[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips June 5, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, Charlie Oriez <coriez@xxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;
- Subject: Clips June 5, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Thu, 06 Jun 2002 15:40:00 -0400
- Cc: lillie@xxxxxxx
Clips June 5, 2002
ARTICLES
House Backs Port Security Bill in Fight on Terrorism
Panel Chairman Seeks Study of FBI Reorganization
Feds eyeing smart card use as security tool
U.S. to Give Travel Web Sites A Close Look
FTC idea could get telemarketers to stop calling Hearings begin today
Reporter Subpoenaed in Hacking Probe
Security Flaw Found in Explorer'
Did MS Pay for Open-Source Scare?
Taiwan opens door to open source
A new teenage wasteland?
Students Help Schools With Computers
Former Lucent Exec Now Heads FBI's Trilogy Program
Digital Rights Put to Test
Satellite Program Takes Schools to Students
Patent office focuses on e-filing
Pa. creates cybercrime task force
House office secures files with biometrics
Hollywood Has a Setback in Controls for Digital TV
Net renewal plans under fire
Deleting downloads
Pleasant Hill hacker draws feds' attention
Evolving viruses threat to platforms
Clarke warns educators about need for better security
Nets exposed by 'rogue' threats
Hollywood faces recurring Net nightmare
Off-key efforts hinder paid Net music
IBM pins dreams on tiny machines
****************
Los Angeles Times
House Backs Port Security Bill in Fight on Terrorism
By RICHARD SIMON
TIMES STAFF WRITER
WASHINGTON -- Now that Congress has enacted laws to secure the nation's air
travel system from terrorists, the House approved legislation Tuesday
designed to protect Americans from attack at the nation's 361 ports.
But protecting the waterfront from terrorists could prove far more
complicated than safeguarding the skies.
While the air travel system has received far more attention, security
experts worry about the vulnerability of ports to an attack that could
cripple the U.S. economy. Of special concern are the thousands of cargo
containers arriving every day that could be used to sneak terrorists or
dangerous weapons into the country. The House bill would authorize U.S.
security sweeps of foreign ports, expand the Coast Guard's authority to
direct ships and provide $225 million in security grants to U.S. ports.
Some of that is expected to go to the Los Angeles-Long Beach port complex,
the nation's busiest with more than 1 million passengers, 5,500 commercial
vessels and $170 billion in commerce annually.
The bill also would put in place a number of measures to better screen the
6 million cargo containers that arrive in U.S. ports every year. Only a
fraction of the 20- to 40-foot-long metal boxes are physically inspected,
although customs officials check cargo lists and target suspicious
containers for a closer look.
Rep. James L. Oberstar of Minnesota, the top Democrat on the House
Transportation Committee, said the bill would close "another hole" in
America's defense shield. "We have 95,000 miles of coastline in the United
States. We have to protect that coastline and our ports."
While aviation security legislation was approved about two months after the
Sept. 11 attacks, port security has been more difficult.
Lawmakers want to increase security at ports but do not want to slow down
the U.S. economy and impair the ability of businesses and farmers in their
states to reach global markets.
And ports are difficult to protect because of their size and immense
operations. "Look at the Port of New Orleans," said Coast Guard Capt. Mike
Lapinski. "It stretches up one side of the river and down the other side
about 100 miles."
The House bill is similar to a measure passed by the Senate last year,
virtually ensuring that a port security bill will be sent to the president
soon.
But one issue that still needs to be resolved is whether individuals who
have served time for felony convictions, such as a drug offense, will be
barred from working in secure areas.
The Senate bill is patterned after the aviation security bill, which denies
workers security-sensitive jobs if they have been convicted of any of more
than two dozen felonies. Industry officials say dockworkers should be held
to the same standard as airport workers. The House bill, which the unions
prefer, would let federal transportation authorities decide what crimes to
consider in determining whether a worker poses a terrorist threat.
Although port officials were pleased with progress on the legislation, they
said it did not provide enough money.
The House measure would give $225 million to ports for security
improvements, the Senate bill $390 million. (The Senate measure in total
provides slightly more than $1 billion, but much of it goes to hiring
additional customs agents and purchase of screening equipment.)
The amount going directly to ports is far less than the $2 billion that an
anti-crime commission said was needed to secure ports before Sept. 11. And,
when the Department of Transportation recently invited ports to apply for
$93 million in security funds allocated in December, the agency received
requests for almost $700 million.
Still, the American Assn. of Port Authorities, which represents public port
authorities, applauded the House vote. "Greater resources for continued
improvements in security at our nation's ports are critical," said Kurt J.
Nagle, the association's president.
Officials at the Los Angeles port declined to comment, noting that the city
had not yet taken a position on the legislation.
The House bill also would set a June 30, 2003, deadline for authorities to
develop an "anti-terrorism cargo identification and screening system" for
cargo containers.
No one expects every cargo container to undergo the kind of screening
planned for airline baggage. But the measure requires shippers to transmit
cargo information to U.S. authorities before the cargo reaches port,
something that most shippers have been voluntarily doing since Sept. 11.
Customs officials are also moving to assign inspectors to foreign ports in
an effort to intercept suspicious cargo bound for the United States. On
Tuesday, Singapore became the first port outside North America to announce
plans to work with the U.S. Customs Service in screening U.S.-bound cargo.
Although customs does not physically inspect every container, it does use
the information to single out suspicious cargo. Customs officials say they
are beginning to use "e-seals" on cargo that send out an alarm if a
container is opened, and they are exploring electronic systems to track
containers.
The legislation also requires ships to electronically transmit passenger
and crew manifests before arrival. Coast Guard officials say the manifests
now are often handwritten and faxed, making it difficult for authorities to
read them and check names against FBI and INS databases.
Times staff writer Jessica Garrison in Los Angeles contributed to this report.
******************
Washington Post
Panel Chairman Seeks Study of FBI Reorganization
Rep. Wolf Cites Concern on Impact of Shifting Agents to Counterterrorism
Effort
By a Washington Post Staff Writer
In a signal that Congress will not rubber-stamp the FBI's reorganization
plan, the Republican chairman of a key House panel asked yesterday for an
independent assessment and said he would not approve the proposed shifting
of more than $200 million within the bureau until he is satisfied that it
"makes sense."
Rep. Frank Wolf, the Virginia Republican who heads the House appropriations
subcommittee that oversees the FBI budget, requested an expedited review of
the plan by the General Accounting Office -- Congress's independent
watchdog agency -- and the nonprofit National Academy of Public Administration.
He tentatively set a June 14 hearing for testimony from the two evaluators,
FBI Director Robert S. Mueller III and other witnesses. "I want to make
sure we're doing everything we can to get the best minds to look at this,
and to work with the FBI to make sure this works," Wolf said.
In a letter to Mueller several days before the plan was announced, Wolf
said he did not want Congress to be an "impediment" to changes needed to
counter the terrorist threat. But he added: "I believe an independent
analytical review would prove beneficial."
Congress's main concern is whether the shifting of 652 FBI agents and 766
support personnel -- most of whom would go to the counterterrorism effort
-- would leave a void in other important law enforcement functions, Wolf
said yesterday.
Most of the agents would be shifted from duties in drug law enforcement,
white-collar crime, violent crime and forensic services. Sources said
Congress wants to make sure that other agencies, such as the Drug
Enforcement Administration, or state and local law enforcement authorities,
would be able to take up the slack.
Mueller announced the reorganization plan May 29. Congress has 15 days from
that date either to accept the shifting of money needed to carry it out or
to suggest changes.
Details of the plan are contained in a May 29 Justice Department letter to
Wolf. In addition to the reassignment of the 652 agents, it calls for a new
Cyber Division to "coordinate, oversee and facilitate FBI investigations in
which the Internet, online services and computer system and networks are
the principal instruments or targets of foreign intelligence or
terrorists." The Cyber Division would handle Internet fraud and child
pornography, as well as crimes involving the theft of intellectual property
and trade secrets.
The plan also would divide the FBI's laboratory operations into two
sections, one handling traditional forensics such as fingerprint and DNA
analysis, and a new Investigative Technologies Division. This new division
would focus on supporting anti-terrorism operations and the intelligence
community. It would specialize in electronic and physical surveillance,
cyber technology and wireless and radio communication.
At the same time, two "flying squads," based at FBI headquarters, could be
deployed to respond to specific terrorist threats or incidents anywhere in
the country. The aim would be to ensure "more coordinated national and
international investigations," the Justice Department letter said.
Congress has been highly supportive of the FBI since Sept. 11, Wolf said.
Last year it beefed up the administration's funding request for the FBI by
$206.5 million in a supplemental spending bill. Last month, considering
this year's version of that bill, the House added $100 million to the
administration's supplemental funding request.
******************
Computerworld
Feds eyeing smart card use as security tool
WASHINGTON -- A Bush administration official told a smart card industry
group today that smart cards have "tremendous potential" to provide
physical and network protection if card security, interoperability and
privacy issues are addressed.
"Smart cards, if deployed properly, and if they are properly secured,
really do provide an excellent means of security," said Paul Kurtz, the
senior director for national security at the White House's Office of
Cyberspace Security.
But Kurtz, speaking at a Smart Card Alliance Inc. conference today, told
card manufacturers that smart cards have to be deployed with security in
mind. "We want security built-in upfront," he said.
Despite some concerns, smart cards are becoming increasingly important in
the federal government. "There is tremendous amount of momentum in the
system toward smart cards," said Kurtz.
Several agencies are eyeing the use of smart cards, including the following:
The Transportation Security Administration, a federal agency created
following the Sept. 11 terrorist attacks, is considering smart cards for
physical and systems access. Any such move could affect some 15 million
government and private employees at more than 400 airports and 300 seaports
and other transportation sectors, according to an official at the Princeton
Junction, N.J.-based Smart Card Alliance.
Congress is eyeing legislation that would require smart card driver's
licenses that contain a biometric marker, such as a fingerprint or retinal
scan.
The U.S. Department of Defense is in the process of issuing smart cards to
all 4.3 million U.S. military and civilian personnel, as well as on-site
contractors.
Kurtz said smart cards represent a possible solution to the architectural
problems of providing a secure mobile identity. But, he said, the industry
has special challenges posed by the number of people involved in issuing a
card, including the manufacturer, issuer, the data owner and the software
manufacturer.
"Those are a number of players coming together in one place where the owner
doesn't exactly see everything that is going on," said Kurtz. "So the
opportunity for trouble is present."
Kurtz also cited privacy issues raised by the availability of data
collected off the cards, as well the interoperability of the cards themselves.
The Bush administration is developing a plan for protecting critical
infrastructure that's due out by the end of the summer, he said.
"I would challenge the industry to think through the issue of security ...
and develop secure cards and secure infrastructure for those cards," said
Kurtz.
*********************
Washington Post
U.S. to Give Travel Web Sites A Close Look
As the Internet becomes more of a destination of choice for consumers
looking to book airline tickets, hotel rooms or car rentals, the government
is considering whether the Web sites should be regulated and whether they
are indeed offering the lowest fares.
Transportation Secretary Norman Y. Mineta has named David Winstead, former
Maryland transportation secretary, to oversee a nine-member commission
created by Congress to investigate the prices and practices of various
airline sites and independent sites -- such as Travelocity and Expedia --
and their impact on the nation's travelers and travel agents.
The commission's first hearing is to be held June 12 at the Ronald Reagan
Building and International Trade Center.
The commission's goal, he said, is to determine if "these sites have helped
or hurt the traveling public." Winstead is to present a report on Nov. 15
to members of Congress, who will then determine if any "recommendations or
regulations" should be implemented by Congress or the Bush administration.
Increasing numbers of travelers are using Web sites to buy their tickets.
According to the Internet analysis group Jupiter Media Metrix, consumers
are expected to spend about $30.8 billion on travel sites this year, up
from $24 billion in 2001.
The Web sites may make it easier for consumers to shop for cheap fares, but
government officials worry about problems that may spring from the practice.
For example, Congress is worried about the impact of the Internet on travel
agents. Many airlines have eliminated the commissions they pay travel
agents and have been encouraging travelers to book online by putting their
lowest fares on their Web sites.
But Orbitz.com -- founded by American, United, Delta, Northwest and
Continental airlines -- recently announced plans to create a system that
would give travel agents direct access to its fares, which should provide
agents with some relief.
Congress is also concerned that some sites are getting lower fares than
others, Winstead said.
And the Justice Department is currently investigating Orbitz.com to see if
the travel Web site is favoring the five major airlines that own it.
Other incidents have raised questions. Internet travel services such as
Travelocity, Priceline and Expedia say they display the lowest fare that
meets the customer's criteria, such as destination and time of travel. Yet
in March, Expedia.com briefly refused to display United Airlines fares
after the carrier said it would stop paying Expedia a commission on tickets
sold on the site.
In April, Northwest Airlines claimed both Travelocity and Expedia refused
to offer its fare sale to Frankfurt, Germany. Northwest spokesman Kurt
Ebenhoch said the sites argued that they could not promote the fares
because that would conflict with marketing agreements they have with
European carriers. Expedia spokeswoman Suzi LeVine denied that. She said
Northwest decided not to give its fares to Expedia after Expedia said the
fares would not be advertised on its Web site or in its promotional e-mails.
Winstead said he plans to study the kind of exclusive marketing agreements
that Internet travel sites have with airlines to determine if they
influence the way sites display fares.
Testifying at the first hearing will be executives from the American
Society of Travel Agents, the American Automobile Association and Sabre
Holdings Corp., the airline reservation systems. There will be three more
hearings over the next several months.
Hotel Incentives
Wyndham International hotels have eliminated charges for long-distance and
local telephone calls as well as Internet access for members of the chain's
frequent-stay program. Business travelers often complain about costs of
telephone calls and Internet service at hotels.
Wyndham's move is the latest effort by hotels to fill rooms. Hotels were
hit hard by the recession, which caused corporations to cut back on
business travel, and the Sept. 11 hijackings, which scared away travelers.
Hyatt Hotels Corp. is offering a free night for every two nights stayed.
And Marriott International Inc. is giving away two free weekend nights
after three stays in its hotels.
What makes these moves more noteworthy is that they come during what is
traditionally the best time for the hotel industry -- the summer travel
season. However, within the past week, both Hilton Hotels Corp. and
Marriott said they expect second-quarter revenue to be lower than original
estimates. That may mean more deals could follow.
********************
USA Today
FTC idea could get telemarketers to stop calling Hearings begin today on
national 'Do Not Call' list; industry cites high costs
By Michael McCarthy and Jayne O'Donnell
USA TODAY
WASHINGTON -- Telemarketers are the callers many love to loathe. They
interrupt dinners. They spoil weekends. They won't take no for an answer.
''I find them very aggressive and intrusive,'' says ToniAnn DeMario, 39, a
teacher from Staten Island, N.Y.
She says she's fed up with getting multiple calls as she and her husband,
Joey, try to have dinner with their 2-year-old twins, Joseph and Anthony.
''Something needs to be done to stop them from calling your home whenever
they want,'' DeMario says.
The Federal Trade Commission might offer consumers such as DeMario a way to
cut off the dialing for dollars. The FTC has proposed a ''Do Not Call''
list it says could eliminate most telemarketing calls for those who register.
''The Do Not Call list is aimed at the disruption (of daily life) issue,''
says FTC Chairman Tim Muris.
It's the most controversial of the agency's proposed additions -- to be
debated at a three-day public hearing starting today -- to rules now
regulating deceptive telemarketing and hours for calling. Consumers could
sign up by calling a hotline. Violators who call listed numbers would be
fined $11,000 per call.
But members of the $661 billion telemarketing industry -- they prefer
''teleservices'' -- see the list as a disruption of legitimate business.
And they say the FTC is exceeding its authority.
The industry is already on the defensive: 15 states have ''Do Not Call''
lists, with more than 7 million households; 11 more states are coming.
''The government wants to put our industry out of business,'' says Matt
Mattingley, director of government affairs for the American Teleservices
Association, which has members such as AOL Time Warner and Capital One.
''They can't legislate it out of existence. So they are proposing
regulations so onerous, difficult and expensive that it would be impossible
to comply.''
The FTC says it hopes to have a final proposal by fall that could have a
list up early next year that would let consumers avoid calls for the likes
of magazines, vacation time-shares and many credit cards. It would be paid
for by charging telemarketers for access to the list, which they would need
to avoid fines.
Even with a list in place, consumers could still get phone pitches from
industries and groups, including some heavyweight telemarketers, regulated
by agencies other than the FTC. Among them: phone companies, airlines,
banks, brokers, charities and political campaigns. And state laws apply to
calls starting and ending within any state.
However FTC staffer Katie Harrington-McBride, head of the legal team
reviewing the rule changes, says the FTC list would cut off ''most'' calls.
Those who favor and oppose the list debate what ''most'' means.
Jason Catlett, president of consumer group Junkbusters, estimates it would
head off up to 70% of calls. He'll testify for the plan this week and says,
''Telemarketing is the most despised form of solicitation in the country.''
Jerry Cerasale, senior vice president of government affairs for the Direct
Marketing Association, the biggest trade group for telemarketers, says so
many exempt industries means a national list would cover 50% of calls, at
best. ''We've found that banks and telephone companies are two of the
largest users,'' he says.
Volunteerism urged
A better alternative, he says, is the DMA's voluntary Do Not Call list
established in 1985, which has 4.5 million registered households. He says
his group's 5,000 member companies, such as AT&T and Sears, account for
about 80% of telemarketing calls, and all agree to observe its Telephone
Preference Service.
Critics point out, however, there is no real penalty if they call anyway.
FTC officials say that if the Federal Communications Commission, which
regulates industries such as phone companies, also created a Do Not Call
list, federal law could cover about eight of 10 telemarketing calls.
The FCC, however, has no plans to start a list, says spokeswoman Rosemary
Kimball, but it requires carriers to keep their own Do Not Call lists,
restricts hours for calls and bans recorded calls and faxes.
Some consumers apparently would be happy if just some calls were cut off.
Of more than 42,000 responses in the FTC public comment period ending April
15, more than 90% favored the list, says Harrington-McBride. But while the
consumer annoyance issue has gotten great attention in the debate,
telemarketing continues to grow, because it works -- and there is big money
at stake.
Cash incentives
Consumers spent $274 billion on telemarketing in 2001, according to the
DMA, up 8.5% from the year before. Business-to-business sales were $387
billion, up 10.4%.
Telemarketing is the second-fastest-growing segment -- behind the Internet
-- of the $1.86 trillion direct-marketing industry that ranges from
catalogs to e-mail to 800 numbers on TV.
In a survey by the American Teleservices Association, 41% of Americans
acknowledged making purchases over the phone in the last year, vs. 45% for
the Internet.
Women were more likely to buy than men: 45% vs. 37%. The Northeast was the
most fertile region for phone pitches.
All of this generates strong feelings on all sides. So many industry
groups, lobbyists and consumers wanted to weigh in for or against a Do Not
Call list at the public workshops this week that the FTC moved the sessions
from agency headquarters to the larger Marriott Wardman Park Hotel here.
Among key arguments:
* Whose phone is it, anyway? In its 66-page comment on the FTC's proposed
rule changes, the DMA argues that a national Do Not Call list would violate
commercial free speech, as well as levy, in effect, a new tax on business.
''We don't think it's necessary. Under current law if you tell me, 'Don't
call me any more,' it's illegal for me to call you,'' says Cerasale.
The First Amendment complaint in particular angers Catlett: ''The fact is,
the consumers are paying for their telephones -- and telemarketers are
helping themselves to it. Telemarketers saying this is a First Amendment
issue is like graffiti artists claiming they have the right to spray
graffiti on your house. They have the right to spray it on their own house.
But not on something I pay for.''
An issue for another telemarketing opponent, Bob Bulmash of Private
Citizen, is what he estimates are 150,000 households interrupted at
dinnertime by ''hang-up'' calls. That's when a telemarketing computer
calls, but there's nobody there when you answer. ''The industry's position
is, it's ethical to hang up on people,'' Bulmash says.
* State rights. Many state attorneys general who run their own Do Not Call
lists want to enforce their own consumer laws -- and want the feds to butt
out. Wisconsin Attorney General Jim Doyle, for example, has warned the FTC
that ''federal actions should support and supplement, not undermine and
pre-empt,'' state efforts.
Harrington-McBride says, ''it's not clear'' whether the FTC list would
override the various state lists.
* Economic impact. An estimated 7,000 telemarketers employ, directly or
indirectly, about 6 million people, says the DMA, and employment is
predicted to grow at a rate of 3.8% through 2005.
The trade group argues that job cuts would fall heavily on women,
minorities and students. It says women make up 60% of the industry
workforce, minority workers, 33%, students, 26% and single mothers, 25%.
Telemarketers play a useful but despised role similar to used car salesmen,
says Mattingley.
''Telemarketing is everybody's favorite whipping boy. Nobody loves a
telemarketer. You don't want your daughter to marry a telemarketer. But
people buy from telemarketers. Used car salesmen are generally regarded as
subhuman -- until you need a used car.''
But supporters of the FTC list say the industry is crying wolf. They say no
cases have been shown of a telemarketing firm driven out of business by the
state laws already in effect requiring don't-call lists.
Instead, firms change areas or work for clients that are under fewer
restrictions.
At what price?
* Hidden charges? The FTC estimates it will cost about $5 million a year to
create and maintain the national list.
The ATA says the agency is low-balling the cost, and it claims the list
could cost more than $100 million per year and require a small army of new
FTC attorneys to handle complaints.
''Is this a big make-work project?'' asks Mattingley.
DeMario, meanwhile, is one of the consumers caught in the crossfire who
just wants some peace and quiet.
''If you own the phone and pay for the phone, you should have the right to
determine who you want to speak to,'' she says.
''They argue that you can just hang up. But you're in the middle of dinner,
or taking care of your children. And the phone just keeps ringing. . . . ''
********************
Associated Press
Reporter Subpoenaed in Hacking Probe
Tue Jun 4, 6:45 PM ET
By TED BRIDIS, Associated Press Writer
WASHINGTON (AP) - Without required approval, U.S. prosecutors sent a
subpoena to MSNBC demanding a reporter's notes, e-mails and other
information as part of an investigation into a nomadic young hacker who
acknowledged breaking into computers at The New York Times earlier this year.
The subpoena, which was withdrawn weeks later, also demanded any similar
material from MSNBC involving another journalist who contacted The New York
Times on behalf of the newspaper hacker after the break-in, then wrote
about it for an online publication.
Under guidelines from the Justice Department (news - web sites), Attorney
General John Ashcroft (news - web sites) or his deputy must personally
approve any subpoenas sent to journalists, and Barbara Comstock, director
of the Office of Public Affairs, must review such requests. But senior
Justice officials on Ashcroft's staff at headquarters said they were
unfamiliar with the MSNBC subpoena, and Ms. Comstock said she did not
review it.
"If that's true ... they violated their own policy," said Lucy Dalglish,
executive director of the Reporters Committee for Freedom of the Press.
The subpoena, signed by an assistant U.S. attorney from New York,
represents at least the second time since 2001 the Bush administration has
tried to compel journalists to turn over information related to a criminal
probe.
Herbert Hadad, a spokesman for U.S. Attorney James B. Comey Jr. in New
York, declined to discuss it.
The Justice Department last year obtained the personal phone records of
Associated Press reporter John Solomon after he wrote about a federal
wiretap of Sen. Robert Torricelli.
MSNBC's lawyer, Yuki Ishizuka, said it was unclear whether federal
prosecutors will resubmit the subpoena, but the company has recently warned
some reporters not to delete e-mails that might be connected to the case.
Ishizuka said the subpoena, withdrawn in mid-May, demanded from MSNBC
reporter Bob Sullivan any e-mails or notes about conversations about the
newspaper's computer break-in with hacker Adrian Lamo and Kevin Poulsen,
now an online journalist.
******************
Associated Press
Security Flaw Found in Explorer'
Tue Jun 4, 9:30 PM ET
REDMOND, Wash. (AP) - A security flaw in Microsoft's Internet Explorer
browser could allow a hacker to take control of a remote computer if its
user clicks a link to an outdated Internet protocol, a computer security
firm says.
Oy Online Solutions Ltd. of Finland said it notified Microsoft Corp. of the
security hole on May 20 but the software giant has yet to produce a
software patch to fix the problem, the Toronto Star reported Tuesday.
A Microsoft spokesman who refused to be identified said Tuesday that the
company is "moving forward on the investigation with all due speed" and
will take the action that best serves its customers.
The problem concerns Gopher, an Internet protocol that predates the World
Wide Web with pages like Web pages except that they are unable to store
audio and video content.
Although Gopher is considered an outdated format for Internet content, it
is still supported by Internet Explorer and most other browsers.
According to Oy Online, a hacker could take over a user's computer simply
by having the user click on a link to a "hostile Gopher site." That one
click would install and run any program the hacker chose on the victim's
computer, and the victim might never know.
"The program could, for example, delete information from the computer or
collect information and send it out from the computer," Oy Online said in a
release. "(It) could also install a so-called backdoor (program) that would
enable the hostile attacker to access the computer later."
All versions of Internet Explorer are believed to be vulnerable, the Star
reported.
Refusing to confirm the security flaw, the Microsoft spokesman said the
company "feel(s) strongly that speculating on the issue while the
investigation is in progress would be irresponsible and counterproductive
to our goal of protecting our customers' information."
And the spokesman added, "Responsible security researchers work with the
vendor of a suspected vulnerability issue to ensure that countermeasures
are developed before the issue is made public and customers are needlessly
put at risk."
After being embarrassed on an almost regular basis by security flaws in its
products including a debilitating problem found in its latest Windows XP
(news - web sites) operating system just days after its release Microsoft
began a companywide training program on security issues earlier this year.
In January, Microsoft Chairman Bill Gates (news - web sites) instructed
employees to make software security a top priority.
****************
Wired News
Did MS Pay for Open-Source Scare?
Authors of a new report on the perils of open source software are being
very closed-mouth about their funding sources.
"Opening the Open Source Debate," a white paper slated to be released
Friday by the Alexis de Tocqueville Institution, indicates that open-source
software is inherently less secure than proprietary software. The report
warns governments against relying on open-source software for national
security.
Open-source advocates wondered if the white paper is actually a veiled
Microsoft response to recent reports of rising government and military
interest in open-source systems.
A Microsoft spokesman confirmed that Microsoft provides funding to the
Alexis de Tocqueville Institution.
"We support a diverse array of public policy organizations with which we
share a common interest or public policy agenda such as the de Tocqueville
Institution," the spokesman wrote in an e-mail.
Microsoft did not respond to requests for comment on whether the company
directly sponsored the debate paper. De Tocqueville Institute president Ken
Brown and chairman Gregory Fossedal refused to comment on whether Microsoft
sponsored the report.
"It is not our policy to comment on supporters; I'm sure you can
understand. From this you should not infer that information you have is
correct or not correct; we just don't comment," Fossedal wrote in an e-mail.
"These folks really need to be more straight-forward about this," security
researcher Richard Smith said. "Not commenting makes it appear as if they
have something to hide."
A Microsoft spokesman did say that open-source software is not innately
more or less secure than proprietary software.
"Microsoft has held the position that security is an industry-wide issue
and software is only one part of it. Implementation and administration are
also key in security."
Most security experts do believe that open source is neither more nor less
secure than propriety software. How a systems administrator configures and
maintains the application is equally important.
Open-source software allows programmers to view and modify the software's
program code. Closed-source software code is not viewable to all.
Since malicious hackers cannot view the underlying code of propriety
software, they can't study it to discover possible exploits, a principle
known as "security through obscurity," according to Bill Wall and Darwin
Ammala of Harris Corporation's STAT computer security unit.
But open source software is presented to a very large and knowledgeable
audience of software development peers. This substantially large body of
reviewers provides deep scrutiny to software. They are able to test a wide
variety of scenarios and feed improvements back into the code base. Over
time this strengthens the software, Wall and Ammala added.
A recent report by Gartner Group analyst John Pescatore suggested that
open-source style review would make Microsoft's software more trustworthy.
But the question of whether closed- or open-source software is inherently
more secure can't really be answered because the issue has not been
subjected to rigorous analysis, security experts said.
Wall said such an analysis should be done within the software engineering
research community by an entity such as the Software Engineering Institute
(SEI) or the Defense Advanced Research Projects Agency (DARPA).
"I would really like to see rigorous testing with hard statistics and not
mere speculation on an issue as serious as this," Smith said.
******************************
ZDNET News
Taiwan opens door to open source
Taiwan is turning its back on software from the likes of Microsoft to
develop its own open-source project, according to a recent report.
The Taiwanese government plans to start an open-source project as early as
next year that could save it as much as $295 million in royalty payments to
Microsoft, according to a report from Taiwan's Central News Agency.
Open-source software such as the Linux operating system may be freely
modified and redistributed without the legal and financial constraints of
proprietary software from Microsoft, Oracle and others.
An official with the National Center for High Performance Computing, Chuang
Tze-nan, announced the plan Monday. Under the project, the government will
encourage research and development in office software and the opening of
the source code for government agencies and private establishments.
At a meeting that included members of the government's National Science
Council, Ministry of Education and other government organizations,
legislators said that the government has failed to react to Microsoft's
monopoly on Taiwan's office software market.
The government has already launched an investigation into allegations that
Microsoft misused its market dominance by indiscriminately increasing prices.
The move to open source is expected to save the government $59 million in
royalty payments to foreign manufacturers, while the benefits to the
private sector could be as high as $295 million, according to Chuang.
According to other statistics, the government could end up spending that
amount on royalty payments to Microsoft alone.
Hsieh Ching-chih, vice chairman of the National Science Center, said there
were 1.23 million PCs in Taiwan's government agencies and schools at the
end of 2000. If those computers were outfitted with Microsoft software,
royalty payments to the software giant could exceed $295 million, Hsieh said.
According to Vice Education Minister Wu Tieh-hsiung, the government is also
planning to set up six educational centers around Taiwan to train
open-source developers. Three years after the introduction of the
open-source project, the centers will be training 120,000 basic users and
9,600 advanced users, he predicted.
Taiwan isn't the only country to favor open-source software over
Microsoft's systems. On Monday, the German government announced a deal with
IBM and Linux company SuSE to address concerns that it was relying too
heavily on Microsoft products.
Governments have been embracing open-source software as a way to cut costs
and sometimes also to break free of a U.S.-dominated software market.
Microsoft representatives were not immediately available for comment.
***********************
Salon.com
A new teenage wasteland?
Script kiddies, Web site defacers, chat-room gangsters: Today's digital
troublemakers get a bad rap. But in "The Hacker Diaries" we learn that
they're really all right.
Behold the glory of the "Web site defacement," a truly modern act of
juvenile delinquency. Ludicrous (replacing a Baptist Church Web page with
an invocation to Satan, for example) and yet troubling in their signal of
arcane technological mastery, Web site defacements are apparently all the
rage among angry young computer users.
In the wake of real terrorist acts -- anthrax sent through the mail,
jetliners piloted into buildings, suicide bombers -- messing with a Web
site's HTML shouldn't rank very high on the list of threats to the public
safety. To compare a requirement that one perform five defacements in a
week before being granted entry into an "underground" gang to a similar
Mafia mandate to commit murder before becoming a "made man," as author Dan
Verton does in "The Hacker Diaries: Confessions of Teenage Hackers," is
absurd overstatement. Nor does, say, an exploitable bug in Microsoft's
Front Page HTML coding application add up to a threat to the
command-and-control infrastructure for nuclear weapons in the United States.
And yet, for the teenagers profiled in "The Hacker Diaries," Web site
defacements are symbolic acts of power, statements of real political
purpose and rage. There is something going on here, and it deserves
attention. Once upon a time, alienated teenagers acted out by racing cars
or doing drugs. Now they go online and look for software vulnerabilities to
exploit (some still race cars and do drugs, too). The biggest
headline-getters, like the infamous Mafiaboy, whose denial-of-service
attack on the Web's largest sites in June 1999 went beyond petty
defacement, achieve what can almost be considered "real" damage.
"The Hacker Diaries," though flawed, is a worthy stab in the service of
understanding what motivates today's generation of online saboteurs. Most
valuable for the details it provides about actual teenagers (though often
identities are disguised by pseudonyms, and in some cases one wonders how
specific sections of dialog were captured), "The Hacker Diaries" manages,
for the most part, to avoid demonization. The language does get a bit
purple and breathless at times; Verton has difficulties maintaining a
stance that is supposedly at odds with mainstream media's sensationalist
treatment of "hackers" without at the same time succumbing to the tendency
himself.
But for the most part, Verton succeeds in portraying these young men (and
one woman) as real people: not freaks, not madmen, not aliens from the
cyberspace dimension, but real human beings, products of broken families or
loving parents, motivated by truculence or patriotism or passion.
In a culture increasingly dominated by digital technologies, by computers
and networks and code, it should be no surprise that acts of information
violence attract more attention than graffiti on subway cars or actual
street-gang rampages. But the significance of teenagers parading through
chat rooms with nicknames like "Noid" or "Genocide" or "RaFa" is not how
much supposed financial damage they do, or whether the rise of "script
kiddies" is a sign of the decline and fall of Western culture. It's that,
to paraphrase Pogo yet again: "We have met the hackers, and they are us."
When computers are everywhere, everyone becomes a geek. These kids are our
sons and daughters or brothers and sisters, children, as are we all, now,
of the information age.
Verton's greatest mistake is his failure to properly ground the concept of
"hacker" from the get-go. This is always a tricky business, because even
the people who proudly call themselves "hackers" often mean very different
things -- as do a number of the subjects profiled in "The Hacker Diaries."
What makes Verton's treatment especially confusing is that several of these
teenagers he talks to do express a clear understanding that there is a
difference between "hackers" who just like to understand the intricacies of
their computers, and "crackers" who are intent on breaking into closed
systems. But the narrative itself never achieves clarity on this point.
And almost wholly missing from the bulk of the book is the sense of the
hacker as someone creative, as a programmer who comes up with solutions to
a problem rather than just exploring a network, or using code nabbed from
somewhere else. "The Hacker Diaries" would have benefited immensely from at
least a dabble in some of the historical ground covered in Steven Levy's
"Hackers" or the huge wealth of commentary inspired by the rise of the free
software/open-source movement as an outgrowth of hacker culture. Instead,
repeatedly, the term "hacker" is used indiscriminately, grouping together
people who trade in pirated software, who deface Web sites, who want
information to be "free" and who are simply really, really good with
computers.
The contradictory impulses continue right to the end of the book. In the
afterword, Verton writes:
"Teenage hacking, particularly the act of defacing public and corporate Web
sites, is a cultural phenomenon that knows no borders. The roots of teenage
hacking run deeper than any one celebrity hacker or group. As a result, it
is a phenomenon of the information-age culture, and not any one country or
geographical area. Thousands of Web sites run by governments, businesses,
churches, schools, and nonprofit organizations are defaced every year."
But a few pages later, after essentially equating Web site mayhem with
hacking, an equation that thousands and thousands of proud programmers
would scoff at, Verton suddenly explodes into encomium:
"Teenage hackers are the great explorers of the Information Age. Some will
stop at nothing to discover the possible in that which others say is
impossible. These are the minds that have given the world great things, and
the minds, unblemished by wisdom, that are still courageous enough to see
the world in terms of right and wrong. And these are the minds that have
the unique ability to think digitally, the minds that breathe life into
silicon, though yet still inexperienced in the ways of the world and in
need of a moral compass ... '[Their] goal is to change what needs to be
changed: their lives, their world, or the Internet. And in a world where
nothing is beyond hacking, they just might do it."
So what is it? Are hackers simply passionate people who are good with
computers, or are they a threat to society, capable of doing vast damage to
the world's technological infrastructure? By the end of the book, I was
convinced that Verton himself had a more subtle understanding of the term,
and that his intent was not to demonize, but to understand and appreciate.
But his failure to be clear initially about what he is doing raises plenty
of doubts along the way. And unfortunately for those who might pick up the
book in a store and just glance at the first few pages, Verton's decision
to open the book with a fabricated diary entry by a convicted "hacker" hits
every sensationalist button and rings completely untrue -- the voice
captured by the diary entry sounds nothing like an actual teenager.
But the book is still a good read, particularly for those of us who are
interested in what kids are up to these days. As usual, some of the
brighter of them are causing trouble. What's different about this
generation as opposed to generations past is its access to powerful
computers and the existence of a world-spanning Internet.
One consistent theme in the profiles is that even kids growing up in
low-income situations find a way to get their hands on a computer. The
earliest generations of hackers -- the people who populate Levy's
"Hackers," for example -- didn't have it so easy. It was usually the truly
extraordinary mind that found its way into the heart of the digital machine
20 or even 30 years ago. But today, the digital machine is everywhere.
Computing is easy. Access to a wealth of software, constructive and
destructive, is, literally, child's play.
This shouldn't be as much of a cause for alarm as the mainstream media
makes it out to be. We live in technological times, so many of our
earthquakes are going to be technological in nature. If our computing
infrastructure has vulnerabilities that 16-year-olds can exploit, we should
be able to fix them. One of the intriguing things not really explored in
"The Hacker Diaries" is that Mafiaboy's legendary romp through the biggest
names on the Internet -- Yahoo, eBay, Amazon, CNN, eTrade -- three years
ago hasn't been duplicated to the same extent since. It might have been
easy for him back then, but apparently it's not so easy for today's ornery
young men.
The real lesson of "The Hacker Diaries" is that some verities are truly
eternal. Kids who grow up in families where parents take a real interest in
what they are doing, and inculcate real moral codes, tend to grow up into
adults who are not doing time for bringing Yahoo down for a day. Verton
includes examples of such kids in "The Hacker Diaries" and they are
surprisingly refreshing. Parents need to pay attention. Instead of reading
newspaper accounts of the latest horror perpetrated by a foulmouthed high
schooler who's got a Pentium 4 and knows how to use it, they should be
exploring the digital world with their offspring.
Call me conservative, but when the FBI comes knocking at my door to tell me
that my daughter has just replaced the Web page for the Securities and
Exchange Commission with a picture of a fornicating Pokémon, I'm going to
feel like I screwed up, and not her.
*********************
Associated Press
Students Help Schools With Computers
Wed Jun 5, 2:48 AM ET
By LAURIE KELLMAN, Associated Press Writer
WASHINGTON (AP) - Students might be able to teach their teachers a thing or
two about technology.
When it comes to keeping computers running, many school districts rely on
students, according to a study by the National School Boards Foundation.
The group said the survey it commissioned of 90 of the nation's largest
school districts also showed that teachers often aren't well trained to use
technology in the classroom.
"With increasing pressures to improve student achievement and bridge the
digital divide, school leaders need to better integrate technology into the
curriculum as a major learning tool," Robin Thurman, director of the NSBF,
said in remarks prepared for Tuesday's release of the survey.
Most Internet instruction is done in subject areas such as history, social
studies and science, according to the survey. Eighty percent of school
leaders say the primary instructional use of the Internet is for research
that helps teachers shape lesson plans.
The foundation said new teachers are "unevenly prepared for using
technology as a tool for teaching and learning."
Students seem to be putting their computer expertise to good use at their
schools, which may not have the resources for technical support, the group
said. Some tutor, others run help desks, and still others have earned
network and software certifications.
Of the school districts surveyed, 54 percent reported that students were
providing technical support for their districts. In 43 percent of
districts, students troubleshoot for hardware, software and other problems,
it said. Thirty-nine percent of districts said students set up equipment
and wiring, and nearly as many districts report that students perform
technical maintenance.
The findings were based on telephone interviews with officials who make
decisions on technology in 811 school districts including 90 of the 100
largest districts, which represent 25,000 students.
****************
Associated Press
Internet Atlas of Oceans Released
Wed Jun 5, 3:58 AM ET
By EDITH M. LEDERER, Associated Press Writer
UNITED NATIONS (AP) - The murky depths are getting an online road map,
thanks to the United Nations (news - web sites) and a host of scientific
institutions that are launching an Internet atlas of the world's oceans.
After a decade of planning and more than 2 years of development, the U.N.
Oceans Atlas goes online Wednesday, World Environment Day, with 14 global
maps, links to hundreds of other sites, and more than 2,000 documents on
900 subjects ranging from climate change to poisonous algae.
"This is a very ambitious and important partnership for monitoring,
diagnosing and we hope helping to heal the great oceans of the world," said
former U.S. Sen. Timothy Wirth, who heads the United Nations Foundation.
The foundation provided the main $500,000 grant that funded the project.
The need for an atlas was identified during the 1992 U.N. earth summit in
Rio de Janeiro in response to a call to address the world's greatest
environmental challenges.
Project manager John Everett said the atlas will better spotlight acute
marine issues, from overfishing and destruction of coastal areas to
pollution and the effects of climate change on the Earth's ice caps.
Ocean-related issues are expected to dominate international efforts later
this century if, as predicted, the Earth's continued warming melts more ice
and causes the oceans to rise by up to 3.3 feet.
That kind of rise could affect millions of people worldwide and drown
coastal areas, including 6,630 square miles in the United States an area
the size of Connecticut and New Jersey combined.
The National Geographic (news - web sites) Society made its map-producing
technology and marine information available for the atlas. The Census of
Marine Life contributed its assessments of the diversity of marine life,
said Serge Garcia, who heads the fisheries resources division of the Food
and Agriculture Organization (news - web sites). The FAO led development of
the atlas.
"Now we have the ability to see information on all the areas of the ocean,
coming from all the reliable sources, through the United Nations, so there
will always be a reliable control," Garcia said.
He said the online atlas has the capacity to hold 100,000 documents and
thousands of maps, and will be constantly updated.
"If we're going to solve or prevent the world's biggest problems, the
public and the private sector have to come together and we've done so on
the atlas of the oceans," said Wirth.
********************
Washington Post
Former Lucent Exec Now Heads FBI's Trilogy Program
Wilson P. Dizard III
Government Computer News
Tuesday, June 4, 2002; 2:37 PM
The FBI's Trilogy program to upgrade its antiquated systems is moving
forward under its new program manager, Cheryl Higgins.
FBI director Robert S. Mueller III also has approved a program management
initiative that Higgins, a former executive of Lucent Technologies Inc. of
Murray Hill, N.J., will implement across the agency, sources said. The
program management function will include training for FBI employees
involved in systems development projects. Higgins has led the Trilogy
program since mid-March.
Meanwhile, the agency continues to replace its desktop systems, sources
said. The FBI has deployed about 15,000 PCs running Microsoft Office
applications, sources said, and plans to field a total of 21,000 systems.
The new PCs don't have access to the Internet, but the FBI operates an
intranet through which employees can use the new equipment to exchange
photographs and spreadsheets. "When we started, we had 13,000 computers
that could not support a Web browser," one FBI source said.
The new PCs later will have access to the Virtual Case File System, which
is intended to convert investigative records to a user-friendly format. FBI
officials have testified before the Senate Judiciary Committee that the
case file system will create an audit trail of each time a file is accessed
or modified. The bureau plans to deploy the case file system in December of
next year.
Senior FBI systems officials and spokesmen did not respond to requests for
comment.
*******************
Washington Post
Digital Rights Put to Test
Alex Daniels
Music and movie moguls crowded a Capitol Hill reception last month to toast
the four-year-old Digital Millenium Copyright Act, the landmark law
guarding copyrighted material from digital pirates.
Jack Valenti, the snowy-haired chief of the Motion Picture Association of
America, stepped to the microphone to laud congressional efforts on behalf
of Hollywood. Hilary Rosen, president and CEO of the Recording Industry
Association of America and the sworn enemy of legions of Napster fans,
beamed nearby.
"If you can't protect anything you own," said Valenti, "you don't own
anything."
As the guests clinked champagne glasses, digital thieves around the world
were double-clicking to buy pirated copies of "Star Wars: Attack of the
Clones" from Web sites that were hawking the movie - a flick still days
away from release in theaters.
Though the International Intellectual Property Alliance hasn't tabulated
how much is lost to piracy on the Internet, it estimates that book
publishers, recording and movie studios and software developers already
lose more than $20 billion a year from physical piracy.
So why were Valenti and Rosen smiling?
Good question. The combination of the Internet with bigger, faster and
cheaper computers, including ones that burn CDs, is making it easier than
ever to make and distribute flawless copies. Attempts to provide a tech fix
have fallen flat.
"There is no such thing as a hacker-proof technology," says Michael Miron,
CEO of ContentGuard, a Bethesda company developing a system to protect
digital content from easy copying. "If you make such a claim, you're
hanging a big target on your back."
Meanwhile, the digital dilemma clearly threatens to hold up already
disappointing rates of broadband adoption. Media companies remain wary of
putting valuable content online for fear it will be pirated and spread
round the world at cyber-speeds. But without more available content,
consumers have less incentive to abandon their dial-up connections for DSL
or cable modem services that can cost twice as much. Just 7 percent of U.S.
households have high-speed Internet service.
In the Washington area, the fight to protect digital rights holds enormous
implications for two media giants, AOL Time Warner and Discovery
Communications, not to mention dozens of other smaller companies, from
newsletter publishers to independent filmmakers.
Last year's mega-merger of Dulles-based AOL and Time Warner was supposed to
create a giant, combining AOL's Internet dominance with Time Warner's cable
empire and huge portfolio of movies, music, magazines and television shows.
But when it comes to digital rights, the giant has two heads.
Nearly 90 percent of AOL's 25 million U.S. Internet subscribers still use a
dial-up connection. To lure customers to higher-speed services-and keep
them in the AOL tent-the company wants to offer splashy content such as
movies and music. But the Time Warner side of the house worries that
releasing its valuable assets online could open the door to unauthorized
use, diluting their value.
"We're on both sides of this," acknowledges Joe Cantwell, AOL Time Warner's
vice president for broadband affiliate marketing.
AOL did not respond to requests to interview other company officials about
the dilemma. But Paul Kim, an analyst at Kaufman Brothers, a New York
investment bank, says the company is straddling the fence while it waits
for the murky issue of digital piracy to clear up.
"You have existing distribution channels that are doing very well for you,"
Kim says, referring to cable television, movie rentals and retail sales.
"Why mess with that?"
Discovery, the Bethesda-based media company, plans to introduce a
video-on-demand television service June 17. Subscribers will be able to
access network servers full of Discovery content such as Animal Planet and
the Travel Channel.
The service is a milestone in Discovery's move into digital media. Along
with it come fears that its content will be swiped. Bob Allman, senior vice
president and general manager of Discovery Online, admits he's nervous the
video-on-demand service will bring out the "buzzards." The company plans to
employ technology to stop piracy, though Allman refuses to discuss how.
But perhaps a more important point is that Allman is convinced consumers
are willing to pay for online videos if the services are easy to use-even
if other content is available for free. After all, before compact discs
arrived in the mid-1980s, teen-agers bought plenty of music cassette tapes
even though they could easily make copies of equal quality.
"There's a state-sponsored Napster for books - it's called a library," says
Allman. And although public libraries have been around for decades, people
still buy plenty of books at Barnes & Noble.
A survey released last month by Jupiter Media Metrix suggests that
Napster-like file-sharing programs may actually boost sales. The survey
found that music listeners who were experienced with file sharing were 75
percent more likely to increase their music spending than those without
file-sharing experience.
"We've been too slow in offering music for sale online," admits Rosen. Her
bigger problem, however, is figuring out how to get consumers to pay for
something that's available for free at the click of a mouse.
More then 350,000 movie files are illegally downloaded on the Web each day,
according to Viant, a Boston-based Internet consulting company.
And to Rosen's dismay, the online trading of music files continues to
flourish. True, the once mighty Napster was vanquished in the courts and
sold off as a shell last month to German media giant Bertelsmann for a
paltry $8 million. But many of Napster's 64 million users have simply
turned to alternate sites such as Morpheus and KaZaA to swap copyrighted
music for free. Those services have escaped Napster's fate - so far -
because the files aren't stored on their networks.
The music industry's few online offerings of licensed content have been met
with a shrug. Susan Kevorkian, an analyst for market research company IDC,
predicts online music services are generating just a few hundred thousand
dollars in annual revenue and says the industry will be hard pressed to top
$10 million in revenue by 2005.
"They've been very closed mouthed about it," Kevorkian says. But she
concedes that meeting even her conservative projections "may be hard given
what they're up against. Free music services are still available."
MusicNet, a subscription-based music service launched last October with
music licensed by BMG, EMI, Warner and Zomba, would not disclose sales or
subscriber figures. MusicNet offers 80,000 titles, well below the hundreds
of thousands of titles that Napster was offering at its peak.
To encourage the development of more online pay sites, nearly two dozen
software companies are busy at work developing digital rights management
(DRM) software to help content owners put a digital leash on copyrighted
material. But their solutions are far from foolproof.
DRM software allows copyright holders to write usage rules into their music
and video files. The software typically is a set of data that describes
each media file and sets terms for its use. A song file can be overlaid
with a "digital watermark" that confirms its authenticity and an encryption
code only allows authorized users to access it. The software can be written
to destroy a file after it's played a certain number of times and can even
limit the file's use to individual computers or media player devices.
For instance, a media company can write rules in to a music file that
allows a user to download it off of the Internet and make a back up copy
for personal use. But the rules can also restrict further copying.
But DRM software is off to a rocky start. Last year, IDC pegged the annual
DRM market in the United States at $96 million and predicted it would grow
to $3.5 billion in 2005.
IDC analyst Joshua Duhl says that prediction will be revised downward when
new figures are made available next month, thanks to a sluggish economy,
unprofitable transaction-based pricing models and a patchwork of offerings
and standards.
For instance, Microsoft makes software that will only work on its media
players, and RealNetworks makes software tailored for use on its Real media
players.
Interoperability isn't the only problem. Unless software is totally
invisible to the average consumer and easy to use, securing content with
DRM software could fail and rip-off artists will reign unchecked, analysts
say.
Even if software becomes standardized, it probably won't be hard for
skilled digital pirates to give it the hook. Content providers and DRM
software developers concede some level of piracy is inevitable. Their goal
is to keep it out of the hands of the masses.
Patrick Breslin says all it takes to copy electronic music files is a trip
to an electronics store for a cable and basic computer know-how. "That's
not amazing technology and it doesn't mean I'm a hacker," says Breslin, CEO
of Relatable in Alexandria.
Relatable, which Breslin founded in 1999 with less than $1 million from
friends and family, has developed software that recognizes music files
based on their acoustic properties, helping content owners verify the
authenticity of the files. It can make "fingerprints" of consumers' song
files and compare them to original recordings held in copyright holders'
databases. Relatable's software can identify bootlegged recordings sent out
under bogus file names.
Last summer, after promising to honor copyrights, Napster installed
Relatable's software to sniff out unlicensed songs on its network. Breslin
says the software scanned hundreds of millions of files on the network.
The future of Napster is unclear, and Relatable has yet to turn a profit.
But Breslin says he is negotiating deals with other music providers. The
key, he says, will be convincing content owners to jump into the Internet.
"They're saying, 'Let's put plywood on the windows and bar the door,'"
Breslin says. "We're saying, 'Let's make this a huge Wal-Mart.' Everyone
who wants to go out the door needs to pass the cash register."
Miron, the CEO of ContentGuard agrees that content owners can make money on
the Internet, even in competition with free music and video offerings.
Reliable DRM software and exciting content will help, he says, but the
patchwork of different protection products on the market is holding things
back. "The industry would be a hell of a lot better off if all participants
had a common way to express rights," for their material, he says.
Content Guard is majority owned by Xerox and funded in the "triple-digit
millions" by Microsoft. The company hopes that XrML, a language developed
at Xerox's Palo Alto Research Center, will become the standard language for
expressing rights on media files due to its ability to operate on different
computer systems and applications.
ContentGuard designs custom software using XrML and hopes to earn revenue
from patents it holds on computer languages expressing copyrights. The
company won't disclose revenues.
Two other languages, ODRL and XCML, are also in the running to become the
standard. Last fall, ContentGuard scored a win when the MPEG-21, an
international group working to develop standards for the creation and
distribution of multimedia content selected XrML as its base language.
The company is now submitting XrML to other standards bodies. But even if
the software becomes the coin of the realm in the digital copyright world,
it won't matter unless studios and record labels to warm up to the
Internet. And Miron isn't sure how that will happen.
Options include monthly subscriptions or fees for downloads. Media
companies also are experimenting with putting premium information on the
Web, such as anthologies, live recordings and tour and concert information.
While such material can be copied, media owners are betting people will pay
if it is cheap and easy to access.
"The business models that will succeed online probably do not exist today,"
Miron says. "The state of the industry is mostly dabbling and
experimenting, which is why piracy is still the dominant, scaled offering."
While companies like Content Guard and Relatable work on a tech fix, policy
makers are taking a closer look at digital piracy law. For some, the DMCA
doesn't go far enough. To stop music and video pirates, Sen. Ernest F.
Hollings, the South Carolina Democrat, is sponsoring a bill that would
require all interactive devices to incorporate anti-piracy technology.
The measure would give manufacturers one year to comply, but doesn't call
for a specific type of technology to be used. The bill has the support of
media and entertainment executives such as Rosen and Valenti.
But the technology lobby opposes the bill. Groups such as the Software &
Information Industry Association believe anti-piracy technologies are at
too early a stage in their development to draw up government standards. The
only way copyright protection standards will develop, they argue, is if the
government gets out of the way and allows the marketplace to sort out what
works.
"It doesn't have legs," declares Rep. Rick Boucher, a Virginia Democrat, an
opponent of the Hollings measure. Boucher, co-chairman of the House
Internet Caucus, believes the DMCA should be re-examined because it favors
copyright holders at the expense of legitimate users.
Opponents of the DMCA, who include libraries and universities, contend that
the law restricts what is known as the "fair use" of a copyrighted
material. Because of the fear of mass distribution of content via the
Internet, critics say the DMCA wrongly makes it a criminal act to make back
up copies of music and video or sell a single copy to a friend.
Rather than jealously protecting their copyrights, Boucher thinks media
companies should make the jump online.
"They think all of the world is full of pirates," he says. "It's not. They
should start aggressively using the Internet."
********************
Los Angeles Times
Satellite Program Takes Schools to Students
Mobile classrooms are helping keep teenagers who have difficulty with
studies on track to graduate.
By JENIFER RAGLAND
TIMES STAFF WRITER
June 5 2002
It's before 8 a.m. and Larry Keegan, dressed in shorts and tennis shoes,
drives into the parking lot of a dusty Santa Paula strip mall. He swings
open the side door of the paint-peeled motor home.
And class is in session.
The teacher waits as, one by one, his students file in. They are teenage
mothers, former gangbangers and other would-be dropouts who are getting one
last chance at a high school diploma. "It's way better than regular
school," gushes student Alexandria Ramirez, who has been in and out of
Juvenile Hall since she was 14. "Everyone has an opportunity here--it's
just taking it."
The mobile classroom is part of Ventura County's Gateway School program,
which aims to recapture kids who have fallen behind in classes or been
expelled from mainstream middle and high schools.
Taking a Different
Approach to School
It reflects a growing effort by educators throughout Southern California to
bring these alternative school programs to the communities that need them
most. Whether they are in storefronts, churches or vehicles, the schools
are attracting teenagers who might otherwise be out on the street.
"Rather than letting them drop out, we reach out, and serve them in the
environment in which they're most comfortable," said Karen Medeiros,
director of curriculum for alternative education in Orange County.
"That's where they can be the most successful."
In the satellite program that began in Santa Paula about 15 months ago,
teachers believe the approach is working.
Keegan's students are on independent study, which means they complete
assignments at their own pace. For one reason or another, they couldn't
survive either academically or socially at the town's comprehensive school,
Santa Paula High.
Alexandria, 17, said the tension with some other girls at the high school
was so bad, she couldn't walk across campus without getting in fights.
C.B. Vasquez, 17, was lost in many of his classes and said his teachers
were always too busy to help.
Now, they come to the motor home for 90 minutes twice a week, where they
turn in work, meet with the teacher and update the weekly "contracts" that
spell out their next list of assignments.
"Larry goes through everything with me, and it really helps," said C.B.,
who hopes to earn his diploma next year and join the Marines.
Alexandria said being with Keegan in the mobile school has taught her how
to control her impulses to fight.
"Here, it's a nicer atmosphere, and everyone knows each other," she said.
"I've learned it's all about the way you present yourself."
Keegan's 1992 Chevy Chaparral, which Ventura County leases for $1 a year
from an Orange County program, is a converted classroom with eight
workstations.
At four makeshift desks that face windows, there is space for two students
each. Lawn chairs are stashed behind the seats in case more show up.
There is no bathroom, but students use nearby public restrooms available at
each of Keegan's three daily stops, which include a sheriff's substation, a
library and the shopping center parking lot.
With oldies radio humming in the background, students hunch over workbooks
as Keegan sits facing them in the passenger seat, monitoring their behavior
and grading their assignments. Every couple of minutes, one of them has a
question for him.
His route, which is about 12 miles a day, begins at 8 a.m. and ends at 3 p.m.
"It's just worked great up here," Keegan said. "It's perfect for the
environment we're in."
The motor home is one aspect of the satellite, which also includes a daily
classroom run by teacher Judy Dobbins out of a Baptist church. That program
also includes a day care center for teenage mothers.
Students are moved around between the two venues to meet their specific
needs, Keegan said.
Ten Santa Paula teenagers will graduate from the community school on June
13, among them 16-year-old Candace Johnson.
She said she never got the attention she needed in mainstream high school.
She will be the first person on either side of her family to earn a high
school diploma and plans to continue her education at Ventura Community
College in the fall.
"I probably would've dropped out a long time ago," she said. "There's no
way I would've made it there."
In Santa Paula, a working-class farm town where juvenile crime rates are
among the highest in the county, the service was needed, Keegan said.
He taught in Ventura County court schools for 10 years before volunteering
to create Gateway's first satellite school in Ventura in 1989.
Since then, he has helped create seven more, from Ojai to Simi Valley.
Before that, Gateway students had to travel to the main school site in
Camarillo, which was very difficult for teenagers in places like Santa
Paula, which is 30 miles away.
"We were asking kids who have had major problems with attendance and
truancy to get on a bus for 45 minutes to go to school," he said. "Since we
have located ourselves in the community, we have seen a lot more success."
Programs Face Cuts
in State Funding
But the programs also face some serious challenges.
Gov. Gray Davis' state budget initially included proposals to slash
independent study by 10% and to cut the higher revenue that county-run
schools get to educate kids who are on probation.
At the same time, programs in Ventura, Orange and Los Angeles counties have
seen rapid growth in the last five years and still need to expand,
officials said.
The programs are held to the same standards as other schools, including the
requirement that all students pass the California High School Exit Exam
beginning in 2004.
Keegan admits he is worried about the effect that the test will have on the
numbers of students the county programs will be able to graduate.
But he and Dobbins say that they have no intention of giving up. They will
continue to push things like volunteer job training and vocational programs
to show even the most discouraged kids they have a chance at a better life.
"I'd like to see everyone make it," Keegan said.
At 10 a.m., it's time for his next set of students. Climbing back into the
driver's seat, he takes his classroom with him.
**********************
Federal Computer Week
6/4/02
Patent office focuses on e-filing
Electronic filing of patent and trademark applications will become the norm
under a wide-ranging reorganization that the U.S. Patent and Trademark
Office announced June 3.
The centerpiece of the reorganization plan is an e-filing system that will
be developed jointly with Japan and countries of the European Union using
existing off-the-shelf software, said James Rogan, director of USPTO and
the Commerce Department's undersecretary for intellectual property.
The reorganization plan is expected to save the office more than $500
million over five years.
Rogan said he has already discussed the development of such a system with
Japanese and European patent and trademark officials. "Essentially our
multiple vision is to have an e-filing system that an American filer can
use here or in Europe or Japan with a click of a mouse," he said.
Other hallmarks of the reorganization plan include:
* A restructuring of the fee schedule for patent and trademark applications
to make it less expensive to file electronically than to file on paper.
* Efforts to competitively outsource patent and trademark searches to
private-sector companies.
* The institution of a four-track examination process that relies on
searches from other countries and governmental "industrial offices."
* A new system to upgrade and certify federal patent examiners' skills.
* Efforts to seek congressional legislation that will allow the patent and
trademark office to rescind a patent on its own rather than filing a
petition with a court to rescind the patent, as is now required.
Massive backlogs of patent applications are driving the reorganization,
Rogan said. It takes an average of more than two years for a patent to be
granted. Already 408,000 applications are in the examination pipeline, and
the backlog will grow this year as an expected 340,000 new applications are
filed, he said.
Currently only 2 percent to 3 percent of U.S. patent and trademark
applications are filed electronically, Rogan said. "We want to move to
where e-filing is considered the norm," he said. "Paper filing slows down
the process, is very cumbersome, is time-consuming and prevents us from
being able to work-share. In the 21st century, you can't just rely on an
18th-century model."
Developing an e-filing system unique to USPTO would be counterproductive,
Rogan said. Such as system would cost $100,000 or more and would not be
compatible with the patent and trademark filing systems in Europe and
Japan, where 90 percent of U.S. patent and trademark applicants also file
for legal protection.
Rogan said he has set a deadline of Oct. 1, 2003, to convert to an
all-electronic filing system for trademarks and Oct. 1, 2004, for an
all-electronic filing system for patents.
****************************
Federal Computer Week
Pa. creates cybercrime task force
Pennsylvania's state police department has created the first of several
planned regional task forces to fight the rising tide of computer crimes.
The first task force will be based in Embreeville, Pa., and will cover 11
counties in south-central and southeast Pennsylvania, sharing information
with district attorneys offices and local law enforcement agencies as well
as other state and federal agencies, said Trooper Linette Quinn.
Funded through a $250,000 grant from the Pennsylvania Commission on Crime
and Delinquency, the task force will include representatives from local
police departments and state and federal law enforcement groups who will be
trained and given equipment, such as computers and wireless phones, Quinn said.
The commonwealth has a computer crime unit within its criminal
investigative bureau, and some local law enforcement agencies have similar
units, Quinn said. But the formation of the regional task force will help
agencies pool resources and share information more effectively as the
cybercrime problem gets worse, she said.
In the past 15 months, the commonwealth has investigated 705 "traditional"
computer crimes such as fraud, identity theft and child pornography and
558 "technical" crimes, including hacking and unauthorized access to a
computer, Quinn said.
"It's becoming more prevalent," she said.
********************
Federal Computer Week
6/03/02
House office secures files with biometrics
The Office of Legislative Counsel for the House of Representatives on June
1 planned to become the first office on Capitol Hill to install biometric
technology to protect confidential files and working documents, using iris
scans to authenticate users' identities.
The office selected SAFLink Corp.'s SAF2000 authentication software, which
enables customers to choose among a variety of security technologies,
including fingerprints, speech verification and face recognition. The cost
is $36,000.
"It's easy, and it will get us out of password jail," said Lynn Richardson,
the office administrator.
Until now, the office has required users to change their passwords every
three months, but the routine was a hassle because people couldn't remember
them, Richardson said. Office managers had been looking for other ways to
increase security.
But the search became more critical after the anthrax scare on Capitol Hill
last fall forced the office to shut its doors for more than a week. It
scrambled to buy laptops for its staff of 50 to continue working from other
locations, but managers were concerned the laptops were not secure enough.
SAF2000 uses a biometrics suite for Microsoft Corp. Windows NT/2000
networks. The company's iris recognition system is patented, according to
Matt Shannon, SAFLink's manager of government services.
The office wanted the technology, Shannon said, because of the difficulty
of changing passwords and the ability to restrict access to working
documents until they were ready to be released to the public.
The technology also enables customers to mix and match security systems.
For example, fingerprint technology in a hospital setting may not be the
best system because workers wear latex gloves, Shannon said. Iris scanning,
on the other hand, may be the preferred technology because it involves no
physical contact.
"Because documents created and held by [the office] are sensitive in
nature, it is important that they be adequately secure," said Walter
Hamilton, SAFLink's vice president of business development. "We believe
that our SAF2000 solution, combined with Panasonic Authenticam desktop iris
recognition cameras, will provide the level of security required for this
critical government application."
******************
Los Angeles Times
Hollywood Has a Setback in Controls for Digital TV
Hollywood studios seeking to impose electronic controls on digital
television broadcasts suffered a setback yesterday as a coalition of
technology and consumer electronics companies supporting their efforts
crumbled in a cross-industry power struggle.
A long-awaited report that the studios hoped would provide the consensus
necessary for anti-piracy legislation and that members of Congress hoped
would jump-start the stalled rollout of digital television instead
disclosed a host of dissenting opinions.
Hollywood executives have long maintained that they will not release their
most valuable programming in digital format until they can ensure that
viewers cannot copy those programs to the Internet. Makers of digital
television sets blame the shortage of programming for slow sales of the
devices, which are in fewer than a million homes.
The Broadcast Protection Discussion Group was formed last November to try
to arrive at a proposal for a technological standard that consumer
electronics and computer makers could build into their machines to protect
digital broadcasts. And if there was general agreement on one point at the
end of the months-long process, it was that such protection remained a
worthwhile goal.
"The key agreement was that digital television should be protected from
unauthorized redistribution," said Andrew G. Setos, president of
engineering for the News Corporation's Fox Group and co-chairman of the
group. "Hopefully work will now start on getting it memorialized as a
federal mandate."
The studios and their trade group, the Motion Picture Association, sought
to portray the report as a positive step forward that could still quickly
result in legislation, or a Congressional directive to the Federal
Communications Commission to supervise the regulation. But technology and
consumer electronics executives said it was far too soon to think about
adopting a voluntary standard, much less legislating one.
"May I say quickly that there is no consensus embodied in that report,"
said Tom Patton, vice president for government relations at Royal Philips
Electronics. "None."
Philips, along with several other consumer electronics companies,
complained that the studios' proposal would prevent consumers who use an
updated device to record a program from watching it on one of the 30
million DVD players that are in homes today because the program would be
scrambled.
The dissenters in the consumer electronics industry were also joined by
Microsoft in objecting to the degree of control that the studios wanted to
exert over which technologies would be deemed to meet their copy-protection
standards.
"They were proposing criteria that were largely subjective," said Andy
Moss, director of technical policy for Microsoft.
The basic idea is that broadcasters would include a digital "flag" in each
broadcast, which would be detected by the technology in the devices and
scrambled upon receipt. Digital programs that include the flag could be
moved electronically between devices in the home, but not transmitted to
the Internet.
Some device makers and computer manufacturers have been lukewarm to the
concept, arguing that the expense and effort it requires would not prevent
Hollywood's material appearing on the Internet.
And the Electronic Frontier Foundation, a civil liberties group that
participated in the discussions, argued that preventing consumers from
e-mailing an excerpt of a show over the Internet violated fair use rights
under copyright law.
But the central stumbling block to arriving at a broad agreement on the
proposal may simply have been a bid by the studios for too much control
over carrying it out. Microsoft, Philips and Zenith all have
copy-protection plans of their own that they would like to market to device
makers. The studios, however, appear to favor one system developed by a
group of companies that include Intel, Toshiba and Matsushita. Zenith is a
subsidiary of LG Electronics.
Disenchanted by the informal discussion process, which did not involve
clear procedures for resolving disputes or voting rules, several
representatives from technology and consumer electronics companies said
they would prefer any future discussions to take place in a forum
sanctioned by the government.
That will almost certainly be one subject of debate when the House Energy
and Commerce Committee holds an industry discussion on digital television
next week.
"Frankly we're surprised," said Ken Johnson, a spokesman for Representative
Billy Tauzin, the Louisiana Republican who leads the committee. "When we
looked at the report we said, `Boy, we've got a lot of work to do.' "
*******************
BBC
Net renewal plans under fire
Key parts of a reform plan put forward by the head of the internet's ruling
body have been rejected by a group advising on how to make the organisation
more effective.
The group was set up by Icann, the Internet Corporation for Assigned Names
and Numbers, to assess a radical plan floated in February by Stuart Lynn,
the net body's president.
His plan suggested getting governments on board to help fund and run Icann
and ending the system that lets net users vote for some members of the
group's board.
The group is now seeking public comment on its recommendations prior to a
meeting in Romania where Icann's future structure will be decided.
Public plan
Icann was created in October 1998 to manage the transition of the net from
a US administered proxy to a more international and open network.
Icann set up the Evolution and Reform Committee in March to deal with the
flood of comments and suggestions unleashed by Stuart Lynn's plans to
reform the organisation.
In that plan, Mr Lynn candidly declared that without reform Icann was in
danger of "failing".
Many net commentators criticised the Lynn plan because it swapped
grassroots net user involvement on the Icann board for the backing of
governments.
Final say
Now, the committee has also declared its opposition to the idea of letting
governments run the organisation.
Instead it recommended that the country code registries, who look after
domains such as .uk and .fr, should get a seat on the board as should some
representatives of the larger net community.
Other seats on the board would go to members of Icann's technical groups as
well as security experts, domain registrars and government delegates.
The final decision on the future structure of Icann will be made at a
meeting in Bucharest on 24-28 June.
*****************
BBC
Spy cameras target school vandals
Schools in Wales have found a novel use for their broadband connections by
hooking up to digital CCTV cameras to put an end to vandalism.
Seven schools in the Newport area are currently connected to the
surveillance system and it is said to have made a huge difference already.
"The first school had the system installed in January 2001 and since that
time has had no reported damage," said principal consultant at Newport
County Council, Phil Cox.
"Previously, there was a lot of vandalism with the glazing budget alone
costing £6,000 a year.
"There were condoms, beer cans, hypodermic needles and all kinds of things
that you don't want in a school environment lying around the playground,"
he added.
Broadband crucial
A total of 20 schools in Newport will have digital CCTV cameras installed
by September.
Although some schools have their own stand-alone CCTV systems which record
any intrusions, this is the first time cameras in schools in the UK have
been connected to a central network.
Unlike analogue CCTV, digital cameras use the existing broadband
infrastructure, installed in the schools as part of a government
initiative, to send pictures back to a control centre at the council offices.
"Broadband is crucial and it represents a good return on investment for the
schools," said Mr Cox.
"They are paying £5,000 a year for high-speed internet which they only use
during the day. Now they can use it after hours and have added security for
nothing," said Mr Cox.
The cameras are only turned on outside of normal school hours. An alert is
sent to the control room when an intruder is spotted.
Community action
If needed, Community Safety Wardens can be sent to the scene and police
back-up can also be called on.
The broadband link also allows for a more co-ordinated approach to the
problem of vandalism.
The pictures from the digital cameras are of high quality, allowing social
workers and community teams to identify offenders and do something about it.
"Social services can identify where the problems lie and work with schools
and communities to find something for these kids to do," said Mr Cox.
It also allows for immediate communication between the council and schools.
"I spotted a couple of children on a roof the other day and was able to
clip images and send them straight to the school in an e-mail to let them
deal with it," he said.
*********************
SFgate.com
Deleting downloads
Companies concerned over employees' file-sharing at work
Back in the pre-Napster days, Harold Kester wasn't too concerned that his
employees were using company computers and Internet connections to download
music or movie files.
But then a couple of tech-savvy employees downloaded and stored on a
company server a bootleg copy of "Star Wars: Episode I -- The Phantom
Menace" long before the film hit the theater. After work, the employees
would take over a conference room, project the film onto a big screen and
invite co- workers to watch. They even served popcorn.
"When I got wind of that, I realized, 'Hey, we have a real liability issue
here,' " said Kester, who immediately shut down the makeshift movie house.
Since then, Napster and successors like KaZaa, Morpheus and Audiogalaxy
have brought online file sharing to the masses, much to the dismay of the
entertainment industry. But the popularity of file swapping has also put
pressure on corporate technology managers to become more vigilant about
employees using company computers to download files.
While file swapping has raised concerns about lowered productivity, there's
also a fear that the programs, which allow outsiders to access files on
company computers, could compromise network security. Using company
equipment to download and store pirated material could also leave firms
vulnerable to copyright infringement suits.
Firms that sell Internet filtering and blocking software, like Secure
Computing Corp. of San Jose and Websense Inc. of San Diego, say their
business is picking up.
Kester has left his old firm and is now chief technology officer at
Websense, which commissioned a March report that found 30 percent of 250
firms surveyed were blocking employee access to any site related to the
downloading of music. And 14 percent of the firms had reprimanded or
disciplined employees for downloading music.
But those numbers could increase as companies upgrade to faster, more
powerful computers, especially ones with recordable CD drives, said Anne
Aarness, a product manager with Secure Computing.
"We do seem to be getting more and more requests and more inquiries," said
Aarness, product manager for the firm's SmartFilter program.
Nobody seems to know how much file downloading happens at the workplace,
but there have been numerous anecdotal reports of employees setting up
special MP3 servers or downloading movies while working.
Experts note that such file trading works best with a high-speed Internet
connection that most Americans still only have access to at work, not at home.
Members of the Recording Industry Association of America, which
successfully brought down Napster in court and is trying to do the same
with the other file trading services, has so far only gone after one company.
Integrated Information Systems Inc., or IIS, agreed to a $1 million out-of-
court settlement with the RIAA, which found the Tempe, Ariz., firm had a
computer server specifically used by employees to download, store and share
thousands of MP3 songs. The RIAA claimed it found illegal copies of songs
by artists such as the Police, Sarah McLachlan, Ricky Martin and Aerosmith.
IIS officials said they settled the case to avoid litigation, but do not
admit any wrongdoing.
Although the case was settled in 2001, the RIAA issued a press release in
April 2002 to send a message to other corporations that policing their
systems for illegal music is as important as controlling software piracy or
pornography, RIAA President Cary Sherman said last week.
"We'd like to see them focus on music piracy in the same way," Sherman said.
"Most business executives aren't thinking about music piracy as having
anything to do with them directly."
The RIAA is also taking a cue from software publishers, who have long
relied on tips from disgruntled employees. One such tip led to the
investigation of IIS.
"We're beginning now to get reports from other disgruntled employees about
what corporations are doing," said Sherman, who declined to say what other
investigations his group has started.
According to Redshift Research Inc., the peak usage period for KaZaa, the
leading file-sharing program, is usually between 11 a.m. and 1 p.m. Pacific
time. However, Redshift analyst Matt Bailey said KaZaa has as many users
living in Europe as in the United States, so he attributes KaZaa's peak
period to European members logging on after their workday is done.
Most U.S. companies do have policies in place that limit the personal or
improper use of computers and equipment. About two-thirds monitor
employees' use of the Internet, said Kristin Bowl, spokeswoman for the
Society for Human Resource Management, based in Alexandria, Va.
But more might consider banning file downloading to avoid legal
entanglements, especially if "they got a nasty-gram from the RIAA," said
Whitney Broussard, an entertainment law attorney with Selverne, Mandelbaum
& Mintz, LLP, of New York.
Even companies that promote Internet music remain wary of letting their
employees download songs. David Miller, who used to work for RollingStone.
com's Tunes.com site, said the firm blocked employee use of peer-to-peer
programs like Napster for fear someone could gain entry into the firm's
computer network.
************************
SFGate.net
Pleasant Hill hacker draws feds' attention
Pleasant Hill -- As "Pimpshiz," the self-righteous hacktivist who two years
ago cracked government, military and financial Web sites to post his
pro-Napster manifesto,
Pleasant Hill teenager Robert Lyttle gained his 15 megabytes of infamy --
not to mention a juvie court record.
Authorities took his cracking seriously. But, to many Net nerds, his hack
attacks were harmless defacements best forgotten, not prosecuted. It was
assumed by cyber cynics that, as soon as this teen hacker got a job or a
girlfriend, his hacking days would cease.
Think again.
Two weeks ago, the FBI swooped into Lyttle's bedroom with guns drawn and
search warrants flapping. They suspect Lyttle, 18, of being one-half of a
so- called patriotic defacement team called "the Deceptive Duo," which in
recent months has defaced more than 100 sites, ranging from the Federal
Aviation Administration to the Department of Transportation to Sandia
National Laboratories.
No one's laughing anymore at this Diablo Valley College student by day,
scofflaw "script kiddie" by night. FBI and Department of Defense forensics
experts are reviewing Lyttle's computer equipment and files to determine
whether federal charges should be brought against him.
According to the Web site Security Focus Online, Lyttle's partner in "the
Deceptive Duo" is a Florida hacker with the handle the Rev, who claimed
responsibility for hacking into the New York Times' site and Intel's system
last year.
Sources said the Contra Costa district attorney's office is in the process
of revoking Lyttle's probation. He is required to wear an ankle bracelet
and can only leave home to attend his computer classes at Diablo Valley
College.
Dodie Katague, the Contra Costa assistant district attorney who prosecuted
Lyttle, could not comment on the revocation of Lyttle's juvenile probation,
but said being accused of a second offense so soon after his first
conviction is serious.
"He's an adult now, 18," Katague said. "And this is a federal offense. If
he did break into federal Web sites, they should prosecute him. And I'm
sure they will."
Now that he's of age, Lyttle could face years in prison for defacing
governmental sites. He has retained San Francisco attorney Omar Figueroa,
who said Lyttle's actions were "benevolent, not malicious," and said that,
if Lyttle is the hacker in question, he did it to alert government
officials about their vulnerability to cyberterrorists in the wake of the
Sept. 11 attacks.
This so-called patriotic act may get Lyttle charged with violating the USA
Patriotic Act of 2001, which Figueroa says would means "decades in prison."
Lyttle's lawyer maintains his client is not a terrorist.
"If Robert is charged, it's fair to say what he may have done had no
criminal intent," Figueroa said. "A fundamental principle of criminal law
is that there can be no crime without criminal intent. Based on that, I
believe he will be vindicated.
"But if the government misapplies the Patriot Act, that would be a way, way
over stiff penalty. He's a young guy, just 18, and we're trying to channel
his talent in a positive way. If they want to be punitive, it would cause
him to become a rebel."
Even more of a rebel, I presume he means.
Lyttle did not respond to my e-mail queries about his latest legal spat,
but in February I quoted him as saying "it's extremely hard to live a legal
life on the Internet."
In the past few weeks, while they reportedly were hacking into government
sites using default passwords in Microsoft IIS servers, the Deceptive Duo
left a prepared statement for supporters in the event they were caught,
according to a story on Internet
news.com. It read: "We came into this willing to endure any prison sentence.
We sacrificed our future for the sake of public safety."
The message left by the hackers on the defaced sites implored information
technology officials to tighten online security.
One of the duo's messages on the defaced FAA site, accompanied by an
American Flag icon with crossed guns in the foreground, read: "Tighten the
security before a foreign attack forces you to. At a time like this, we
cannot risk the possibility of a compromise by a foreign enemy. You say
that we cause trouble by informing you of your weaknesses by hacking into
your computers, yet your very own Agents do the same. We all witness the
news stories about how an Agent successfully snuck weapons past Airport
security. For auditing? For the very same reason we do it. Until you
understand, you will get nowhere."
But Katague, who works in the new high-tech unit of the Contra Costa's D.A.
's office, said Lyttle's patriotic claim is at best disingenuous and at
worst a cynical lie.
"He wants to just drum up business for himself and his (software) company,"
Katague said. "Plus, he's probably addicted to (hacking) and can't stop.
He's following in the footsteps of other famous hackers, like Kevin Mitnick
and Kevin Poulsen. They were famous hackers and eventually got great jobs
working in Internet security.
"People say that (Lyttle) is a 'white hat' hacker trying to expose the
flaws in the system. But, you know, the analogy I'd use is, our children
have weaknesses and can be exposed, but we don't go around kidnapping them
just to prove there are holes in children's security. It's the same thing
here."
Lyttle's attorney, meanwhile, is trying to rally the cybercommunity to help
the case.
"We're going to get support letters from all over the nation for Robert,
urging the U.S. Attorney's office not to prosecute him," Figueroa said.
"That's been successful in other cases, like the Dmitry Sklyarov case."
True, federal prosecutors agreed in December to drop charges against the
Russian programmer who found a way to that let users circumvent copyright
protections on electronic-book software made by Adobe Systems Inc. Instead,
only Sklyarov's company, ElcomSoft, is facing a trial and could face big
fines.
Getting fined, it seems, would be the least of Lyttle's worries at this
point. But, from previous Internet postings before the mid-May raid, Lyttle
made it sound as if his alleged actions were merely a form of civil
disobedience.
"We need to take drastic steps in securing our country from foreign
enemies, " they wrote in a message printed by Wired.com. "We risk ourselves
for the sake of the countrys (sic) security."
Sam McManis can be reached at (925) 974-8346 or at smcmanis@xxxxxxxxxxxxxxxx
*********************
Government Executive
House panel backs anti-terror information sharing bill
By Molly M. Peterson, National Journal News Service
A bipartisan bill to make it easier for federal agencies to share
counter-terrorism information with state and local officials won quick
approval from a House Judiciary subcommittee Tuesday.
The Homeland Security Information Sharing Act (H.R. 4598) would direct the
president, the attorney general and the director of central intelligence to
develop procedures for federal agencies to share classified or sensitive
threat information with certain state and local officials, and vice versa.
The Crime, Terrorism and Homeland Security Subcommittee approved the
measure by a unanimous voice vote.
The bill would require agencies to declassify information before sharing it
by redacting the names of sources and intelligence-gathering methods. Bill
sponsors said agencies would be required to use existing declassification
technologies, such as those used for sharing information with NATO allies
and Interpol. They would also be required to use existing networks, such as
the National Law Enforcement Telecommunications System, to share that
information with state and local officials.
"With the recent press reports about what information the government had
prior to Sept. 11, it has become abundantly clear that better information
sharing among government agencies, and with state and local officials,
needs to be a higher priority," said Rep Saxby Chambliss, R-Ga., during a
hearing that preceded the markup.
Chambliss co-authored the legislation with Rep. Jane Harman, D-Calif.
Neither Chambliss nor Harman are members of the Judiciary Committee, but
they both serve on the House Permanent Select Committee on Intelligence's
Subcommittee on Terrorism and Homeland Security.
"The United States government has vast amounts of information that might be
useful in stopping suspected terrorists and criminals across the nation,"
Chambliss said. "Yet old, outdated computer systems cannot talk to each
other, share information or quickly provide alerts and warnings to
officials who need to know."
Harman testified that although federal agencies typically gather the most
intelligence on suspected terrorists, state and local officials are the
most likely to encounter those individuals. She noted, for example, that
one Sept. 11 hijacker had been stopped for speeding by a Maryland state
trooper two days before the attacks. The trooper did not detain the
individual because he had not been informed that the individual was listed
on a CIA watch list of suspected terrorists.
"Every act of terrorism is local--it happens in a neighborhood in someone's
city," Harman said. "These people need good information. They have to know
what to be looking for."
Subcommittee Chairman Lamar Smith, R-Texas, is one of several Judiciary
Committee members who have signed on as cosponsors of the bill. He said the
legislation would improve federal, state and local officials' ability to
"prevent, detect and disrupt terrorist attacks."
Prior to approving the bill, the committee adopted, by voice vote, an
amendment by Smith that clarified several provisions concerning classified,
unclassified and sensitive information.
For the legislation see:
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h4598ih.txt.pdf
***************
MSNBC
Evolving viruses threat to platforms
By Robert Lemos
June 5 A new virus called Simile.D may not be much of a threat to computer
systems, but some of its technical tricks could lead to a rethinking of the
principles underlying antivirus software.
THE PROGRAM HAS CODE that not only works hard to hide the virus'
presence, it also randomizes the program's size so as to make it harder to
identify. On top of that, the fourth and latest variant of the bugwhich
emerged this weekcan spread to both Windows and Linux computers.
"This is really pushing the boundaries on how to create
cross-platform viruses," said Vincent Weafer, senior director of security
response for antivirus-software maker Symantec.
The virus is hard-coded proof that a small segment of rogue
programmers can create complex code that is still difficult for antivirus
software to detect. If more viruses like Simile.D appear, it could leave
antivirus companies with a tough trade-off.
With complex viruses such as Simile.D, antivirus software has to try
multiple ways of identifying the code to get high recognition rates. And
while that might leave PC users protected from such viruses, it would also
bog down most computers. On the other hand, efforts to maintain performance
may instead let stealthy bugs through.
"It is getting us to think about different ways of handling the
problems," said Jimmy Kuo, antivirus researcher and McAfee Fellow at
security-software maker Network Associates. "What we are worried about is
detection taking too long to be useful. If the viruses get so complicated
that detection takes forever to detect the virus, than that will cause a
problem."
That's more of a threat than Simile.D itself.
If loosed on the Internet, the virus could cause some problems for
administrators because of its ability to jump from Windows to Linux and
back again. But the virus doesn't do much harm. On Windows systems, it
opens a dialog box with the author's name and the name of the virus, and
it's programmed to do this only twice, on March 17 and Sept. 17. On
infected Linux computers, the virus posts a message with similar content to
the console, on March 17 and May 17.
Other attempts have been made to create a virus that infects both
Windows and Linux, most notably the year-old Winux or Lindose virus.
However, that virus failed to spread. While Simile.D spreads successfully
to Linux machines, the risk is lessened by the fact that only systems
running in so-called superuser mode can be fully infected. "Superuser" and
"user" modes refer to the level of access a user has to a system and the
programs on it.
"It is less effective in Linux, especially if the user is running
in user mode," said Symantec's Weafer. "It's more likely to infect from a
Linux system to a Windows system than the other way around."
Roger Thompson, technical director of malicious code research for
security-information provider TruSecure, didn't think the Simile.D virus
would be much to worry about, even with it's cross-platform attack.
"It's going to be a Code Red and a Nimdaworms that use some new
exploitthat are really going to spread," Thompson said.
Nimda, which struck last September, blended several different types
of attacksspreading by e-mail, JavaScript, shared network drives, and
vulnerable Web serversand poked holes in the defenses of many companies,
even those with antivirus software.
Nimda, like Simile.D, showed antivirus vendors that the arms race
between the virus writers and antivirus researchers is going full tilt.
Simile.D, also known as Etap.D, is an example of a "concept virus,"
a lab sample created by the virus underground and published for others to
see. The major antivirus companies have already incorporated detection into
their software, so Simile.D poses little threat to most users on the
Internet who regularly download the latest definitions.
Yet, finding ways to detect it weren't easy.
Many antivirus programs detect viruses based on a "digital
fingerprint" of the code. For example, the latest variant of the Klez worm,
Klez.h, can be easily detected by current antivirus software based on its
digital fingerprints.
However, with Simile.D's ability to change its characteristics like
a chameleon, that's not possible.
For just such an eventuality, most antivirus programs also look for
virus-like behavior and try various types of pattern-matching that are
keyed to encryption routines designed to hide a virus, and to the way a
virus piggybacks on other programs.
"What you end up doing is a combination of the above, and you look
at the code itself," said Symantec's Weafer.
Such techniques are time consuming, however, leaving software
makers looking for other ways to maintain system security: "signing" code
with a digital signature from a trusted source; keeping a database of
acceptable code on the system; and limiting user power on the computer to
certain tasks that aren't subject to virus attacks.
But while Simile.D has renewed discussions between antivirus
researchers over how best to keep viruses out of systems in the future,
standard measures still work, said Network Associates' Kuo.
"We aren't there yet," Kuo said.
**********************
Computerworld
Clarke warns educators about need for better security
REDMOND, Wash. -- Despite evidence of al-Qaeda's research into American
utility companies gleaned from laptops seized after the Sept. 11 terrorist
attacks, don't expect the National Security Agency, CIA and FBI to warn
businesses when a cyberattack might take place.
That was the message delivered yesterday by the president's cybersecurity
czar, Richard Clarke, to 300 educators attending the sixth annual National
Colloquium for Computer Security Education at Microsoft's conference center.
"Law enforcement can't save the private sector," Clarke said. "We can't
tell the energy companies and the pipeline companies how to configure their
systems. At a fundamental level, it doesn't matter who the threat is."
What matters, he said, are the vulnerabilities within corporate networks
that present risks to national infrastructure. And the most vulnerable
networks are those at universities and college systems, many of which have
little or no protection -- and thus make great launching pads for attacks
against infrastructure companies.
Clark challenged the computer security and information assurance program
directors to push for better security at their own schools. And he urged
them to develop research curriculum around secure operating systems,
routers and out-of-line management.
"In three to four years, we will have a billion IP addresses," he said. "Do
we still want to use TCI/IP? Do we still want the same domain naming
system? Do we still want the same wireless security we're using today?"
To champion better security at their own campuses, Clark said attendees
needed to become "nudges" by pressing university provosts and boards of
regents for better security programs and educational grants.
"An information war is coming some day, and the $15 billion in losses from
hacking cited today will seem like nothing when it happens," he said.
But attendees questioned whether scare tactics would result in better
security programs.
"Security already has this image that it's a pain in the ass," said Peter
Tippett, founding chief technology officer at TruSecure Corp. in Herndon,
Va. "From the viewpoint of the CEO, he's got to open his business in Poland
next month and all he's hearing is pain, pain, pain."
Instead, security professionals should push their agendas by adhering to
the business goals of value-add, something largely missing from security
and information program syllabuses offered at the session.
Broader Selection of Security Courses
Most representatives and speakers talked of information assurance programs
at the bits and bytes level, with research agendas heavy on technology,
including loss-leaders like public key infrastructure. And, while speakers
touted forensics programs, intrusion-detection and prevention programs,
security standards development and other technical programs, there was
little talk about business value and critical thinking.
"Schools are pumping out too many students who approach security
mechanically from an engineering perspective," said Nimal Jayaratna, head
of the Curtin University of Technology in Perth, Australia. "There's no
critical thinking being taught."
Curtin just rolled out three new post-graduate Internet security management
programs, and each of the degrees starts with three courses on project and
risk management, information security management and problem solving. In
the second semester, the programs include a course on client management.
Some educators, such as Alexander Korzyk, assistant professor at the
college of business and economics at the University of Idaho in Moscow,
Idaho, questioned whether information security should remain in the
computer science discipline at all, or be moved to areas of study more
reflective of business risk issues.
Several colleges, including Johns Hopkins University in Baltimore, are
making information protection part of their multidisciplinary academic
programs. Because it's got the largest campus-based medical teaching
center, health care privacy is being introduced at the university's school
of public health. There are also new courses on information security,
security architecture and e-commerce security in the school of business and
education. And international studies students will be introduced to
international cybersecurity and privacy issues.
***********************
Computerworld
Nets exposed by 'rogue' threats
Unauthorized wireless LAN access points that are being surreptitiously
installed on corporate networks pose a dangerous and little understood
security threat to companies, users and analysts warned last week.
Called "rogue APs," these access points are usually installed without the
knowledge of the IT department by employees or branch office and plant
managers who want the mobile convenience provided by 802.11b, or Wi-Fi,
wireless LANs. But even technology vendors agreed that when this happens,
easily exploitable holes are opened in wired networks.
Delphi Corp. is one user that takes the threat seriously. According to
Chuck Maiorana, Delphi's director of communications engineering, the Troy,
Mich.-based manufacturer of automotive electronic components and systems
routinely "sniffs" its facilities in an attempt to detect rogue APs.
"We do drive around our buildings and see what we can sniff out," Maiorana
said. "If we find one, we shut it down."
That puts Delphi way ahead of many corporations, said Chris Kozup, an
analyst at Meta Group Inc. in Stamford, Conn.
Kozup said many companies aren't aware of the security problems inherent in
unauthorized wireless devices, which are usually installed without any kind
of security. But once alerted to the issue, large enterprises that conduct
wireless LAN audits find as "many as 10 to 20 rogue APs connected to a
network," he said.
The rogue APs discovered by Kozup's clients so far have been installed by
employees of the companies, but he said IT managers also need to be aware
of the threat of "malicious" rogue APs that could be installed by outsiders.
Brian Grimm, a spokesman for the Wireless Ethernet Compatibility Alliance
trade group in Mountain View, Calif., estimated that technology vendors
ship about 300,000 wireless LAN access points to users each month.
Bob Black, a corporate systems engineer at networking equipment vendor
Avaya Inc. in Basking Ridge, N.J., said he thinks that up to 5% of those
devices, or 15,000 per month, could end up as rogue APs.
Thor Sigvaldason, director of the advanced technology group at New
York-based PricewaterhouseCoopers' PWC Consulting division, said, "Any
company with 50 or more employees has a pretty good chance" of having
undetected rogue APs on its internal networks.
Sigvaldason said the proliferation of rogue APs has been spawned by the low
cost of the devices$200along with their ease of installation. "The problem
is going to get worse before it gets better, as prices come down," he said.
"They're brain-dead easy to install."
Both Kozup and Sigvaldason said deterring the installation of rogue APs
must start with establishing unambiguous policies against their use,
including the threat that employees will be terminated.
They also advised that companies need to continuously monitor for rogue APs
as part of their security procedures.
**********************
News.com
Hollywood faces recurring Net nightmare
By Stefanie Olsen
Staff Writer, CNET News.com
June 5, 2002, 10:50 AM PT
A video-on-demand site that was shut down earlier this year with the help
of Hollywood has seemingly sprouted a new head in Iran, underscoring vexing
problems of Internet copyright enforcement for movie studios.
Taiwan-based Movie88.com, which sold access to thousands of films for $1
each, went dark in mid-February after a powerful motion picture lobbying
group worked with the local government to pull its plug. The site, which
offered movies owned by the major studios without their authorization, was
deemed to be infringing on their copyrights.
Now, Film88.com has sprung up in its place, with an uncannily similar
formula for renting and streaming films over the Internet. However, the
site is a new venture based in Tehran, Iran--a country that broke off
diplomatic relations with the United States more than two decades ago and
that does not protect foreign copyrights.
"Movie88 is dead," Hail Hami, Film88's operator, wrote in an e-mail
interview with CNET News.com. "We recruited some staff and a lot of ideas
from Movie88. But we feel that we are better than Movie88. We have streams
at 500k and are more user friendly."
Film88 is a kind of sequel to Hollywood's real-life horror story, in which
Internet thieves trade and own access to content without ever paying for it.
Fighting back against rogue operators, the Motion Picture Association of
America (MPAA), which represents the seven major movie studios including
Walt Disney and Sony Pictures Entertainment, has launched a massive strike
at Net bandits of all sizes that violate its members' copyrights. So far,
the MPAA has had success defusing projects such as iCraveTV.com, an
Internet TV service launched in Canada, and Web VCR service RecordTV.com.
But as services crop up in countries that do not recognize U.S. copyrights,
anti-piracy fighters may have an increasingly difficult time nailing down
these elusive threats.
The Taiwanese authorities shut down Movie88 through its Internet service
provider under international provisions in the U.S. Digital Millennium
Copyright Act.
American interests are unlikely to find such a receptive ear in Iran. The
two countries broke off diplomatic relations after Iranian students overran
the U.S. Embassy in Tehran on Nov. 4, 1979, and held 52 Americans hostage
for 444 days--an incident that helped Ronald Reagan defeat Jimmy Carter in
the 1980 U.S. presidential race.
Since then, relations between the countries have remained hostile--a stance
that intensified after suicide hijackers destroyed the World Trade Center
on Sept. 11, killing more than 3,000 people. In his State of the Union
address following the attack, President George W. Bush named Iran as part
of an international terrorist "axis of evil," along with Iraq and North Korea.
"This is part of a continuing trend where we'll see more and more
file-sharing services pop up in countries where intellectual property is
difficult to protect," said PJ McNealy, research director for GartnerG2, a
division of research firm Gartner. "The IP laws aren't as advanced or
stringent in other countries" as they are in the United States.
Video store on the Web
Film88 runs on a video-store model, letting people "rent" movies for three
days in return for a payment of $1 to $1.50. The movies cannot be saved to
a hard drive or downloaded. It offers a range of top releases including
"The Scorpion King" and "Star Wars." But the film archive lacks popular
features such as "American Beauty" and "Lord of the Rings."
Viewers are limited to watching movies in a small box on their computer
screens, using RealNetworks' RealOne media player. Video accessed in a test
was sharp, although there were some glitches. Viewers can pause,
fast-forward and rewind movies, although resuming play took several minutes
as the movie caught up.
Film88's Hami said the site does not have many users because it has just
launched. According to registration records on VeriSign, which runs the
.com top-level domain, the site was registered April 18.
Hami said the company is working out a reasonable percentage of film
rentals, between 25 percent and 30 percent, to pay the copyright owners in
the Unites States and elsewhere.
"We are still working on the fair percentage," he said. "The Internet
economy is very different, and if we price our rental more than $1, there
may not be good response. So, we are going for volume."
Sites such as Film88 could undermine Hollywood's own Internet distribution
plans, which have been taking shape slowly. Consumers can buy and rent
movies over the Internet for viewing on a computer from a handful of legal
commercial services, including Intertainer and CinemaNow. But for now, the
major studios are focusing on cable and satellite services linked to
television, rather than Internet services, to distribute their products.
Video-on-demand services with support from the top film distributors, such
as MovieLink, are expected to introduce services later this year. But those
efforts have run into difficulties. Regulators have been looking into the
studios' planned Internet distribution partnerships, and News Corp.'s 20th
Century Fox studio earlier this year pulled out of a joint venture with
Walt Disney to create a video-on-demand service dubbed Movies.com.
Copyright owners could seek to have the Film88 Web site shut down by asking
the domain registrar--U.S.-based VeriSign--to deactivate the address. But
that solution would only offer a stopgap with no guarantee that the service
would be kept off the Web permanently.
In the event the domain-name registrar is served with legal papers to
remove a site, it will comply, said VeriSign spokesman Brian O'Shaughnessy.
But if a domain name is yanked, the site simply has to sign up for another
one under a different registrar. This is typically the incentive for
copyright holders to try to shut down the site at its source, the Web host.
Hami said Film88 has learned from copyright experts that Iran does not
protect foreign copyrights. Nevertheless, the company plans to abide by
U.S. laws, he said.
"This is a new market for copyright owners which has not been fully
exploited," he said. "This market is also not in competition with the
conventional way of watching a movie in the cinema. We are not pirates, but
a technology innovator trying to balance between innovation and copyright
compensation."
Representatives from the MPAA were not immediately available for comment.
**********************
News.com
Off-key efforts hinder paid Net music
By Gwendolyn Mariano
Staff Writer, CNET News.com
June 5, 2002, 4:00 AM PT
As the Internet upends the recording industry's traditional distribution
system, some computer makers and retailers have been stepping into the
music delivery business.
Last month, for instance, Gateway signed up with EMusic, which sells music
from independent labels online, to bundle music with its direct-order PCs.
The announcement was just the latest in a string of deals aimed at bringing
music to the masses legally while spurring new sales of computers and
extras such as CD burners, MP3 players and broadband Internet service.
But as hardware manufacturers, retailers and online music services sign
deals at a breakneck pace, the question remains: What will it take to get
consumers to bite?
"The major record labels have not done a good job of enabling consumers to
buy online," Gateway spokesman Brad Williams said. "So we think there is a
huge opportunity" for Gateway to serve consumers' need to purchase legal
music online.
The stakes are high. The recording and entertainment industries are
aggressively seeking to shut off the proliferation of free music, films and
other digital content unleashed by the availability of fast Internet
connections and potent compression and file-swapping technologies. Their
weapons have included lawsuits and a congressional lobbying campaign. The
goal in Congress: to win passage of a bill that would force
consumer-electronics companies to include a government-mandated
copy-protection system in their products. That proposal has sharply divided
content owners and equipment makers, who fear such controls could severely
hamper demand for some of their hottest products.
In this accusatory environment, cross-industry promotions offer a glimpse
of how music companies and equipment makers are seeking common ground.
Unfortunately for both sides, most deals to date have been flops, partly
because of the slow adoption of paid music services in the face of
file-swapping networks that offer a smorgasbord of free music online.
"This is the next step in the evolution of changing a mentality--opening
consumers' minds to legal alternatives," said Jarvis Mak, a senior analyst
at research firm Nielsen/NetRatings. "Hopefully, they'll migrate in that
direction, but it's not as easy as that."
The dealmakers
Music service companies such as EMusic, MusicMatch, Liquid Audio and
Listen.com all rely on deals with original equipment manufacturers that
create components other companies use to build a product. They say these
agreements play a key role in discovering what works and what falters in
selling music subscriptions.
As a result, the music services spend a significant percentage of their
time on collaborating deals. EMusic, for instance, said it spends about 60
percent of its time on how it markets its paid service through its
partnerships.
The company, which Vivendi Universal bought last year, has cut a host of
bundling deals, including a pioneering agreement in 2000 that packaged two
months of free, unlimited downloads from its site along with
Hewlett-Packard's CD-Writer recordable drives. That arrangement, which
lasted only three months, was followed by a string of others, including a
second HP deal as well as pacts with Iomega, Sonicblue and Gateway.
So much for synergies. In two years, EMusic has signed up just 50,000 paid
users for its menu of some 100,000 independent label tracks, according to
the company, a trivial number compared with the ranks of Web surfers drawn
to the free file-swapping services it competes against. LimeWire, one of
the most prominent versions of Gnutella-based software, reported that in
one day, it reached 300,000 people.
EMusic General Manager Steve Grady acknowldged that some of the deals
didn't work, but he defended them in general as useful experiments and, in
some cases, as a cost-effective alternative to mass marketing. When EMusic
was an independent company with a small marketing budget, he said, it
didn't have the money to conduct tests for its service, and the
collaborative deals enabled it to know that every dollar it spent was going
toward a subscriber coming into the service.
Still, he said, some partnerships didn't meet the company's expectations. A
partner might have a million customers, but if it doesn't deliver them in a
way that is "compelling or visible," it doesn't help sell the service.
According to Grady, EMusic's second Hewlett-Packard partnership, involving
the Pavilion PC, has been among its most successful to date.
"The whole concept of a music subscription service is new to
people...Paying for downloads is something that most people are not
accustomed to," Grady said. "You have to keep the marketing
messages...compelling enough to get them in the trial--and that's the only
way you really have an opportunity to show them what the benefits are of a
service like ours."
EMusic's monthly service has two models: $14.99 per month for a minimum
three-month commitment, or $9.99 per month for a one-year commitment.
EMusic's library includes an eclectic collection of songs by artists
ranging from classic rockers Creedence Clearwater Revival to alternative
bands Pavement and Yo La Tengo, and numerous jazz and blues greats. But to
date it has only one song from a major record label: a dance version of
"Earth" by Meshell Ndegeocello.
Ambitious campaigns
As music companies are experimenting with their services, hardware
manufacturers, consumer-electronic companies and retailers are pushing
aggressively to be at the forefront of the digital music frontier.
PC manufacturer Gateway, for instance, has been hammering out a niche for
itself in the music publishing and distribution process. Over a course of
one month, Gateway teamed with a music provider, unveiled a music site, and
even launched a campaign against a bill proposed in Congress.
Through its ambitious initiatives, Poway, Calif.-based Gateway has been
attempting to show consumers how easy it is to access music legally on the
Internet. Its MusicZone site lets people legally download select singles.
Gateway has a deal with MusicMatch that allows the computer maker to bundle
music software with its desktop PCs. And Gateway's marketing program with
EMusic offers music fans legal MP3 downloads from EMusic's library of more
than 215,000 tracks. The companies said any consumer could sign up for the
30-day trial and download up to 100 free MP3 files.
The computer maker declined to provide specific subscriber numbers but did
say it's pleased with the reception it's received. The company said it has
shipped "hundreds of thousands" of MusicMatch's Jukebox.
Gateway said the objective of its music partnerships is not necessarily to
experiment. Rather, it sees the deals as "an opportunity to give customers
something they want."
The deals are "part of a larger initiative to speed the adoption of digital
technology," said Gateway's Williams. "It's exploded with consumers. It's
become something very popular with them, and for a short period of time
we're doing everything we can to give consumers new ways to enjoy digital
music legally."
Although Gateway is examining several ways of becoming a key player in the
digital music evolution, it has been at odds with the music industry. Two
months ago, the PC maker began a campaign against a bill proposed by Sen.
Ernest "Fritz" Hollings, D-S.C. The bill seeks requirements that computer
manufacturers and consumer-electronics companies install anti-piracy
software in their digital devices, among other things.
Gateway reacted strongly against the bill, saying it would be a threat to
shipments of CD burners. The PC manufacturer then launched a series of TV
advertisements and public statements promoting legal digital downloading.
The campaign included 60-second TV ad spots as well as free demonstrations
on how to legally download songs and burn them onto CDs through Gateway
Country retail stores.
The hardware manufacturers are not the only ones to try to capture the
consumers looking for legal music online. Retail outlets are also grappling
to become part of the digital evolution. A few weeks ago, for instance,
Best Buy relaunched its digital music Web site with Liquid Audio.
Best Buy said the new storefront offers people access to some 240,000 music
downloads. It also features a Best Buy-branded Liquid Player, downloadable
software that lets people listen to music, buy songs and transfer tracks to
a portable device or CD. Best Buy added that the site uses Liquid Audio's
commerce service, dubbed The Liquid Store, to sell secure digital music and
online gift certificates to consumers.
The retailer's deal with Liquid Audio is just one it has signed with music
providers. Best Buy declined to provide any figures for the number of music
fans using its services, although a company representative said the deals
are "meeting our expectations."
Launching pad
Despite their various partnerships, consumer-electronic companies, hardware
manufacturers, retailers and music providers all face the same hurdles.
Among the challenges are gaining access to content from all Big Five record
labels and making digital music portable.
"It's a learning curve that we're all scaling simultaneously," said Susan
Kevorkian, a research analyst at IDC, a Framingham, Mass.-based research
firm. "The music labels are the ones that have been starting out a little
slower."
By 2005, IDC predicts that a little over 10 million people will be paying
for music online through individual downloads or subscription services.
Kevorkian said the future looks promising, assuming that licensing issues
are hammered out to allow consumers to go to one place to find music from
all the labels, much as record stores offer.
"What we're seeing is a series of experiments with retailers, and with
distributors of online music, trying to find the sweet spot," Kevorkian
said. "The general consensus is that ultimately music distributed via the
Internet is a very viable opportunity. But the ongoing question is: How
soon is it going to take off?"
********************
News.com
IBM pins dreams on tiny machines
By John G. Spooner
Staff Writer, CNET News.com
June 5, 2002, 7:40 AM PT
IBM, long known for its computers and microchips, has developed new kinds
of machines for wireless phones: microscopic frequency tuners and other
devices that fit on a chip.
The company's researchers have developed a technique to graft these tiny
machines onto chips. Within a few years these hybrid chips, which IBM calls
"active components," could be used to increase the performance and battery
life of wireless devices such as cellular phones.
The microscopic machines, technically known as Micro-Electro-Mechanical
Systems, or MEMS, do the work of current components such as radio frequency
receivers. However, they are smaller and often more efficient than those
components, said Jennifer Lund, a MEMS researcher in IBM's Research division.
At the same time, IBM has created a technique with its Bi-CMOS technology,
used for building chips with multiple dissimilar components, to graft the
MEMS devices onto processors.
MEMS devices are a new area of focus for many chipmakers, including Intel.
Big Blue already sells a large number of radio frequency chips to cell
phone makers. However, it says a single MEMS-equipped chip would be able to
tackle the jobs of several chips or components by integrating them all onto
a single processor.
Doing so would allow device makers to build phones using a smaller number
of components, which would help reduce the phones' cost, power consumption
and size.
"People would very much like to be able to do everything with one chip,"
Lund said.
To prove their point, IBM researchers created on-chip MEMS resonators and
filters. Such MEMS devices are fairly common, but building them into a chip
represents a breakthrough, Lund said.
IBM's new MEMS radio frequency resonator, for example, would use
microscopic tuning forks to focus on a specific frequency and weed out
others, resulting in a stronger signal and a clearer conversation, the
company said.
The resonator could also be designed to address multiple frequency bands,
allowing the phone to switch between bands without adding a number of extra
chips.
Although its MEMS components are still in the research stage, IBM is likely
to target a line of them at such wireless devices as third-generation, or
3G, phones.
********************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 507
1100 Seventeenth Street, NW
Washington, D.C. 20036-4632
202-659-9711