[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips May 13, 2002

Clips May 13, 2002


ARTICLES

Credit Card Theft Thrives Online as Global Market Losses Grow
Rambus faces antitrust lawsuit
Pentagon alienating elite science advisers
Voinovich bill would create a post to manage work force shrinkage
Kansas Teen Sentenced After Hackings
LSU Sues Law Student Over Web Site
A New Direction for Intellectual Property
Spam, efforts to fight it, both on the rise
Pope Gives Internet His Blessing
What Does Google Say About You?
With '.pro' Comes a Certifiable Snub
Wireless Outlets
Bill Would Let Firms Share Customer Data
Biotech firms figure into homeland security
State's 'Tracker' system follows weapons trail
Vulnerability Is Discovered in Security for Smart Cards
The Yahoo Privacy Storm That Wasn't
For Old Parts, NASA Boldly Goes . . . on eBay
More Data on Doctors Backed
Teaching goes virtual in Pakistan
Getting tough on spam
In Free-Music Software, Technology Is Double-Edged
11 courts put criminal case files online
Microsoft pitches schools new licensing option
ID thieves mine for gold on jail sites
Outage dumps Microsoft MSN users
A cookieless Web monitor?
Mushrooming homeland security budgets face Hill scrutiny
Federal, state and local agencies on a quest to secure America's borders
'Operation Web Sweep' targets porn
U.S. to develop portal for comment on pending regulations






******************
New York Times
Credit Card Theft Thrives Online as Global Market Losses Grow
By MATT RICHTEL

Tens of thousands of stolen credit-card numbers are being offered for sale each week on the Internet in a handful of thriving, membership-only cyberbazaars, operated largely by residents of the former Soviet Union, who have become central players in credit-card and identity theft.

The marketplaces where credit card prices fluctuate with supply and demand in a sort of black stock market offer a window into a crime that costs the financial system $1 billion or more a year. They also show how readily personal information is being stolen and traded in the computer age.

But the same Internet technology that has enabled the theft and sale of credit cards also provides a veritable transcript of the criminal activity, and a real-time peephole into the attitudes, ethic and sometimes honor among the thieves. The chat forums indicate as well that several dozen of the top participants recently have discussed gathering at a credit-card reseller's conference in Odessa, Ukraine, at the end of this month.

"It's straight out of Capitalism 101 it's become a big industry," said one high-technology executive who surreptitiously monitors the Internet card markets, and who noted that the market price of credit cards fluctuates daily based on supply which, he said, is copious. "There appears to be an endless supply of cards out there," he said.

In recent days, the cost of a single credit card has been between 40 cents and $5 depending on the level of authenticating information provided. But the credit-card numbers typically are offered in bulk, costing, for example, $100 for 250 cards, to $1,000 for 5,000 cards, with the sellers offering guarantees that the credit-card numbers are valid.

Security experts say the buyers of the card numbers in these forums are all over the world, but often come from the former Soviet Union, Eastern Europe and Asia, specifically Malaysia. The buyers use the numbers in a variety of frauds, including making purchases over the Internet, having them fenced in the West, or even extracting cash advances directly from the credit-card accounts.

Security experts say the people living in the former Soviet Union often in Russia and Ukraine who are operating the marketplaces are typically buying the card numbers from so-called black-hat computer hackers. These hackers obtain the card numbers by breaking into computer systems of online merchants and getting access to thousands of credit-card records at a time.

"This is highlighting a tremendous lack of security," said Richard Power, editorial director of the Computer Security Institute, an association of computer security professionals that recently published a report with the Federal Bureau of Investigation on computer crime. "In the old days, people robbed stagecoaches and knocked off armored trucks. Now they're knocking off servers."

The ultimate cost of this is hard to estimate, according to financial analysts, though they say it is a fraction of the total size of the credit-card industry. A recent survey from Celent Communications, a market research firm, found that credit-card payment fraud will cost online merchants a minimum of $1 billion a year, which is not insignificant, though it pales in comparison to the more than $900 billion that Visa alone processes annually.

The cost to individual businesses, however, can be dramatic. In January 2000, an extortionist based in Russia demanded $100,000 from an Internet music retailer, CD Universe, by posting credit-card numbers stolen from the company's database to a Web site, which was subsequently shut down by the F.B.I. Last year, people close to Flooz.com, a bankrupt purveyor of certificates used for online purchases, said one reason the company failed was that it had unknowingly sold $300,000 of its currency to credit-card thieves in Russia and the Philippines.

Generally speaking, the Celent report found that the fraud rate on the Internet is 0.25 percent for Visa and MasterCard transactions, significantly higher than the 0.08 percent for Visa and 0.09 percent for MasterCard in the offline world. The typical consumer is generally protected from these costs, since consumers are not held liable for most fraudulent charges, but credit-card interest rates can rise because of crime, and consumers may have to deal with the aggravation of removing charges they did not make.

Mr. Power, from the Computer Security Institute, said: "You don't want to be an alarmist and say, `The sky is falling, and Visa is going to crumble.' But the financial losses involved in this kind of theft are underestimated, underreported and underacknowledged," estimating the worldwide cost is in the "double-digit billions."

"There's a lot more hemorrhaging going on than some people believe," he said.

The Internet sites of the online marketplaces are mostly known only to their participants though that number can run as high as 2,000 registered users. The site operators change their online addresses frequently to prevent monitoring by law enforcement. In the past, credit-card traffickers did business in private chat rooms on the Internet Relay Chat, a communication network, and now they also use the World Wide Web, where it is easy to start and shut down sites to avoid detection.

But there are security professionals who surreptitiously listen in, tracking the supply of card numbers and prices.

John Shaughnessy, senior vice president for risk management and fraud control at Visa USA, said the company was aware of online marketplaces and sought to monitor them, when it could find them. He said it appeared that many of the buyers and sellers of cards were in Asian countries and the former Soviet Union. Some people familiar with the trend have also said that stolen credit cards were being purchased by people in Saudi Arabia and Dubai, United Arab Emirates.

Mr. Shaughnessy said Visa had worked closely with the F.B.I. on these issues. Officials at the F.B.I. did not return calls for comment.

Even though the activities of the marketplace can be monitored, this does not mean participants can be easily caught, since they do not use their real names or give their whereabouts, and they make their payments through secure money transfers over the Internet that are not easily traced. But the Web sites offer a profile of the typical participant and of the way they do business.

A security expert who monitors several of the bazaars said one of the most active was run by a Ukrainian 18 or 19 years old who went by the name "Script." The operator lives in Odessa. He is among about nine members of a clique, whose members call it "the family," and who are considered the most powerful and reliable of the middlemen.

In a recent transcript, the dealer who operates the forum posted in a typical note: "I am selling Visa and MC (American cards)." He added, "The minimal deal size is 40$."

He also listed a higher price if the deal included the card's CVV2 code, a printed security code that appears on credit cards and is supposed to prevent fraud. Merchants are not supposed to record the code in their databases, but they sometimes do, which means that hackers can get access to this higher level of information. On the online forum, the seller noted that 100 cards with the CVV2 code cost $300.

A discussion then ensued involving his former buyers, attesting to the seller's reliability. One buyer wrote, "This guy's always slightly more expensive, but his stuff is good." Another wrote: "This guy is awesome. He always gave me three times the number of cards I paid for."

The endorsements are a somewhat surreal reproduction of the rankings given to sellers on legitimate e-commerce sites, like the auction site eBay, or to authors by readers on Amazon.com. The feel of the site is one of pure capitalism, replete with marketing. The seller who operates the site sometimes posts online banner advertisements for his service.

The sellers usually ask for payment to be made through online accounts, like www.WebMoney.ru, where money can be electronically deposited, wired, then transferred to a bank account.

The discussions on the forum have a definite anti-Western bent, particularly anti-American. They are critical of American foreign policy. Some of the members of the forum also express anti-Semitic views.

There is not much social interaction, but it is not unheard of. The participants will brag about using their spoils to take vacations, for instance, to Bulgaria or Dubai.

Recently, there was a discussion that nearly 40 members of the group would meet in Odessa on May 31, at the first "World Carders" conference, though the organizers appear to have moved the talk to a more private setting.
*******************
USA Today
Rambus faces antitrust lawsuit

By Jayne O'Donnell, USA TODAY

The Federal Trade Commission is preparing an antitrust lawsuit against once-highflying computer-chip maker Rambus, people familiar with the case say.

The FTC lawsuit would charge that Rambus worked with the computer industry to adopt a memory-chip standard while quietly applying for patent rights to it.

Chipmakers could pay Rambus $1 billion in royalties before the case is won or they figure out how to design around the patent.

FTC officials wouldn't comment.

Rambus general counsel John Danforth says the written rules governing the semiconductor trade group that worked on the standards require companies to disclose approved patents, not pending patents. But John Desmarais, who represents chipmaker Infineon, which won a case against Rambus that is on appeal, says the trade group's manual requires all patent applications to be disclosed.

A few years ago, Rambus was the darling of the tech world because it was reinventing computer memory. Big PC makers continue to sell computers with Rambus' technology and consumers are paying extra to get it because it is faster. Intel's next-generation network processor and Sony PlayStation 2 use Rambus' memory.

The FTC lawsuit would seek to prevent Rambus from collecting royalties on its SDRAM memory and possibly its more advanced DDR memory, according to lawyers familiar with the FTC probe.

Rambus is expected to fight the FTC in court. Danforth would not comment on the company's plans.

Companies often work together to develop industrywide standards for products so that equipment made by different manufacturers can be used interchangeably. For instance, a standard for VHS videotape makes it usable in all VHS videocassette recorders.

The FTC watches for patent violations during this process because competition can be hurt if companies are forced by the standards to use a patented product.

The FTC also is investigating whether energy company Unocal patented clean-fuel formulations while helping draft a standard that oil companies say mandates Unocal's process. Unocal has said its process is not the only way to make gas meeting the standard.

The FTC has closed a probe into whether Sun Microsystems failed to disclose patents while helping draft an industry standard for computer memory modules.
*******************
Mercury News
Pentagon alienating elite science advisers

WASHINGTON - For more than 40 years, an elite group of academic scientists has provided the federal government with largely classified advice on the most vital issues of national security. Every summer they have met behind closed doors for almost two months near San Diego, emerging with judgments that have helped shape the nation's policies -- from ending nuclear testing to preparing for the danger of bioterrorism.

But when the Pentagon tried to redirect the group, known simply as ``Jason,'' toward information technology and force it to accept Silicon Valley executives in its ranks, the scientists balked. And now this highly secret group of advisers and the independent science-based analysis it provides may be in jeopardy.

Many in the scientific community say the federal government still desperately needs such unbiased assessments, especially in a time of war. Some have criticized the Bush administration for endangering this unique source of analysis for classified national security projects. Some of the group's findings are at odds with the administration on two key issues: the feasibility of a national missile-defense system and the potential need to resume nuclear testing to ensure the weapons stockpile remains usable.

``The Jasons are a national resource. Republican and Democratic presidents have found their advice invaluable. It's a real shame,'' said Joseph Cirincione, a senior associate at the Carnegie Endowment for International Peace, a Washington think tank. ``These are not defense critics, these are technical experts who are providing their technical assessment of things ranging from `star wars' weaponry to designs for defensive armor.''

Source of dispute

The dispute, according to members of Jason, stems from an attempt by the director of the Defense Advanced Research Projects Agency, known as DARPA, to force the traditionally self-selecting group to accept three members. Among the three are two executives from Silicon Valley, one from an Internet-related company and another from a computer firm, said one member of the group, who, like other Jason members, declined to name the individuals. The third person is an engineer from the Washington, D.C., area.

The Jasons, named after the mythical Jason and the Argonauts, said the three did not meet the group's rigid standards, which include having significant research accomplishments, being a tenured professor at a research university and being willing to commit to a lengthy annual summer research session. When the group refused to accept the three earlier this year, DARPA revoked its $1.5 million annual funding, Jason members said.

The loss of the main source of money for Jason has put the group's future in jeopardy. Members say they are close to securing a new main sponsor at the Pentagon, but no agreement has been reached. Even if a deal can be worked out, the funding problems already have delayed important research, according to Jason.

``The Jasons are a very active and patriotic lot and would like to continue their work,'' said Steven Block, a member of Jason and a professor of applied physics and biological sciences at Stanford University. ``It's really quite a pity that what I believe is political influence is having such a deleterious effect at a time when our nation should be pulling together, and not apart, to deal with issues of international terrorism.''

DARPA Director Tony Tether declined to comment on the dispute. Agency media officer Jan Walker also would not comment on the accusations that Tether tried to force members into Jason. She said the reason DARPA ended its financial support for the group was because Jason failed to adapt to the times.

``The Jasons were very valuable during the Cold War. They looked at things such as submarine detection, things that were highly physics-oriented,'' Walker said. ``After the Cold War ended, a lot of the technology development moved toward information technology, and the Jasons chose not to lose their physics orientation to focus on DARPA's current needs.''

Jason members say that assertion is wrong, noting that nearly 40 percent of its scientists have doctoral degrees from fields other than physics. Among those fields are computer science, biology and chemical engineering, Block said. Jason produced 10 reports on biological issues alone between 1997 and 2001.

``To suggest that somehow Jason is a group of aging Cold Warriors that are increasingly irrelevant flies in the face of the known expertise of Jason, the known makeup of Jason and the recent product of the group,'' Block said.

DARPA, the Pentagon's risk-taking research arm that created the Internet, for decades has been the main sponsor of Jason, which was founded in 1959. The ad hoc group's roughly 40 members work part time for the government, taking leaves from their universities to work on projects, mostly during a six- to eight-week session each summer in La Jolla, the beach community north of San Diego.

Jason keeps an intentionally low profile, largely because of its classified work. There is no comprehensive list of members, and professors who are Jasons rarely mention the job on their résumés. Started by midcareer scientists who felt it was time for a new generation to become involved in national security issues, Jason tries to remain young. New scientists are routinely rotated in and older members become less-active senior advisers when they turn 65.

Originally all male because of the era in which it was formed and the heavy emphasis on the male-dominated field of physics, Jason has branched out into other fields, and about 10 percent of its members are women.

The vast majority of Jason's 20 to 30 annual studies remain classified, making its impact hard to gauge. But shortly after the group's partially declassified 1995 report that low-yield nuclear tests were not necessary to maintain the nation's weapons stockpile, former President Bill Clinton declared his support for a comprehensive nuclear test ban treaty. After a 1997 Jason report that questioned whether the government would be able to map the human genome by its 2005 deadline, the pace of the program greatly accelerated.

Jason has been scrambling to replace DARPA's sponsorship in time to save this summer's session, set to begin in mid-June. The chair of the group's steering committee, Steven Koonin, said Jason is close to an agreement with the Defense Research and Engineering agency, the arm of the Pentagon that, ironically, oversees DARPA.

Delay on key projects

As it is, the funding problems have already delayed work on projects important to national security, said Koonin, a professor of theoretical physics at the California Institute of Technology who also is the Pasadena college's provost.

``Some are relevant to counterterrorism,'' Koonin said. ``They're important in both short and long term, and we are frankly pretty frustrated.''

Among those preaching the value of the group's continued existence is John Marburger, director of the White House Office of Science and Technology Policy.

``This is a group of scientists who are among the most talented and experienced in the nation, and the scientific standards that they maintain are very high. And you would always want to have a group like that available to advise the government on issues that may arise that require that type of analysis,'' Marburger said.

Koonin said the group does not take policy positions in its research but simply makes scientific assessments of government projects.

``We still write reports that have equations in them. I don't think there's any other group that does that,'' said Koonin, who has been a Jason for about 15 years. ``Our job is to provide honest, technical advice, and we're not going to shrink from doing that.''
*********************
Government Computer News
Voinovich bill would create a post to manage work force shrinkage
By Dipka Bhambhani

Congress may consider a bill that would call for federal agencies to appoint a chief human capital officer to address the problems of a dwindling federal IT work force.

Republican Sen. George V. Voinovich of Ohio plans to sponsor a bill establishing the post and giving agencies funds to offer recruitment and retention incentives.

The human capital managers would make up a new CHCO Council led by Office of Personnel Management director Kay Cole James, said a staff member for the Senate Governmental Affairs Committee.

"With initiatives included in my bill to recruit and retain qualified employees, it is my hope that we can convince more IT professionals that the federal government is a great place to pursue a career," Voinovich said.
*********************
Reuters News Service
U.S. Adopts New Internet System on Student Visas
Fri May 10, 4:58 PM ET
By James Vicini

WASHINGTON (Reuters) - Facing criticism over how easily some of the Sept. 11 hijackers entered and moved about the United States, Attorney General John Ashcroft (news - web sites) said on Friday a new Internet-based system will start in July to better track the 1 million foreign students in this nation.


Colleges, universities and trade schools will have to collect and report information to the U.S. Immigration and Naturalization Service (INS) under the system, initially voluntary but later mandatory, he told a news conference.

"For too long our student visa system has been a slow, antiquated, paper-driven reporting system incapable of ensuring that those who enter the United States as students are in fact attending our educational institutions," Ashcroft said.

The system will make the student information available centrally to the INS in a database and will allow the schools to transmit it electronically via the Internet, he said.

The system has been under development by the INS for years under a law adopted by Congress in the mid-1990s. The data that must be reported includes a student's failure to enroll and whether the student dropped out or was expelled.

Ashcroft said schools may voluntarily participate on July 1, though under the proposed rule, they must participate by Jan. 30 of next year.

The INS has come under increased scrutiny in the wake of the Sept. 11 attacks on the World Trade Center and the Pentagon (news - web sites). All 19 suspected hijackers who carried out the attacks entered the country legally, although three had overstayed their visas.

INCREASED SCRUTINY

The INS was embarrassed in March, exactly six months after the attacks, when a Florida flight school received notification from the INS that student visas had been approved for two suspected hijackers, Mohamed Atta and Marwan Al-Shehhi.

One of the hijackers, Hani Hanjour, used a student visa to enter the United States, saying he wanted to study English, but he never showed up at the school.

Ashcroft made the announcement before the release, expected later this month, of a critical report by the Justice Department (news - web sites)'s inspector general.

"Schools will be accountable for confirming the status of student visa holders. The Immigration and Naturalization Service will be accountable for enforcing violations of that status," he said.

"Rapid access to current, complete information on foreign students will improve dramatically the INS's capability to enforce immigration laws and keep track of this group of noncitizens in the United States," he said.

Ashcroft said the new system will reduce the time lag on when the INS receives information. He said it was developed "in consultation" with representatives of U.S. colleges and universities.

Terry Hartle, senior vice president of the American Council on Education, a trade association representing 1,800 colleges and universities, said: "The bottom line here is this is what INS should be doing and we're fully supportive."

He called it a "huge undertaking" under a very ambitious timetable, saying the system linking up as many as 70,000 schools "dwarfs anything INS has ever done before."
***************************
Government Executive
Tracking device in passports could help locate terrorists
By Siobhan Gorman, National Journal

Each year, about 100,000 U.S. passports are reported lost or stolen. And an estimated 100,000 passports issued by countries whose citizens don't need a visa to visit the United States have also been stolen in recent years.


The problem isn't a minor one. At least one of the September 11 hijackers is believed to have entered the United States with a stolen passport. Three of the terrorists had reported their passports stolen so they could get clean ones that didn't show their travel histories. Last fall, two of the killers of Afghan opposition leader Ahmed Shah Massoud were holding stolen Belgian passports. And during the ongoing war in Afghanistan, abandoned caves have been found littered with blank U.S. and European passports. So, what if stolen passports could notify their home country of their exact location?


They could if they were equipped with a radio-frequency identification tag about the size of a large paper clip. The tag could be embedded in a passport and loaded with information that could confirm the identity of the holder. It would be tough to counterfeit, too.

Such tags were originally designed to help grocery stores manage their stock and to help Gillette combat the burgeoning black market for its stolen razors. Commercially, they're thought of as the successor to the bar code.


In the security world, some researchers suggest that the tags could be coupled with biometric technology that would allow a passport to be used only if the holder's fingerprint matched the information embedded in the passport. Jeffrey Jacobsen, president of Morgan Hill, Calif.-based Alien Technology, one of the leading manufacturers of the technology, estimates that the tags will be on the market by 2003 for about $10 each, but manufacturers say that with enough demand, the price could come down significantlyto, say, $2 to $3.

"They have huge potential here," said Paul Saffo, a director at the Institute for the Future, a research firm in Menlo Park, Calif. "It's not a silver bullet, but it's a powerful tool."

Powerful indeed. Border agencies could get a daily e-mail listing the locations of all the passports belonging to people whose visas have expired but who are still in the country. The FBI could affix the devices to the belongings of someone they are trying to follow. An investigator suspicious that a terrorist plot is being hatched in a particular location could use a computer to call up all the passports in that area.

One of the most intriguing possibilities is the idea of combining the tags with what Alien Technology calls NanoBlocks, which are sensors to detect biological and environmental changes. Developed initially by military researchers to detect spoiled food, these sensors could eventually be programmed to identify all kinds of harmful substancesanthrax, for exampleand e-mail the appropriate person if something is detected.

These sensors, which Jacobsen said could cost as little as 1 to 5 cents each, could be coupled with a radio-frequency tag and placed virtually anywherein a building's ventilation system, in various locations in an airplane, or in a reservoir. He said that sensors for different types of chemical and biological hazards could be developed over the next 18 months to five years. "You're talking about adding a few dollars to every plane and knowing everything that's going on that might hurt you," Jacobsen says.

Until recently, radio-frequency identification technology was hampered by an international turf war. Several different companies had developed their own frequencies and their own way to read the frequencies, which made the technology expensiveand not particularly useful. In January 2001, a group of international companies got together to form the Auto-ID Center at the Massachusetts Institute of Technology, and agreed to decide on a common frequency. Since then, manufacturers such as Alien have been working to reduce their production costs to bring prices down.

Of course, none of this technology would be used without a vigorous civil-liberties debate. "There's this thing of mission creep or function creep," worries Mihir Kshirsagar, a policy fellow at the Electronic Privacy Information Center. "Would it be used for other documents? Would it be used for other things? The idea is very similar, in some of its privacy implications, to saying, `Why don't we put a chip on the person?' " And Kshirsagar has a larger worry: If the U.S. government can pick up a passport's signal from anywhere in the world, couldn't a well-heeled terrorist group do the same?

Calling this technology "FedEx tracking on steroids," Deirdre K. Mulligan, director of the law and technology clinic at the University of California at Berkeley, cautions that any technology has limitations. "You can have better technology to know moment by moment where [potentially dangerous foreigners] are," she said. "But if [we] don't have enough people to round them up, what good does it do?"
*************************
Newsbytes
Kansas Teen Sentenced After Hackings

A Kansas teenager has pleaded guilty to hacking the official Web site of Stockton, Calif. and telling city officials he would secure it if they gave him a laptop computer.
Matthew Kroeker, 18, was sentenced to serve two years probation and pay at least $18,000 restitution, his attorney Kevin Moriarty told Newsbytes. Kroeker pleaded guilty to four felony counts of computer crime in Johnson County District Court last week.

Kroeker has learned a "valuable lesson" in the three years since the episodes began, Moriarty said. He was charged in March with 11 felony counts for allegedly defacing more than 50 sites during 2000 under the name "Artech."

State prosecutors had intended to charge him as an adult under Kansas' computer crime statutes.

Among Kroeker's targets was the Internet home page of the City of Stockton, Calif., which was replaced in June 2000 with one that simply said "Tard." Soon city webmaster Cathy Sloan received an e-mail signed "Matt," who took credit for the defacement and offered to help secure the site in exchange for a laptop computer.

She played along with Kroeker while Stockton technology staffers tried to trace Kroeker's e-mail. The case was first given to the FBI because he was suspected of defacing federal agency Web sites, but went back to local authorities due to Kroeker's age.

Kroeker defaced the U.S. Department of Transportation's information services Web site with the words, "Artech - America's biggest screw up!"

Reported by Newsbytes, http://www.newsbytes.com .
*********************
Newsbytes
LSU Sues Law Student Over Web Site

Douglas Dorhauer has a tiger by the tail. The second-year student at Louisiana State University's law school is the target of a trademark infringement lawsuit by the school because he operates a Web site called LSULAW.com.
The school's lawsuit, which is documented on Dorhauer's site, alleges that his use of the registered mark "LSU" creates a "mental association" with the school.

LSU further contends that the LSULAW site is "confusingly similar" to the school's site, which is at http://law.lsu.edu, and "has created actual confusion in the minds of the public as to the source of the information contained in the site."

The suit asks the U.S. District Court for the middle district of Louisiana to bar Dorhauer from using the LSU name, logos and symbols.

Dorhauer insists the site is for his personal use, is noncommercial and therefore does not violate trademark laws. He said he bought the domain name in March 2000 when he was accepted to the Paul M. Hebert Law Center at Louisiana State University - the official name of LSU's law school.

"I started using it for the e-mail address, then I used it to create a calendar for important dates," said Dorhauer. "The official site had information all over the place, so I put things that I needed in a place I could get to with one click."

In October 2001, two vice chancellors at the law school asked Dorhauer to give up the domain name. "I refused because it's my property," he said. "One vice chancellor cursed me out and called me a cybersquatter. I've dealt with their lawyers since then."

Dorhauer has posted copies of the correspondence between he and the school's attorney, Marc Whitfield, on his site.

On Nov. 30, 2001, Whitfield wrote Dorhauer asking him to cease and desist his "unauthorized use of the mark 'LSU'" in the domain name and title of his site. Whitfield said the school had reported incidents of confusion by students "who did not realize that your LSULAW.com site was not an official or affiliated Web site of the LSU Law Center."

Whitfield asked Dorhauer to delete "LSU" from the domain name and title of the Web site; post a prominent disclaimer on the home page stating no affiliation, approval, sponsorship or relationship with the LSU Law Center and LSU or both; delete a designation as the "official site of LSULAW.com"; and remove all hyperlinks to the official law school Web site.

In Dorhauer's Dec. 19, 2001, response, he asserted his site was noncommercial. He stated that he did not hope to sell the site and the domain name, nor did he intend to make a profit from visitors to the site.

"If there is any particular feature of my LSULAW.com Web site which denotes commercial activity, please let me know, and I will immediately make all necessary changes," he wrote in the letter.

According to Dorhauer, his legal research found the trademark statutes cited by Whitfield apply only if Dorhauer's site used the mark "LSU" for any commercial purpose.

"In short, nothing in the selection of laws you cite is in any way applicable to the present matter," he wrote.

Dorhauer refused to abandon the LSULAW domain name, nor would he agree to place a prominent disclaimer on his home page or remove all links to LSU. He agreed only to change the title of the pages of his site from "The Official Site of LSULAW.com" to "LSULAW.com."

When Dorhauer did not receive a response to his Dec. 19, 2001, letter, he wrote a second letter on Feb. 8, 2002, asking for an update on the status of the matter. Whitfield responded three days later with a threat of a lawsuit.

"We have reviewed your opinions and analysis of our claims and respectfully disagree with the conclusions you reach. We also respectfully acknowledge your status as a law student and therefore we do not expect that we can convince you of our legal position," Whitfield wrote.

"Therefore, it appears that litigation is the only remaining alternative to resolution of these legal issues and I expect that we will be filing suit shortly," he added.

On March 4, Dorhauer wrote Whitfield asking that the matter be resolved without litigation. On April 20, Dorhauer received the lawsuit in his mailbox.

"I got the lawsuit 12 hours before my final exam," said Dorhauer. "I might think that was a coincidence, but the cease and desist letter came during finals, also."

Dorhauer's response is due June 23. Classes are over for the summer, and he is working as a clerk in a Baton Rouge law firm while he contemplates his counterclaim options.

"I think there are emotional distress issues," he said. "Almost all judges were law students, so they can appreciate the distress of being sued while in law school. Especially with a pattern of doing these things around final exam time," he added.

Two legal experts contacted by Newsbytes who are not involved in this dispute said Dorhauer has some good points, but probably will lose his case.

Joan Long, a trademark attorney in Chicago said one problem for Dorhauer is his site is too well done.

"At first blush, this case is a First Amendment issue over the right to make critical comments about the school," said Long. "But the real issue is, might his site be confusing?"

Long said the "Ballysucks.com" case was the first case to test the use of a trademarked name in a domain name - as LSULAW.com does. She said the precedent set in the Ballysucks case was there clearly was no endorsement of the site by Bally because of the name.

"Trademark infringement exists only if there is a likelihood of confusion," she said. "His site does almost look official because it adopts the school colors and it has a calendar and other things you would expect on an official site.

"It pushes the envelope," she added.

Blaney Harper, a Washington, D.C.-based patent attorney with experience in domain-name disputes, agreed with Long that Dorhauer's site looked like it could be an official site, and therefore could cause a problem.

"Trademark law is all about consumer confusion, and if someone looking for information about LSU's law school typed in LSULAW.com and this site came up, there might be confusion. Especially because it has the same colors (purple and gold)," Harper said.

Dorhauer has a "disclaimer" on his site stating there is no connection between LSULAW.com and the school he attends. However, Long pointed out that a visitor would have to click on a link marked "notice" to reach the disclaimer.

She also said she did not see a small notation on the home page that read, "Not affiliated with the Paul M. Hebert Law Center" until it was pointed out to her.

"If I was unfamiliar with the school, I might not even know the official name, so that might not mean anything to me, anyway" said Long. "If he had something across his page in a large font that said, 'Not the official site' or 'Not LSU Law School,' that might be different. But not this tiny disclaimer."

Harper said the size of the disclaimer is not an important issue, because someone surfing the Web has to come to Dorhauer's page first to see it.

"There is lots of case law on using well-known trademarks in domain names. Several years ago, people registered names like Cocacola.com and tried to hold up the owners of the trademarks. The courts have been killing these people the last two years."

"This guy says he is not trying to hold LSU up, but he still is using a trademarked name," Harper continued. "The fact that his site is not commercial is helpful, but I'd rather have the school's argument than his."

Harper said because Dorhauer is a student at LSU's law school, he is "close" to the school.

"It's not like he is a foreign student with a coincidental domain name spelling like 'Liechtenstein State University,'" he said.

Dorhauer said many of the issues raised by Long and Harper concerning the colors and the layout of his site "could have and should have" been addressed by the school before they filed a lawsuit.

"I have been willing to change the colors, but they didn't even have the courtesy to pick up the phone and call me," he said. "I'm going to stick with the colors because I think I have a right to use them."

As for the issue of consumer confusion, Dorhauer said the intellectual property attorneys he has spoken with told him visitors to his site are not "consumers."

"If I was selling LSU mufflers, for example, then there might be confusion," he said. "But I have kept commercial elements off my site. There is no trade, and trade is a part of trademark."

The school's attorney did not return phone calls requesting comment on this story.

Dorhauer's site is at http://www.lsulaw.com .

The LSU law school is at http://law.lsu.edu .

Reported by Newsbytes.com, http://www.newsbytes.com
*****************
New York Times
A New Direction for Intellectual Property

Perceiving an overly zealous culture of copyright protection, a group of law and technology scholars are setting up Creative Commons, a nonprofit company that will develop ways for artists, writers and others to easily designate their work as freely shareable.

Creative Commons, which is to be officially announced this week at a technology conference in Santa Clara, Calif., has nearly a million dollars in start-up money. The firm's founders argue that the expansion of legal protection for intellectual property, like a 1998 law extending the term of copyright by 20 years, could inhibit creativity and innovation. But the main focus of Creative Commons will be on clearly identifying the material that is meant to be shared. The idea is that making it easier to place material in the public domain will in itself encourage more people to do so.

The firm's first project is to design a set of licenses stating the terms under which a given work can be copied and used by others. Musicians who want to build an audience, for instance, might permit people to copy songs for noncommercial use. Graphic designers might allow unlimited copying of certain work as long as it is credited.

The goal is to make such licenses machine-readable, so that anyone could go to an Internet search engine and seek images or a genre of music, for example, that could be copied without legal entanglements.

"It's a way to mark the spaces people are allowed to walk on," said Lawrence Lessig, a leading intellectual property expert who will take a partial leave from Stanford Law School for the next three years to serve as the chairman of Creative Commons.

Inspired in part by the free-software movement, which has attracted thousands of computer programmers to contribute their work to the public domain, Creative Commons ultimately plans to create a "conservancy" for donations of valuable intellectual property whose owners might opt for a tax break rather than selling it into private hands.

The firm's board of directors includes James Boyle, an intellectual property professor at Duke Law School; Hal Abelson, a computer science professor at the Massachusetts Institute of Technology; and Eric Saltzman, executive director of the Berkman Center for Internet and Society at Harvard Law School.
*****************
Computerworld
Spam, efforts to fight it, both on the rise

The increasing pain of dealing with unsolicited bulk commercial e-mail, commonly known as spam, is prompting new moves to stamp out the unwanted messages. But industry experts warned this week that proposed legislative approaches to the spam problem won't likely succeed without the aid of corporate users.
Some service providers have had enough. For example, Fairport, N.Y.-based PaeTec Communications Inc. last week said it had disconnected a direct e-mail marketing company from its broadband network after a New York appeals court overturned an injunction that had prevented it from doing so.

And late last month, San Mateo, Calif.-based UltraDNS Corp., which manages Internet domains and directories for companies, called for the creation of an industry consortium to lobby for the passage of antispam legislation.

But until businesses spell out out the true costs of the spam that bombards their internal networks, it will be difficult, if not impossible, to craft useful legislation, said Ray Everett-Church, co-founder and counsel of the Coalition Against Unsolicited Commercial Email.

"The largest challenge in fighting for sound antispam legislation is getting the involvement of major corporations," said Everett-Church, whose organization advocates for such measures.

Most companies don't want to disclose what spam costs them on the receiving end, said Michele Rubenstein, a board member of the EMA Forum within The Open Group consortium in San Francisco. The EMA Forum is a group of users and vendors that addresses messaging technology issues.

"A lot of people are reluctant to admit that kind of information," Rubenstein said. "It's kind of like admitting your network has been hacked."

Raymond Huff, president of Trans Pacific Stores Ltd. in Lakewood, Colo., said he was able to stem the influx of spam three months ago by limiting the publication of employees' e-mail addresses on the Internet. But since then, the spam problem has gotten "five times worse" for the convenience store operator, he said.

The incidence of spam is doubling every six months, according to David Ferris, an analyst at Ferris Research Inc. in San Francisco.

Data from Brightmail Inc. backs up that claim: the San Francisco-based company said its antispam software measured 4.3 million spam blasts last month, up from 1.7 million in October.

UltraDNS CEO Ben Petro said the removal of spam from its network cost more than $300,000 in lost revenue last month, because some customers were blocked from sending mail to some domains. Petro said UltraDNS is targeting California and Delaware for possible state-level laws against spam, since so many companies are incorporated in those states.

Two bills that would set federal antispam provisions have already been introduced in the U.S. Senate this year. But Everett-Church said those measures could actually "legitimize some of the most egregious spam being sent."

Any legislation that gives individuals and companies the ability to fight the onslaught of spam "would be very welcome," said a spokesman for Kmart Corp. in Troy, Mich. "Even if it scares off 10% of the [spammers], that would help."

Kmart, which acts as an Internet service provider through its BlueLight.com LLC unit in San Francisco, takes "extensive steps" to avoid spamming customers, the spokesman said. But the spam that they receive from other sources "dilutes our message," he said. "At the end of the day, it hurts our bottom line."
*********************
Reuters Internet Report
Pope Gives Internet His Blessing
Sun May 12, 9:35 AM ET
By Luke Baker

VATICAN CITY (Reuters) - Pope John Paul (news - web sites) is putting his faith in the Internet.

In his weekly address at St. Peter's Square Sunday, the 81-year-old Pontiff said: "I've decided, therefore, to propose a big new theme for this year: 'The Internet -- a new forum for proclaiming the Gospel."'

The leader of the world's Roman Catholics didn't say how much he practices what he preaches -- for instance, whether he surfs the World Wide Web. He doesn't have his own e-mail address.

But the Vatican (news - web sites) does have an active Web site (www.vatican.va), the pope sent his first message over the Internet last year, and there's talk he is searching for a patron saint for Internet users.

"Recent progress in communications and information have presented the church with unheard-of possibilities for evangelism," he said.

"We shouldn't be afraid to put to sea in the vast ocean of information," he went on. "If we do so, the good news can reach the hearts of the men and women of the new millennium."

In the past, the pope has said the Web should be regulated to stop depravity in cyberspace. Sunday, he gave it his unwavering blessing.

"We have to become part of this modern and ever more finely woven web of communication with realism and confidence, convinced that, if it is used competently and with due responsibility, it can offer a sound opportunity for the dissemination of the word of the Lord."

Taken together, the pope's latest thoughts were a big step forward from January, when in his last comments on the Internet he emphasized its potential for harm, going so far as to say it could demean human dignity.

"Despite its enormous potential for good, some of the degrading and damaging ways the Internet can be used are already obvious to all," he said at the time.

Those comments raised the hackles of Internet die-hards who are generally against any form of censorship and any view that cyberspace should in any way be policed for content.

The Roman Catholic Church has traditionally adapted to discoveries through the ages, from the Renaissance to the invention of printing presses and the Industrial Revolution.

The Vatican has extensive media interests, with its own publishing house, a radio station, missionary news agency, television channel and newspaper.
****************
Washington Post
What Does Google Say About You?
By Rachel L. Dodes

W. Ashley Gum, a third-year student at the Georgetown University Law Center, has achieved a modicum of success in his 26-year life, having graduated with honors from Washington and Lee University, participated in the Barristers' Council moot court team, and earned various and sundry academic accolades.

Or so he said.

But according to the search engine Google, Gum has done a lot less. A search for "W. Ashley Gum" produced no hits at all. A query on "Ashley Gum" barely managed to confirm Gum's existence, revealing only that he was a Herndon High School wrestler who lost a match in 1991.

Was this man lying about his credentials, or has he managed to drift through the past decade without getting mentioned online?

Gum was not lying. He was just un-Googleable. "I feel as though I am a nonentity," Gum said.

Since "Googling" -- looking up a new acquaintance on Google before going out on a date -- has become a popular research tool, this could become a real liability.

It happens sometimes, said Google software engineer Matt Cutts. Your Web presence depends on things that you can't always control -- "how long you've been on the Internet, whether you have a home page, how actively you seek out social contacts online," he said.

Some people may be rendered Google-proof because they have a common name, such as Jason Smith (46,700 hits), or share a famous person's name, such as Will Smith (234,000 hits). Others, like Mr. Gum, just haven't had their accomplishments touted online -- yet. Either way, Cutts said there's nothing to be ashamed of.

Then again, he has nothing to worry about: His name yields 562 Google hits.

On the other hand, a healthy online presence can mean being besieged by stalkers and spammers.

Finding the right balance between recognition and privacy is difficult. Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center, a Washington-based nonprofit, outlined a few options for people seeking to control their own Google identity.

First, avoid participating in online discussion forums. For many people, that's too late: The Google Groups archive of newsgroup discussions contains messages dating as far back as 1979. "You could have a 10-year-old posting saying that you are a socialist," Hoofnagle said. If you find the urge to hold forth irresistible, the best way to protect yourself from leaving a search-engine trace is to assume a fake identity.

Don't post your regular e-mail address unless you can deal with the junk e-mail sent by spammers who use Web-crawling programs to harvest address data. Instead, post a throwaway address, or, if you must list your real account, write it out in word format ("JohnDoe at blank dot-com" instead of "johndoe@xxxxxxxxxx")

If your company creates a Web site about you, don't put your personal information on it. Nobody needs to know you're a Trekkie and an avid Rush Limbaugh listener.

But some personal data has a way of leaking onto the Web in ways you'd least expect.

Gerald Lundgren, an associate analyst at Sandler O'Neill, a New York investment-banking firm, said he would gladly trade online anonymity for his current situation: Lundgren was "horrified," he said, to find that his 34:45 running time for a four-mile race appeared on Google when he ran a search on his own name.

Lundgren insisted that he normally can run four miles in under 30 minutes.

A personal home page, which most search engines should flag as a high-priority link, may be the best defense against a bad rap online -- or no rap at all. Lundgren joked that he was going to create a Web site for himself at incaseyouregooglingme.com, on which he will post flattering photos of himself.

As for Gum, he would still like to be known online for something other than an 11-year-old wrestling match. At the end of an interview, he asked, "So, this is going to be on washingtonpost.com, right?"
********************
Washington Post
With '.pro' Comes a Certifiable Snub
New Domain for Professionals Draws Ire of the Ineligible

By Shannon Henry
Washington Post Staff Writer
Saturday, May 11, 2002; Page A01


Doctors, lawyers and certified public accountants are welcome to apply. Hairdressers, plumbers and real estate agents are maybes. Don't even bother if you're an athlete, photographer or musician.

The approval earlier this week of a new Internet domain address -- .pro, for professionals -- is dredging up an old question about the status of one's life work. Which careers are considered "professional," and which are not?

In the latest example of how the Internet imitates the real world, complete with professional snobbery, the .pro domain name will be available only to "certified" members of the medical, legal and accounting professions, although anyone can visit its sites. Other occupations that certify their members will be able to buy similar addresses eventually, but exactly who will be eligible and what proof of their credentials will be acceptable is still to be determined.

"I find it very elitist and condescending to other professions who give as much to our society as a doctor or lawyer," said Erinlynne Desel, a licensed massage therapist and spa director at Aveda in Georgetown. "I consider myself a professional."

Linda Cornfield, office manager of the 2,000-member Plumbers and Pipefitters Union in Aurora, Ill., was dismayed by the concept and the limitation to the three professions. She said plumbers would not like to be excluded from the option of getting a .pro address.

"It's a class thing," Cornfield said. "You're on this list because you're white collar and we're blue collar."

The .pro divide makes for some unusual contrasts: Dr. Dean Ornish from the "Oprah" show could have a .pro address, but Winfrey herself probably couldn't. Michael Jordan, or any other pro athlete, is a no but Jordan's lawyer would be welcome. There won't be a YoYoMa.pro, but accountants from Arthur Andersen LLP are perfectly fine candidates.

Sloan Gaon, chief executive of .pro overseer RegistryPro in New York, a unit of Register.com, said that as a mere company executive he wouldn't be eligible for what he calls the "gated community." But he happens to have a law degree, too.

"We certainly need to draw the line," Gaon said, perfectly comfortable with his role as career cop. "By opening it up to non-certifiable professions, we'd lose the trust."

Gaon said it is vital to limit who gets a .pro address because many professions don't have standard certifications, something his group will check before anyone is granted a .pro address. Gaon is promising Web users who communicate with .pro owners that they will have a secure dialogue with a trustworthy professional.

After a person applies for the domain name, RegistryPro will use a combination of public and private databases to delve into the applicant's history and records. The point is that when Web users go to a .pro address, they should feel confident that that person has been checked out, and that he is the person he says he is, Gaon said. "It's an online diploma."

Whether people will actually want a .pro address remains to be seen.

Letting consumers know which tattooists are certified and which aren't is attractive to Dennis Dwyer, who tattoos in Tucson. It would be helpful for people to know which tattooists are correctly sterilizing needles and can explain the procedure thoroughly, he said. "I'd be interested in being part of that group," Dwyer said. But he also said it didn't surprise him that tattooists didn't make the original list and he wouldn't be offended if they never were invited.

"It's not equal to a doctor," he said. "I wouldn't put us in the same category."

That's what Louis Touton, general counsel of the Internet Corporation for Assigned Names and Numbers, said. ICANN is a nonprofit corporation in Marina del Ray, Calif., that oversees the choices of domain-name registrars. Touton said those ineligible for .pro are more than welcome to go somewhere else in cyberspace. "There are certainly plenty of domain names," he said.

Indeed there are. Fifteen top-level domain names such as .com, .org and .museum are available, not to mention many more country codes such as .us, .jp or .uk.

If .pro physicians, lawyers or CPAs are disbarred, found guilty of malpractice or lose their professional licenses, they will also lose their .pro addresses, Gaon said. Owners of .pro addresses will be rechecked by RegistryPro once a year.

Jerry Phillips, who has been an innkeeper for 27 years and is executive director of the Professional Association of Innkeepers International in Santa Barbara, Calif., is in a profession that does not certify its members. Phillips said he never thought a piece of paper meant as much as the work itself. "Is it a degree, or is it I'm damn good at my job?" asked Phillips.

The whole concept of .pro, Phillips continued, is just the opposite of what the Web was originally all about -- a great equalizer where anyone and everyone could have the same access and communicate with all kinds of people.

"When I think of the Web, I think of inclusivity rather than exclusivity," said Phillips. "The Web was supposed to be an open place."
*********************
Washington Post
Internet Governance Body Eases Off Government Involvement


By David McGuire
Washtech.com Staff Writer
Friday, May 10, 2002; 5:23 PM


The body that manages the Internet's addressing system appears to be backing away - for now at least - from a proposal that would give world governments greater direct control over the global Domain Name System (DNS).

The Internet Corporation for Assigned Names and Numbers (ICANN) yesterday signaled its potential shift in the publication of a working paper outlining proposed reforms.

At a meeting in Ghana earlier in March, ICANN voted to begin its own restructuring, in the process abandoning plans to establish a global mechanism that could have allowed ordinary Internet users to directly elect some of ICANN's leaders.

Instead, the ICANN board of directors ordered an internal committee to develop a plan to reform the organization, drawing on a proposal submitted by ICANN President Stuart Lynn.

In its first official word on the subject, the reform committee this week endorsed many of Lynn's proposals for revamping the organization, but took a more ambivalent stance toward Lynn's proposal that world governments choose some of ICANN's leaders.

Citing perceived difficulties associated with bringing governments on board, the reform committee wrote, "we explore alternatives to direct government involvement in board selection because of the practical difficulties that have been expressed in implementing that idea in the near future."

The committee did not, however, decry government involvement, which some ICANN critics say would be an inadequate substitute for direct, public ICANN board elections.

The committee said that Lynn's proposal regarding government involvement had "significant merit."

"In particular, greater government involvement is one way to fill the vital need to reflect the public interest on ICANN's board through mechanisms that are practical, valid, affordable and not readily subject to capture."

The ICANN board, which has final say over all of the body's decisions, currently includes five members (out of 19) who were elected by the Internet public in a pilot election two years ago.

Lynn and other ICANN insiders have questioned the reliability of large-scale online elections, saying that they are vulnerable to "capture" by special interest groups. Lynn said that officials elected by world governments would do a more comprehensive job of representing public interests online.

Public interest groups and ICANN detractors have responded that public elections are the only way to keep ICANN's internal bureaucracy in touch with the needs of ordinary Internet users.

Karl Auerbach, a longtime ICANN critic who serves as one of the body's five elected board members, accused the reform committee - which is chaired by ICANN board member Alejandro Pisanty - of simply going along with Lynn's vision of a reformed ICANN.

Despite some tweaks made by the reform committee to Lynn's proposal, Auerbach called the committee's efforts "a rubber stamp of gargantuan proportions."

"They don't even raise the issue of ? holding public elections," Auerbach said.

Lynn disputed Auerbach's assessment.

"I think Karl is completely off base when he makes that kind of a comment," Lynn said, citing the changes to his proposal that the reform committee recommended.

While, the working paper appears to endorse Lynn's proposal that an internally selected ICANN nominating committee should choose many of ICANN's board members, the committee suggests significant changes to Lynn's proposed structure.

Responding to criticisms about the "closed nature" of the nominating committee approach, the working paper suggests bringing a more diverse group of Internet stakeholders into the nominating committee structure.

Lynn said that the committee really didn't endorse or criticize any proposals, but rather drew on public input to hone a more refined approach to reform.

Pisanty was not immediately available for comment on this story.
*****************
Los Angeles Times
Wireless Outlets
Enticed by the potential for profit, carriers and media giants aim to offer more audio and video content for cell phones
By RICHARD VERRIER
TIMES STAFF WRITER

May 13 2002

Spider-Man is coming to a phone near you. So are Tiger Woods, Smash Mouth, Britney Spears and Mickey Mouse in a wave of mobile entertainment sweeping across the wireless world.

In the months ahead, a growing number of cellular customers will be able to download ring tones, color graphics, movie trailers and games based on their favorite films, sports celebrities and recording artists.

The trend is being driven by a convergence of three forces. New technology is giving cell phones ever-greater capabilities. Wireless companies that have spent billions upgrading their networks are looking for ways to sell more services through their expanded pipelines. And entertainment conglomerates such as Walt Disney Co., Vivendi Universal and AOL Time Warner Inc. have visions of wireless phones becoming hand-held entertainment centers. Enticed by that prospect, global media giants and cell phone carriers are scrambling to tie up relationships with one another.

Disney has lined up deals with carriers, including Sprint PCS and AT&T Wireless, to provide Disney-themed games, graphics and ring tones to cell phone users from the U.S. to Japan.

Sony Corp.'s Columbia Pictures has developed relationships with Cingular Wireless and Sprint PCS to promote such movies as "Spider-Man" and "Men in Black 2."

Vivendi, owner of the world's largest music company, recently scooped up the nation's leading supplier of wireless ring tones based on popular songs, ranging from Weezer's "Hash Pipe" to the Who's "Going Mobile."

"We're seeing a major push by the entertainment companies to take advantage of the intersection between the ubiquity of cell phones and the digital age," said P.J. McNealy, research director for GartnerG2, a technology and business research firm in San Jose. "There's no doubt wireless could have huge promotional opportunities for them."

Still, much of the excitement is over the potential applications--and potential profit--for the cell phone, rather than what's currently being realized.

Despite the hoopla and skyrocketing cell phone usage, no one can predict whether Americans will pay to download music or watch movie clips on their tiny screens.

"The wireless phone may be the next frontier for the marketing of entertainment product in the U.S. But the market is fraught with unique challenges," according to a recent issue of the Entertainment Marketing Letter, an industry newsletter based in New York.

The use of ring tones, graphics and text messaging to promote entertainment hasn't taken off in the U.S. as it has in Europe. There, cell phones are more sophisticated and networks are equipped to handle the higher speeds required for Internet-ready headsets.

Compounding these technical problems, few U.S. wireless carriers have compatible systems, so a game developed for Sprint PCS' network can't be played by AT&T Wireless or Cingular customers.

But conglomerates such as Vivendi, Disney and Sony can't afford to ignore the possibilities of wireless, analysts said.

"Not only is it a new outlet, it's an outlet we are predicting will grow extremely popular with the youth and teen market," said Knox Bricken, an analyst with Boston-based technology research firm Yankee Group. "The opportunities are huge."

Bricken forecasts that carriers will see a 430% growth in revenue from these services over the next four years, from $215 million to $1.14 billion by 2005.

Phone manufacturers, eager to boost sales of their hardware, will roll out far more advanced handsets this summer, including such features as faster Web browsing, larger and color screens and the ability to download music, play more elaborate games and in some cases watch streaming video.

A new Nokia cell phone will come with a movie trailer for the upcoming Fox Studios film "Minority Report" ready to play.

Carriers are spending billions of dollars this year to upgrade their networks to carry more data at higher speeds. And they are hungry for new content to fill their expanded pipelines, with services that generate more subscription fees and minutes spent on their systems.

Some entertainment executives envision that within two or three years, mainstream America will be checking movie listings over the phone, downloading trailers, buying tickets and getting directions to the nearest theater--all with a few taps on a phone pad.

For now, though, the ties between studios and carriers are more modest.

Consider "Spider-Man." For the last several months, Cingular has been promoting the Columbia Pictures movie, which opened this month. Fans of the comic book hero can indulge their passion by downloading Spider-Man graphics, games and movie factoids on their mobile phones.

"It comes down to a desire to open our movies large," said Rio Caraeff, vice president of wireless services for Sony Pictures Digital Entertainment.

All the major film studios now include wireless marketing as a component of their movie advertising campaigns.

Sony Ericsson is introducing multimedia phones this year that will be used as a platform to promote Sony properties, including both "Men in Black" films and "Charlie's Angels" as well as games based on movies.

Sony also is developing wireless versions for its own software such as PlayStation games. One new phone model even comes with a built-in joystick.

"We have very high expectations," Caraeff said. "Mobile gaming is a very big business in Japan, Korea and most of Western Europe."

Universal Pictures signed a deal with Nokia this year to provide Nokia's U.S. customers with logos and ring tones from Universal properties, including upcoming movie releases such as "8 Mile," starring rap singer Eminem.

AOL also has been aggressive in the wireless arena. To help promote its feature "Lord of the Rings," AOL's New Line Cinema sent out 20,000 text message coupons to customers of VoiceStream. Fans could show theater managers the coupon message on their mobile phones and receive free posters from the movie.

For cell phone users, the onset of mobile entertainment is certain to create some new, if strange, possibilities. Imagine Arnold Schwarzenegger answering your voice with his signature "I'll be back."

A unit of Vivendi is busy buying the rights to digitally record the voices of 100 top celebrities, which will then be offered as a service to wireless carriers later this year. Celebrity voices also will be part of a $6 mobile phone package to be offered by Vivendi for sale in grocery stores this summer.

Customers of AT&T Wireless can identify callers either by various Disney characters that appear on the phones when a call comes in (one dwarf, say, for each family member) or by ring tones from a catalog of popular Disney songs such as "Zip-A-Dee-Doo-Dah" and "A Whole New World."

"We have high hopes for a big business," said Walt Disney Internet Group President Steve Wadsworth. Disney also has a deal with Sprint PCS, which will offer games based on the Disney features "Monsters, Inc.," "Atlantis" and ESPN's 2-minute Drill.

"We feel that wireless gaming is the next step in the evolution of gaming," said Sprint PCS spokeswoman Stephanie Walsh.

One in six U.S. cell phone users, or 21.6 million people, will play games on mobile phones this year, with the number increasing to 93 million in 2006, according to a forecast by research firm Datamonitor.

Disney's wireless push accelerated after its successful foray two years ago into mobile-obsessed Japan, which offers a glimpse into what could eventually come to the United States.

Through alliances with NTT DoCoMo and two other carriers, Disney said it has built a profitable and expanding business in Japan. The company now offers 13 subscription-based services to 2.5 million customers. Among the services: a Disney fortunetelling service, Pooh screen savers, ring tones and greeting cards, and virtual attraction games based on Tokyo Disney Resort.

Disney also operates a wireless fan magazine in Japan, which it used recently to promote the opening of the Disney/Pixar Animation Studios hit "Monsters, Inc."

"We see it as an opportunity to reach consumers any time, anywhere," said Mark Handler, executive vice president of Disney's international Internet operations.

But whether Disney's success in Japan will translate in America is anybody's guess.

"It's too uncertain to say whether the DoCoMo model will be a big money maker for the company," said Larry Shapiro, executive vice president for business development and operations of Walt Disney Internet Group.

Though charges vary widely depending on the type of package the carrier offers, customers pay an extra $1 to $5 a month for individual ring tones and graphics, with entertainment companies getting about 10% of the revenue as transaction or license fees.

But the industry is so new that no one is making money off mobile entertainment, which faces a host of challenges. Among them are how to bill and market services without offending wireless customers with unwanted advertising.

Scores of telecom businesses that built their models around the possibilities of delivering services through "third-generation" networks have floundered because carriers have been slow to adopt new technology.

Vivendi has painfully learned that lesson with its multi-portal Vizzavi Internet business in Europe.

The joint venture with the United Kingdom mobile operator Vodafone has failed to live up to the promise of delivering news, sports, movies and games through cell phones, personal digital assistants and personal computers.

"We were late in terms of developing the right devices for our customers, who were not able to connect at the right speed and the right price," said Philippe Germond, chief executive of Vivendi Universal Net.

Vivendi is taking a different tack in the U.S. The company is building relationships with carriers through its new wireless-services subsidiary rather than spending millions on launching a new portal.

Robin Richards, CEO of Vivendi Universal Net USA, has high hopes for wireless in America.

"This is a business that three years from now is a $1-billion business for Vivendi."

*

For related stories and photos, go to www.latimes.com/mobile tech.

********************
Los Angeles Times
Web Site Casts Ear on the Sky for Noisy Flights
Aviation: Residents near LAX can use the city-created system to identify offending planes right down to their tail numbers and altitude.
By JENNIFER OLDHAM
TIMES STAFF WRITER

May 13 2002

Westchester resident Danny Schneider is used to a certain amount of airport noise interrupting the early morning quiet. But when he stepped outside to pick up his newspaper one day recently, a low-flying turboprop plane overhead seemed even closer, and louder, than normal.

So Schneider did just what city officials and federal regulators hoped he would do: He went inside and used his computer to find out exactly how low the plane was flying, its tail number and which airline was operating it.

If it had been an egregious violation, which Schneider did not consider it to be, he could have reported the offending flight. Schneider logged on to a new Web site--LAX Internet Flight Tracks--that was created by the city agency that operates Los Angeles International Airport so the 90,000 or so people living under the flight path can better monitor aircraft noise.

Officials hope that residents will use the site to gather information about wayward flights and report it directly to the airlines or the Federal Aviation Administration, which determines flight paths into and out of LAX.

*

Web Site Averages 660 Visitors a Day

"If someone gets woken up at 3 a.m. because of an eastern departure, they can go online, click and see who it was, and call the airline and ask what they're doing," said Roger Johnson, deputy executive director of technology and environmental affairs for the city's airport agency. "We hope this will allow us to be responsive without being as labor intensive."

The airport's noise monitoring program lost employees and resources in the budget crunch after the Sept. 11 terrorist attacks, forcing officials to look for other ways to serve residents.

The flight tracking system--a year and $35,000 in the making--has logged about 660 users a day on average since it debuted this month.

It determines a plane's location by listening in on communications between an airplane's transponder--a device that sends a signal communicating unique information about the craft--and the FAA radar system at LAX.

Many airlines and airports already use this software to keep track of aircraft in the air and on the ground.

"This system allows a gate agent to tell people exactly when the aircraft will come in, when it will be able to leave, and if it has been delayed," said Ron Dunsky, director of marketing for Megadata Corp., the Greenwich, Conn., company that designed the Flight Tracks site for the city.

"The public doesn't have access to information at any other airports that people are going to get from LAX," Dunsky said.

Visitors to the site can view arriving and departing flights, shown in blue and green, respectively, and aircraft moving through the region, shown in black. All of it appears on a 10-minute delay for security reasons.

Planes are superimposed on a map of the Los Angeles area. Users can zoom in on neighborhoods, and view flight activity anywhere from six to 96 miles from the facility. Clicking on an airplane icon provides additional data including aircraft type, altitude and track identification number.

To get more information about a flight, surfers can wait an hour and use the site's replay function, which provides the airline, the tail number, the airport where the flight originated and its destination. The replay feature archives data for three months.

The system has several quirks, including the propensity for an icon to temporarily disappear from the screen when a flight passes directly over the radar antenna on the airport's western edge, causing the device to lose the transponder signal.

The site works best with a high-speed Internet connection and an updated browser. It's slow to load on dial-up Internet connections.

Members of the LAX Community Noise Roundtable, a year-old organization composed of representatives from 17 communities and agencies such as the FAA, said the site gives residents the ability to assess for themselves whether an aircraft has strayed from its flight path.

"A big 747-400 went right over the homes of people in Playa del Rey, and we were able to look up and find out who the offending aircraft was," said Westchester's Schneider, also a member of the Noise Roundtable.

"And then we could ask why did that plane do a go-around of their homes at 1,900 feet?" (A go-around is when an aircraft aborts a landing and flies back around the airport to approach the runway again.)

The ability to provide an airline and flight number when reporting problems has saved residents and airport officials time and headaches, Schneider said.

He added that in the past when residents called the airport about a flight, officials often were unable to find it on their manifest.

*

Bay Area Uses Similar System

San Francisco aviation officials say a similar flight tracking system has allowed them to better communicate with communities about noise issues around San Francisco International Airport and San Jose and Oakland airports.

The year-old Bay Area site--live.airportnetwork.com/sfo/--is similar to the LAX site. It provides residents with the altitude and air speed for arriving and departing aircraft, but doesn't give the airline or tail number.

Residents can call the airport for this information, said Ron Wilson, a San Francisco airport spokesman, adding that the site averages about 300 hits a day. It doesn't have a replay feature.

"It has debunked the myth that the plane is really 500 feet over someone's house," Wilson said. "It makes it easier for us to live with each other."

*

LAX Internet Flight Tracks is on the Web at www.lawa.org/lax/htmlenv/flighttracks.html.
*****************************
Los Angeles Times
Bill Would Let Firms Share Customer Data

Several U.S. lawmakers introduced a long-awaited privacy bill last week that would allow businesses to share information about customers who have not explicitly forbidden them to do so.

More than a year in the making, the privacy bill unveiled in the House differs from a competing bill making its way through the Senate that would require businesses to get a person's explicit permission before sharing sensitive information such as income level, religious affiliation or political interests.

The bill by Rep. Cliff Stearns (R-Fla.) would instead leave companies free to share customer profiles unless customers specifically forbade them. The bill would cover transactions both on the Internet and in the offline world and would override state laws that place more restrictions on commercial use of personal information.

Consumers would have no right to sue if their privacy was violated. Enforcement would be left in the hands of the Federal Trade Commission, which usually does not impose fines on a first offense.
**************************
Federal Computer Week
Biotech firms figure into homeland security
Products target biodefense, health

Military and federal health officials, seeking cutting-edge technologies to defend the country against bioterrorism and protect soldiers on the battlefield, are turning to the biotechnology industry for help.

More than 300 biotech representatives packed a hotel conference room in Washington, D.C., April 30 double the number that was anticipated to attend the biotechnology industry's first-ever homeland security conference.

One representative at the conference called it a patriotic outpouring to help in the war against terrorism. "I don't see a whole lot of difference from what's going on in this room and the Manhattan Project," he said, referring to the government's secret plan in the 1940s to develop an atomic bomb.

By all accounts, biotech companies may become significant players for federal agencies, including the Defense Department, which co-sponsored last month's event with the Washington, D.C.-based Biotechnology Industry Organization (BIO).

"We also concluded [that] in addition to solving the immediate problems of biodefense and health, there are also significant opportunities to move forward into additional areas such as materials science and logistics, renewable energy sources [and] novel means of protecting servicemen and servicewomen," said Col. Jerry Warner of DOD's Office of Net Assessment.

In the long term, biotechnology may not only address defense requirements, Warner said, but may also "move the science into new areas, new thresholds, spinning off both commercial products and services for the general American public and economy." Such applications could mean using biomaterials for camouflage, battlefield wound healing, polymers for protective clothing and sleeping bags, innovative drug delivery systems, and DNA diagnostic and detection technologies for rapid assessment of whether a biological attack has occurred.

In addition, the technology may help lighten a 21st-century soldier's burden. "Some of the applications of biologic technologies in computing hold out the promise of reducing the weight that a combat soldier has to deal with," said Douglas Bauer, director of counterterrorism coordination at the National Academy of Sciences.

Carl Feldbaum, president of BIO, said DOD officials knew they couldn't develop such technologies internally and had few dealings with biotech companies. He said DOD's Office of Net Assessment approached BIO (www.bio.org) to begin an interface even before Sept. 11.

Although "DOD had been able to integrate chemistry and physics and engineering disciplines into the defense science base, they had not been able to integrate biology particularly biotechnology recognizing that the U.S. biotech industry is by far the largest and most advanced in development in the world and therefore could convey a strategic advantage," said Feldbaum, who also recently met with Tom Ridge, director of the Office of Homeland Security.

"It's new and emerging with a very different culture," he added. "The biotech industry is not one that's used to government contracting. In fact, only a handful of biotech companies have dealt with DOD in the past."

The conference was aimed at bridging the divide between the military and the biotech industry. Throughout the conference, time was allotted for companies to give 15-minute presentations of their products or emerging technologies, which included vaccines, detection or diagnostic systems, and drug delivery products.

Representatives from DOD and the Department of Health and Human Services also discussed available grants and federal procurement requirements, described the role and operations of different agencies and listed their technology needs.

Biotech companies must learn how the federal government operates, several people said, but the federal government must streamline its efforts to better engage the industry.

"And it seems to me the government at a minimum has got to be a better partner as we play this critical role in the days ahead," said Sen. Ron Wyden (D-Ore.), who addressed the conference.

Wyden is co-sponsoring a bill with Sen. George Allen (R-Va.) that will create a central clearinghouse for companies to present their new products and for federal agencies to see how those products meet their needs, establish a test bed facility to assess the products and better mobilize the private sector following a terrorist attack or other emergency.

Feldbaum said the feedback and conference attendance was more than expected. The biotech industry's involvement in homeland security is just beginning, he said.

"After this is over, we're going to step back and figure out what to do next, but there will be a 'next,' and it'll probably be in a bigger facility," he said.

***********************
Federal Computer Week
State's 'Tracker' system follows weapons trail

Tom Clancy, hang up your hat. Members of the newest generation of spy hunters don't wear trench coats or smoke fancy cigarettes. They don't search for nuclear secrets in hollow tree stumps. And they don't whisper secret codes when they meet undercover operatives.

Instead, the people seeking to prevent nuclear proliferation around the world are using computer systems to track nuclear components and other deadly materials in real time.

The latest of these systems, spearheaded by the State Department for about $18 million and called Tracker, is now in place in nine countries not including the United States to help detect the importation, exportation and movement of material that could create a nuclear bomb, a dirty bomb or another weapon of mass destruction.

"It tracks anything you could track toothbrushes with it, if you choose," said Steve Saboe, director of State's nonproliferation and disarmament fund.

Tracker was developed by FGM Inc. to keep data on the "cumulative buildup of sensitive technologies," according to Todd Harbour, the company's director of federal systems.

Tracker, a network application, uses Versant Corp. Inc.'s database management system as the technology infrastructure to help State track the near-real-time movement of strategic, dual-use and sensitive materials for countries worldwide.

As of April, Tracker was deployed to nine nations, including the former Soviet bloc countries of Hungary, Lithuania, Estonia, Latvia, Romania, Slovakia, Bulgaria, Kazakhstan and Poland, where the transfer of technology and nuclear materials remains a major concern for the United States.

Beginning next year, Austria and Switzerland will adopt the system. In addition to the United States, Great Britain and Norway are helping to finance the program.

"There are many pieces needed to stop people from doing something illegal," Saboe said. "Tracking exports is one of them."

Experts agree, saying that the need for better detection has only grown since the Sept. 11 terrorist attacks. Law enforcement agencies in the United States and around the world have repeatedly warned of possible future terrorist attacks.

Although this type of tracking system does not deal with rogue nations such as Iraq, Iran or Libya, anything is better than nothing, according to Michael Levi, director of strategic security projects at the Federation of American Scientists.

"A tool like this makes a lot of sense if you are looking for one person," Levi said. "It allows you to track smaller purchases rapidly." And it enables investigators to examine a complete system instead of just pieces, he added.

Although the United States is not using Tracker at its own borders, it has scrambled to tighten security at airports, shipping ports and land entries using other types of high-tech detection tools.

Like many of the systems rushed into service after Sept. 11, Tracker is based on the idea that information can be catalogued quickly and trends noted especially for ingredients that become lethal when combined.

The system will look at discrete pieces of data that are "innocuous [when separate], but together set off an alarm," said Charles Wuischpard, Versant's vice president of North American sales.

For example, the 1995 Oklahoma City bombing, which killed 168 people, was the result of an explosive combination of fertilizer and ammonia. Now, if someone wanted to import to a nation that uses Tracker a million cubic tons of fertilizer one day and 100 million gallons of ammonia the next day, the transaction could be spotted and halted.

The system has a disadvantage in that it relies on governments issuing export licenses and putting the information into a computer. Each country owns its information and is solely responsible for the accuracy of it.

Carol Kelly, vice president and service director for electronic government strategies at the META Group Inc., said countries are more likely to fully participate in the system because they want to maintain a good relationship with the United States.

"Are the goods coming from a trusted port?" she asked. "Our allies, like Canada and Germany, care very much.... Places like Singapore want to be known as one of the trusted trading partners, and it becomes part of their economic development."

***

Ready to roll

Tracker, developed by FGM Inc. for the State Department, is a cross-platform export control and communication system. A three-tiered network application designed to be easy to use with little training, Tracker will help State and other governments track the movements and locations of sensitive materials used to make weapons of mass destruction.

Tracker includes:

* An object-oriented workflow that automates system functions.

* A framework that permits real-time analysis and visualization of complex relationships.

* An intuitive graphical user interface.

* A tool set that helps users develop new applications through ready-to-use components.
**********************
New York Times
Vulnerability Is Discovered in Security for Smart Cards
By JOHN MARKOFF

AN FRANCISCO, May 12 Two University of Cambridge computer security researchers plan to describe on Monday an ingenious and inexpensive attack that employs a $30 camera flashgun and a microscope to extract secret information contained in widely used smart cards.

The newly discovered vulnerability is reason for alarm, the researchers said, because it could make it cost-effective for a criminal to steal information from the cards.

Smart cards are used for dozens of different applications, including electronic identity protection, credit and debit cards and cellular phone payment and identity systems.

The Cambridge researchers said they had discussed their discovery with a number of card manufacturers, and several had acknowledged the vulnerability. One company reported that its security testing teams had already considered types of attacks similar to the one mounted by the Cambridge team and that they believed their products were not vulnerable.

The researchers said they had also proposed a potential design change to the companies that would protect against the attack.

"This vulnerability may pose a big problem for the industry," they wrote in their paper, "Optical Fault Induction Attacks." The researchers argued the industry would need to add countermeasures to the cards to increase their security.

The Cambridge group's discovery is one of two new smart card attacks that will be introduced Monday evening in Oakland, Calif., at an Institute of Electrical and Electronics Engineers symposium on security and privacy.

A team of researchers from I.B.M.'s Thomas J. Watson Laboratory in Yorktown Heights, N.Y., said they would present a report at the conference based on their discovery of a different vulnerability in subscriber identification module, or S.I.M., cards. These are used in the type of digital cellphone known as G.S.M., widely used in Europe and to a lesser extent here.

The vulnerability would make it possible for a criminal to find the secret information stored in the card, steal the user's cellphone identity and make free phone calls.

Smart cards are credit-card-like devices containing a microprocessor chip and a small amount of computer memory for storing bits of electronic data that represent money or other information that can be used to ensure identity, like a code or a digitized retina scan or fingerprint.

More widely used in Europe than in the United States, the cards have long been promoted as the key to a cashless society as well as for identity and authorization applications. Some countries have begun using them for national identity cards, and they have recently been discussed as a way of confirming travelers' identities to speed airport security.

The Pentagon has armed soldiers with smart cards for online identity and physical access, and the cards are in use in the United States in commercial services like the American Express Blue credit card and the Providian Smart Visa Card. Both cards are offered by their providers as a convenient and safe way to make Internet purchases, although their actual use for those purposes so far has been limited.

Some of the information stored in the card is in the form of a number composed of ones and zeros that cryptographers refer to as a "private key." That key is part of a two-key system that is used to encode and decode information. The security of such systems is compromised if the private key is revealed.

Typically, after the card holder authenticates the card by supplying a pin number, the private key will then be used to encrypt any sort of transaction using the card. For example, the card might be used to authorize a purchase or a transfer of funds, make an e-mail message private, log on to a computer network or enter a building.

The researchers from Britain, Sergei Skorobogatov and Ross Anderson, who are based at the University of Cambridge Computer Laboratory, discovered the flaw after Mr. Skorobogatov found that he could interrupt the operation of the smart card's microprocessor simply by exposing it to an electronic camera flashbulb.

They were able to expose the circuit to the light by scraping most of the protective coating from the surface of the microprocessor circuit that is embedded in each smart card.

With more study, the researchers were able to focus the flash on individual transistors within the chip by beaming the flash through a standard laboratory microscope.

"We used duct tape to fix the photoflash lamp on the video port of a Wentworth Labs MP-901 manual probing station," they wrote in their paper.

By sequentially changing the values of the transistors used to store information, they were able to "reverse engineer" the memory address map, allowing them to extract the secret information contained in the smart card.

Mr. Skorobogatov is a Russian emigrant who was once employed in the former Soviet Union's nuclear weapons program, where his job was to maintain bombs.

Mr. Anderson is a well-known computer security researcher whose work in both computer security and cryptography is widely recognized.

The researchers said they had discussed their findings with a number of companies that had acknowledged the vulnerability. However, at least one manufacturer who had read the paper said it believed its products were not vulnerable to the attack.

"This is a paper for an academic conference," said Alex Giakoumis, director of product lines for the Atmel Corporation, a San Jose, Calif.-based maker of smart cards. "We've already looked at this area."

He said his company had built defensive measures into its products that would make them invulnerable to such an attack. However, he said he was unwilling to be specific about the nature of the security system, because such information would be valuable to someone who was attempting to break the security of the Atmel smart cards.

The I.B.M. paper, which is titled "Partitioning Attacks: Or How to Rapidly Clone Some G.S.M. Cards," was prepared by Josyula R. Rao, Pankaj Rohatgi, Helmut Scherzer and Stefan Tinguely.

The researchers reported that they had dramatically shortened the time needed to steal secret information from today's G.S.M. cellphones.

Their new approach can seize the information within minutes, they said, making it a much more useful method than either breaking the cryptographic algorithms used by the card or by intrusive attacks such as the Cambridge approach. The I.B.M. researchers' report also offers advice to the smart card industry on how to protect against vulnerabilities.
**********************
New York Times
The Yahoo Privacy Storm That Wasn't

nternet privacy is like the weather. Everyone complains about it, and no one does anything about it.

The latest example involves users of Yahoo, the vast Internet portal that set off howls of protest when it abruptly changed its marketing policy in March. Suddenly, Yahoo granted itself the right to send advertising messages to tens of millions of its users who had previously asked to receive none. The blanket permission went beyond e-mail to include postal mailings and telemarketing phone calls.

Immediately, privacy advocates reacted with criticism, and outraged postings flooded message boards all over the Internet.

But for all the smoke, there was little fire of reaction, according to a study conducted by comScore, a research firm that monitors the Web pages viewed by more than a million Internet users.

Yahoo's changes did get some users' attention. In the four weeks from March 25 to April 21, nearly a million Internet users in the United States looked at Yahoo's new privacy policy (privacy.yahoo.com/privacy/us/). That figure represents 1 percent of Internet users in the United States and was up sharply from the preceding four weeks, when only 0.3 percent of Yahoo users read its privacy policy.

Slightly more people, 1.1 million, visited the page Yahoo had set up where users could "opt out" by telling the site not to send e-mail or other messages (subscribe.yahoo .com/showaccount). That page did not exist before the portal's policy change.

But only 73,000 users, comScore projects, considered ending their relationship with Yahoo by visiting the page (https://edit.yahoo.com /config/delete-user) that actually cancels their Yahoo accounts, which can include e-mail and other services. That was fewer, even, than the month before, when 114,000 users went to the page. (ComScore is unable to tell if the visitors to the page actually do push the button to close out their Yahoo accounts.)

Srinija Srinivasan, Yahoo's editor in chief, confirmed that Yahoo's marketing changes had led to action by a very small portion of its users.

"You will always have a few very vocal people," she said. "But in the end, that a very small fraction of 1 percent of our users contacted us underscores, as always, the scale on which we do business."

Still, Christopher M. Kelly, who was a privacy lawyer with the Internet service Excite@Home, which is now defunct, says the seemingly low number of users who actually read Yahoo's policy or considered changing their options understated the effect on its reputation.

"People will keep their e-mail addresses at Yahoo," he said, "but they will just stop using them if they feel Yahoo doesn't take their privacy seriously and doesn't protect them from spam."
**********************
New York Times
For Old Parts, NASA Boldly Goes . . . on eBay
By WILLIAM J. BROAD

NASA needs parts no one makes anymore.

So to keep the shuttles flying, the space agency has begun trolling the Internet including Yahoo and eBay to find replacement parts for electronic gear that would strike a home computer user as primitive.

Officials say the agency recently bought a load of outdated medical equipment so it could scavenge Intel 8086 chips a variant of those chips powered I.B.M.'s first personal computer, in 1981.

When the first shuttle roared into space that year, the 8086 played a critical role, at the heart of diagnostic equipment that made sure the shuttle's twin booster rockets were safe for blastoff.

Today, more than two decades later, booster testing still uses 8086 chips, which are increasingly scarce. NASA plans to create a $20 million automated checking system, with all new hardware and software. In the meantime, it is hoarding 8086's so that a failed one does not ground the nation's fleet of aging spaceships.

The same is true of other obsolescent parts, dozens of them.

"It's like a scavenger hunt," said Jeff Carr, a spokesman for the United Space Alliance, the Houston company that runs the shuttle fleet. "It takes some degree of heroics."

Troves of old parts that NASA uncovers and buys, officials said, are used not in the shuttles themselves but in flotillas of servicing and support gear. Such equipment is found, and often repaired, at major shuttle contractors around the nation, as well as at the Kennedy Space Center in Florida, where the shuttles blast into orbit.

That old computer in your basement? NASA is not interested. The agency and its contractors want stockpiles of old parts to buy in bulk for repairing old machinery and building inventories of spare parts.

Recent acquisitions include outdated computer chips, circuit boards and eight-inch floppy-disk drives. "One missing piece of hardware can ruin our day," said Mike Renfroe, director of shuttle logistics planning for the United Space Alliance at the Kennedy Space Center.

Recently, Mr. Renfroe said, his team swept the Internet to find an obsolete circuit board used in testing the shuttle's master timing unit, which keeps the spaceships' computers in sync. None could be found. A promising lead turned false. Finally, a board was found. It cost $500.

"That's very inexpensive," Mr. Renfroe said. "To hire a design engineer for even one week would cost more than that."

NASA's growing reliance on antiquated parts is in some ways a measure of how far its star has fallen. In the early 1960's, the agency played a leading role in founding the chip industry. Its mass purchase of the world's first integrated circuits set the fledgling business on the road to profitability.

In turn, the expensive chips let NASA achieve feats of miniaturization that put advanced satellites into orbit and men on the moon. Thousands went into the lunar lander, making its guidance computer "smaller, lighter, faster, more power-efficient and more reliable than any other computer in existence," as T. R. Reid wrote in "The Chip" (Simon & Schuster, 1984).

Today, NASA is increasingly a victim of its own success. Civilian electronic markets now move so fast, and the shuttles are so old, that NASA and its contractors must scramble to find substitutes.

In the past, NASA procurement experts would go through old catalogs and call suppliers to try to find parts. Today, the hunt has become easier with Internet search engines and sites like eBay, which auctions nearly everything.

Mr. Carr of the United Space Alliance said that when the government bought complex systems like jet fighters, the contracts often had provisions that called for routine upgrades and improvements as a way to limit obsolescence. But the shuttles, with a design lifetime of a decade, never had that kind of built-in refurbishment plan.

The winged spaceships are to fly until 2012. But NASA is researching whether their retirement date can be pushed back to 2020.

For parts hunters, it could be a long haul. The shuttles, Mr. Renfroe of the United Space Alliance noted in an awed tone, "could go for 40 or 50 years."
******************
Los Angeles Times
More Data on Doctors Backed
Health: Medical board approves a plan for posting malpractice settlements on Internet. Legislature's OK needed.
By CHARLES ORNSTEIN

The Medical Board of California has voted to support public disclosure of all medical malpractice settlements involving physicians, which would significantly expand public access to information about doctors.

At a meeting Saturday in Newport Beach, the board voted unanimously to distribute the information on its Web site, if the Legislature approves. Two board members abstained from voting.

The medical board, which licenses, investigates and disciplines doctors, currently does not disclose any information about malpractice settlements. Its Web site provides information on California disciplinary actions against doctors; malpractice verdicts or arbitration awards; felony criminal convictions; major hospital disciplinary actions; and sanctions by other states' medical boards.

Dr. Gary Gitnick, the board's new president, said his colleagues have "very progressive ideas."

"It clearly is a board that realizes that its prime reason for existence is public protection," said Gitnick, a UCLA gastroenterologist. "And one element of public protection is making it possible for any member of the public to learn as much as they can about their physicians, both good and bad."

If the board's recommendations are adopted by lawmakers, members said they would like to release malpractice settlements dating back five years.

By proposing to make public malpractice settlements of any size, the board went further than suggestions made by lawmakers earlier this month. On May 1, the Joint Legislative Sunset Review Committee supported disclosing malpractice settlements above $150,000, as well as the names of doctors who had three or more settlements above $30,000 in a 10-year period.

The legislative panel and the medical board agree on several other areas of public disclosure. They include misdemeanor convictions related to physicians' qualifications and functions, along with board referrals to the state attorney general's office for disciplinary action.

The California Medical Assn. and malpractice insurance carriers have strongly opposed release of settlement information. The liability insurers obtained a temporary injunction this year barring the medical board from releasing settlement information requested by the San Francisco Chronicle.

Leaders of the doctors group have said they fear that the public might misinterpret the data.

"Disclosure of settlements will drive patients away from good doctors and compound already severe health access problems in California," said Dr. John Whitelaw, the association's president, at a May 1 legislative hearing.

"Furthermore, settlement disclosure is likely to drive up malpractice premiums because physicians will more frequently refuse to settle, thus increasing malpractice insurance costs and delaying resolution for all concerned."

Board members said their Web site (www.medbd.ca.gov) will provide patients with background to help them interpret information and place it in proper context.

Incoming medical board Vice President Dr. Hazem Chehabi said the board was uncomfortable setting a monetary threshold for disclosure of settlements, which would have given the public an incomplete picture.

As it stands, state law requires malpractice carriers to report only settlements above $30,000 to the board. If that law isn't changed, smaller agreements would remain out of public view, even if the board's recommendation is adopted by the Legislature.

"We wanted to send a message that we really wanted to disclose all settlements," said Chehabi, president of the Newport Diagnostic Center. "We are totally committed to new policies that would protect the consumers and inform them so that they can make the best decisions regarding their own health care."
*******************
BBC
Teaching goes virtual in Pakistan

Thousands of Pakistanis are being offered the chance to learn the skills they need to thrive in the computer age thanks to a new virtual university.
The US$40m project is providing distance learning over the television and internet so that anyone can take part in the classes, regardless of where they live in Pakistan.

The aim is to create a generation of software programmers and computer engineers who can rival the best in countries like the US.

Pakistan is eager to develop an information technology industry, much like India has done. Experts estimate the country needs at least 60,000 computer science graduates to achieve this aim.

"India is a very inspiring case. They got their act together very early," said Salman Ansari, adviser to Pakistan's Ministry of Science and Technology.

"We are leveraging technology to get to the level that we need to get to," he told the BBC programme Go Digital.

Exciting education

The Virtual University combines television, video-conferencing and the internet to provide lessons, tutorials and guidance to students all over Pakistan.

The lectures are produced in a professional studio, carefully put together to ensure they are clear and accessible.

Students can log on to the university over the internet and discuss the subject with a lecturer.

"The students feel empowered by sitting in front of a PC and being able to shoot off questions or put their comments on a discussion board," said Naveed Malik, the rector of the Virtual University.

"It's a very exciting experience. Students are realising that they are having a better educational experience than most of our conventional institutions."

Cheap and friendly

Currently around 500 people are taking part in a pilot project. The organisers hope to have 5,000 students by September, rising to 25,000 by the end of 2003.

One of the key aspects of the project is to ensure that anyone, regardless of their income and where they live, can take part in the lessons.

"We have opened up access to the Virtual University to all segments of the population by keeping the prices extremely low," said Mr Malik.

To this end, educational centres are being set up where students can view the courses and access the internet.

The plan is to set up a high-speed computer network linking 60 universities and 2,500 schools and colleges. A further 10,000 schools will be able to access the lessons through the internet.

"We realised that we had to build up the internet in Pakistan very rapidly," said Mr Ansari.

"So two years ago we had about 29 cities on the internet; today we have 580 online and it will be 1,000 by the end of the year."

The government has also worked to ensure that the cost of going online is within reach of most.

"I could be sitting in the middle of nowhere, hundreds of miles from anywhere, but when I log in, the cost would be six rupees (10 cents) an hour," he said.
******************
BBC
Getting tough on spam

Last weekend more than 1m spam messages were sent to distribution network Usenet, a level of abuse never seen before, according to UseNet member David Ritz.

This prompted the issue of what is called a Usenet Death Penalty, which would see any Telewest user banned from Usenet newsgroups unless the ISP takes action to get rid of the spammers.

The problem is by no means limited to Telewest though. The bulk of last weekend's junk email came via BTopenworld servers.

Widespread problem

"I've managed to get a few providers to take these things seriously but far too many appear to be ready to ignore these problems," said Mr Rtiz.

"Telewest just happened to be one of the two unlucky providers which pushed me over the edge this past week."

The second is Videotron, an ISP based in Canada.

Telewest says it is trying to bring the problem under control.

"As far as I'm aware a death penalty has not been issued, just a warning," said a Telewest spokesman.


"There has been a recent explosion of Open Relays [virtual servers which allow spam to be multiplied through the network] and we are in the process of contacting customers telling them to shut them down,"

"There is a small minority that is evasive but it is an ongoing issue for all ISPs," he said.

Security issue

Spammers take advantage of open ports on proxy servers set up by ISPs to make connections faster for customers. This hijacking of servers by spammers could be the tip of the iceberg, said Mr Ritz.

"While spam is the visible element being addressed under this Usenet Death Penalty, the underlying issue is of even greater concern, as it deals with fundamental security issues being faced by users, providers and businesses around the world," he said.

If e-mail has been the golden goose of the internet then spam is definitely the unfriendly giant looming over it. In Europe alone millions of spam e-mails are sent each day.

"The problem is a lot worse than consumers think. A lot of it is filtered out before it reaches them," said Joe McNamee from Euro ISPA (Internet Service Providers' Association).

The European Parliament is currently looking at ways of limiting the activity of spammers and is due to vote on a ban at the end of this month.

No future

E-mail marketing is a new and powerful way for marketers to get in touch with their customers. Many firms are increasing their digital marketing spend to include e-mail campaigns.

Spam however is not acceptable, direct marketing guru Seth Godin told delegates at a marketing event in London organised by DoubleClick.

"Spam is spam and none of it has a future," he said.

Instead digital marketers must carefully build relationships with customers over time and make sure that any marketing done via e-mail has the permission of the consumer.

"In the past marketers have been Neanderthals with a mentality of let's get a gun and go and find us some strangers to sell to," he said.

"In the future they need to be more like farmers, building their assets slowly over time."

For Mr Ritz the war against spammers cannot be won soon enough.

"When you begin to do the maths you'll see the enormous cost involved both in terms of storage and the bandwidth required to transport this massive quantity of what amounts to the same thing being said over a million times," he said.

"If you say something once, it's speech. If you say the same thing a few hundred times every day, it becomes nothing more than noise."
*****************
New York Times
In Free-Music Software, Technology Is Double-Edged

Imagine returning home with a bounty of pirate's booty. Upon reaching shore, you're mugged and the treasure hoisted. You turn for relief to the local constable, who gives you a swift kick in the shins and a public reading of the definition of the word comeuppance.

The analogy is far from a perfect one for what's going on with Sharman Networks, an Internet company with headquarters in Sydney, Australia. But it does help suggest why a few people are giggling when Nikki Hemming, 35, Sharman's chief executive, says she wishes that people would just leave her alone to make an honest living.

Sharman Networks distributes a piece of software called Kazaa. As Napster used to do, the Kazaa network lets people exchange music without charge over the Internet, and they are exchanging it by the boatload. Some 64 million people have downloaded Kazaa within the last year, making it more popular than a video of an Ozzy Osbourne family brunch.

For obvious reasons, the record industry despises Kazaa. All the major record labels have sued Kazaa's creator, Fast Track, a Dutch company, contending that the software is basically a tool used for wholesale piracy of music, and the industry has explored whether to include Sharman in the lawsuit, according to people familiar with the case.

But Ms. Hemming already has her hands full. She has been busy keeping people from ripping off her own bounty.

It seems that while Sharman Networks gives away the Kazaa software, it is hardly a nonprofit company. It insinuates advertising into the Kazaa network, making money each time people download songs. Sharman does not advocate that people download copyrighted files, but it says it doesn't have the means to stop them.

But now some privateers have cut down Sharman's action by making and distributing stripped-down copies of Kazaa. The software still allows users to get on the Kazaa network and exchange free music. But the software removes the ads, which means that Sharman isn't paid. "They are offering Kazaa without the things that make Kazaa commercially viable for us," said Kelly Larabee, a Sharman spokeswoman.

The people at Sharman have a powerful sense of indignity. But some people may wonder if they've fallen a little short in the sense-of-consistency department.

Then there is geography. In this case, as some pirate stories do, this tale involves the high seas of the South Pacific.

Lawyers for Sharman have sent letters to people who they believe are copying Kazaa, but those individuals have not been easy to find. One copycat, who distributes "Kazaa Lite," obscured his identity by using a Web site registered through Tokelau, a group of islands north of Western Samoa.

If you're guessing that the reason to register through Tokelau is not its rich history of tech support, you'd be on the same page as Sharman's lawyer, Judy Jennings. She said people who register domain names through Tokelau are not required to give their names. "There is an implication they're doing it on purpose so they would be hard to find," she said.

Ms. Hemming, however, has been easier to find at least for the last two weeks. During that time, she held her first news conference. Before that, a company publicist declined to provide any details about Sharman, like its specific whereabouts.

But in her conference call with the news media, Ms. Hemming divulged that the company is registered in Vanuatu. That's a group of South Pacific islands, which, she said, offers favorable tax status. (Ms. Hemming keeps Sharman's headquarters in Australia, which has favorable status in the restaurant and standard-of-living area.)

In other words, Sharman thinks that the creators of Kazaa Lite are cravenly hiding in Tokelau while Sharman itself operates in the open in Vanuatu. Sharman doesn't like the suggestion that it has spent months being less than candid about its whereabouts.

"It's not that we were hiding," Ms. Larabee said. "It's that we didn't clarify." This distinction between hiding and not clarifying is important, with broad implications. For instance, the accounting firm Arthur Andersen might note that it didn't hide documents related to Enron, just that it failed to clarify the documents would have to be viewed in very thin strips.

But as it pertains to the music issue, what Ms. Larabee and Sharman Networks are getting at is something that many people may know already: Vanuatu is no Tokelau.

Indeed, the people at Sharman see very few parallels between their complaints over copying and those of the record industry. Ms. Hemming says she just wants to make an honest living, and wishes that people would please stop taking what is rightfully hers. She might also wish that people would quit giggling.
*********************
Government Computer News
11 courts put criminal case files online
By Preeti Vasishtha

Eleven federal courts are letting the public access criminal case files online.

The effort is part of a pilot program by the Judicial Conference of the United States to study privacy and public access to electronic files in criminal cases.

Users can access the files through the federal courts' Public Access to Court Electronic Records system for seven cents per page, Judicial Conference officials said.

Information about PACER and participating courts can be found at pacer.psc.uscourts.gov/cgi-bin/links.pl.

Last September, the conference voted to make most civil and bankruptcy case documents available over PACER to the same extent they are available at the courts, officials said.

The conference approved the pilot program in March and will review the findings in September 2003.
*******************
USA Today
Microsoft pitches schools new licensing option
By Byron Acohido, USA TODAY
Companies cringe at Microsoft licensing

SEATTLE Last month, 24 school districts in Washington and Oregon received a sobering letter from Microsoft.

The software giant gave the districts 60 days to produce receipts accounting for every copy of Microsoft software being used anywhere on school property. But many school PCs are donated or have programs loaded by students or teachers with no documentation.

In the same envelope came a sales brochure highlighting the merits of signing up for a "volume license" similar to those in a new licensing program for companies. Rather than endure an audit, the schools could pay Microsoft an annual fee based on the number of computers capable of running Microsoft software.

The districts scrambled to organize software audits and agonized over whether to pay the annual fee, which could run $40 a PC, or, they say, risk being fined for software piracy. "We thought it was very heavy-handed," says Steve Carlson, associate superintendent of information and technology at Beaverton Schools in Oregon.

Microsoft has sent 500 audit notices with accompanying sales brochures to 500 school districts in 30 states. Its corporate clients have been feeling similar heat. Some 6% of 1,400 businesses surveyed last month by Information Technology Intelligence and Sunbelt Software said they had been threatened with an audit if they didn't sign up for a new licensing program; 26% said Microsoft alluded to the possibility of an audit.

"Microsoft is trying really hard to move from selling software in boxes to selling software by subscription," says Stu Sjouwerman, Sunbelt Software president. "It is the 800-pound gorilla flexing its muscles and everybody better beware."

Sherri Bealkowski, general manager at Microsoft Education Solutions Group, says, "We're trying to remind everybody that it's hard to stay compliant and to make them aware of the different options they have." The audit notices sent to the 500 school districts is "standard practice. We do it all the time," she says.

One option schools have: Call Eric Harrison at the Multnomah Educational Service District in Portland, Ore. Since 1997, Harrison has been developing networks based on the free Linux operating system. His latest project links 40 older PCs to a single set of software applications running on a central Linux server computer. The cost: $200 a seat vs. $1,500 a seat for PCs running Microsoft, he says.

"My phone's been ringing off the hook," he says. "Schools are looking at what Microsoft wants them to do, and it increases their cost significantly.
******************
MSNBC
ID thieves mine for gold on jail sites
Online public records give Social Security numbers and more
By Bob Sullivan

May 12 If keeping Social Security numbers off the Internet is a bit like trying to plug holes in a leaky dam, the U.S. justice system has left a floodgate open. Dozens of law enforcement Web pages list names, addresses, dates of birth, Social Security numbers, heights and weights everything an identity thief needs to impersonate a victim. Sometimes there's even a photo. The dossiers belong to prison inmates and wanted criminals; the sites that list them have become user-friendly shopping malls for identity thieves.

A SOCIAL SECURITY NUMBER is the key to a person's financial kingdom. In some cases, all you need to get a credit card or a car loan is a Social Security number and a date of birth.
There's thousands of such matched pairs for the taking on the Internet, thanks to efforts made by government agencies and the justice system to publicize information about convicted criminals. Orange County, Fla., for example, publishes the Social Security number of every inmate only moments after her or she is jailed, some 57,000 people in the past year. Indiana's Sex and Violent Offender Registry also offers up such data, even including driver's license numbers. And the U.S. Marshals Service "Most Wanted" Web site lists Social Security numbers along with photographs. Prospective identity thieves using the site can be sure to pick someone with similar looks.
But who would want to impersonate a jailed criminal? Or worse yet, an alleged felon wanted by federal authorities?
Anyone who wants a disposable identity. As long as the thief is reasonably sure a criminal background check won't be conducted immediately, the risks are low, experts say.
"Basically they're offering up all the data you need to make a driver license," said Rob Douglas, CEO of American Privacy Consultants. But what about being mistaken for the real criminal? "That stuff doesn't really matter. As a privacy thief, I'm just looking to create an ID to get a credit card or pass myself off as somebody else for a while."
Meanwhile, the ID thief knows exactly how long it will be before the victim is released from prison, and therefore how much time they have before suspicious account behavior is likely to be recognized.
"If I wanted to become someone else, I'd probably look for some middle-class white male arrested for narcotics, preferably with intent to distribute," said John C. Hennessy, a programmer who alerted MSNBC.com to the online prisoner databases.

PUBLIC RECORDS LAWS AT ISSUE
Assuming the identity of a wanted criminal apparently isn't as crazy as it sounds.
"Identity theft, it actually is a problem for us," said Nikki Credic, spokesperson for the U.S. Marshals Service. "People do go on our Web site and they obtain information there and open up fraudulent accounts."
The problem is a Catch-22 for the U.S. Marshals, she said. One the one hand, they want to publish any available information which could lead to the capture of a fugitive. It's possible a Social Security number could be recognized by a car dealership about to offer a car loan, for example.
On the other hand, identity thieves can actually obscure the hunt for a criminal by creating a string of false leads.
"(U.S. Marshal officials) know it's a problem, but at this point they have not made a decision about it," Credic said.
For agencies publishing inmate data, aggressive public records laws are at the heart of the problem. Most agencies in Florida publish inmates' Social Security numbers because they are required by law to do so, and publication on the Internet simply magnifies an old problem. But that's likely to change soon both houses of Florida's legislature recently passed a law excluding Social Security numbers from public records, and the governor is expected to sign the bill by a May 16 deadline.
Still, privacy experts are worried that criminals' financial information will continue to leak out onto the Net, in part because it won't arouse much public outrage or inspire quick calls to action. After all, said Douglas, who would step forward to defend criminals' privacy rights?
"There is nobody who's going to be real sympathetic to the fact that their information is out there," said Douglas. "So then the question becomes, 'What's the purpose?' "
Richard Smith, former chief technology officer for the Privacy Foundation, says there probably isn't a purpose some agencies are likely publishing the data simply because they can.
"There probably is no reason to publish Social Security numbers. An age would probably be more useful than a birth date," Smith said. "I suspect that the states are simply copying data from someone's record without thinking through all of the implications."

IT'S NOT JUST CRIMINALS
Convicted criminals who may leave jail only to suffer fallout from identity theft might not evoke sympathy, but the problem of balancing open public records with financial privacy is far more widespread. In fact, court documents of every kind are among the most popular target for identity thieves.
Hennessy said he can find the Social Security number of anyone who has ever filed for bankruptcy using the Public Access to Court Electronic Records system, also called PACER.
"The trend seems to be that many people aged 18 to 30 will file bankruptcy at least once in those years," Hennessy said.
The Judicial Conference of the United States, which sets policies for federal courts, has been trying to plug some some of the holes that turn public records and specifically PACER into havens for identity thieves. Until last year, personal financial data, including bank account information, regularly made its way into the PACER system in documents that are part of a variety of federal lawsuits.
Last year, the Judicial Conference recognized the problem and instituted a policy that requires redaction of data such as Social Security numbers. But the burden of removal lies with the parties involved, so the data sometimes slips into the system anyway. And removing the information, generally by obscuring part of the account numbers, is a time-consuming process.
In fact, the burden is so high that when the Judicial Conference asked for public comments on its plans, a bankruptcy court official in New Mexico offered these alarming observations:
"Efforts to curb the publication of these numbers is futile. They are too widespread, and too necessary to identification. ... Such proposals would significantly increase processing time in every case."
Such efforts will become even more involved soon, as the Judicial Conference last week agreed to begin a pilot program in 11 states that will expand PACER to include federal criminal case records. Financial data is supposed to be redacted from those files, also.

LEGISLATORS TRY TO PLUG HOLES
The Judicial Conference policy mimics sentiments expressed by legislators in Florida, Nebraska, and even the U.S. Senate toward striking Social Security numbers from public records. A federal law proposed by Sens. Diane Feinstein, D-Calif., and Judd Gregg, R-N.H., would make display of a Social Security number illegal. But even the bill's supporters concede it would take two to three years to get government agencies to stop publishing the data as part of public records, said Chris Hoofsnagle, an attorney with the Electronic Privacy Information Center. And still, the data would live in a mountain of documentation that's already public.
"There's no talk of going backwards," he said.
Even marriage licenses in some states are public, and can be mined for Social Security numbers, Hoofsnagle said.

PUBLIC ACCESS ADVOCATES OBJECT
Not everyone is for striking the data. Information brokers, journalists, and other researchers are worried any weakening of open records laws would make their job much more difficult. Organizations like EPIC, always a staunch supporter of open records laws, find themselves straddling the fence on this topic.
"We strongly support public access to records. But we've argued there should be use limitations, so the data is used consistently with their purposes," Hoofsnagle said. "The problem you see between Pacer and other public records sites is they are mined by commercial entities. The data can be used for any purpose proper purposes and improper purposes."
But while government agencies and lawmakers labor over the fate of the public record laws, identity thieves are having a field day browsing through records provided today by Web sites like the Orange County Government Services Online.
"As for risk, it's on the high end of the scale," Douglas said. "It's ridiculous that (Social Security numbers) are out there. There is no law enforcement or protection function served by putting all of that data out there. It's just a red flag inviting abuse, whether that is vengeful abuse or just run-of-the-mill identity theft."
********************
MSNBC
Outage dumps Microsoft MSN users
MSNBC.com, Newsweek.com sites also affected
By Joe Wilcox

May 12 Some Microsoft MSN Web sites collapsed Sunday, leaving many users unable to access game, Web-based e-mail, chat and search features, among others.

THE OUTAGE ALSO brought down for a while MSNBC.com and Newsweek.com, which has a hosting arrangement with the Microsoft-NBC news site. (MSNBC is a Microsoft-NBC joint venture.)
The outage is one in a series of recent glitches affecting MSN Web sites or Passport online authentication. Users could not access Microsoft's popular Game Zone Web site. Some Hotmail users also found they could not access the Passport log-in page for accessing the Web site. The outage also affected Internet Explorer 6 users, who discovered they could not search the Web using the default setting. IE 6, which is integrated into Windows XP, uses MSN for Web searches.
"This also affected people wishing to sign-out of their Passports on the Zone.msn.com site, causing a potential security issue for that segment of their passport access," said Shane Johnson, a network/messaging consultant from Puyallup, Wash.
Users of services such as bCentral, Game Zone and Hotmail, all Microsoft services requiring Passport authentication, typically need to log out of the service to avoid exposure to a possible security problem. This removes a cookie that if pilfered by a Web site or other program that could allow a hacker to take control of the account. So not being able to log out could be as much a problem as not being able to log in.
CNET News.com started receiving user complaints about the outage around 9:15 a.m PDT Sunday and later confirmed through testing that some kind of failure had occurred with a number of MSN Web sites or services.
Johnson was one of those users alerting CNET News.com to the problem. He concluded that Microsoft had a problem with one of its primary backbone routers.
Microsoft could not be reached for comment about the problems.
Microsoft's .Net Messenger service appeared unaffected by the outage as well as the main MSN and Microsoft Web sites.
Sunday's outage follows a string of gaffes or security glitches that continue to call Microsoft's .Net Web services strategy into question.
In court last week, testifying as part of Microsoft's antitrust trial, Jim Allchin, the senior vice president responsible for Windows, described .Net My Services as being "in a little bit of disarray."
In April, a server glitch locked many Hotmail users out of their accounts. In January, a glitch with Passport authentication blocked some users from accessing Microsoft's game site. This followed a more serious December crisis, when Microsoft's switching users over to Passport authentication prevented some users from logging onto the Web site.
On Wednesday, Microsoft warned of a critical security hole in MSN Messenger's chat feature. In February, a fast-spreading worm exploited a glitch in MSN Messenger, while another problem prevented some Windows Messenger and MSN Messenger users from staying connected to the Internet. A summer 2001 outage kept about 10 million Messenger users offline for about a week.
Instant messaging is an important component of Microsoft's .Net My Services strategy, the company's consumer Web services offering that is under construction. Microsoft plans to use Windows Messenger, which is integrated into Windows XP, and MSN Messenger as a back haul for the company and third-party service providers to communicate with customers. The first service, .Net Alerts, delivers stock quotes, traffic reports and other information through Microsoft's instant messenger.
Other security problems continue, despite Microsoft Chairman Bill Gates' call that the company put more emphasis on making software secure than adding new features.
In March, Microsoft issued a pair of patches for Internet Explorer security holes. February and April security holes potentially opened Office for the Mac to hackers. Also in April, Microsoft issued fixes for about 10 security holes affecting three versions of Internet Information Server.
***************
MSNBC
A cookieless Web monitor?
Researchers in Scotland working on undetectable software
By Gwendolyn Mariano


May 10 Researchers in Scotland are developing a new kind of Web monitoring software that they claim can collect enormous amounts of data on Web surfers while remaining nearly undetectable. The technology came to light when it was chosen as one of 40 technologies funded this year by the Scottish Enterprise, Scotland's economic development agency. The University of Strathclyde received the award for an undisclosed sum Thursday.

DR. LYKOURGOS PETROPOULAKIS, who is heading the 18-month research project, declined to comment on the technology, calling it "highly classified" information.
Web surveillance software has drawn intense interest from consumer advocates, who fear the interactive nature of the Internet can provide unprecedented power for governments, corporations and individuals to trample people's privacy. Several monitoring systems have been developed for use by law enforcement agencies that remain cloaked in secrecy, ostensibly due to security concerns.
The FBI has battled privacy groups seeking information on its DCS1000 Web monitoring technology, also known as Carnivore, which is installed on systems run by Internet service providers. The European Union, meanwhile, has lobbed espionage charges at the U.S. government and some of its allies over an alleged surveillance system known as Echelon, which incorporates satellite and undersea cable wiretaps, according to an EU investigation
"Technology like this, once it's spread around, means people can be tracked from site to site," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation. "Whatever (the Scottish Enterprise) is doing, this is part of a long-standing practice by governments to fund the development of spying technology or, more generally, technology that facilitates law enforcement and national security."
The Scottish Enterprise called the technology being developed by Petropoulakis' team a "breakthrough," outpacing any other technology on the market by allowing a more detailed profile of a Web user's activity.

TRACING VIA 'SENSORS'
According to a statement, the technology traces Internet use via "sensors" rather than cookies, or bits of code that sit on computer hard drives that have long been used by Web sites to monitor people's travels on the Web. The technology can be operated on any Web server and can monitor Internet use in real time. In addition, the software can block access to sites, e-mails and documents.
The Scottish Enterprise added that the technology might find legitimate uses from government, education and commercial organizations as well as Web marketers. Possible uses under consideration, it said, include monitoring of employee Web surfing in the workplace and monitoring of children's Web use by parents.
"Technology like this, once it's spread around, means people can be tracked from site to site," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation. "Whatever (the Scottish Enterprise) is doing, this is part of a long-standing practice by governments to fund the development of spying technology or, more generally, technology that facilitates law enforcement and national security."
The Scottish Enterprise called the technology being developed by Petropoulakis' team a "breakthrough," outpacing any other technology on the market by allowing a more detailed profile of a Web user's activity.

TRACING VIA 'SENSORS'
According to a statement, the technology traces Internet use via "sensors" rather than cookies, or bits of code that sit on computer hard drives that have long been used by Web sites to monitor people's travels on the Web. The technology can be operated on any Web server and can monitor Internet use in real time. In addition, the software can block access to sites, e-mails and documents.
The Scottish Enterprise added that the technology might find legitimate uses from government, education and commercial organizations as well as Web marketers. Possible uses under consideration, it said, include monitoring of employee Web surfing in the workplace and monitoring of children's Web use by parents.
****************************
Government Executive
Mushrooming homeland security budgets face Hill scrutiny
By William New, CongressDaily

Months after the Sept. 11 terrorist attacks, Congress remains eager to give the Bush administration billions of extra dollars to make the nation more secure within its borders. But some members are beginning to wonder how it is being spent.

Shortly after the attacks, Congress approved a $40 billion emergency supplemental for the war on terrorism and to quickly address homeland defense gaps--paid out in three portions over several months. The administration has returned to Congress in recent weeks to seek another $27 billion emergency supplemental for the current fiscal year. In addition, the president has requested $38 billion in homeland defense spending for fiscal 2003.

Yet in a Senate Appropriation Committee hearing earlier this week, Defense Department Comptroller Dov Zakheim again said he could not identify how the original $40 billion supplemental has been spent. Zakheim promised to offer some numbers by the end of the week.

"I think the [Senate Appropriations Committee] scrutiny [of homeland security spending] is self-evident," said a committee spokesman, noting the recent string of hearings on the subject. "There have been some real questions raised." Senate Appropriations Chairman Byrd has noted that the Justice Department has not advertised the grants it was given to allocate to local police. Also, 80 percent of local health departments have not received their designated funding, he said.

The high-tech industry is watching to see how the new funding "trickles down" to private sector opportunities, an industry source said. Homeland security funding is more difficult to capture because it cuts "horizontally" across so many agencies, he said.

Congress soon will begin work on the president's fiscal 2003 budget request. Homeland security has caused several agency budget requests for next year to swell.

Of the nearly $38 billion earmarked for homeland security in the FY03 request, the Defense Department would get 22 percent; Transportation Department, 20 percent; Justice Department, 19 percent; HHS, 12 percent; Federal Emergency Management Agency, 9 percent; Treasury Department, 8 percent; Energy Department, 3 percent, states and international, 2 percent; Agriculture Department, 1 percent; and all others 4 percent, according to the Government Electronics and Information Technology Association.

Some areas of homeland security spending, according to GEIA, would include $362 million for an entry-exit visa system at the Immigration and Naturalization Service, and, at the FBI, $21 million for the National Infrastructure Protection and Computer Intrusion Program and $48 million for the Information Assurance Program. Other programs include $744 million for northern border security and $684 million for maritime security, both at the Customs Service.

The Bush FY03 request also would provide $4.8 billion to the Transportation Security Administration created in November, which focuses largely on commercial aviation security, and $1.2 billion for U.S. Coast Guard ports, waterways and coastal security. FEMA would receive $3.6 billion for state and local "readiness and training."

Cybersecurity initiatives would include $30 million for a defense cyber warning intelligence network, $5 million for General Services Administration's government Intranet called GovNet, and $125 million for the FBI National Infrastructure Protection Center.

At the Defense Department alone, the Bush budget is proposing $26.4 billion for information technology and national security systems in FY03, including $4.6 billion for development modernization and $13.3 billion to maintain current services. That is a significant increase from the $23.7 billion for IT and national security systems in the current fiscal year, including $3.7 billion for modernization and $11.9 billion to maintain current systems.

The fiscal 2002 emergency supplemental currently under debate in Congress would boost the amount for homeland security to $5.8 billion, $522 million above the president's request.

But the House Appropriations Committee--which took up the bill Thursday--is proposing to cut the Transportation Security Administration's supplemental appropriation by $550 million to $3.85 billion. The committee criticized the new agency for failing to fully justify its budget request.
*******************
Government Executive
Federal, state and local agencies on a quest to secure America's borders
By Molly M. Peterson, CongressDaily

As the military wages a new kind of war abroad in response to the Sept. 11 terrorist attacks, members of Congress and Bush administration officials are developing high-tech strategies for defending the nation's borders and transportation systems.

But equipping a multitude of federal, state and local agencies to meet those homeland security needs--while enabling them to share critical, real-time information about terrorist threats and response capabilities--has proven to be a complicated task.

"We are a mobile, open society of more than 286 million souls living within 7,000 miles of open land borders and 4,000 miles of unguarded coastline," Rep. Christopher Shays, R-Conn., chairman of the House Government Reform National Security Subcommittee, said during a recent hearing. "Critical transportation information systems are susceptible to disruption. Intelligence sharing is stilted. Military capabilities have not yet been transformed to meet asymmetrical threats. Where to begin?"

Modernizing antiquated information systems has emerged as a key starting point for many agencies. "We will seek to tear down the information stovepipes that stand in the way of information sharing and cooperation within the government," White House Homeland Security Director Tom Ridge said recently, noting that many federal, state and local databases contained information about a number of the 19 hijackers long before they were involved in the Sept. 11 attacks. The administration has called for a technologically advanced "smart border" to monitor the arrival and departure of the more than 300 million non-citizens each year. And several lawmakers have introduced legislation that would use information technology to tighten border security. For example, two bills, H.R. 3229 in the House and S. 1627 in the Senate, would establish a single "lookout database" designed to enable all immigration, customs, law enforcement and intelligence agencies to identify inadmissible or deportable aliens.

Another bill, S. 1733, also aims to improve border security. It would require the State Department, the Immigration and Naturalization Service, the Treasury Department and the CIA to develop a unified electronic data system to provide law enforcement and intelligence officials with real-time information on non-citizens' eligibility to enter the United States.

Federal agencies also are taking steps under last year's anti-terrorism law to improve border security. That law requires the FBI to share non-citizens' criminal records with the INS and the State Department for the purposes of adjudicating visa applications.

The Customs Service is playing a key role in homeland defense by monitoring the millions of cargo containers shipped into the United States each year. President Bush has proposed a $2.3 billion inspection budget for Customs in fiscal 2003, which would be a $619 million--or 27 percent--increase over fiscal 2002 spending. The new funds would be used to hire hundreds of inspectors and purchase high-tech equipment to improve and expedite cargo inspections.

Customs officials are considering the use of electronic seals to prevent tampering of shipping containers, as well as radiation detectors and other sensors to prevent weapons of mass destruction from being smuggled into U.S. ports.

The Transportation Department recently created an interagency Container Working Group, which is investigating ways to improve and expedite security inspections of 6 million marine cargo containers, and the 11 million trucks and rail containers, each year.

"Looking for a terrorist weapon in a container may appear to be like looking for a needle in a haystack," Rep. Corrine Brown, D-Fla., said during a recent House Transportation and Infrastructure subcommittee hearing. "However, we must find that needle. To do this, we will need the cooperation of our trading partners and those in the transportation industry."

Coast Guard officials also need better detection technology to inspect sealed containers packed within foreign vessels, according to Capt. Anthony Regalbuto, the Coast Guard's chief of port security. "Just imagine a bunch of Legos and trying to get to the inner part of the Lego block," Regalbuto told lawmakers during a March hearing. "It really creates some problems."

But an even greater problem involves the potential failure to detect a terrorist weapon inside a container before it is loaded onto a truck or a train, according to John Magaw, undersecretary of Transportation for security. "Seaport containers that arrive today ... can be anywhere in the United States tomorrow," Magaw recently told the Senate Transportation Appropriations Subcommittee. "Security measures must be fully integrated in all modes of transportation."

Sen. Patty Murray, D-Wash., who chairs the subcommittee, also cautioned against focusing security efforts too heavily on air travel, the immediate emphasis just after the Sept. 11 hijackings.

"Our security system is only as strong as its weakest link," she said. "As we work to make aviation more secure, I want to make sure we're not leaving other vulnerabilities open to those who would threaten us."
*********************
CNN
'Operation Web Sweep' targets porn
Authorities say they used an undercover Internet site


TRENTON, New Jersey (Reuters) --Federal and state officials said on Wednesday that they were targeting up to 200 suspects in what they called the first undercover computer sting operation to combat child pornography.

New Jersey Attorney General David Samson said officials in 29 U.S. states and at least 15 other countries were looking to serve search warrants on suspects' computers after authorities took over a child pornography Web site and used it to set up an undercover site.

The warrants authorized the seizure of computers, computer systems, programs, hardware and software that might contain evidence relating to the possession or distribution of child pornography.

Officials said the warrants were under seal and that no charges would be filed until the investigation was completed, but the potential charges were possession, receipt and distribution of child pornography. They did not identify the nationalities of the suspects outside the United States.

Operation Web Sweep'
Samson said the investigation began last December when Wyoming authorities notified counterparts in New Jersey they had uncovered a New Jersey-based Web site advertising and trading in child pornography.

He said he turned the investigation, dubbed "Operation Web Sweep," over to New Jersey's new Computer Analysis and Technology Unit, which used advanced computer-related investigative procedures to track the suspect Web site to a New Jersey-based computer server.

With the cooperation of the server operator, investigators said they determined the site contained images of "clearly prepubescent" boys along with advertising describing the site's content and images. It charged a membership fee of $19.99.

In February, authorities disabled the site and removed all child pornography, then created a replacement at the same domain address.

The Web site, which contained no illegal content, was styled to resemble the original. Previous subscribers were informed the site was rebuilding its collection of images. Through an assigned user name and password, subscribers could upload or transmit pictures to the site.

Samson said the investigation targeted those who logged on to download or who provided images depicting child pornography to the undercover Web site.

Officials said that as the global scope of the investigation became clear, New Jersey sought the help of federal officials and law enforcement agencies from other countries, which joined the operation.
**********************
Computerworld
U.S. to develop portal for comment on pending regulations

The U.S. Office of Management and Budget wants to centralize federal regulatory information into a single Web portal by the end of the year, according to a statement (download PDF) by OMB Director Mitchell E. Daniels Jr.
Daniels wrote that the move would unify what he called "fragmented efforts" by a variety of federal agencies and fall in line with President Bush's "Online Rule-Making Initiative."

The decision to unify is due to an increase in the amount of traffic to federal Web sites, according to an OMB statement accompanying the memo.

"The Pew Foundation reports that 42 million Americans viewed federal regulations through the Internet in 2001, with 23 million commenting on proposed rules, regulations and policies," the statement reads. "According to the National Archives, the public retrieved more than 65 million documents from the online Federal Register in 2001."

With a single site, "the public will no longer need to navigate through a sea of agency Web sites to comment on regulations that impact their lives," said Mark Forman, OMB associate director for information technology and e-government.

Today, the public can comment on proposed regulations via the Web. Agencies such as the Food and Drug Administration, the Department of Agriculture and the Environmental Protection Agency gather public comments on proposals via the Web.

According to the OMB, maintaining redundant rule-making Web sites across the government will cost $70 million over the next 18 months. It can also be confusing to the public, which has to know what agency is developing a regulation in order to find and comment on it.

The initiative is broken into two parts. First, OMB staff will work with various government agencies to inventory equipment and determine whether any one agency could serve as a model of how a larger portal should run.

The Department of Transportation will be the lead partner with the OMB in the investigation process. A specific Web address for the portal has not been selected, and an agency has not been chosen to oversee the new portal. Currently, the list of regulatory agencies can be accessed through www.firstgov.com. But finding that link can be difficult, which is another reason why the OMB wants to unify the information on a single portal.
*******************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711