Heading(Privacy and Security) The UNIX@+[@Y] operating system used by Project Athena facilities sharing of information and software among its users. Security mechanisms for protecting information from unintended access, from within the system or from the outside, are minimal. These mechanisms, by themselves, are inadequate for a community the size of M.I.T.'s, for whom protection of individual privacy is as important as sharing. Users must supplement the system's security mechanisms by using the system in a manner that preserves the privacy of others. For example, users should not attempt to gain access to the files or directories of another user without explicit authorization from that user (unless that user has intentionally made them available for public access). Nor should users attempt to interept any systems communications, such as electronic mail or terminal dialog. Programs should not store information about other users without the users' prior knowledge. Personal information about another individual, which a user would not otherwise disseminate to the M.I.T. community, should not be stored or communicated on the system without the other individual's permission. Such information includes grades, evaluation of students, and their work. @Heading(System Integrity) Actions taken by users intentionally to interfere with or to alter the integrity of the system cannot be permitted. These include unauthorized use of accounts, impersonation of other individuals in systems communications, attempts to crack passwords or encryption, and destruction or alteration of data or programs belonging to other users. Equally unacceptable are intentional efforts to restrict or deny access by others to any of the resources of the system. @Heading(Intellectual Property Rights) Some software and databases that reside on the system are owned by users or third parties, and are protected by copyright and other laws, together with licenses and other contractual agreements. Users must abide by these restrictions. Such restrictions may include prohibitions against copying programs or data for use on non-Athena systems or for distribution outside M.I.T., against the resale of data or programs or the use of them for noneducational purposes or for financial gain, and against public disclosure of information about programs (e.g., source code) without the owner's authorization. It is the responsibility of the owner of protected software or data to make any such restrictions known to the user.