[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips June 5, 2002

Clips June 5, 2002

ARTICLES

House Backs Port Security Bill in Fight on Terrorism
Panel Chairman Seeks Study of FBI Reorganization
Feds eyeing smart card use as security tool
U.S. to Give Travel Web Sites A Close Look
FTC idea could get telemarketers to stop calling Hearings begin today
Reporter Subpoenaed in Hacking Probe
Security Flaw Found in Explorer'
Did MS Pay for Open-Source Scare?
Taiwan opens door to open source
A new teenage wasteland?
Students Help Schools With Computers
Former Lucent Exec Now Heads FBI's Trilogy Program
Digital Rights Put to Test
Satellite Program Takes Schools to Students
Patent office focuses on e-filing
Pa. creates cybercrime task force
House office secures files with biometrics
Hollywood Has a Setback in Controls for Digital TV
Net renewal plans under fire
Deleting downloads
Pleasant Hill hacker draws feds' attention
Evolving viruses threat to platforms
Clarke warns educators about need for better security
Nets exposed by 'rogue' threats
Hollywood faces recurring Net nightmare
Off-key efforts hinder paid Net music
IBM pins dreams on tiny machines






****************
Los Angeles Times
House Backs Port Security Bill in Fight on Terrorism
By RICHARD SIMON
TIMES STAFF WRITER

WASHINGTON -- Now that Congress has enacted laws to secure the nation's air travel system from terrorists, the House approved legislation Tuesday designed to protect Americans from attack at the nation's 361 ports.

But protecting the waterfront from terrorists could prove far more complicated than safeguarding the skies.

While the air travel system has received far more attention, security experts worry about the vulnerability of ports to an attack that could cripple the U.S. economy. Of special concern are the thousands of cargo containers arriving every day that could be used to sneak terrorists or dangerous weapons into the country. The House bill would authorize U.S. security sweeps of foreign ports, expand the Coast Guard's authority to direct ships and provide $225 million in security grants to U.S. ports. Some of that is expected to go to the Los Angeles-Long Beach port complex, the nation's busiest with more than 1 million passengers, 5,500 commercial vessels and $170 billion in commerce annually.

The bill also would put in place a number of measures to better screen the 6 million cargo containers that arrive in U.S. ports every year. Only a fraction of the 20- to 40-foot-long metal boxes are physically inspected, although customs officials check cargo lists and target suspicious containers for a closer look.

Rep. James L. Oberstar of Minnesota, the top Democrat on the House Transportation Committee, said the bill would close "another hole" in America's defense shield. "We have 95,000 miles of coastline in the United States. We have to protect that coastline and our ports."

While aviation security legislation was approved about two months after the Sept. 11 attacks, port security has been more difficult.

Lawmakers want to increase security at ports but do not want to slow down the U.S. economy and impair the ability of businesses and farmers in their states to reach global markets.

And ports are difficult to protect because of their size and immense operations. "Look at the Port of New Orleans," said Coast Guard Capt. Mike Lapinski. "It stretches up one side of the river and down the other side about 100 miles."

The House bill is similar to a measure passed by the Senate last year, virtually ensuring that a port security bill will be sent to the president soon.

But one issue that still needs to be resolved is whether individuals who have served time for felony convictions, such as a drug offense, will be barred from working in secure areas.

The Senate bill is patterned after the aviation security bill, which denies workers security-sensitive jobs if they have been convicted of any of more than two dozen felonies. Industry officials say dockworkers should be held to the same standard as airport workers. The House bill, which the unions prefer, would let federal transportation authorities decide what crimes to consider in determining whether a worker poses a terrorist threat.

Although port officials were pleased with progress on the legislation, they said it did not provide enough money.

The House measure would give $225 million to ports for security improvements, the Senate bill $390 million. (The Senate measure in total provides slightly more than $1 billion, but much of it goes to hiring additional customs agents and purchase of screening equipment.)

The amount going directly to ports is far less than the $2 billion that an anti-crime commission said was needed to secure ports before Sept. 11. And, when the Department of Transportation recently invited ports to apply for $93 million in security funds allocated in December, the agency received requests for almost $700 million.

Still, the American Assn. of Port Authorities, which represents public port authorities, applauded the House vote. "Greater resources for continued improvements in security at our nation's ports are critical," said Kurt J. Nagle, the association's president.

Officials at the Los Angeles port declined to comment, noting that the city had not yet taken a position on the legislation.

The House bill also would set a June 30, 2003, deadline for authorities to develop an "anti-terrorism cargo identification and screening system" for cargo containers.

No one expects every cargo container to undergo the kind of screening planned for airline baggage. But the measure requires shippers to transmit cargo information to U.S. authorities before the cargo reaches port, something that most shippers have been voluntarily doing since Sept. 11.

Customs officials are also moving to assign inspectors to foreign ports in an effort to intercept suspicious cargo bound for the United States. On Tuesday, Singapore became the first port outside North America to announce plans to work with the U.S. Customs Service in screening U.S.-bound cargo.

Although customs does not physically inspect every container, it does use the information to single out suspicious cargo. Customs officials say they are beginning to use "e-seals" on cargo that send out an alarm if a container is opened, and they are exploring electronic systems to track containers.

The legislation also requires ships to electronically transmit passenger and crew manifests before arrival. Coast Guard officials say the manifests now are often handwritten and faxed, making it difficult for authorities to read them and check names against FBI and INS databases.

Times staff writer Jessica Garrison in Los Angeles contributed to this report.


******************
Washington Post
Panel Chairman Seeks Study of FBI Reorganization
Rep. Wolf Cites Concern on Impact of Shifting Agents to Counterterrorism Effort
By a Washington Post Staff Writer

In a signal that Congress will not rubber-stamp the FBI's reorganization plan, the Republican chairman of a key House panel asked yesterday for an independent assessment and said he would not approve the proposed shifting of more than $200 million within the bureau until he is satisfied that it "makes sense."

Rep. Frank Wolf, the Virginia Republican who heads the House appropriations subcommittee that oversees the FBI budget, requested an expedited review of the plan by the General Accounting Office -- Congress's independent watchdog agency -- and the nonprofit National Academy of Public Administration.

He tentatively set a June 14 hearing for testimony from the two evaluators, FBI Director Robert S. Mueller III and other witnesses. "I want to make sure we're doing everything we can to get the best minds to look at this, and to work with the FBI to make sure this works," Wolf said.

In a letter to Mueller several days before the plan was announced, Wolf said he did not want Congress to be an "impediment" to changes needed to counter the terrorist threat. But he added: "I believe an independent analytical review would prove beneficial."

Congress's main concern is whether the shifting of 652 FBI agents and 766 support personnel -- most of whom would go to the counterterrorism effort -- would leave a void in other important law enforcement functions, Wolf said yesterday.

Most of the agents would be shifted from duties in drug law enforcement, white-collar crime, violent crime and forensic services. Sources said Congress wants to make sure that other agencies, such as the Drug Enforcement Administration, or state and local law enforcement authorities, would be able to take up the slack.

Mueller announced the reorganization plan May 29. Congress has 15 days from that date either to accept the shifting of money needed to carry it out or to suggest changes.

Details of the plan are contained in a May 29 Justice Department letter to Wolf. In addition to the reassignment of the 652 agents, it calls for a new Cyber Division to "coordinate, oversee and facilitate FBI investigations in which the Internet, online services and computer system and networks are the principal instruments or targets of foreign intelligence or terrorists." The Cyber Division would handle Internet fraud and child pornography, as well as crimes involving the theft of intellectual property and trade secrets.

The plan also would divide the FBI's laboratory operations into two sections, one handling traditional forensics such as fingerprint and DNA analysis, and a new Investigative Technologies Division. This new division would focus on supporting anti-terrorism operations and the intelligence community. It would specialize in electronic and physical surveillance, cyber technology and wireless and radio communication.

At the same time, two "flying squads," based at FBI headquarters, could be deployed to respond to specific terrorist threats or incidents anywhere in the country. The aim would be to ensure "more coordinated national and international investigations," the Justice Department letter said.

Congress has been highly supportive of the FBI since Sept. 11, Wolf said. Last year it beefed up the administration's funding request for the FBI by $206.5 million in a supplemental spending bill. Last month, considering this year's version of that bill, the House added $100 million to the administration's supplemental funding request.
******************
Computerworld
Feds eyeing smart card use as security tool

WASHINGTON -- A Bush administration official told a smart card industry group today that smart cards have "tremendous potential" to provide physical and network protection if card security, interoperability and privacy issues are addressed.
"Smart cards, if deployed properly, and if they are properly secured, really do provide an excellent means of security," said Paul Kurtz, the senior director for national security at the White House's Office of Cyberspace Security.

But Kurtz, speaking at a Smart Card Alliance Inc. conference today, told card manufacturers that smart cards have to be deployed with security in mind. "We want security built-in upfront," he said.

Despite some concerns, smart cards are becoming increasingly important in the federal government. "There is tremendous amount of momentum in the system toward smart cards," said Kurtz.

Several agencies are eyeing the use of smart cards, including the following:


The Transportation Security Administration, a federal agency created following the Sept. 11 terrorist attacks, is considering smart cards for physical and systems access. Any such move could affect some 15 million government and private employees at more than 400 airports and 300 seaports and other transportation sectors, according to an official at the Princeton Junction, N.J.-based Smart Card Alliance.

Congress is eyeing legislation that would require smart card driver's licenses that contain a biometric marker, such as a fingerprint or retinal scan.

The U.S. Department of Defense is in the process of issuing smart cards to all 4.3 million U.S. military and civilian personnel, as well as on-site contractors.
Kurtz said smart cards represent a possible solution to the architectural problems of providing a secure mobile identity. But, he said, the industry has special challenges posed by the number of people involved in issuing a card, including the manufacturer, issuer, the data owner and the software manufacturer.

"Those are a number of players coming together in one place where the owner doesn't exactly see everything that is going on," said Kurtz. "So the opportunity for trouble is present."

Kurtz also cited privacy issues raised by the availability of data collected off the cards, as well the interoperability of the cards themselves.

The Bush administration is developing a plan for protecting critical infrastructure that's due out by the end of the summer, he said.

"I would challenge the industry to think through the issue of security ... and develop secure cards and secure infrastructure for those cards," said Kurtz.
*********************
Washington Post
U.S. to Give Travel Web Sites A Close Look

As the Internet becomes more of a destination of choice for consumers looking to book airline tickets, hotel rooms or car rentals, the government is considering whether the Web sites should be regulated and whether they are indeed offering the lowest fares.

Transportation Secretary Norman Y. Mineta has named David Winstead, former Maryland transportation secretary, to oversee a nine-member commission created by Congress to investigate the prices and practices of various airline sites and independent sites -- such as Travelocity and Expedia -- and their impact on the nation's travelers and travel agents.

The commission's first hearing is to be held June 12 at the Ronald Reagan Building and International Trade Center.

The commission's goal, he said, is to determine if "these sites have helped or hurt the traveling public." Winstead is to present a report on Nov. 15 to members of Congress, who will then determine if any "recommendations or regulations" should be implemented by Congress or the Bush administration.

Increasing numbers of travelers are using Web sites to buy their tickets. According to the Internet analysis group Jupiter Media Metrix, consumers are expected to spend about $30.8 billion on travel sites this year, up from $24 billion in 2001.

The Web sites may make it easier for consumers to shop for cheap fares, but government officials worry about problems that may spring from the practice.

For example, Congress is worried about the impact of the Internet on travel agents. Many airlines have eliminated the commissions they pay travel agents and have been encouraging travelers to book online by putting their lowest fares on their Web sites.

But Orbitz.com -- founded by American, United, Delta, Northwest and Continental airlines -- recently announced plans to create a system that would give travel agents direct access to its fares, which should provide agents with some relief.

Congress is also concerned that some sites are getting lower fares than others, Winstead said.

And the Justice Department is currently investigating Orbitz.com to see if the travel Web site is favoring the five major airlines that own it.

Other incidents have raised questions. Internet travel services such as Travelocity, Priceline and Expedia say they display the lowest fare that meets the customer's criteria, such as destination and time of travel. Yet in March, Expedia.com briefly refused to display United Airlines fares after the carrier said it would stop paying Expedia a commission on tickets sold on the site.

In April, Northwest Airlines claimed both Travelocity and Expedia refused to offer its fare sale to Frankfurt, Germany. Northwest spokesman Kurt Ebenhoch said the sites argued that they could not promote the fares because that would conflict with marketing agreements they have with European carriers. Expedia spokeswoman Suzi LeVine denied that. She said Northwest decided not to give its fares to Expedia after Expedia said the fares would not be advertised on its Web site or in its promotional e-mails.

Winstead said he plans to study the kind of exclusive marketing agreements that Internet travel sites have with airlines to determine if they influence the way sites display fares.

Testifying at the first hearing will be executives from the American Society of Travel Agents, the American Automobile Association and Sabre Holdings Corp., the airline reservation systems. There will be three more hearings over the next several months.

Hotel Incentives
Wyndham International hotels have eliminated charges for long-distance and local telephone calls as well as Internet access for members of the chain's frequent-stay program. Business travelers often complain about costs of telephone calls and Internet service at hotels.

Wyndham's move is the latest effort by hotels to fill rooms. Hotels were hit hard by the recession, which caused corporations to cut back on business travel, and the Sept. 11 hijackings, which scared away travelers. Hyatt Hotels Corp. is offering a free night for every two nights stayed. And Marriott International Inc. is giving away two free weekend nights after three stays in its hotels.

What makes these moves more noteworthy is that they come during what is traditionally the best time for the hotel industry -- the summer travel season. However, within the past week, both Hilton Hotels Corp. and Marriott said they expect second-quarter revenue to be lower than original estimates. That may mean more deals could follow.
********************
USA Today
FTC idea could get telemarketers to stop calling Hearings begin today on national 'Do Not Call' list; industry cites high costs
By Michael McCarthy and Jayne O'Donnell
USA TODAY


WASHINGTON -- Telemarketers are the callers many love to loathe. They interrupt dinners. They spoil weekends. They won't take no for an answer.

''I find them very aggressive and intrusive,'' says ToniAnn DeMario, 39, a teacher from Staten Island, N.Y.

She says she's fed up with getting multiple calls as she and her husband, Joey, try to have dinner with their 2-year-old twins, Joseph and Anthony.

''Something needs to be done to stop them from calling your home whenever they want,'' DeMario says.

The Federal Trade Commission might offer consumers such as DeMario a way to cut off the dialing for dollars. The FTC has proposed a ''Do Not Call'' list it says could eliminate most telemarketing calls for those who register.

''The Do Not Call list is aimed at the disruption (of daily life) issue,'' says FTC Chairman Tim Muris.

It's the most controversial of the agency's proposed additions -- to be debated at a three-day public hearing starting today -- to rules now regulating deceptive telemarketing and hours for calling. Consumers could sign up by calling a hotline. Violators who call listed numbers would be fined $11,000 per call.

But members of the $661 billion telemarketing industry -- they prefer ''teleservices'' -- see the list as a disruption of legitimate business. And they say the FTC is exceeding its authority.

The industry is already on the defensive: 15 states have ''Do Not Call'' lists, with more than 7 million households; 11 more states are coming.

''The government wants to put our industry out of business,'' says Matt Mattingley, director of government affairs for the American Teleservices Association, which has members such as AOL Time Warner and Capital One.

''They can't legislate it out of existence. So they are proposing regulations so onerous, difficult and expensive that it would be impossible to comply.''

The FTC says it hopes to have a final proposal by fall that could have a list up early next year that would let consumers avoid calls for the likes of magazines, vacation time-shares and many credit cards. It would be paid for by charging telemarketers for access to the list, which they would need to avoid fines.

Even with a list in place, consumers could still get phone pitches from industries and groups, including some heavyweight telemarketers, regulated by agencies other than the FTC. Among them: phone companies, airlines, banks, brokers, charities and political campaigns. And state laws apply to calls starting and ending within any state.

However FTC staffer Katie Harrington-McBride, head of the legal team reviewing the rule changes, says the FTC list would cut off ''most'' calls.

Those who favor and oppose the list debate what ''most'' means.

Jason Catlett, president of consumer group Junkbusters, estimates it would head off up to 70% of calls. He'll testify for the plan this week and says, ''Telemarketing is the most despised form of solicitation in the country.''

Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association, the biggest trade group for telemarketers, says so many exempt industries means a national list would cover 50% of calls, at best. ''We've found that banks and telephone companies are two of the largest users,'' he says.

Volunteerism urged

A better alternative, he says, is the DMA's voluntary Do Not Call list established in 1985, which has 4.5 million registered households. He says his group's 5,000 member companies, such as AT&T and Sears, account for about 80% of telemarketing calls, and all agree to observe its Telephone Preference Service.

Critics point out, however, there is no real penalty if they call anyway.

FTC officials say that if the Federal Communications Commission, which regulates industries such as phone companies, also created a Do Not Call list, federal law could cover about eight of 10 telemarketing calls.

The FCC, however, has no plans to start a list, says spokeswoman Rosemary Kimball, but it requires carriers to keep their own Do Not Call lists, restricts hours for calls and bans recorded calls and faxes.

Some consumers apparently would be happy if just some calls were cut off. Of more than 42,000 responses in the FTC public comment period ending April 15, more than 90% favored the list, says Harrington-McBride. But while the consumer annoyance issue has gotten great attention in the debate, telemarketing continues to grow, because it works -- and there is big money at stake.

Cash incentives

Consumers spent $274 billion on telemarketing in 2001, according to the DMA, up 8.5% from the year before. Business-to-business sales were $387 billion, up 10.4%.

Telemarketing is the second-fastest-growing segment -- behind the Internet -- of the $1.86 trillion direct-marketing industry that ranges from catalogs to e-mail to 800 numbers on TV.

In a survey by the American Teleservices Association, 41% of Americans acknowledged making purchases over the phone in the last year, vs. 45% for the Internet.

Women were more likely to buy than men: 45% vs. 37%. The Northeast was the most fertile region for phone pitches.

All of this generates strong feelings on all sides. So many industry groups, lobbyists and consumers wanted to weigh in for or against a Do Not Call list at the public workshops this week that the FTC moved the sessions from agency headquarters to the larger Marriott Wardman Park Hotel here. Among key arguments:

* Whose phone is it, anyway? In its 66-page comment on the FTC's proposed rule changes, the DMA argues that a national Do Not Call list would violate commercial free speech, as well as levy, in effect, a new tax on business.

''We don't think it's necessary. Under current law if you tell me, 'Don't call me any more,' it's illegal for me to call you,'' says Cerasale.

The First Amendment complaint in particular angers Catlett: ''The fact is, the consumers are paying for their telephones -- and telemarketers are helping themselves to it. Telemarketers saying this is a First Amendment issue is like graffiti artists claiming they have the right to spray graffiti on your house. They have the right to spray it on their own house. But not on something I pay for.''

An issue for another telemarketing opponent, Bob Bulmash of Private Citizen, is what he estimates are 150,000 households interrupted at dinnertime by ''hang-up'' calls. That's when a telemarketing computer calls, but there's nobody there when you answer. ''The industry's position is, it's ethical to hang up on people,'' Bulmash says.

* State rights. Many state attorneys general who run their own Do Not Call lists want to enforce their own consumer laws -- and want the feds to butt out. Wisconsin Attorney General Jim Doyle, for example, has warned the FTC that ''federal actions should support and supplement, not undermine and pre-empt,'' state efforts.

Harrington-McBride says, ''it's not clear'' whether the FTC list would override the various state lists.

* Economic impact. An estimated 7,000 telemarketers employ, directly or indirectly, about 6 million people, says the DMA, and employment is predicted to grow at a rate of 3.8% through 2005.

The trade group argues that job cuts would fall heavily on women, minorities and students. It says women make up 60% of the industry workforce, minority workers, 33%, students, 26% and single mothers, 25%.

Telemarketers play a useful but despised role similar to used car salesmen, says Mattingley.

''Telemarketing is everybody's favorite whipping boy. Nobody loves a telemarketer. You don't want your daughter to marry a telemarketer. But people buy from telemarketers. Used car salesmen are generally regarded as subhuman -- until you need a used car.''

But supporters of the FTC list say the industry is crying wolf. They say no cases have been shown of a telemarketing firm driven out of business by the state laws already in effect requiring don't-call lists.

Instead, firms change areas or work for clients that are under fewer restrictions.

At what price?

* Hidden charges? The FTC estimates it will cost about $5 million a year to create and maintain the national list.

The ATA says the agency is low-balling the cost, and it claims the list could cost more than $100 million per year and require a small army of new FTC attorneys to handle complaints.

''Is this a big make-work project?'' asks Mattingley.

DeMario, meanwhile, is one of the consumers caught in the crossfire who just wants some peace and quiet.

''If you own the phone and pay for the phone, you should have the right to determine who you want to speak to,'' she says.

''They argue that you can just hang up. But you're in the middle of dinner, or taking care of your children. And the phone just keeps ringing. . . . ''
********************
Associated Press
Reporter Subpoenaed in Hacking Probe
Tue Jun 4, 6:45 PM ET
By TED BRIDIS, Associated Press Writer

WASHINGTON (AP) - Without required approval, U.S. prosecutors sent a subpoena to MSNBC demanding a reporter's notes, e-mails and other information as part of an investigation into a nomadic young hacker who acknowledged breaking into computers at The New York Times earlier this year.


The subpoena, which was withdrawn weeks later, also demanded any similar material from MSNBC involving another journalist who contacted The New York Times on behalf of the newspaper hacker after the break-in, then wrote about it for an online publication.

Under guidelines from the Justice Department (news - web sites), Attorney General John Ashcroft (news - web sites) or his deputy must personally approve any subpoenas sent to journalists, and Barbara Comstock, director of the Office of Public Affairs, must review such requests. But senior Justice officials on Ashcroft's staff at headquarters said they were unfamiliar with the MSNBC subpoena, and Ms. Comstock said she did not review it.

"If that's true ... they violated their own policy," said Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press.

The subpoena, signed by an assistant U.S. attorney from New York, represents at least the second time since 2001 the Bush administration has tried to compel journalists to turn over information related to a criminal probe.

Herbert Hadad, a spokesman for U.S. Attorney James B. Comey Jr. in New York, declined to discuss it.

The Justice Department last year obtained the personal phone records of Associated Press reporter John Solomon after he wrote about a federal wiretap of Sen. Robert Torricelli.

MSNBC's lawyer, Yuki Ishizuka, said it was unclear whether federal prosecutors will resubmit the subpoena, but the company has recently warned some reporters not to delete e-mails that might be connected to the case.

Ishizuka said the subpoena, withdrawn in mid-May, demanded from MSNBC reporter Bob Sullivan any e-mails or notes about conversations about the newspaper's computer break-in with hacker Adrian Lamo and Kevin Poulsen, now an online journalist.
******************
Associated Press
Security Flaw Found in Explorer'
Tue Jun 4, 9:30 PM ET

REDMOND, Wash. (AP) - A security flaw in Microsoft's Internet Explorer browser could allow a hacker to take control of a remote computer if its user clicks a link to an outdated Internet protocol, a computer security firm says.


Oy Online Solutions Ltd. of Finland said it notified Microsoft Corp. of the security hole on May 20 but the software giant has yet to produce a software patch to fix the problem, the Toronto Star reported Tuesday.

A Microsoft spokesman who refused to be identified said Tuesday that the company is "moving forward on the investigation with all due speed" and will take the action that best serves its customers.

The problem concerns Gopher, an Internet protocol that predates the World Wide Web with pages like Web pages except that they are unable to store audio and video content.

Although Gopher is considered an outdated format for Internet content, it is still supported by Internet Explorer and most other browsers.

According to Oy Online, a hacker could take over a user's computer simply by having the user click on a link to a "hostile Gopher site." That one click would install and run any program the hacker chose on the victim's computer, and the victim might never know.

"The program could, for example, delete information from the computer or collect information and send it out from the computer," Oy Online said in a release. "(It) could also install a so-called backdoor (program) that would enable the hostile attacker to access the computer later."

All versions of Internet Explorer are believed to be vulnerable, the Star reported.

Refusing to confirm the security flaw, the Microsoft spokesman said the company "feel(s) strongly that speculating on the issue while the investigation is in progress would be irresponsible and counterproductive to our goal of protecting our customers' information."

And the spokesman added, "Responsible security researchers work with the vendor of a suspected vulnerability issue to ensure that countermeasures are developed before the issue is made public and customers are needlessly put at risk."

After being embarrassed on an almost regular basis by security flaws in its products including a debilitating problem found in its latest Windows XP (news - web sites) operating system just days after its release Microsoft began a companywide training program on security issues earlier this year.

In January, Microsoft Chairman Bill Gates (news - web sites) instructed employees to make software security a top priority.
****************
Wired News
Did MS Pay for Open-Source Scare?

Authors of a new report on the perils of open source software are being very closed-mouth about their funding sources.

"Opening the Open Source Debate," a white paper slated to be released Friday by the Alexis de Tocqueville Institution, indicates that open-source software is inherently less secure than proprietary software. The report warns governments against relying on open-source software for national security.

Open-source advocates wondered if the white paper is actually a veiled Microsoft response to recent reports of rising government and military interest in open-source systems.

A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution.

"We support a diverse array of public policy organizations with which we share a common interest or public policy agenda such as the de Tocqueville Institution," the spokesman wrote in an e-mail.

Microsoft did not respond to requests for comment on whether the company directly sponsored the debate paper. De Tocqueville Institute president Ken Brown and chairman Gregory Fossedal refused to comment on whether Microsoft sponsored the report.

"It is not our policy to comment on supporters; I'm sure you can understand. From this you should not infer that information you have is correct or not correct; we just don't comment," Fossedal wrote in an e-mail.

"These folks really need to be more straight-forward about this," security researcher Richard Smith said. "Not commenting makes it appear as if they have something to hide."

A Microsoft spokesman did say that open-source software is not innately more or less secure than proprietary software.

"Microsoft has held the position that security is an industry-wide issue and software is only one part of it. Implementation and administration are also key in security."

Most security experts do believe that open source is neither more nor less secure than propriety software. How a systems administrator configures and maintains the application is equally important.

Open-source software allows programmers to view and modify the software's program code. Closed-source software code is not viewable to all.

Since malicious hackers cannot view the underlying code of propriety software, they can't study it to discover possible exploits, a principle known as "security through obscurity," according to Bill Wall and Darwin Ammala of Harris Corporation's STAT computer security unit.

But open source software is presented to a very large and knowledgeable audience of software development peers. This substantially large body of reviewers provides deep scrutiny to software. They are able to test a wide variety of scenarios and feed improvements back into the code base. Over time this strengthens the software, Wall and Ammala added.

A recent report by Gartner Group analyst John Pescatore suggested that open-source style review would make Microsoft's software more trustworthy.

But the question of whether closed- or open-source software is inherently more secure can't really be answered because the issue has not been subjected to rigorous analysis, security experts said.

Wall said such an analysis should be done within the software engineering research community by an entity such as the Software Engineering Institute (SEI) or the Defense Advanced Research Projects Agency (DARPA).

"I would really like to see rigorous testing with hard statistics and not mere speculation on an issue as serious as this," Smith said.
******************************
ZDNET News
Taiwan opens door to open source

Taiwan is turning its back on software from the likes of Microsoft to develop its own open-source project, according to a recent report.
The Taiwanese government plans to start an open-source project as early as next year that could save it as much as $295 million in royalty payments to Microsoft, according to a report from Taiwan's Central News Agency.

Open-source software such as the Linux operating system may be freely modified and redistributed without the legal and financial constraints of proprietary software from Microsoft, Oracle and others.

An official with the National Center for High Performance Computing, Chuang Tze-nan, announced the plan Monday. Under the project, the government will encourage research and development in office software and the opening of the source code for government agencies and private establishments.

At a meeting that included members of the government's National Science Council, Ministry of Education and other government organizations, legislators said that the government has failed to react to Microsoft's monopoly on Taiwan's office software market.

The government has already launched an investigation into allegations that Microsoft misused its market dominance by indiscriminately increasing prices.

The move to open source is expected to save the government $59 million in royalty payments to foreign manufacturers, while the benefits to the private sector could be as high as $295 million, according to Chuang.

According to other statistics, the government could end up spending that amount on royalty payments to Microsoft alone.

Hsieh Ching-chih, vice chairman of the National Science Center, said there were 1.23 million PCs in Taiwan's government agencies and schools at the end of 2000. If those computers were outfitted with Microsoft software, royalty payments to the software giant could exceed $295 million, Hsieh said.

According to Vice Education Minister Wu Tieh-hsiung, the government is also planning to set up six educational centers around Taiwan to train open-source developers. Three years after the introduction of the open-source project, the centers will be training 120,000 basic users and 9,600 advanced users, he predicted.

Taiwan isn't the only country to favor open-source software over Microsoft's systems. On Monday, the German government announced a deal with IBM and Linux company SuSE to address concerns that it was relying too heavily on Microsoft products.

Governments have been embracing open-source software as a way to cut costs and sometimes also to break free of a U.S.-dominated software market.

Microsoft representatives were not immediately available for comment.
***********************
Salon.com
A new teenage wasteland?

Script kiddies, Web site defacers, chat-room gangsters: Today's digital troublemakers get a bad rap. But in "The Hacker Diaries" we learn that they're really all right.

Behold the glory of the "Web site defacement," a truly modern act of juvenile delinquency. Ludicrous (replacing a Baptist Church Web page with an invocation to Satan, for example) and yet troubling in their signal of arcane technological mastery, Web site defacements are apparently all the rage among angry young computer users.

In the wake of real terrorist acts -- anthrax sent through the mail, jetliners piloted into buildings, suicide bombers -- messing with a Web site's HTML shouldn't rank very high on the list of threats to the public safety. To compare a requirement that one perform five defacements in a week before being granted entry into an "underground" gang to a similar Mafia mandate to commit murder before becoming a "made man," as author Dan Verton does in "The Hacker Diaries: Confessions of Teenage Hackers," is absurd overstatement. Nor does, say, an exploitable bug in Microsoft's Front Page HTML coding application add up to a threat to the command-and-control infrastructure for nuclear weapons in the United States.

And yet, for the teenagers profiled in "The Hacker Diaries," Web site defacements are symbolic acts of power, statements of real political purpose and rage. There is something going on here, and it deserves attention. Once upon a time, alienated teenagers acted out by racing cars or doing drugs. Now they go online and look for software vulnerabilities to exploit (some still race cars and do drugs, too). The biggest headline-getters, like the infamous Mafiaboy, whose denial-of-service attack on the Web's largest sites in June 1999 went beyond petty defacement, achieve what can almost be considered "real" damage.

"The Hacker Diaries," though flawed, is a worthy stab in the service of understanding what motivates today's generation of online saboteurs. Most valuable for the details it provides about actual teenagers (though often identities are disguised by pseudonyms, and in some cases one wonders how specific sections of dialog were captured), "The Hacker Diaries" manages, for the most part, to avoid demonization. The language does get a bit purple and breathless at times; Verton has difficulties maintaining a stance that is supposedly at odds with mainstream media's sensationalist treatment of "hackers" without at the same time succumbing to the tendency himself.
But for the most part, Verton succeeds in portraying these young men (and one woman) as real people: not freaks, not madmen, not aliens from the cyberspace dimension, but real human beings, products of broken families or loving parents, motivated by truculence or patriotism or passion.

In a culture increasingly dominated by digital technologies, by computers and networks and code, it should be no surprise that acts of information violence attract more attention than graffiti on subway cars or actual street-gang rampages. But the significance of teenagers parading through chat rooms with nicknames like "Noid" or "Genocide" or "RaFa" is not how much supposed financial damage they do, or whether the rise of "script kiddies" is a sign of the decline and fall of Western culture. It's that, to paraphrase Pogo yet again: "We have met the hackers, and they are us." When computers are everywhere, everyone becomes a geek. These kids are our sons and daughters or brothers and sisters, children, as are we all, now, of the information age.

Verton's greatest mistake is his failure to properly ground the concept of "hacker" from the get-go. This is always a tricky business, because even the people who proudly call themselves "hackers" often mean very different things -- as do a number of the subjects profiled in "The Hacker Diaries." What makes Verton's treatment especially confusing is that several of these teenagers he talks to do express a clear understanding that there is a difference between "hackers" who just like to understand the intricacies of their computers, and "crackers" who are intent on breaking into closed systems. But the narrative itself never achieves clarity on this point.

And almost wholly missing from the bulk of the book is the sense of the hacker as someone creative, as a programmer who comes up with solutions to a problem rather than just exploring a network, or using code nabbed from somewhere else. "The Hacker Diaries" would have benefited immensely from at least a dabble in some of the historical ground covered in Steven Levy's "Hackers" or the huge wealth of commentary inspired by the rise of the free software/open-source movement as an outgrowth of hacker culture. Instead, repeatedly, the term "hacker" is used indiscriminately, grouping together people who trade in pirated software, who deface Web sites, who want information to be "free" and who are simply really, really good with computers.

The contradictory impulses continue right to the end of the book. In the afterword, Verton writes:

"Teenage hacking, particularly the act of defacing public and corporate Web sites, is a cultural phenomenon that knows no borders. The roots of teenage hacking run deeper than any one celebrity hacker or group. As a result, it is a phenomenon of the information-age culture, and not any one country or geographical area. Thousands of Web sites run by governments, businesses, churches, schools, and nonprofit organizations are defaced every year."

But a few pages later, after essentially equating Web site mayhem with hacking, an equation that thousands and thousands of proud programmers would scoff at, Verton suddenly explodes into encomium:

"Teenage hackers are the great explorers of the Information Age. Some will stop at nothing to discover the possible in that which others say is impossible. These are the minds that have given the world great things, and the minds, unblemished by wisdom, that are still courageous enough to see the world in terms of right and wrong. And these are the minds that have the unique ability to think digitally, the minds that breathe life into silicon, though yet still inexperienced in the ways of the world and in need of a moral compass ... '[Their] goal is to change what needs to be changed: their lives, their world, or the Internet. And in a world where nothing is beyond hacking, they just might do it."

So what is it? Are hackers simply passionate people who are good with computers, or are they a threat to society, capable of doing vast damage to the world's technological infrastructure? By the end of the book, I was convinced that Verton himself had a more subtle understanding of the term, and that his intent was not to demonize, but to understand and appreciate. But his failure to be clear initially about what he is doing raises plenty of doubts along the way. And unfortunately for those who might pick up the book in a store and just glance at the first few pages, Verton's decision to open the book with a fabricated diary entry by a convicted "hacker" hits every sensationalist button and rings completely untrue -- the voice captured by the diary entry sounds nothing like an actual teenager.

But the book is still a good read, particularly for those of us who are interested in what kids are up to these days. As usual, some of the brighter of them are causing trouble. What's different about this generation as opposed to generations past is its access to powerful computers and the existence of a world-spanning Internet.

One consistent theme in the profiles is that even kids growing up in low-income situations find a way to get their hands on a computer. The earliest generations of hackers -- the people who populate Levy's "Hackers," for example -- didn't have it so easy. It was usually the truly extraordinary mind that found its way into the heart of the digital machine 20 or even 30 years ago. But today, the digital machine is everywhere. Computing is easy. Access to a wealth of software, constructive and destructive, is, literally, child's play.

This shouldn't be as much of a cause for alarm as the mainstream media makes it out to be. We live in technological times, so many of our earthquakes are going to be technological in nature. If our computing infrastructure has vulnerabilities that 16-year-olds can exploit, we should be able to fix them. One of the intriguing things not really explored in "The Hacker Diaries" is that Mafiaboy's legendary romp through the biggest names on the Internet -- Yahoo, eBay, Amazon, CNN, eTrade -- three years ago hasn't been duplicated to the same extent since. It might have been easy for him back then, but apparently it's not so easy for today's ornery young men.

The real lesson of "The Hacker Diaries" is that some verities are truly eternal. Kids who grow up in families where parents take a real interest in what they are doing, and inculcate real moral codes, tend to grow up into adults who are not doing time for bringing Yahoo down for a day. Verton includes examples of such kids in "The Hacker Diaries" and they are surprisingly refreshing. Parents need to pay attention. Instead of reading newspaper accounts of the latest horror perpetrated by a foulmouthed high schooler who's got a Pentium 4 and knows how to use it, they should be exploring the digital world with their offspring.

Call me conservative, but when the FBI comes knocking at my door to tell me that my daughter has just replaced the Web page for the Securities and Exchange Commission with a picture of a fornicating Pokémon, I'm going to feel like I screwed up, and not her.
*********************
Associated Press
Students Help Schools With Computers
Wed Jun 5, 2:48 AM ET
By LAURIE KELLMAN, Associated Press Writer

WASHINGTON (AP) - Students might be able to teach their teachers a thing or two about technology.


When it comes to keeping computers running, many school districts rely on students, according to a study by the National School Boards Foundation.

The group said the survey it commissioned of 90 of the nation's largest school districts also showed that teachers often aren't well trained to use technology in the classroom.

"With increasing pressures to improve student achievement and bridge the digital divide, school leaders need to better integrate technology into the curriculum as a major learning tool," Robin Thurman, director of the NSBF, said in remarks prepared for Tuesday's release of the survey.

Most Internet instruction is done in subject areas such as history, social studies and science, according to the survey. Eighty percent of school leaders say the primary instructional use of the Internet is for research that helps teachers shape lesson plans.

The foundation said new teachers are "unevenly prepared for using technology as a tool for teaching and learning."

Students seem to be putting their computer expertise to good use at their schools, which may not have the resources for technical support, the group said. Some tutor, others run help desks, and still others have earned network and software certifications.

Of the school districts surveyed, 54 percent reported that students were providing technical support for their districts. In 43 percent of districts, students troubleshoot for hardware, software and other problems, it said. Thirty-nine percent of districts said students set up equipment and wiring, and nearly as many districts report that students perform technical maintenance.

The findings were based on telephone interviews with officials who make decisions on technology in 811 school districts including 90 of the 100 largest districts, which represent 25,000 students.
****************
Associated Press
Internet Atlas of Oceans Released
Wed Jun 5, 3:58 AM ET
By EDITH M. LEDERER, Associated Press Writer

UNITED NATIONS (AP) - The murky depths are getting an online road map, thanks to the United Nations (news - web sites) and a host of scientific institutions that are launching an Internet atlas of the world's oceans.


After a decade of planning and more than 2 years of development, the U.N. Oceans Atlas goes online Wednesday, World Environment Day, with 14 global maps, links to hundreds of other sites, and more than 2,000 documents on 900 subjects ranging from climate change to poisonous algae.

"This is a very ambitious and important partnership for monitoring, diagnosing and we hope helping to heal the great oceans of the world," said former U.S. Sen. Timothy Wirth, who heads the United Nations Foundation. The foundation provided the main $500,000 grant that funded the project.

The need for an atlas was identified during the 1992 U.N. earth summit in Rio de Janeiro in response to a call to address the world's greatest environmental challenges.

Project manager John Everett said the atlas will better spotlight acute marine issues, from overfishing and destruction of coastal areas to pollution and the effects of climate change on the Earth's ice caps.

Ocean-related issues are expected to dominate international efforts later this century if, as predicted, the Earth's continued warming melts more ice and causes the oceans to rise by up to 3.3 feet.

That kind of rise could affect millions of people worldwide and drown coastal areas, including 6,630 square miles in the United States an area the size of Connecticut and New Jersey combined.

The National Geographic (news - web sites) Society made its map-producing technology and marine information available for the atlas. The Census of Marine Life contributed its assessments of the diversity of marine life, said Serge Garcia, who heads the fisheries resources division of the Food and Agriculture Organization (news - web sites). The FAO led development of the atlas.

"Now we have the ability to see information on all the areas of the ocean, coming from all the reliable sources, through the United Nations, so there will always be a reliable control," Garcia said.

He said the online atlas has the capacity to hold 100,000 documents and thousands of maps, and will be constantly updated.

"If we're going to solve or prevent the world's biggest problems, the public and the private sector have to come together and we've done so on the atlas of the oceans," said Wirth.
********************
Washington Post
Former Lucent Exec Now Heads FBI's Trilogy Program


Wilson P. Dizard III
Government Computer News
Tuesday, June 4, 2002; 2:37 PM


The FBI's Trilogy program to upgrade its antiquated systems is moving forward under its new program manager, Cheryl Higgins.

FBI director Robert S. Mueller III also has approved a program management initiative that Higgins, a former executive of Lucent Technologies Inc. of Murray Hill, N.J., will implement across the agency, sources said. The program management function will include training for FBI employees involved in systems development projects. Higgins has led the Trilogy program since mid-March.

Meanwhile, the agency continues to replace its desktop systems, sources said. The FBI has deployed about 15,000 PCs running Microsoft Office applications, sources said, and plans to field a total of 21,000 systems.

The new PCs don't have access to the Internet, but the FBI operates an intranet through which employees can use the new equipment to exchange photographs and spreadsheets. "When we started, we had 13,000 computers that could not support a Web browser," one FBI source said.

The new PCs later will have access to the Virtual Case File System, which is intended to convert investigative records to a user-friendly format. FBI officials have testified before the Senate Judiciary Committee that the case file system will create an audit trail of each time a file is accessed or modified. The bureau plans to deploy the case file system in December of next year.

Senior FBI systems officials and spokesmen did not respond to requests for comment.
*******************
Washington Post
Digital Rights Put to Test
Alex Daniels

Music and movie moguls crowded a Capitol Hill reception last month to toast the four-year-old Digital Millenium Copyright Act, the landmark law guarding copyrighted material from digital pirates.

Jack Valenti, the snowy-haired chief of the Motion Picture Association of America, stepped to the microphone to laud congressional efforts on behalf of Hollywood. Hilary Rosen, president and CEO of the Recording Industry Association of America and the sworn enemy of legions of Napster fans, beamed nearby.

"If you can't protect anything you own," said Valenti, "you don't own anything."

As the guests clinked champagne glasses, digital thieves around the world were double-clicking to buy pirated copies of "Star Wars: Attack of the Clones" from Web sites that were hawking the movie - a flick still days away from release in theaters.

Though the International Intellectual Property Alliance hasn't tabulated how much is lost to piracy on the Internet, it estimates that book publishers, recording and movie studios and software developers already lose more than $20 billion a year from physical piracy.

So why were Valenti and Rosen smiling?

Good question. The combination of the Internet with bigger, faster and cheaper computers, including ones that burn CDs, is making it easier than ever to make and distribute flawless copies. Attempts to provide a tech fix have fallen flat.

"There is no such thing as a hacker-proof technology," says Michael Miron, CEO of ContentGuard, a Bethesda company developing a system to protect digital content from easy copying. "If you make such a claim, you're hanging a big target on your back."

Meanwhile, the digital dilemma clearly threatens to hold up already disappointing rates of broadband adoption. Media companies remain wary of putting valuable content online for fear it will be pirated and spread round the world at cyber-speeds. But without more available content, consumers have less incentive to abandon their dial-up connections for DSL or cable modem services that can cost twice as much. Just 7 percent of U.S. households have high-speed Internet service.



In the Washington area, the fight to protect digital rights holds enormous implications for two media giants, AOL Time Warner and Discovery Communications, not to mention dozens of other smaller companies, from newsletter publishers to independent filmmakers.

Last year's mega-merger of Dulles-based AOL and Time Warner was supposed to create a giant, combining AOL's Internet dominance with Time Warner's cable empire and huge portfolio of movies, music, magazines and television shows. But when it comes to digital rights, the giant has two heads.

Nearly 90 percent of AOL's 25 million U.S. Internet subscribers still use a dial-up connection. To lure customers to higher-speed services-and keep them in the AOL tent-the company wants to offer splashy content such as movies and music. But the Time Warner side of the house worries that releasing its valuable assets online could open the door to unauthorized use, diluting their value.

"We're on both sides of this," acknowledges Joe Cantwell, AOL Time Warner's vice president for broadband affiliate marketing.

AOL did not respond to requests to interview other company officials about the dilemma. But Paul Kim, an analyst at Kaufman Brothers, a New York investment bank, says the company is straddling the fence while it waits for the murky issue of digital piracy to clear up.

"You have existing distribution channels that are doing very well for you," Kim says, referring to cable television, movie rentals and retail sales. "Why mess with that?"

Discovery, the Bethesda-based media company, plans to introduce a video-on-demand television service June 17. Subscribers will be able to access network servers full of Discovery content such as Animal Planet and the Travel Channel.

The service is a milestone in Discovery's move into digital media. Along with it come fears that its content will be swiped. Bob Allman, senior vice president and general manager of Discovery Online, admits he's nervous the video-on-demand service will bring out the "buzzards." The company plans to employ technology to stop piracy, though Allman refuses to discuss how.

But perhaps a more important point is that Allman is convinced consumers are willing to pay for online videos if the services are easy to use-even if other content is available for free. After all, before compact discs arrived in the mid-1980s, teen-agers bought plenty of music cassette tapes even though they could easily make copies of equal quality.

"There's a state-sponsored Napster for books - it's called a library," says Allman. And although public libraries have been around for decades, people still buy plenty of books at Barnes & Noble.

A survey released last month by Jupiter Media Metrix suggests that Napster-like file-sharing programs may actually boost sales. The survey found that music listeners who were experienced with file sharing were 75 percent more likely to increase their music spending than those without file-sharing experience.

"We've been too slow in offering music for sale online," admits Rosen. Her bigger problem, however, is figuring out how to get consumers to pay for something that's available for free at the click of a mouse.

More then 350,000 movie files are illegally downloaded on the Web each day, according to Viant, a Boston-based Internet consulting company.

And to Rosen's dismay, the online trading of music files continues to flourish. True, the once mighty Napster was vanquished in the courts and sold off as a shell last month to German media giant Bertelsmann for a paltry $8 million. But many of Napster's 64 million users have simply turned to alternate sites such as Morpheus and KaZaA to swap copyrighted music for free. Those services have escaped Napster's fate - so far - because the files aren't stored on their networks.

The music industry's few online offerings of licensed content have been met with a shrug. Susan Kevorkian, an analyst for market research company IDC, predicts online music services are generating just a few hundred thousand dollars in annual revenue and says the industry will be hard pressed to top $10 million in revenue by 2005.

"They've been very closed mouthed about it," Kevorkian says. But she concedes that meeting even her conservative projections "may be hard given what they're up against. Free music services are still available."

MusicNet, a subscription-based music service launched last October with music licensed by BMG, EMI, Warner and Zomba, would not disclose sales or subscriber figures. MusicNet offers 80,000 titles, well below the hundreds of thousands of titles that Napster was offering at its peak.



To encourage the development of more online pay sites, nearly two dozen software companies are busy at work developing digital rights management (DRM) software to help content owners put a digital leash on copyrighted material. But their solutions are far from foolproof.

DRM software allows copyright holders to write usage rules into their music and video files. The software typically is a set of data that describes each media file and sets terms for its use. A song file can be overlaid with a "digital watermark" that confirms its authenticity and an encryption code only allows authorized users to access it. The software can be written to destroy a file after it's played a certain number of times and can even limit the file's use to individual computers or media player devices.

For instance, a media company can write rules in to a music file that allows a user to download it off of the Internet and make a back up copy for personal use. But the rules can also restrict further copying.

But DRM software is off to a rocky start. Last year, IDC pegged the annual DRM market in the United States at $96 million and predicted it would grow to $3.5 billion in 2005.

IDC analyst Joshua Duhl says that prediction will be revised downward when new figures are made available next month, thanks to a sluggish economy, unprofitable transaction-based pricing models and a patchwork of offerings and standards.

For instance, Microsoft makes software that will only work on its media players, and RealNetworks makes software tailored for use on its Real media players.

Interoperability isn't the only problem. Unless software is totally invisible to the average consumer and easy to use, securing content with DRM software could fail and rip-off artists will reign unchecked, analysts say.

Even if software becomes standardized, it probably won't be hard for skilled digital pirates to give it the hook. Content providers and DRM software developers concede some level of piracy is inevitable. Their goal is to keep it out of the hands of the masses.

Patrick Breslin says all it takes to copy electronic music files is a trip to an electronics store for a cable and basic computer know-how. "That's not amazing technology and it doesn't mean I'm a hacker," says Breslin, CEO of Relatable in Alexandria.

Relatable, which Breslin founded in 1999 with less than $1 million from friends and family, has developed software that recognizes music files based on their acoustic properties, helping content owners verify the authenticity of the files. It can make "fingerprints" of consumers' song files and compare them to original recordings held in copyright holders' databases. Relatable's software can identify bootlegged recordings sent out under bogus file names.

Last summer, after promising to honor copyrights, Napster installed Relatable's software to sniff out unlicensed songs on its network. Breslin says the software scanned hundreds of millions of files on the network.

The future of Napster is unclear, and Relatable has yet to turn a profit. But Breslin says he is negotiating deals with other music providers. The key, he says, will be convincing content owners to jump into the Internet.

"They're saying, 'Let's put plywood on the windows and bar the door,'" Breslin says. "We're saying, 'Let's make this a huge Wal-Mart.' Everyone who wants to go out the door needs to pass the cash register."

Miron, the CEO of ContentGuard agrees that content owners can make money on the Internet, even in competition with free music and video offerings.

Reliable DRM software and exciting content will help, he says, but the patchwork of different protection products on the market is holding things back. "The industry would be a hell of a lot better off if all participants had a common way to express rights," for their material, he says.

Content Guard is majority owned by Xerox and funded in the "triple-digit millions" by Microsoft. The company hopes that XrML, a language developed at Xerox's Palo Alto Research Center, will become the standard language for expressing rights on media files due to its ability to operate on different computer systems and applications.

ContentGuard designs custom software using XrML and hopes to earn revenue from patents it holds on computer languages expressing copyrights. The company won't disclose revenues.

Two other languages, ODRL and XCML, are also in the running to become the standard. Last fall, ContentGuard scored a win when the MPEG-21, an international group working to develop standards for the creation and distribution of multimedia content selected XrML as its base language.

The company is now submitting XrML to other standards bodies. But even if the software becomes the coin of the realm in the digital copyright world, it won't matter unless studios and record labels to warm up to the Internet. And Miron isn't sure how that will happen.

Options include monthly subscriptions or fees for downloads. Media companies also are experimenting with putting premium information on the Web, such as anthologies, live recordings and tour and concert information. While such material can be copied, media owners are betting people will pay if it is cheap and easy to access.

"The business models that will succeed online probably do not exist today," Miron says. "The state of the industry is mostly dabbling and experimenting, which is why piracy is still the dominant, scaled offering."



While companies like Content Guard and Relatable work on a tech fix, policy makers are taking a closer look at digital piracy law. For some, the DMCA doesn't go far enough. To stop music and video pirates, Sen. Ernest F. Hollings, the South Carolina Democrat, is sponsoring a bill that would require all interactive devices to incorporate anti-piracy technology.

The measure would give manufacturers one year to comply, but doesn't call for a specific type of technology to be used. The bill has the support of media and entertainment executives such as Rosen and Valenti.

But the technology lobby opposes the bill. Groups such as the Software & Information Industry Association believe anti-piracy technologies are at too early a stage in their development to draw up government standards. The only way copyright protection standards will develop, they argue, is if the government gets out of the way and allows the marketplace to sort out what works.

"It doesn't have legs," declares Rep. Rick Boucher, a Virginia Democrat, an opponent of the Hollings measure. Boucher, co-chairman of the House Internet Caucus, believes the DMCA should be re-examined because it favors copyright holders at the expense of legitimate users.

Opponents of the DMCA, who include libraries and universities, contend that the law restricts what is known as the "fair use" of a copyrighted material. Because of the fear of mass distribution of content via the Internet, critics say the DMCA wrongly makes it a criminal act to make back up copies of music and video or sell a single copy to a friend.

Rather than jealously protecting their copyrights, Boucher thinks media companies should make the jump online.

"They think all of the world is full of pirates," he says. "It's not. They should start aggressively using the Internet."
********************
Los Angeles Times
Satellite Program Takes Schools to Students
Mobile classrooms are helping keep teenagers who have difficulty with studies on track to graduate.
By JENIFER RAGLAND
TIMES STAFF WRITER

June 5 2002

It's before 8 a.m. and Larry Keegan, dressed in shorts and tennis shoes, drives into the parking lot of a dusty Santa Paula strip mall. He swings open the side door of the paint-peeled motor home.

And class is in session.

The teacher waits as, one by one, his students file in. They are teenage mothers, former gangbangers and other would-be dropouts who are getting one last chance at a high school diploma. "It's way better than regular school," gushes student Alexandria Ramirez, who has been in and out of Juvenile Hall since she was 14. "Everyone has an opportunity here--it's just taking it."

The mobile classroom is part of Ventura County's Gateway School program, which aims to recapture kids who have fallen behind in classes or been expelled from mainstream middle and high schools.

Taking a Different

Approach to School

It reflects a growing effort by educators throughout Southern California to bring these alternative school programs to the communities that need them most. Whether they are in storefronts, churches or vehicles, the schools are attracting teenagers who might otherwise be out on the street.

"Rather than letting them drop out, we reach out, and serve them in the environment in which they're most comfortable," said Karen Medeiros, director of curriculum for alternative education in Orange County.

"That's where they can be the most successful."

In the satellite program that began in Santa Paula about 15 months ago, teachers believe the approach is working.

Keegan's students are on independent study, which means they complete assignments at their own pace. For one reason or another, they couldn't survive either academically or socially at the town's comprehensive school, Santa Paula High.

Alexandria, 17, said the tension with some other girls at the high school was so bad, she couldn't walk across campus without getting in fights.

C.B. Vasquez, 17, was lost in many of his classes and said his teachers were always too busy to help.

Now, they come to the motor home for 90 minutes twice a week, where they turn in work, meet with the teacher and update the weekly "contracts" that spell out their next list of assignments.

"Larry goes through everything with me, and it really helps," said C.B., who hopes to earn his diploma next year and join the Marines.

Alexandria said being with Keegan in the mobile school has taught her how to control her impulses to fight.

"Here, it's a nicer atmosphere, and everyone knows each other," she said. "I've learned it's all about the way you present yourself."

Keegan's 1992 Chevy Chaparral, which Ventura County leases for $1 a year from an Orange County program, is a converted classroom with eight workstations.

At four makeshift desks that face windows, there is space for two students each. Lawn chairs are stashed behind the seats in case more show up.

There is no bathroom, but students use nearby public restrooms available at each of Keegan's three daily stops, which include a sheriff's substation, a library and the shopping center parking lot.

With oldies radio humming in the background, students hunch over workbooks as Keegan sits facing them in the passenger seat, monitoring their behavior and grading their assignments. Every couple of minutes, one of them has a question for him.

His route, which is about 12 miles a day, begins at 8 a.m. and ends at 3 p.m.

"It's just worked great up here," Keegan said. "It's perfect for the environment we're in."

The motor home is one aspect of the satellite, which also includes a daily classroom run by teacher Judy Dobbins out of a Baptist church. That program also includes a day care center for teenage mothers.

Students are moved around between the two venues to meet their specific needs, Keegan said.

Ten Santa Paula teenagers will graduate from the community school on June 13, among them 16-year-old Candace Johnson.

She said she never got the attention she needed in mainstream high school.

She will be the first person on either side of her family to earn a high school diploma and plans to continue her education at Ventura Community College in the fall.

"I probably would've dropped out a long time ago," she said. "There's no way I would've made it there."

In Santa Paula, a working-class farm town where juvenile crime rates are among the highest in the county, the service was needed, Keegan said.

He taught in Ventura County court schools for 10 years before volunteering to create Gateway's first satellite school in Ventura in 1989.

Since then, he has helped create seven more, from Ojai to Simi Valley.

Before that, Gateway students had to travel to the main school site in Camarillo, which was very difficult for teenagers in places like Santa Paula, which is 30 miles away.

"We were asking kids who have had major problems with attendance and truancy to get on a bus for 45 minutes to go to school," he said. "Since we have located ourselves in the community, we have seen a lot more success."

Programs Face Cuts

in State Funding

But the programs also face some serious challenges.

Gov. Gray Davis' state budget initially included proposals to slash independent study by 10% and to cut the higher revenue that county-run schools get to educate kids who are on probation.

At the same time, programs in Ventura, Orange and Los Angeles counties have seen rapid growth in the last five years and still need to expand, officials said.

The programs are held to the same standards as other schools, including the requirement that all students pass the California High School Exit Exam beginning in 2004.

Keegan admits he is worried about the effect that the test will have on the numbers of students the county programs will be able to graduate.

But he and Dobbins say that they have no intention of giving up. They will continue to push things like volunteer job training and vocational programs to show even the most discouraged kids they have a chance at a better life.

"I'd like to see everyone make it," Keegan said.

At 10 a.m., it's time for his next set of students. Climbing back into the driver's seat, he takes his classroom with him.
**********************
Federal Computer Week
6/4/02
Patent office focuses on e-filing

Electronic filing of patent and trademark applications will become the norm under a wide-ranging reorganization that the U.S. Patent and Trademark Office announced June 3.

The centerpiece of the reorganization plan is an e-filing system that will be developed jointly with Japan and countries of the European Union using existing off-the-shelf software, said James Rogan, director of USPTO and the Commerce Department's undersecretary for intellectual property.

The reorganization plan is expected to save the office more than $500 million over five years.

Rogan said he has already discussed the development of such a system with Japanese and European patent and trademark officials. "Essentially our multiple vision is to have an e-filing system that an American filer can use here or in Europe or Japan with a click of a mouse," he said.

Other hallmarks of the reorganization plan include:

* A restructuring of the fee schedule for patent and trademark applications to make it less expensive to file electronically than to file on paper.

* Efforts to competitively outsource patent and trademark searches to private-sector companies.

* The institution of a four-track examination process that relies on searches from other countries and governmental "industrial offices."

* A new system to upgrade and certify federal patent examiners' skills.

* Efforts to seek congressional legislation that will allow the patent and trademark office to rescind a patent on its own rather than filing a petition with a court to rescind the patent, as is now required.

Massive backlogs of patent applications are driving the reorganization, Rogan said. It takes an average of more than two years for a patent to be granted. Already 408,000 applications are in the examination pipeline, and the backlog will grow this year as an expected 340,000 new applications are filed, he said.

Currently only 2 percent to 3 percent of U.S. patent and trademark applications are filed electronically, Rogan said. "We want to move to where e-filing is considered the norm," he said. "Paper filing slows down the process, is very cumbersome, is time-consuming and prevents us from being able to work-share. In the 21st century, you can't just rely on an 18th-century model."

Developing an e-filing system unique to USPTO would be counterproductive, Rogan said. Such as system would cost $100,000 or more and would not be compatible with the patent and trademark filing systems in Europe and Japan, where 90 percent of U.S. patent and trademark applicants also file for legal protection.

Rogan said he has set a deadline of Oct. 1, 2003, to convert to an all-electronic filing system for trademarks and Oct. 1, 2004, for an all-electronic filing system for patents.
****************************
Federal Computer Week
Pa. creates cybercrime task force

Pennsylvania's state police department has created the first of several planned regional task forces to fight the rising tide of computer crimes.

The first task force will be based in Embreeville, Pa., and will cover 11 counties in south-central and southeast Pennsylvania, sharing information with district attorneys offices and local law enforcement agencies as well as other state and federal agencies, said Trooper Linette Quinn.

Funded through a $250,000 grant from the Pennsylvania Commission on Crime and Delinquency, the task force will include representatives from local police departments and state and federal law enforcement groups who will be trained and given equipment, such as computers and wireless phones, Quinn said.

The commonwealth has a computer crime unit within its criminal investigative bureau, and some local law enforcement agencies have similar units, Quinn said. But the formation of the regional task force will help agencies pool resources and share information more effectively as the cybercrime problem gets worse, she said.

In the past 15 months, the commonwealth has investigated 705 "traditional" computer crimes such as fraud, identity theft and child pornography and 558 "technical" crimes, including hacking and unauthorized access to a computer, Quinn said.

"It's becoming more prevalent," she said.
********************
Federal Computer Week
6/03/02
House office secures files with biometrics

The Office of Legislative Counsel for the House of Representatives on June 1 planned to become the first office on Capitol Hill to install biometric technology to protect confidential files and working documents, using iris scans to authenticate users' identities.

The office selected SAFLink Corp.'s SAF2000 authentication software, which enables customers to choose among a variety of security technologies, including fingerprints, speech verification and face recognition. The cost is $36,000.

"It's easy, and it will get us out of password jail," said Lynn Richardson, the office administrator.

Until now, the office has required users to change their passwords every three months, but the routine was a hassle because people couldn't remember them, Richardson said. Office managers had been looking for other ways to increase security.

But the search became more critical after the anthrax scare on Capitol Hill last fall forced the office to shut its doors for more than a week. It scrambled to buy laptops for its staff of 50 to continue working from other locations, but managers were concerned the laptops were not secure enough.

SAF2000 uses a biometrics suite for Microsoft Corp. Windows NT/2000 networks. The company's iris recognition system is patented, according to Matt Shannon, SAFLink's manager of government services.

The office wanted the technology, Shannon said, because of the difficulty of changing passwords and the ability to restrict access to working documents until they were ready to be released to the public.

The technology also enables customers to mix and match security systems. For example, fingerprint technology in a hospital setting may not be the best system because workers wear latex gloves, Shannon said. Iris scanning, on the other hand, may be the preferred technology because it involves no physical contact.

"Because documents created and held by [the office] are sensitive in nature, it is important that they be adequately secure," said Walter Hamilton, SAFLink's vice president of business development. "We believe that our SAF2000 solution, combined with Panasonic Authenticam desktop iris recognition cameras, will provide the level of security required for this critical government application."
******************
Los Angeles Times
Hollywood Has a Setback in Controls for Digital TV

Hollywood studios seeking to impose electronic controls on digital television broadcasts suffered a setback yesterday as a coalition of technology and consumer electronics companies supporting their efforts crumbled in a cross-industry power struggle.

A long-awaited report that the studios hoped would provide the consensus necessary for anti-piracy legislation and that members of Congress hoped would jump-start the stalled rollout of digital television instead disclosed a host of dissenting opinions.

Hollywood executives have long maintained that they will not release their most valuable programming in digital format until they can ensure that viewers cannot copy those programs to the Internet. Makers of digital television sets blame the shortage of programming for slow sales of the devices, which are in fewer than a million homes.

The Broadcast Protection Discussion Group was formed last November to try to arrive at a proposal for a technological standard that consumer electronics and computer makers could build into their machines to protect digital broadcasts. And if there was general agreement on one point at the end of the months-long process, it was that such protection remained a worthwhile goal.

"The key agreement was that digital television should be protected from unauthorized redistribution," said Andrew G. Setos, president of engineering for the News Corporation's Fox Group and co-chairman of the group. "Hopefully work will now start on getting it memorialized as a federal mandate."

The studios and their trade group, the Motion Picture Association, sought to portray the report as a positive step forward that could still quickly result in legislation, or a Congressional directive to the Federal Communications Commission to supervise the regulation. But technology and consumer electronics executives said it was far too soon to think about adopting a voluntary standard, much less legislating one.

"May I say quickly that there is no consensus embodied in that report," said Tom Patton, vice president for government relations at Royal Philips Electronics. "None."

Philips, along with several other consumer electronics companies, complained that the studios' proposal would prevent consumers who use an updated device to record a program from watching it on one of the 30 million DVD players that are in homes today because the program would be scrambled.

The dissenters in the consumer electronics industry were also joined by Microsoft in objecting to the degree of control that the studios wanted to exert over which technologies would be deemed to meet their copy-protection standards.

"They were proposing criteria that were largely subjective," said Andy Moss, director of technical policy for Microsoft.

The basic idea is that broadcasters would include a digital "flag" in each broadcast, which would be detected by the technology in the devices and scrambled upon receipt. Digital programs that include the flag could be moved electronically between devices in the home, but not transmitted to the Internet.

Some device makers and computer manufacturers have been lukewarm to the concept, arguing that the expense and effort it requires would not prevent Hollywood's material appearing on the Internet.

And the Electronic Frontier Foundation, a civil liberties group that participated in the discussions, argued that preventing consumers from e-mailing an excerpt of a show over the Internet violated fair use rights under copyright law.

But the central stumbling block to arriving at a broad agreement on the proposal may simply have been a bid by the studios for too much control over carrying it out. Microsoft, Philips and Zenith all have copy-protection plans of their own that they would like to market to device makers. The studios, however, appear to favor one system developed by a group of companies that include Intel, Toshiba and Matsushita. Zenith is a subsidiary of LG Electronics.

Disenchanted by the informal discussion process, which did not involve clear procedures for resolving disputes or voting rules, several representatives from technology and consumer electronics companies said they would prefer any future discussions to take place in a forum sanctioned by the government.

That will almost certainly be one subject of debate when the House Energy and Commerce Committee holds an industry discussion on digital television next week.

"Frankly we're surprised," said Ken Johnson, a spokesman for Representative Billy Tauzin, the Louisiana Republican who leads the committee. "When we looked at the report we said, `Boy, we've got a lot of work to do.' "
*******************
BBC
Net renewal plans under fire

Key parts of a reform plan put forward by the head of the internet's ruling body have been rejected by a group advising on how to make the organisation more effective.
The group was set up by Icann, the Internet Corporation for Assigned Names and Numbers, to assess a radical plan floated in February by Stuart Lynn, the net body's president.

His plan suggested getting governments on board to help fund and run Icann and ending the system that lets net users vote for some members of the group's board.

The group is now seeking public comment on its recommendations prior to a meeting in Romania where Icann's future structure will be decided.

Public plan

Icann was created in October 1998 to manage the transition of the net from a US administered proxy to a more international and open network.

Icann set up the Evolution and Reform Committee in March to deal with the flood of comments and suggestions unleashed by Stuart Lynn's plans to reform the organisation.

In that plan, Mr Lynn candidly declared that without reform Icann was in danger of "failing".

Many net commentators criticised the Lynn plan because it swapped grassroots net user involvement on the Icann board for the backing of governments.

Final say

Now, the committee has also declared its opposition to the idea of letting governments run the organisation.

Instead it recommended that the country code registries, who look after domains such as .uk and .fr, should get a seat on the board as should some representatives of the larger net community.

Other seats on the board would go to members of Icann's technical groups as well as security experts, domain registrars and government delegates.

The final decision on the future structure of Icann will be made at a meeting in Bucharest on 24-28 June.
*****************
BBC
Spy cameras target school vandals

Schools in Wales have found a novel use for their broadband connections by hooking up to digital CCTV cameras to put an end to vandalism.
Seven schools in the Newport area are currently connected to the surveillance system and it is said to have made a huge difference already.

"The first school had the system installed in January 2001 and since that time has had no reported damage," said principal consultant at Newport County Council, Phil Cox.

"Previously, there was a lot of vandalism with the glazing budget alone costing £6,000 a year.

"There were condoms, beer cans, hypodermic needles and all kinds of things that you don't want in a school environment lying around the playground," he added.

Broadband crucial

A total of 20 schools in Newport will have digital CCTV cameras installed by September.

Although some schools have their own stand-alone CCTV systems which record any intrusions, this is the first time cameras in schools in the UK have been connected to a central network.

Unlike analogue CCTV, digital cameras use the existing broadband infrastructure, installed in the schools as part of a government initiative, to send pictures back to a control centre at the council offices.

"Broadband is crucial and it represents a good return on investment for the schools," said Mr Cox.

"They are paying £5,000 a year for high-speed internet which they only use during the day. Now they can use it after hours and have added security for nothing," said Mr Cox.

The cameras are only turned on outside of normal school hours. An alert is sent to the control room when an intruder is spotted.

Community action

If needed, Community Safety Wardens can be sent to the scene and police back-up can also be called on.

The broadband link also allows for a more co-ordinated approach to the problem of vandalism.

The pictures from the digital cameras are of high quality, allowing social workers and community teams to identify offenders and do something about it.

"Social services can identify where the problems lie and work with schools and communities to find something for these kids to do," said Mr Cox.

It also allows for immediate communication between the council and schools.

"I spotted a couple of children on a roof the other day and was able to clip images and send them straight to the school in an e-mail to let them deal with it," he said.
*********************
SFgate.com
Deleting downloads
Companies concerned over employees' file-sharing at work

Back in the pre-Napster days, Harold Kester wasn't too concerned that his employees were using company computers and Internet connections to download music or movie files.

But then a couple of tech-savvy employees downloaded and stored on a company server a bootleg copy of "Star Wars: Episode I -- The Phantom Menace" long before the film hit the theater. After work, the employees would take over a conference room, project the film onto a big screen and invite co- workers to watch. They even served popcorn.

"When I got wind of that, I realized, 'Hey, we have a real liability issue here,' " said Kester, who immediately shut down the makeshift movie house.

Since then, Napster and successors like KaZaa, Morpheus and Audiogalaxy have brought online file sharing to the masses, much to the dismay of the entertainment industry. But the popularity of file swapping has also put pressure on corporate technology managers to become more vigilant about employees using company computers to download files.

While file swapping has raised concerns about lowered productivity, there's also a fear that the programs, which allow outsiders to access files on company computers, could compromise network security. Using company equipment to download and store pirated material could also leave firms vulnerable to copyright infringement suits.

Firms that sell Internet filtering and blocking software, like Secure Computing Corp. of San Jose and Websense Inc. of San Diego, say their business is picking up.

Kester has left his old firm and is now chief technology officer at Websense, which commissioned a March report that found 30 percent of 250 firms surveyed were blocking employee access to any site related to the downloading of music. And 14 percent of the firms had reprimanded or disciplined employees for downloading music.

But those numbers could increase as companies upgrade to faster, more powerful computers, especially ones with recordable CD drives, said Anne Aarness, a product manager with Secure Computing.

"We do seem to be getting more and more requests and more inquiries," said Aarness, product manager for the firm's SmartFilter program.

Nobody seems to know how much file downloading happens at the workplace, but there have been numerous anecdotal reports of employees setting up special MP3 servers or downloading movies while working.

Experts note that such file trading works best with a high-speed Internet connection that most Americans still only have access to at work, not at home.

Members of the Recording Industry Association of America, which successfully brought down Napster in court and is trying to do the same with the other file trading services, has so far only gone after one company.

Integrated Information Systems Inc., or IIS, agreed to a $1 million out-of- court settlement with the RIAA, which found the Tempe, Ariz., firm had a computer server specifically used by employees to download, store and share thousands of MP3 songs. The RIAA claimed it found illegal copies of songs by artists such as the Police, Sarah McLachlan, Ricky Martin and Aerosmith.

IIS officials said they settled the case to avoid litigation, but do not admit any wrongdoing.

Although the case was settled in 2001, the RIAA issued a press release in April 2002 to send a message to other corporations that policing their systems for illegal music is as important as controlling software piracy or pornography, RIAA President Cary Sherman said last week.

"We'd like to see them focus on music piracy in the same way," Sherman said.

"Most business executives aren't thinking about music piracy as having anything to do with them directly."

The RIAA is also taking a cue from software publishers, who have long relied on tips from disgruntled employees. One such tip led to the investigation of IIS.

"We're beginning now to get reports from other disgruntled employees about what corporations are doing," said Sherman, who declined to say what other investigations his group has started.

According to Redshift Research Inc., the peak usage period for KaZaa, the leading file-sharing program, is usually between 11 a.m. and 1 p.m. Pacific time. However, Redshift analyst Matt Bailey said KaZaa has as many users living in Europe as in the United States, so he attributes KaZaa's peak period to European members logging on after their workday is done.

Most U.S. companies do have policies in place that limit the personal or improper use of computers and equipment. About two-thirds monitor employees' use of the Internet, said Kristin Bowl, spokeswoman for the Society for Human Resource Management, based in Alexandria, Va.

But more might consider banning file downloading to avoid legal entanglements, especially if "they got a nasty-gram from the RIAA," said Whitney Broussard, an entertainment law attorney with Selverne, Mandelbaum & Mintz, LLP, of New York.

Even companies that promote Internet music remain wary of letting their employees download songs. David Miller, who used to work for RollingStone. com's Tunes.com site, said the firm blocked employee use of peer-to-peer programs like Napster for fear someone could gain entry into the firm's computer network.

************************
SFGate.net
Pleasant Hill hacker draws feds' attention

Pleasant Hill -- As "Pimpshiz," the self-righteous hacktivist who two years ago cracked government, military and financial Web sites to post his pro-Napster manifesto,

Pleasant Hill teenager Robert Lyttle gained his 15 megabytes of infamy -- not to mention a juvie court record.

Authorities took his cracking seriously. But, to many Net nerds, his hack attacks were harmless defacements best forgotten, not prosecuted. It was assumed by cyber cynics that, as soon as this teen hacker got a job or a girlfriend, his hacking days would cease.

Think again.

Two weeks ago, the FBI swooped into Lyttle's bedroom with guns drawn and search warrants flapping. They suspect Lyttle, 18, of being one-half of a so- called patriotic defacement team called "the Deceptive Duo," which in recent months has defaced more than 100 sites, ranging from the Federal Aviation Administration to the Department of Transportation to Sandia National Laboratories.

No one's laughing anymore at this Diablo Valley College student by day, scofflaw "script kiddie" by night. FBI and Department of Defense forensics experts are reviewing Lyttle's computer equipment and files to determine whether federal charges should be brought against him.

According to the Web site Security Focus Online, Lyttle's partner in "the Deceptive Duo" is a Florida hacker with the handle the Rev, who claimed responsibility for hacking into the New York Times' site and Intel's system last year.

Sources said the Contra Costa district attorney's office is in the process of revoking Lyttle's probation. He is required to wear an ankle bracelet and can only leave home to attend his computer classes at Diablo Valley College.

Dodie Katague, the Contra Costa assistant district attorney who prosecuted Lyttle, could not comment on the revocation of Lyttle's juvenile probation, but said being accused of a second offense so soon after his first conviction is serious.

"He's an adult now, 18," Katague said. "And this is a federal offense. If he did break into federal Web sites, they should prosecute him. And I'm sure they will."

Now that he's of age, Lyttle could face years in prison for defacing governmental sites. He has retained San Francisco attorney Omar Figueroa, who said Lyttle's actions were "benevolent, not malicious," and said that, if Lyttle is the hacker in question, he did it to alert government officials about their vulnerability to cyberterrorists in the wake of the Sept. 11 attacks.

This so-called patriotic act may get Lyttle charged with violating the USA Patriotic Act of 2001, which Figueroa says would means "decades in prison." Lyttle's lawyer maintains his client is not a terrorist.

"If Robert is charged, it's fair to say what he may have done had no criminal intent," Figueroa said. "A fundamental principle of criminal law is that there can be no crime without criminal intent. Based on that, I believe he will be vindicated.

"But if the government misapplies the Patriot Act, that would be a way, way over stiff penalty. He's a young guy, just 18, and we're trying to channel his talent in a positive way. If they want to be punitive, it would cause him to become a rebel."

Even more of a rebel, I presume he means.

Lyttle did not respond to my e-mail queries about his latest legal spat, but in February I quoted him as saying "it's extremely hard to live a legal life on the Internet."

In the past few weeks, while they reportedly were hacking into government sites using default passwords in Microsoft IIS servers, the Deceptive Duo left a prepared statement for supporters in the event they were caught, according to a story on Internet

news.com. It read: "We came into this willing to endure any prison sentence.

We sacrificed our future for the sake of public safety."

The message left by the hackers on the defaced sites implored information technology officials to tighten online security.

One of the duo's messages on the defaced FAA site, accompanied by an American Flag icon with crossed guns in the foreground, read: "Tighten the security before a foreign attack forces you to. At a time like this, we cannot risk the possibility of a compromise by a foreign enemy. You say that we cause trouble by informing you of your weaknesses by hacking into your computers, yet your very own Agents do the same. We all witness the news stories about how an Agent successfully snuck weapons past Airport security. For auditing? For the very same reason we do it. Until you understand, you will get nowhere."

But Katague, who works in the new high-tech unit of the Contra Costa's D.A. 's office, said Lyttle's patriotic claim is at best disingenuous and at worst a cynical lie.

"He wants to just drum up business for himself and his (software) company," Katague said. "Plus, he's probably addicted to (hacking) and can't stop. He's following in the footsteps of other famous hackers, like Kevin Mitnick and Kevin Poulsen. They were famous hackers and eventually got great jobs working in Internet security.

"People say that (Lyttle) is a 'white hat' hacker trying to expose the flaws in the system. But, you know, the analogy I'd use is, our children have weaknesses and can be exposed, but we don't go around kidnapping them just to prove there are holes in children's security. It's the same thing here."

Lyttle's attorney, meanwhile, is trying to rally the cybercommunity to help the case.

"We're going to get support letters from all over the nation for Robert, urging the U.S. Attorney's office not to prosecute him," Figueroa said. "That's been successful in other cases, like the Dmitry Sklyarov case."

True, federal prosecutors agreed in December to drop charges against the Russian programmer who found a way to that let users circumvent copyright protections on electronic-book software made by Adobe Systems Inc. Instead, only Sklyarov's company, ElcomSoft, is facing a trial and could face big fines.

Getting fined, it seems, would be the least of Lyttle's worries at this point. But, from previous Internet postings before the mid-May raid, Lyttle made it sound as if his alleged actions were merely a form of civil disobedience.

"We need to take drastic steps in securing our country from foreign enemies, " they wrote in a message printed by Wired.com. "We risk ourselves for the sake of the countrys (sic) security."

Sam McManis can be reached at (925) 974-8346 or at smcmanis@xxxxxxxxxxxxxxxx
*********************
Government Executive
House panel backs anti-terror information sharing bill

By Molly M. Peterson, National Journal News Service


A bipartisan bill to make it easier for federal agencies to share counter-terrorism information with state and local officials won quick approval from a House Judiciary subcommittee Tuesday.


The Homeland Security Information Sharing Act (H.R. 4598) would direct the president, the attorney general and the director of central intelligence to develop procedures for federal agencies to share classified or sensitive threat information with certain state and local officials, and vice versa. The Crime, Terrorism and Homeland Security Subcommittee approved the measure by a unanimous voice vote.


The bill would require agencies to declassify information before sharing it by redacting the names of sources and intelligence-gathering methods. Bill sponsors said agencies would be required to use existing declassification technologies, such as those used for sharing information with NATO allies and Interpol. They would also be required to use existing networks, such as the National Law Enforcement Telecommunications System, to share that information with state and local officials.


"With the recent press reports about what information the government had prior to Sept. 11, it has become abundantly clear that better information sharing among government agencies, and with state and local officials, needs to be a higher priority," said Rep Saxby Chambliss, R-Ga., during a hearing that preceded the markup.


Chambliss co-authored the legislation with Rep. Jane Harman, D-Calif. Neither Chambliss nor Harman are members of the Judiciary Committee, but they both serve on the House Permanent Select Committee on Intelligence's Subcommittee on Terrorism and Homeland Security.


"The United States government has vast amounts of information that might be useful in stopping suspected terrorists and criminals across the nation," Chambliss said. "Yet old, outdated computer systems cannot talk to each other, share information or quickly provide alerts and warnings to officials who need to know."


Harman testified that although federal agencies typically gather the most intelligence on suspected terrorists, state and local officials are the most likely to encounter those individuals. She noted, for example, that one Sept. 11 hijacker had been stopped for speeding by a Maryland state trooper two days before the attacks. The trooper did not detain the individual because he had not been informed that the individual was listed on a CIA watch list of suspected terrorists.


"Every act of terrorism is local--it happens in a neighborhood in someone's city," Harman said. "These people need good information. They have to know what to be looking for."


Subcommittee Chairman Lamar Smith, R-Texas, is one of several Judiciary Committee members who have signed on as cosponsors of the bill. He said the legislation would improve federal, state and local officials' ability to "prevent, detect and disrupt terrorist attacks."


Prior to approving the bill, the committee adopted, by voice vote, an amendment by Smith that clarified several provisions concerning classified, unclassified and sensitive information.

For the legislation see:
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h4598ih.txt.pdf


***************
MSNBC
Evolving viruses threat to platforms
By Robert Lemos

June 5 A new virus called Simile.D may not be much of a threat to computer systems, but some of its technical tricks could lead to a rethinking of the principles underlying antivirus software.

THE PROGRAM HAS CODE that not only works hard to hide the virus' presence, it also randomizes the program's size so as to make it harder to identify. On top of that, the fourth and latest variant of the bugwhich emerged this weekcan spread to both Windows and Linux computers.
"This is really pushing the boundaries on how to create cross-platform viruses," said Vincent Weafer, senior director of security response for antivirus-software maker Symantec.
The virus is hard-coded proof that a small segment of rogue programmers can create complex code that is still difficult for antivirus software to detect. If more viruses like Simile.D appear, it could leave antivirus companies with a tough trade-off.
With complex viruses such as Simile.D, antivirus software has to try multiple ways of identifying the code to get high recognition rates. And while that might leave PC users protected from such viruses, it would also bog down most computers. On the other hand, efforts to maintain performance may instead let stealthy bugs through.
"It is getting us to think about different ways of handling the problems," said Jimmy Kuo, antivirus researcher and McAfee Fellow at security-software maker Network Associates. "What we are worried about is detection taking too long to be useful. If the viruses get so complicated that detection takes forever to detect the virus, than that will cause a problem."
That's more of a threat than Simile.D itself.
If loosed on the Internet, the virus could cause some problems for administrators because of its ability to jump from Windows to Linux and back again. But the virus doesn't do much harm. On Windows systems, it opens a dialog box with the author's name and the name of the virus, and it's programmed to do this only twice, on March 17 and Sept. 17. On infected Linux computers, the virus posts a message with similar content to the console, on March 17 and May 17.
Other attempts have been made to create a virus that infects both Windows and Linux, most notably the year-old Winux or Lindose virus. However, that virus failed to spread. While Simile.D spreads successfully to Linux machines, the risk is lessened by the fact that only systems running in so-called superuser mode can be fully infected. "Superuser" and "user" modes refer to the level of access a user has to a system and the programs on it.
"It is less effective in Linux, especially if the user is running in user mode," said Symantec's Weafer. "It's more likely to infect from a Linux system to a Windows system than the other way around."
Roger Thompson, technical director of malicious code research for security-information provider TruSecure, didn't think the Simile.D virus would be much to worry about, even with it's cross-platform attack.
"It's going to be a Code Red and a Nimdaworms that use some new exploitthat are really going to spread," Thompson said.
Nimda, which struck last September, blended several different types of attacksspreading by e-mail, JavaScript, shared network drives, and vulnerable Web serversand poked holes in the defenses of many companies, even those with antivirus software.
Nimda, like Simile.D, showed antivirus vendors that the arms race between the virus writers and antivirus researchers is going full tilt.
Simile.D, also known as Etap.D, is an example of a "concept virus," a lab sample created by the virus underground and published for others to see. The major antivirus companies have already incorporated detection into their software, so Simile.D poses little threat to most users on the Internet who regularly download the latest definitions.
Yet, finding ways to detect it weren't easy.
Many antivirus programs detect viruses based on a "digital fingerprint" of the code. For example, the latest variant of the Klez worm, Klez.h, can be easily detected by current antivirus software based on its digital fingerprints.
However, with Simile.D's ability to change its characteristics like a chameleon, that's not possible.
For just such an eventuality, most antivirus programs also look for virus-like behavior and try various types of pattern-matching that are keyed to encryption routines designed to hide a virus, and to the way a virus piggybacks on other programs.
"What you end up doing is a combination of the above, and you look at the code itself," said Symantec's Weafer.
Such techniques are time consuming, however, leaving software makers looking for other ways to maintain system security: "signing" code with a digital signature from a trusted source; keeping a database of acceptable code on the system; and limiting user power on the computer to certain tasks that aren't subject to virus attacks.
But while Simile.D has renewed discussions between antivirus researchers over how best to keep viruses out of systems in the future, standard measures still work, said Network Associates' Kuo.
"We aren't there yet," Kuo said.
**********************
Computerworld
Clarke warns educators about need for better security

REDMOND, Wash. -- Despite evidence of al-Qaeda's research into American utility companies gleaned from laptops seized after the Sept. 11 terrorist attacks, don't expect the National Security Agency, CIA and FBI to warn businesses when a cyberattack might take place.
That was the message delivered yesterday by the president's cybersecurity czar, Richard Clarke, to 300 educators attending the sixth annual National Colloquium for Computer Security Education at Microsoft's conference center.

"Law enforcement can't save the private sector," Clarke said. "We can't tell the energy companies and the pipeline companies how to configure their systems. At a fundamental level, it doesn't matter who the threat is."

What matters, he said, are the vulnerabilities within corporate networks that present risks to national infrastructure. And the most vulnerable networks are those at universities and college systems, many of which have little or no protection -- and thus make great launching pads for attacks against infrastructure companies.

Clark challenged the computer security and information assurance program directors to push for better security at their own schools. And he urged them to develop research curriculum around secure operating systems, routers and out-of-line management.

"In three to four years, we will have a billion IP addresses," he said. "Do we still want to use TCI/IP? Do we still want the same domain naming system? Do we still want the same wireless security we're using today?"

To champion better security at their own campuses, Clark said attendees needed to become "nudges" by pressing university provosts and boards of regents for better security programs and educational grants.

"An information war is coming some day, and the $15 billion in losses from hacking cited today will seem like nothing when it happens," he said.

But attendees questioned whether scare tactics would result in better security programs.

"Security already has this image that it's a pain in the ass," said Peter Tippett, founding chief technology officer at TruSecure Corp. in Herndon, Va. "From the viewpoint of the CEO, he's got to open his business in Poland next month and all he's hearing is pain, pain, pain."

Instead, security professionals should push their agendas by adhering to the business goals of value-add, something largely missing from security and information program syllabuses offered at the session.


Broader Selection of Security Courses

Most representatives and speakers talked of information assurance programs at the bits and bytes level, with research agendas heavy on technology, including loss-leaders like public key infrastructure. And, while speakers touted forensics programs, intrusion-detection and prevention programs, security standards development and other technical programs, there was little talk about business value and critical thinking.

"Schools are pumping out too many students who approach security mechanically from an engineering perspective," said Nimal Jayaratna, head of the Curtin University of Technology in Perth, Australia. "There's no critical thinking being taught."

Curtin just rolled out three new post-graduate Internet security management programs, and each of the degrees starts with three courses on project and risk management, information security management and problem solving. In the second semester, the programs include a course on client management.

Some educators, such as Alexander Korzyk, assistant professor at the college of business and economics at the University of Idaho in Moscow, Idaho, questioned whether information security should remain in the computer science discipline at all, or be moved to areas of study more reflective of business risk issues.

Several colleges, including Johns Hopkins University in Baltimore, are making information protection part of their multidisciplinary academic programs. Because it's got the largest campus-based medical teaching center, health care privacy is being introduced at the university's school of public health. There are also new courses on information security, security architecture and e-commerce security in the school of business and education. And international studies students will be introduced to international cybersecurity and privacy issues.
***********************
Computerworld
Nets exposed by 'rogue' threats

Unauthorized wireless LAN access points that are being surreptitiously installed on corporate networks pose a dangerous and little understood security threat to companies, users and analysts warned last week.
Called "rogue APs," these access points are usually installed without the knowledge of the IT department by employees or branch office and plant managers who want the mobile convenience provided by 802.11b, or Wi-Fi, wireless LANs. But even technology vendors agreed that when this happens, easily exploitable holes are opened in wired networks.

Delphi Corp. is one user that takes the threat seriously. According to Chuck Maiorana, Delphi's director of communications engineering, the Troy, Mich.-based manufacturer of automotive electronic components and systems routinely "sniffs" its facilities in an attempt to detect rogue APs.

"We do drive around our buildings and see what we can sniff out," Maiorana said. "If we find one, we shut it down."

That puts Delphi way ahead of many corporations, said Chris Kozup, an analyst at Meta Group Inc. in Stamford, Conn.

Kozup said many companies aren't aware of the security problems inherent in unauthorized wireless devices, which are usually installed without any kind of security. But once alerted to the issue, large enterprises that conduct wireless LAN audits find as "many as 10 to 20 rogue APs connected to a network," he said.

The rogue APs discovered by Kozup's clients so far have been installed by employees of the companies, but he said IT managers also need to be aware of the threat of "malicious" rogue APs that could be installed by outsiders.

Brian Grimm, a spokesman for the Wireless Ethernet Compatibility Alliance trade group in Mountain View, Calif., estimated that technology vendors ship about 300,000 wireless LAN access points to users each month.

Bob Black, a corporate systems engineer at networking equipment vendor Avaya Inc. in Basking Ridge, N.J., said he thinks that up to 5% of those devices, or 15,000 per month, could end up as rogue APs.

Thor Sigvaldason, director of the advanced technology group at New York-based PricewaterhouseCoopers' PWC Consulting division, said, "Any company with 50 or more employees has a pretty good chance" of having undetected rogue APs on its internal networks.

Sigvaldason said the proliferation of rogue APs has been spawned by the low cost of the devices$200along with their ease of installation. "The problem is going to get worse before it gets better, as prices come down," he said. "They're brain-dead easy to install."

Both Kozup and Sigvaldason said deterring the installation of rogue APs must start with establishing unambiguous policies against their use, including the threat that employees will be terminated.

They also advised that companies need to continuously monitor for rogue APs as part of their security procedures.
**********************
News.com
Hollywood faces recurring Net nightmare
By Stefanie Olsen
Staff Writer, CNET News.com
June 5, 2002, 10:50 AM PT

A video-on-demand site that was shut down earlier this year with the help of Hollywood has seemingly sprouted a new head in Iran, underscoring vexing problems of Internet copyright enforcement for movie studios.
Taiwan-based Movie88.com, which sold access to thousands of films for $1 each, went dark in mid-February after a powerful motion picture lobbying group worked with the local government to pull its plug. The site, which offered movies owned by the major studios without their authorization, was deemed to be infringing on their copyrights.

Now, Film88.com has sprung up in its place, with an uncannily similar formula for renting and streaming films over the Internet. However, the site is a new venture based in Tehran, Iran--a country that broke off diplomatic relations with the United States more than two decades ago and that does not protect foreign copyrights.



"Movie88 is dead," Hail Hami, Film88's operator, wrote in an e-mail interview with CNET News.com. "We recruited some staff and a lot of ideas from Movie88. But we feel that we are better than Movie88. We have streams at 500k and are more user friendly."

Film88 is a kind of sequel to Hollywood's real-life horror story, in which Internet thieves trade and own access to content without ever paying for it.

Fighting back against rogue operators, the Motion Picture Association of America (MPAA), which represents the seven major movie studios including Walt Disney and Sony Pictures Entertainment, has launched a massive strike at Net bandits of all sizes that violate its members' copyrights. So far, the MPAA has had success defusing projects such as iCraveTV.com, an Internet TV service launched in Canada, and Web VCR service RecordTV.com. But as services crop up in countries that do not recognize U.S. copyrights, anti-piracy fighters may have an increasingly difficult time nailing down these elusive threats.

The Taiwanese authorities shut down Movie88 through its Internet service provider under international provisions in the U.S. Digital Millennium Copyright Act.

American interests are unlikely to find such a receptive ear in Iran. The two countries broke off diplomatic relations after Iranian students overran the U.S. Embassy in Tehran on Nov. 4, 1979, and held 52 Americans hostage for 444 days--an incident that helped Ronald Reagan defeat Jimmy Carter in the 1980 U.S. presidential race.

Since then, relations between the countries have remained hostile--a stance that intensified after suicide hijackers destroyed the World Trade Center on Sept. 11, killing more than 3,000 people. In his State of the Union address following the attack, President George W. Bush named Iran as part of an international terrorist "axis of evil," along with Iraq and North Korea.

"This is part of a continuing trend where we'll see more and more file-sharing services pop up in countries where intellectual property is difficult to protect," said PJ McNealy, research director for GartnerG2, a division of research firm Gartner. "The IP laws aren't as advanced or stringent in other countries" as they are in the United States.

Video store on the Web
Film88 runs on a video-store model, letting people "rent" movies for three days in return for a payment of $1 to $1.50. The movies cannot be saved to a hard drive or downloaded. It offers a range of top releases including "The Scorpion King" and "Star Wars." But the film archive lacks popular features such as "American Beauty" and "Lord of the Rings."

Viewers are limited to watching movies in a small box on their computer screens, using RealNetworks' RealOne media player. Video accessed in a test was sharp, although there were some glitches. Viewers can pause, fast-forward and rewind movies, although resuming play took several minutes as the movie caught up.

Film88's Hami said the site does not have many users because it has just launched. According to registration records on VeriSign, which runs the .com top-level domain, the site was registered April 18.

Hami said the company is working out a reasonable percentage of film rentals, between 25 percent and 30 percent, to pay the copyright owners in the Unites States and elsewhere.

"We are still working on the fair percentage," he said. "The Internet economy is very different, and if we price our rental more than $1, there may not be good response. So, we are going for volume."

Sites such as Film88 could undermine Hollywood's own Internet distribution plans, which have been taking shape slowly. Consumers can buy and rent movies over the Internet for viewing on a computer from a handful of legal commercial services, including Intertainer and CinemaNow. But for now, the major studios are focusing on cable and satellite services linked to television, rather than Internet services, to distribute their products.

Video-on-demand services with support from the top film distributors, such as MovieLink, are expected to introduce services later this year. But those efforts have run into difficulties. Regulators have been looking into the studios' planned Internet distribution partnerships, and News Corp.'s 20th Century Fox studio earlier this year pulled out of a joint venture with Walt Disney to create a video-on-demand service dubbed Movies.com.

Copyright owners could seek to have the Film88 Web site shut down by asking the domain registrar--U.S.-based VeriSign--to deactivate the address. But that solution would only offer a stopgap with no guarantee that the service would be kept off the Web permanently.

In the event the domain-name registrar is served with legal papers to remove a site, it will comply, said VeriSign spokesman Brian O'Shaughnessy. But if a domain name is yanked, the site simply has to sign up for another one under a different registrar. This is typically the incentive for copyright holders to try to shut down the site at its source, the Web host.

Hami said Film88 has learned from copyright experts that Iran does not protect foreign copyrights. Nevertheless, the company plans to abide by U.S. laws, he said.

"This is a new market for copyright owners which has not been fully exploited," he said. "This market is also not in competition with the conventional way of watching a movie in the cinema. We are not pirates, but a technology innovator trying to balance between innovation and copyright compensation."

Representatives from the MPAA were not immediately available for comment.
**********************
News.com
Off-key efforts hinder paid Net music
By Gwendolyn Mariano
Staff Writer, CNET News.com
June 5, 2002, 4:00 AM PT


As the Internet upends the recording industry's traditional distribution system, some computer makers and retailers have been stepping into the music delivery business.
Last month, for instance, Gateway signed up with EMusic, which sells music from independent labels online, to bundle music with its direct-order PCs. The announcement was just the latest in a string of deals aimed at bringing music to the masses legally while spurring new sales of computers and extras such as CD burners, MP3 players and broadband Internet service.

But as hardware manufacturers, retailers and online music services sign deals at a breakneck pace, the question remains: What will it take to get consumers to bite?



"The major record labels have not done a good job of enabling consumers to buy online," Gateway spokesman Brad Williams said. "So we think there is a huge opportunity" for Gateway to serve consumers' need to purchase legal music online.

The stakes are high. The recording and entertainment industries are aggressively seeking to shut off the proliferation of free music, films and other digital content unleashed by the availability of fast Internet connections and potent compression and file-swapping technologies. Their weapons have included lawsuits and a congressional lobbying campaign. The goal in Congress: to win passage of a bill that would force consumer-electronics companies to include a government-mandated copy-protection system in their products. That proposal has sharply divided content owners and equipment makers, who fear such controls could severely hamper demand for some of their hottest products.

In this accusatory environment, cross-industry promotions offer a glimpse of how music companies and equipment makers are seeking common ground. Unfortunately for both sides, most deals to date have been flops, partly because of the slow adoption of paid music services in the face of file-swapping networks that offer a smorgasbord of free music online.

"This is the next step in the evolution of changing a mentality--opening consumers' minds to legal alternatives," said Jarvis Mak, a senior analyst at research firm Nielsen/NetRatings. "Hopefully, they'll migrate in that direction, but it's not as easy as that."

The dealmakers
Music service companies such as EMusic, MusicMatch, Liquid Audio and Listen.com all rely on deals with original equipment manufacturers that create components other companies use to build a product. They say these agreements play a key role in discovering what works and what falters in selling music subscriptions.

As a result, the music services spend a significant percentage of their time on collaborating deals. EMusic, for instance, said it spends about 60 percent of its time on how it markets its paid service through its partnerships.

The company, which Vivendi Universal bought last year, has cut a host of bundling deals, including a pioneering agreement in 2000 that packaged two months of free, unlimited downloads from its site along with Hewlett-Packard's CD-Writer recordable drives. That arrangement, which lasted only three months, was followed by a string of others, including a second HP deal as well as pacts with Iomega, Sonicblue and Gateway.

So much for synergies. In two years, EMusic has signed up just 50,000 paid users for its menu of some 100,000 independent label tracks, according to the company, a trivial number compared with the ranks of Web surfers drawn to the free file-swapping services it competes against. LimeWire, one of the most prominent versions of Gnutella-based software, reported that in one day, it reached 300,000 people.

EMusic General Manager Steve Grady acknowldged that some of the deals didn't work, but he defended them in general as useful experiments and, in some cases, as a cost-effective alternative to mass marketing. When EMusic was an independent company with a small marketing budget, he said, it didn't have the money to conduct tests for its service, and the collaborative deals enabled it to know that every dollar it spent was going toward a subscriber coming into the service.

Still, he said, some partnerships didn't meet the company's expectations. A partner might have a million customers, but if it doesn't deliver them in a way that is "compelling or visible," it doesn't help sell the service.

According to Grady, EMusic's second Hewlett-Packard partnership, involving the Pavilion PC, has been among its most successful to date.

"The whole concept of a music subscription service is new to people...Paying for downloads is something that most people are not accustomed to," Grady said. "You have to keep the marketing messages...compelling enough to get them in the trial--and that's the only way you really have an opportunity to show them what the benefits are of a service like ours."

EMusic's monthly service has two models: $14.99 per month for a minimum three-month commitment, or $9.99 per month for a one-year commitment. EMusic's library includes an eclectic collection of songs by artists ranging from classic rockers Creedence Clearwater Revival to alternative bands Pavement and Yo La Tengo, and numerous jazz and blues greats. But to date it has only one song from a major record label: a dance version of "Earth" by Meshell Ndegeocello.

Ambitious campaigns
As music companies are experimenting with their services, hardware manufacturers, consumer-electronic companies and retailers are pushing aggressively to be at the forefront of the digital music frontier.

PC manufacturer Gateway, for instance, has been hammering out a niche for itself in the music publishing and distribution process. Over a course of one month, Gateway teamed with a music provider, unveiled a music site, and even launched a campaign against a bill proposed in Congress.

Through its ambitious initiatives, Poway, Calif.-based Gateway has been attempting to show consumers how easy it is to access music legally on the Internet. Its MusicZone site lets people legally download select singles. Gateway has a deal with MusicMatch that allows the computer maker to bundle music software with its desktop PCs. And Gateway's marketing program with EMusic offers music fans legal MP3 downloads from EMusic's library of more than 215,000 tracks. The companies said any consumer could sign up for the 30-day trial and download up to 100 free MP3 files.

The computer maker declined to provide specific subscriber numbers but did say it's pleased with the reception it's received. The company said it has shipped "hundreds of thousands" of MusicMatch's Jukebox.

Gateway said the objective of its music partnerships is not necessarily to experiment. Rather, it sees the deals as "an opportunity to give customers something they want."

The deals are "part of a larger initiative to speed the adoption of digital technology," said Gateway's Williams. "It's exploded with consumers. It's become something very popular with them, and for a short period of time we're doing everything we can to give consumers new ways to enjoy digital music legally."

Although Gateway is examining several ways of becoming a key player in the digital music evolution, it has been at odds with the music industry. Two months ago, the PC maker began a campaign against a bill proposed by Sen. Ernest "Fritz" Hollings, D-S.C. The bill seeks requirements that computer manufacturers and consumer-electronics companies install anti-piracy software in their digital devices, among other things.

Gateway reacted strongly against the bill, saying it would be a threat to shipments of CD burners. The PC manufacturer then launched a series of TV advertisements and public statements promoting legal digital downloading. The campaign included 60-second TV ad spots as well as free demonstrations on how to legally download songs and burn them onto CDs through Gateway Country retail stores.

The hardware manufacturers are not the only ones to try to capture the consumers looking for legal music online. Retail outlets are also grappling to become part of the digital evolution. A few weeks ago, for instance, Best Buy relaunched its digital music Web site with Liquid Audio.

Best Buy said the new storefront offers people access to some 240,000 music downloads. It also features a Best Buy-branded Liquid Player, downloadable software that lets people listen to music, buy songs and transfer tracks to a portable device or CD. Best Buy added that the site uses Liquid Audio's commerce service, dubbed The Liquid Store, to sell secure digital music and online gift certificates to consumers.

The retailer's deal with Liquid Audio is just one it has signed with music providers. Best Buy declined to provide any figures for the number of music fans using its services, although a company representative said the deals are "meeting our expectations."

Launching pad
Despite their various partnerships, consumer-electronic companies, hardware manufacturers, retailers and music providers all face the same hurdles. Among the challenges are gaining access to content from all Big Five record labels and making digital music portable.

"It's a learning curve that we're all scaling simultaneously," said Susan Kevorkian, a research analyst at IDC, a Framingham, Mass.-based research firm. "The music labels are the ones that have been starting out a little slower."

By 2005, IDC predicts that a little over 10 million people will be paying for music online through individual downloads or subscription services. Kevorkian said the future looks promising, assuming that licensing issues are hammered out to allow consumers to go to one place to find music from all the labels, much as record stores offer.

"What we're seeing is a series of experiments with retailers, and with distributors of online music, trying to find the sweet spot," Kevorkian said. "The general consensus is that ultimately music distributed via the Internet is a very viable opportunity. But the ongoing question is: How soon is it going to take off?"
********************
News.com
IBM pins dreams on tiny machines
By John G. Spooner
Staff Writer, CNET News.com
June 5, 2002, 7:40 AM PT

IBM, long known for its computers and microchips, has developed new kinds of machines for wireless phones: microscopic frequency tuners and other devices that fit on a chip.
The company's researchers have developed a technique to graft these tiny machines onto chips. Within a few years these hybrid chips, which IBM calls "active components," could be used to increase the performance and battery life of wireless devices such as cellular phones.

The microscopic machines, technically known as Micro-Electro-Mechanical Systems, or MEMS, do the work of current components such as radio frequency receivers. However, they are smaller and often more efficient than those components, said Jennifer Lund, a MEMS researcher in IBM's Research division.


At the same time, IBM has created a technique with its Bi-CMOS technology, used for building chips with multiple dissimilar components, to graft the MEMS devices onto processors.

MEMS devices are a new area of focus for many chipmakers, including Intel.

Big Blue already sells a large number of radio frequency chips to cell phone makers. However, it says a single MEMS-equipped chip would be able to tackle the jobs of several chips or components by integrating them all onto a single processor.

Doing so would allow device makers to build phones using a smaller number of components, which would help reduce the phones' cost, power consumption and size.

"People would very much like to be able to do everything with one chip," Lund said.

To prove their point, IBM researchers created on-chip MEMS resonators and filters. Such MEMS devices are fairly common, but building them into a chip represents a breakthrough, Lund said.

IBM's new MEMS radio frequency resonator, for example, would use microscopic tuning forks to focus on a specific frequency and weed out others, resulting in a stronger signal and a clearer conversation, the company said.

The resonator could also be designed to address multiple frequency bands, allowing the phone to switch between bands without adding a number of extra chips.

Although its MEMS components are still in the research stage, IBM is likely to target a line of them at such wireless devices as third-generation, or 3G, phones.
********************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711