Bruce Scheiner's Cryptogram for this month had an interesting bit about
UCITA. Take a look at this excerpt:
> The Uniform Computer Information Transactions Act (UCITA)
>
>
>
> Virginia Gov. James S. Gilmore III signed the UCITA, and it is now law in
> Virginia. The Maryland legislature overwhelmingly passed the bill, and it
> is on its way to become law in that state.
>
> I put this horrible piece of legislation in the Doghouse last month, but
> it's worth revisiting one portion of the act that particularly affects
> computer security.
>
> As part of the UCITA, software manufacturers have the right to remotely
> disable software if the users do not abide by the license agreement. (If
> they don't pay for the software, for example.) As a computer-security
> professional, I think this is insane.
>
> What it means is that manufacturers can put a back door into their
> products. By sending some kind of code over the Internet, they can
> remotely turn off their products (or, presumably, certain features of their
> products). The naive conceit here is that only the manufacturer will ever
> know this disable code, and that hackers will never figure the codes out
> and post them on the Internet.
>
> This is, of course, ridiculous. Such tools will be written and will be
> disseminated.
>
> Once these tools are, it will be easy for malicious hackers to disable
> peoples' computers, just for fun. This kind of hacking will make Back
> Orifice look mild.
>
> Cryptography can protect against this kind of attack -- the codes could be
> digitally signed by the manufacturer, and the software wouldn't contain the
> signature key -- but in order for this to work the entire system has to be
> implemented perfectly. Given the industry's track record at implementing
> cryptography, I don't have high hopes. Putting a back door in software
> products is just asking for trouble, no matter what kinds of controls you
> try to put into place.
>
> The UCITA is a bad law, and this is just the most egregious
> provision. It's wandering around the legislatures of most states. I urge
> everyone to urge everyone involved not to pass it.
>
> Virginia:
> <http://www.washingtonpost.com/wp-dyn/articles/A6866-2000Mar14.html>
>
> Maryland:
> <http://www.idg.net/idgns/2000/03/29/UCITAPassesMarylandHouse.shtml>
