[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips June 14, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, Charlie Oriez <coriez@xxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;
- Subject: Clips June 14, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Fri, 14 Jun 2002 15:41:23 -0400
Clips June 14, 2002
ARTICLES
Bush's high-tech forum
Analysts See Wireless Auction Drawing Controversy
Lawmakers Vow to Move Swiftly on Homeland Security Department
TSA begins $1B IT services buy
DOD officials split on IT funding
Navy challenged on many IT fronts
Spain May Force ISPs to Keep Tabs
S.African Internet Boss Hides Domain Key Abroad
ACLU, NAACP oppose police cameras
Suit Filed Against Record Firms
Privacy worries fuel domain name concerns
Magnetic chips bring 'intelligent' offices
Boeing in-flight Net service gets boost
Net piracy ring busted
FBI arrests 3 for extortion via the Net
Bill seeks to make car computer codes public
The moral dilemma of data leaks
Homeland department likely to house cybersecurity office
Charges filed in Net piracy case
The illusion of privacy
Telecom seals internet protocol deal with Alcatel
Two surveys highlight dangers of the Internet
Spam, viruses hit bottom line in U.S.
Woman charged with breaking into company's e-mail system
*************************
San Francisco Chronicle
Bush's high-tech forum
President touts aid to industry
Washington -- With billions of fresh federal dollars flowing to the
military and homeland security -- and many more expected to follow --
nearly 130 high-tech executives gathered at the White House on Thursday to
tout technology's role in combating terror.
Silicon Valley heavyweights Gordon Moore, co-founder of Intel Corp., and
Carly Fiorina, chief executive officer of Hewlett-Packard, along with AOL's
Steve Case, AT&T's Mike Armstrong and others came at President Bush's
invitation to the administration's "21st Century High Tech Forum."
At the gathering, Bush praised the industry's role in the war on terror and
touted his administration's efforts to aid the industry by cutting taxes,
expanding trade and reforming education.
But Bush was vague on a key industry priority, the promotion of a high-
speed communications network that would improve consumer access to music,
video, data and other information provided through the Internet.
"Most of what we talked about was exchanging ideas and making sure that the
administration and the high-tech community agreed on priorities, more than
specific initiatives," said Judy Estrin, CEO of Packet Design Inc. of
Mountain View.
From gigantic new computer systems to track foreign visitors to detection
of biological or nuclear attacks, the war on terror and homeland defense
promise a bonanza for tech companies suffering from tanking stock prices
and a capital investment hangover.
Noting that the government plans to spend $53 billion on information
technology next year, Bush said he hopes companies can help the government
improve its often hapless implementation of computer systems.
"If you're one of the recipients of that $53 billion, make sure that the
product actually works, please," Bush told the executives.
Missteps at the Federal Bureau of Investigation and the Immigration and
Naturalization Service disclosed since the Sept. 11 terrorist attacks have
exposed serious shortcomings in the architecture and use of government
computer systems, and the administration has promised to address them.
While many executives have pressed the administration to take a more
aggressive approach to promoting a broadband communications network, Bush
said that issue will be left largely to the Federal Communications Commission.
Many tech executives and members of Congress believe removing regulatory
barriers to broadband is vital to pulling the industry out of its slump and
maintaining the U.S. lead in high technology.
While Bush said, "It is time for us to move with an agenda" on broadband,
he failed to offer one, saying only that he favors the aggressive expansion
of broadband.
"My sense is he was demonstrating how important broadband is, but there was
not a specific initiative or agenda, nor was it even suggested there was
one," Estrin said.
Bush and the executives touted technology's role in keeping the U.S.
military edge and in homeland security, both of which offer a bounty of new
spending.
The government has already embarked on its biggest increases in military
spending in two decades, and Congress and the administration are now
setting out on the biggest government reorganization in half a century,
creating a mammoth new Department of Homeland Security that will rely
heavily on technology and information systems to prevent terrorist attacks
or respond to those that could occur.
Congress and the administration enabled $40 billion in emergency spending
following the Sept. 11 attacks and are working on an additional $30 billion
emergency package for this year. In addition, military spending has shot up
from $302 billion in 2001 to a projected $366 billion next year.
"We'll continue to fight a guerrilla war with conventional means," Bush
said. "We're also going to win the war thanks to the incredible technology
and technological breakthroughs that we have achieved here in America."
The afternoon forum at the White House was organized by Floyd Kvamme, a
Silicon Valley venture capitalist now serving as co-chair of the
President's Council of Advisers on Science and Technology.
The group met for three hours with Bush economic adviser Lawrence Lindsay,
homeland security director Tom Ridge and several Cabinet members, including
Health and Human Services Secretary Tommy Thompson, Commerce Secretary Don
Evans and Labor Secretary Elaine Chao.
Earlier in the day, the Information Technology Industry Council, a leading
trade group, issued its "scorecard" on the administration, giving it "seven
good grades, no failing marks and three incompletes."
The group praised the administration for pursuing trade promotion authority,
which would make it easier for the executive branch to negotiate new trade
agreements; enacting a two-year extension of the moratorium on Internet
taxes; pushing through education reform and boosting tax depreciation of
assets, which encourages businesses to buy new computer equipment.
But the group faulted the administration for not creating incentives for
broadband deployment, failing to update computer export controls and not
opposing federal technology mandates.
E-mail Carolyn Lochhead at clochhead@xxxxxxxxxxxxxxxx
*****************
Reuters
Analysts See Wireless Auction Drawing Controversy
Thu Jun 13, 1:52 PM ET
By Jessica Hall
PHILADELPHIA (Reuters) - The U.S. Federal Communications Commission ( news
- web sites)'s next auction of wireless airwaves will likely draw more
controversy and confusion than cash because crucial issues, such as when
bidders can use the spectrum, remain unresolved, analysts said.
The controversy centers on the fact that most of the airwaves are still
used by scores of television stations, including LIN TV Corp. and Paxson
Communications Corp. , which won't have to give them up for five years.
Also, several different companies and trade groups have proposed
reorganizing the spectrum to provide airwaves for public safety.
"There's just so many unresolved issues that we believe this is highly
likely to be an unsuccessful auction," said Rudy Baca, a wireless
strategist with the Precursor Group, a Washington research firm.
The auction, which begins June 19, offers 758 licenses that can be used for
a variety of fixed and mobile commercial services, private internal radio
transmission, two-way interactive, and cellular and mobile television
broadcasting services. The airwaves are currently used to broadcast TV
channels 52-59.
Meanwhile, the FCC ( news - web sites) has delayed six times a sale of
airwaves used by television broadcasters who occupy channels 60 to 69 that
was also supposed to begin June 19 and might have drawn more prominent
bidders. That sale now is scheduled for Jan. 14, 2003.
Broadcasters, who are moving to digital signals, do not have to give back
the analog frequencies until 2007 at the earliest, which means that the
bidders in the June 19 auction would not be able to immediately use the
spectrum.
Regulators said the auction may aid rural wireless companies by giving them
access to more spectrum, but analysts questioned the logic behind selling
airwaves without clear guidelines on when and how the broadcasters will
give them up.
"I'm a little bit mystified as to why they think this is a good opportunity
for the rural carrier other than they may be able to pick up spectrum very
cheaply," Baca said.
"But the reason it's cheap is that you're not going to have access to it.
So, the good news is 'You've won.' And the bad news is 'You've won,"' he said.
NATIONAL CARRIERS STAY AWAY
Large wireless carriers such as Verizon Wireless and Cingular Wireless have
said they would not participate in the sale, citing the uncertainty of when
the airwaves would be available and the controversy around an earlier
auction of disputed wireless licenses remains unresolved.
"I can't understand how you can have an auction when the last auction isn't
even finished. It's just bureaucracy gone mad," said Cingular Wireless
Chief Executive Stephen Carter.
"It doesn't make any sense whatsoever from the point of view of trying to
deal with the fundamental issue the U.S. has, which is a lack of a coherent
spectrum plan," Carter said.
The FCC said 128 bidders, including rural carriers, TV broadcasters and
firms owned by cable magnate Paul Allen and money manager Mario Gabelli,
qualified to participate in the coming 700 megahertz auction. The agency
received about $157.3 million in down payments.
Some TV broadcasters also were approved to participate, including Sinclair
Broadcast Group Inc. , LIN TV, and Capitol Broadcasting Co.
Although TV stations already hold a lot of spectrum in this band, analysts
said some broadcasters may want to bid on extra licenses in the auction so
they can expand into new markets, or grab new spectrum to use for
interactive TV or data services to compete with Internet companies.
Analysts doubt the auction will attract the high bids seen in a 2001
auction, which would have raised a record $16.9 billion but remains mired
in a prolonged legal dispute.
The sale will fetch much lower bids because most markets are small, rural
territories, rather than major cities. The smaller carriers also lack the
deep pockets of more established companies and will lack the resources to
escalate bids.
"With balance sheets as they currently are it will be difficult to find
companies that can justify spending money on spectrum that has is so
uncertain," said John Bright, a wireless analyst with Johnson Rice.
"The idea that the spectrum is being held hostage by the broadcasters who
want to be paid to vacate, is an aspect that would further decrease bids,"
Bright said.
**************************
Washington Post
Lawmakers Vow to Move Swiftly on Homeland Security Department
By Juliet Eilperin
Washington Post Staff Writer
Friday, June 14, 2002; Page A11
Congressional leaders outlined an ambitious legislative schedule yesterday
to enact President Bush's government reorganization plan, vowing to create
a Homeland Security Department by Sept. 11.
House and Senate leaders established separate procedures for handling the
administration's proposal, whose details may arrive on Capitol Hill as
early as next week. The Senate will simply amend a bill recently approved
by the Governmental Affairs Committee, but the House will assign several
established committees -- plus a new leadership panel -- to conduct
hearings on the plan, key members said.
The creation of a massive federal agency presents a major challenge to
lawmakers, who have feuded over far less ambitious legislative proposals
this year. Republican and Democratic leaders will have to bridge
ideological differences while resolving jurisdictional battles within their
own caucuses.
In a joint press release yesterday, House Speaker J. Dennis Hastert
(R-Ill.) and House Minority Leader Richard A. Gephardt (D-Mo.) expressed
confidence they could complete their work by the anniversary of the
terrorist attacks that killed more than 3,000 people.
"The speaker and I stand ready to work with the White House and the Senate
in a bipartisan way to get this bill done by September 11th," Gephardt said.
Under the House plan, the Government Reform Committee and several other
panels will have a few weeks to consider Bush's proposal. Each of these
committees will then forward recommendations to a new select committee,
where Republicans will have a one-seat advantage.
This committee, headed by House Majority Leader Richard K. Armey (R-Tex.),
will shape the final bill that will reach the House floor for a vote.
Armey vowed to move swiftly to create the department. "We're now engaged in
a battle against those who hate freedom," he said. "We can't afford to
delay, nor can we afford partisan and parochial battles."
On the Senate side, Majority Leader Thomas A. Daschle (D-S.D.) -- who
pointedly told reporters yesterday, "Democrats were for a homeland defense
Cabinet-level agency before it was cool" -- said every committee will have
a chance to address the president's proposal and amend a bill already
written by Governmental Affairs Committee Chairman Joseph I. Lieberman
(D-Conn.).
Daschle said Bush's plan was "at least two-thirds similar" to Lieberman's
bill. Both proposals would create a Department of Homeland Security
encompassing agencies such as the Customs Service, Coast Guard, Border
Control and Federal Emergency Management Agency.
Daschle predicted the Senate would finish work on the matter by late July,
which would allow the two chambers to work out their differences after the
August recess.
*************************
Washington Post
Screening Deadline Worries Grow
Lawmakers, Aviation Experts Call Dec. 31 Goal Out of Reach
By Greg Schneider and Sara Kehaulani Goo
Washington Post Staff Writers
Friday, June 14, 2002; Page A09
More than six months into the government's effort to protect air travelers
from terrorist attacks, there is growing concern among experts and
lawmakers that the job cannot be done by the end of the year as required by
law.
The Transportation Security Administration had planned to take over
security at 15 of the country's 429 airports by June 1 but is close to
doing so at only one, Baltimore-Washington International Airport.
Government officials insist they can meet congressional deadlines to put
security screeners into all airports by Nov. 19 and to subject all luggage
to scrutiny by bomb-detection equipment by Dec. 31.
To do that, the agency has put its faith in two giant contractors better
known for aerospace and military work: Boeing Co., which will coordinate
luggage screening, and Lockheed Martin Corp., which will devise a way to
get passenger screeners into every airport.
"We have a tremendous game plan," Deputy Transportation Secretary Michael
P. Jackson said in an interview. "We're very much on track for a process
that starts with about 100 airports, literally, within a short period of time."
But some lawmakers and aviation experts say the TSA has waited too long and
question whether the agency's mandate on timing -- set by Congress after
Sept. 11 -- was realistic to begin with.
"Some of the political people involved did not want to listen to fact, to
reason, even to reality, and now they're going to have to face up to it,"
said Rep. John L. Mica (R-Fla.), chairman of the House Aviation subcommittee.
The president's plan to put the agency into a new Department of Homeland
Security could further complicate things, Mica said.
"You're taking them in mid-transition and transitioning them again. They
will report to new masters all of a sudden," said one House Republican
staffer. The TSA is already in a mad race to meet year-end deadlines, the
staffer said, and "I don't think they're going to make it."
Hundreds of employees from Lockheed Martin, Boeing and their subcontractors
will soon fan out to the nation's airports in an effort to gauge what needs
to be done. Lockheed Martin will have 146 teams deployed within a month,
evaluating 150,000 tasks necessary to set up passenger checkpoints
nationwide, program manager Tim Bradley said. By July, the agency will be
hiring 15,000 to 20,000 federal screeners per month, Jackson said.
That's an enormous change given that the TSA has hired about 1,300 people
so far and is accepting applications at only a few airports. At BWI, the
only airport where the agency has replaced all private-sector screeners
with federal ones, the transition has taken six weeks and is still not
complete.
Speeding that up nationwide depends on intricate cooperation among
airports, airlines, the agency's local security directors -- most of whom
are not yet hired -- communities and the contractors themselves, said
Boeing's Rick Stevens, who runs the unit hired to set up bomb-detection
equipment.
On Wednesday, Jackson, TSA chief John W. Magaw and representatives from
Boeing and Lockheed met with directors of 10 major airports for about four
hours to discuss the agency's rollout plan. Rick Vacar, director of the
Houston Airport System, is skeptical of the TSA's ability to meet the
deadlines but said he was encouraged by the meeting.
"I'm not saying I've become a believer," Vacar said, but he added that the
TSA and the contractors seem "well-organized, [and] they have a game plan
that, if executed, seems doable."
TSA officials have said before that they were on the verge of a major
ramp-up, only to suffer delays. In late March, for example, Magaw announced
that 1,200 people would undergo training to become screener supervisors
"during the next four weeks."
Instead, half that number completed the training. The process was halted
after two weeks, partly because there were bureaucratic delays in hiring a
private contractor to take over training duties.
"I frankly think that they really need to get their act together," one
House Democratic staffer said.
Earlier this month, managers of 39 airports urged Transportation Secretary
Norman Y. Mineta to abandon the deadline for installing bomb-detection
equipment. They argued that a last-minute rush to get the machines into
airports would cause havoc and create long lines for passengers.
Douglas R. Laird, former head of security for Northwest Airlines, said
meeting the bomb-detection deadline is "a physical impossibility." The TSA
already has compromised, he said, by deciding to buy only about half the
van-size machines necessary to scan all luggage. It will make up the
difference by using trace-detection devices, which are far cheaper but
require more people and time to operate.
One source who is familiar with the agency's efforts to meet the deadlines
said the TSA is mired in "organizational chaos," as it attempts to create
itself while simultaneously trying to make airports safer.
TSA leaders knew from the beginning that their assignment was risky, and it
took the unusual step of borrowing high-powered consultants from corporate
America.
The consultants -- many of them executives who had helped companies such as
FedEx and Marriott roll out major systems -- first came up with a plan that
called for taking over 15 airports by mid-April and 25 more in mid-May.
As hiring and contracting efforts took longer than hoped, the plan slipped.
TSA briefing documents supplied to Congress in March called for having full
federal security forces in 15 airports by June 1.
But soon after those schedules were distributed, the agency decided it
hadn't hired enough employees to make the plan happen, a spokesman said.
Now, TSA plans call for staffing two airports by June 25. The rest of the
rollout plan is uncertain because the agency is still developing it with
Lockheed Martin.
Lockheed is used to taking on big, unwieldy programs for the Pentagon, and
Bradley said his company believes it can meet the TSA deadlines.
Boeing chairman and chief executive Philip M. Condit said he has "no
illusions" about the difficulty of the task.
"This is going to be a huge challenge to get to the dates that are set --
reasonably artificially, really. There's nothing magic about the end of the
year," except that's when Congress said it wanted the job done, Condit said
in an interview.
"Are there risks this won't get done? I think the answer is yes, but we're
going to do the best job we possibly can and try to meet the deadline," he
said.
***********************
Federal Computer Week
TSA begins $1B IT services buy
The Transportation Security Administration released a statement of
objectives June 13 for its much anticipated billion-dollar acquisition to
develop the agency's information technology infrastructure.
TSA will award IT managed services (ITMS) under the Transportation
Department's Information Technology Omnibus Procurement II (ITOP II) contract.
ITMS covers the full range of IT and telecommunications services supporting
desktop management, enterprise architecture development, cybersecurity and
related operations.
"It is well understood that meeting the information technology requirements
of a newly formed, highly dynamic organization represents an enormous
task," TSA officials wrote in the document. The agency "requires a
world-class contractor to provide a comprehensive, enterprise-wide [IT]
managed services solution to assist TSA in meeting its responsibilities
under federal legislation and executive orders."
President Bush signed the Aviation and Transportation Security Act in
November establishing TSA and mandating improvements in securing the
nation's transportation systems. Since then, the agency has been building
its organization from the ground up.
TSA is "trying to buy the heads, not the seats," said Chip Mather, senior
vice president of Acquisition Solutions Inc., a support contractor to TSA.
"IT is not the product. IT is the enabler."
The statement of objectives comes a week after Bush unveiled his proposal
for a Cabinet-level Homeland Security Department, which would house several
existing agencies including TSA.
"Despite what the Homeland Security Department is going to look like in the
future, TSA is something new," said Ray Bjorklund, vice president of
consulting services at Federal Sources Inc. "This is the time to build an
intelligent architecture. They've got a clean sheet to work with.
"People should probably be watching closely to see what TSA does because
[it's] in a position to create a model for the way IT should be put in
place and managed," he continued.
TSA is looking to create a partnership with the ITMS contractor.
"The team that can solve this one is going to be well positioned for
solving many federal networking and IT requirements," said Warren Suss,
president of Suss Consulting Inc. "There are a lot of aspects of this
[proposal] that reflect the broader emerging needs across government.
"It's significant that they're purchasing this as a managed service as
well," he continued. "It reflects a trend in government."
The potential seven-year task order will be performance-based with a base
period of three years and two optional two-year add-ons.
"I'm pleased they've got the performance-based objectives because that's
what it's all supposed to be based on now," Bjorklund said. "Where are
those real applications? That's what we're curious about."
TSA has reserved the right to acquire application software or software
development services through separate task orders.
Down the road, the ITMS contractor will face IT security, timing and
interoperability issues, industry observers said.
Cost proposals are due July 8, and an award is expected July 25.
"It gives them a unique opportunity," Mather said. "They're chomping at the
bit here. They don't have to deal with all the legacy systems."
******************************
Federal Computer Week
DOD officials split on IT funding
Defense Department information technology leaders expressed mixed views on
whether there is appropriate funding for military information technology
programs being developed now and needed in the future.
With the biggest defense budget since the Reagan administration, the
services can't keep asking for more money and instead "need to prioritize,"
said Army Lt. Gen. Joseph Kellogg Jr., director of command, control,
communications and computers for DOD's Joint Chiefs of Staff (J-6), during
a June 12 panel at the Armed Forces Communications and Electronics
Association's TechNet International 2002 in Washington, D.C.
Lt. Gen. Peter Cuviello, the Army's chief information officer, agreed and
said he believes that there was "more than enough money out there."
"We have to decide what we don't need" and cut programs or systems,
Cuviello said. "We don't have to own it or run it for it to support us."
Navy Rear Adm. Nancy Brown, director of the space, information warfare,
command and control division, said the armed services should continue to
innovate and explore new IT solutions, but they need to "do it smarter."
Next month, Brown will take over as vice director to Kellogg in the joint
J-6 office.
Although he knows it's not a popular notion, Kellogg said the DOD should at
least consider the option of centralizing all its IT dollars. "We should at
least explore it."
The day before Kellogg, Brown and Cuviello expressed their views, a panel
focused on network-centric warfare was asked if enough money was in the DOD
budget to support that effort, which seeks to make data available to those
who need it across the organization or on the battlefield. The panelists'
answers differed from their colleagues.
Ronald Richard, a member of the business advisory board and former chief
operating officer at In-Q-Tel, the CIA's venture capital arm, said "wants
outpace the needs" in many areas, including bandwidth. He said the
intelligence and defense communities are not spending enough on
network-centric warfare technologies and are having trouble finding more
dollars.
Air Force Maj. Gen. Charles Croom Jr., the service's director of
communications infostructure and deputy chief of staff for warfighting
integration, said the DOD's "significant investment in IT" allows the
military to restructure its forces and do more with less. But he added that
if given more money than is needed, "we'll waste it."
Another panelist, Army Maj. Gen. Steven Boutelle, director of information
operations, networks and space in the Army CIO's office, may have
crystallized the situation when he said it is a problem of perception. He
said the services are good at funding at the platform level but do a poor
job of explaining the need for IT to the comptrollers who control the funds.
"We need to fix it or the perception will remain that we're underfunded,"
Boutelle said.
***************************
Federal Computer Week
Navy challenged on many IT fronts
The Navy is grappling with six major information technology challenges as
it attempts to transform itself and fight the war on terrorism, but
progress is being made and industry can help that process, according to
Adm. William Fallon, vice chief of Naval operations.
Speaking June 12 at Armed Forces Communications and Electronics
Association's TechNet International 2002 conference in Washington, D.C.,
Fallon said the U.S. military must lead with its strengths, "and clearly
[IT] is one of our major attributesÖ[and] one of our best asymmetric
attributes." He cautioned that terrorists are also using technology to
their advantage and that the nation is still vulnerable.
Fallon said the Navy faces six major IT challenges:
* Interoperability.
* Thousands of legacy applications.
* Security vulnerabilities.
* Information overload.
* Outdated antennas protruding from ships that make them easier targets.
* Bandwidth.
The service is attempting to overcome these issues internally with such
initiatives as the $6.9 billion Navy Marine Corps Intranet project and by
attempting to reduce the many different common operating pictures and
externally via participation in the Joint Requirements Oversight Council,
Fallon said.
He called on industry to work together on solutions that employ similar
standards, enabling Navy personnel to quickly and easily share information
within the service as well as with the rest of the Defense Department and
U.S. allies.
"I don't care if there's 50 logos on the box" as long as information
exchange can be done quickly and securely, Fallon said.
**************************
Wired News
Spain May Force ISPs to Keep Tabs
By Julia Scheeres
A proposal introduced in the Spanish Senate would force ISPs to keep
records of their customers' Internet activity for a year, and make that
information available to law enforcement for criminal investigations.
Failure to do so would incur fines of up to $500,000.
The measure, which is slated for vote next week, is an attempt to bring the
country into compliance with a European Parliament directive advising the
15 European Union member countries to keep detailed records of
communications Â- including Internet, e-mail, phone, fax and pager data -Â
in an effort to thwart future terrorist attacks.
The legislation was introduced by the conservative Popular Party as an
amendment to the pending "Law of Information Society Services and
Electronic Commerce" (known by the Spanish acronym LSSI), which itself
would force websites to register with the government and require
Web-hosting companies to report suspected illegal activity.
"All navigation data, including traffic and connection data, will be stored
without sufficient privacy guarantees," said Socialist senator Félix
Lávilla MartÃnez, who fought to exclude the data retention measure from
the bill.
The initiative was also criticized by Spanish ISP trade groups, which
estimated it would cost $700,000 a terabyte to retain the required
information.
Carlos Sánchez Almeida, a Spanish lawyer who specializes in new technology
law, said the legislation would possibly violate the country's
constitutional protection against unreasonable searches and seizures
because "the data is retained without a judicial order and the data of all
citizens is retained, not just presumed delinquents."
Meanwhile, a group of concerned Internet users has vowed to continue
fighting the implementation of the European Communications Data Protection
Directive, at a national level. Stop 1984, named after George Orwell's
fictional account of government surveillance, is collecting signatures for
an open letter urging EU governments to implement the directive on a
case-by-case basis.
Information about Internet surfers' communication behavior, interests,
travel plans, sexual orientation and preferences are private and should be
protected from prying government functionaries, the letter argues.
**************************
Reuters Internet Report
S.African Internet Boss Hides Domain Key Abroad
Thu Jun 13, 3:09 PM ET
By Brendan Boyle
JOHANNESBURG (Reuters) - The administrator of South Africa's web addresses
said on Thursday he had hidden the key to the country's ".ZA" domain
network abroad to prevent any government interference in access to the
Internet.
South Africa's parliament has given initial approval to a law that will
allow the government to take control of the country's Internet address
administration.
But critics, including ZA domain-name administrator Mike Lawrie, say the
government has no right to stage the takeover and warn it could collapse
the domestic Internet structure.
Lawrie, a South African Internet pioneer who is not paid for administrating
the ZA domain, told Reuters he had taken pre-emptive action to stop the
government from seizing control.
"The storage of the primary zone file that defines and controls the ZA
namespace is now offshore," he said.
Lawrie said the zone file was 200 lines defining the structure of Internet
sites and addresses ending in .ZA, which identifies the South African domain.
Lawrie said he had announced his action to signal to the global Internet
community that the South African domain was secure despite the
controversial legislation scheduled to pass its final parliamentary hurdle
next week.
"If someone were to mistakenly corrupt the zone file in terms of trying to
bulldoze their way in, they would not be able to do any damage," he said.
The new law is intended mainly to give legal status to Internet trades and
contracts, but a section allows the state to take over domain name
administration without consulting the Internet Corporation for Assigned
Names and Numbers (ICANN ( news - web sites)).
The government says the domain structure cannot be left in the hands of an
individual, but must be protected by the state.
Critics say the government is obsessed with control and is trying to
nationalize its corner of the Internet.
ICANN is the international Internet address administrator.
Under its rules, the administration of a national domain can only be
reassigned with the consent of ICANN, that country's government and its
Internet community.
Nkenke Kekana, chairman of the parliamentary committee that is piloting the
Electronic Communication and Transactions Bill through the legislature,
accused Lawrie of putting the country's Internet structure at risk.
"Mike Lawrie is the administrator of the domain name and he has a
responsibility to ensure that the Internet is stable.
"It would amount to sabotage if he were to disrupt the Internet and he has
to realize that he will be held responsible for any disruption," Kekana said.
Opposition Democratic Alliance legislator Dene Smuts, who was part of a
small minority that voted against the bill, said Lawrie had done the right
thing.
"I think it is the responsible thing to do in the circumstances. It ensures
the continued stable operation of the domain and its sub-domains against
whatever steps might follow.
"I think Mike Lawrie is a hero," she said.
*****************************
Washington Times
ACLU, NAACP oppose police cameras
Brian DeBose
THE WASHINGTON TIMES
The ACLU and NAACP yesterday joined critics of Metropolitan Police
Department plans for video surveillance of public spaces.
Nkechi Taifa, a member of the NAACP's Police Task Force and a Howard
University law professor, said the cameras could lead to racial profiling
and spying by police.
"Before the council acts on an issue of this magnitude, it should
insist on data from responsible independent research," Mrs. Taifa told the
D.C. Council.
Mrs. Taifa and other proponents of civil liberties voiced concerns
about the cameras at a fact-finding hearing yesterday led by D.C. Council
members Kathy Patterson, Ward 3 Democrat, and Carol Schwartz, at-large
Republican.
The Washington Times reported in February that the Metropolitan
Police Department has plans to link hundreds of closed-circuit television
cameras to monitor streets, parks, subway stations, schools and other
public areas throughout the city.
The cameras, police officials said, will be used to counteract
terrorism and domestic criminal activity. The cameras are monitored in a
central control center that is activated, police say, only during times of
crisis.
That "Big Brother" approach to crime-fighting is unconstitutional and
likely to land the District in court, an attorney for the American Civil
Liberties Union said.
Attorney Steven Block said the ACLU would begin looking for a client
to file a test lawsuit if the city moves forward with the system.
Mayor Anthony A. Williams, who was not present for yesterday's
hearing, has endorsed the surveillance plans, saying the cameras have
helped bring crime under control in cities in Britain and Australia.
But speakers yesterday said the benefits of surveillance in cities
such as London, where the government responded to the threat of terrorism
by the Irish Republican Army by installing more than 150,000 cameras, is
undocumented or overstated.
Marc Rotenberg, executive director of the Electronic Privacy
Information Center, a Washington-based think tank that studies abuse of
electronic information, said the benefits of video surveillance "have been
significantly overstated."
Mrs. Taifa testified that other American cities, such as Detroit,
have abandoned experiments with cameras after years of
less-than-satisfactory results.
Robert Wolf, a retired federal attorney who lives in Northwest,
decried the loss of privacy in the city. "The use of video will not solve
our problems. What will solve our problems is better police work, better
intelligence and better cases for our prosecutors. Use of cameras is a
waste of money without any regard given to their implications on civil
rights and liberties."
Mrs. Patterson and Mrs. Schwartz were sympathetic to the concerns of
the speakers, but both were confident that the regulations governing the
use of the cameras could be written to address problems or potential for abuse.
"As long as the legislation is very careful and specific, we can use
the cameras," Mrs. Patterson said. "But what I have found from these
witnesses is that no one wants to see the District turn into London."
She said the District should take steps to ensure that other
government agencies don't abuse the system.
"Prior to the Bush inauguration, the Secret Service asked the MPD to
use the surveillance system for their own purposes. We need to find out or
determine whether or not or in what instances we will allow someone else to
use the video," she said.
Guy Gwynne, who chairs the Federation of Citizens Associations, said
the MPD's regulations for the use of the proposed system are too vague.
"The guidelines are unresearched," he said, calling for a "commission
or outside investigation team paid for by a one-time appropriation to
study video surveillance on a global level."
City officials such as Margret Nedelkoff Kellems, deputy mayor for
public safety and justice, testified on behalf of the surveillance system.
Privately operated cameras, Mrs. Kellems pointed out, are already in
place in banks, at ATMs and in many thousands of businesses in the District.
"The cameras could be used as a powerful tool to serve the public
trust in managing traffic, detecting crimes, reducing citizens' fear of
crime and countering terrorism," she said.
Mrs. Schwartz said that since the events of September 11, fear of
another attack has made camera surveillance a viable tool, but she said
citizens want more police officers patrolling neighborhoods.
"Given a choice between nothing and a camera, citizens would of
course pick the camera," she said.
After a parade of witnesses skeptical of the government's plans, one
D.C. resident stepped forward to testify that she had no problems with
cameras in public spaces.
Northwest resident Kathy Smith said women are more vulnerable to
attack in public places, "especially at night."
"Private security officers and our sworn police officers are too few
and far between to cover places now covered by security cameras," Mrs.
Smith said.
Executive Assistant Police Chief Michael J. Fitzgerald, who recently
took over the No. 2 spot in the department from departing Executive
Assistant Police Chief Terrance W. Gainer, said Mrs. Smith's comments are
more typical of the public's reaction to the plans for more cameras.
"We have community requests for these devices, and we are trying to
accommodate them," Chief Fitzgerald said.
He said the command center's 12 cameras are currently activated and
that officers are monitoring monuments, parks and buildings downtown.
***********************
Los Angeles Times
Suit Filed Against Record Firms
Music: Two consumers accuse the groups' copy-protected CDs of being defective.
By P.J. HUFFSTUTTER and JON HEALEY
TIMES STAFF WRITERS
June 14 2002
Two California consumers have filed a class-action lawsuit against the
major record companies, arguing that copy-protected CDs are defective
products that should not be allowed on the market.
The case pits Universal Music Group, EMI Music Publishing, BMG
Entertainment, Sony Music Entertainment Inc. and the Warner Music Group
against the law firm of Milberg Weiss Bershad Hynes & Lerach, which is
famed--or, in some quarters, infamous--for bringing class-action cases that
seek huge financial penalties.
The complaint, filed in Los Angeles Superior Court on Wednesday, seeks
either to block the discs or require warning labels identifying them as
inferior in quality and hazardous to computers. Copy-protected discs use a
variety of electronic techniques to deter digital copying. Some can't be
played at all on computers and other devices with CD-ROM drives, while
others try to confuse the drives so they can't extract the disc's data.
"If you use an Apple computer, you can't even get the disc out of the tray.
It requires the time and cost of taking the computer into a repair shop and
having it removed that way," said plaintiff attorney Nicholas Koluncich,
who is representing his sister in the case. "At the very least, the labels
should make sure they sell a product that actually works."
Cary Sherman, president of the Recording Industry Assn. of America, called
the case "frivolous" and insisted that the music labels have every right to
use encryption technology to protect their intellectual property from theft.
"Music creators have the right to protect their property from theft, just
like owners of any other property," Sherman said. "Motion picture studios,
and software and video game publishers have protected their works for
years, and no one has even thought to claim that doing so was
inappropriate, let alone unlawful."
All of the major record companies have been testing these technologies,
often by selling copy-protected discs without disclosing the protection.
With the exception of one soundtrack album released by Universal, none of
the labels have done any full-scale releases in the United States of
copy-protected discs--at least not that they've acknowledged. The main
reason is that the discs still have compatibility problems, particularly
with computers that don't run Microsoft's Windows software, DVD players and
high-end sound systems that use CD-ROM drives.
The case was brought by Matthew Dickey of Huntington Beach and Elizabeth
Koluncich of San Bernardino, who had purchased copy-protected audio discs
and either were unable to make back-up copies of the tunes, or had problems
using the discs on their personal computers. They are seeking unspecified
financial damages, and an injunction that would force the discs off the market.
To read a copy of the lawsuit, go to www.latimes.com/secureCD
***************************
BBC
Privacy worries fuel domain name concerns
Web users are worried that changes to a list of who owns which .co.uk web
domain will put their personal privacy at risk.
Later this year Nominet, which runs the .uk domain, is planning to expand
the amount of personal information people can find out about owners of
these domains.
Some fear the changes will put them at risk of identity theft and endanger
the people they run sites for.
Nominet said it was still discussing the best way to makes changes to its
database and that most other registries already supply far more information
about domain holders than it was planning to do.
Web worry
Every web domain, such as .com or .uk, has an allied database that lets
people look up the owner of a particular site.
Before now Nominet's database has only returned basic information about an
owner such as their name, when the name was registered and the servers
hosting it.
Later this year Nominet is planning to expand the information returned by
this database to include the name and address of a domain owner.
Nominet says the change is needed to bring it in line with other registries
and to make it easier to contact and identify domain holders in the event
of disputes.
But the proposed changes have worried some people who fear that the change
could erode their personal privacy.
One worried web user, Colin Clarke, has set up the Nominet-No website to
protest about the changes.
Mr Clarke said the changes could put many domain owners, and the people
they run sites for, at risk.
He said in other countries some criminals have used the information in
whois databases for other domains to carry out identity theft, fraud and
even to steal control of a popular domain.
"The more information we supply someone with the more chance that something
like identity theft will happen," he told BBC News Online.
Contact point
Lesley Cowley, managing director of Nominet, said the changes would not
expose personal addresses because the vast majority of the .co.uk domains
were owned by companies rather than individuals.
She said that the address in the Nominet database did not have to be a home
address. Many net service providers were happy to forward mail to customers
and act as a contact point for domain information, she added.
Although the changes to the Nominet database were going to be made, said
Mrs Cowley, said it had not made a final decision on how people can comply.
"We are looking into alternatives that will solve the problem," she said.
*****************************
BBC
Magnetic chips bring 'intelligent' offices
A breakthrough by researchers in Durham could pave the way for tiny TVs and
clothes that play music.
A Durham University team has come up with a new generation of microscopic
computers called magnetic nanites.
They say their work could allow mobile phones to send and receive
television pictures, and offices to have "intelligent walls" instead of
desktop computers.
It may also be possible to make magnetic chips the size of a few atoms,
which could see items like phones, calculators and music players absorbed
into clothes.
The magnetic microchips should be ready by the autumn..
Dr Russell Cowburn said magnetic chips use less power than their electronic
equivalent and are cheaper to make.
"All these years we have been making computers the same way, using
electronics. Now there is a different way.
"Magnetic chips do not use the sharp, brittle glass-like silicon of the
electronic version, so they can be incorporated into clothing.
"Another application could be to expand the functions of mobile phones,
which at present are restricted by battery limitations. New phone uses
would include surfing the net and sending TV pictures."
Dr Cowburn said the new chips could have important medical advantages by
implanting a chip in the tops of medicine bottles to alert users of a
possible overdose.
They could also be implanted in the body to monitor heart and other
conditions, such as diabetes.
Chips could also be used to pebble-dash office interiors, making the walls
themselves intelligent.
************************
USA Today
Boeing in-flight Net service gets boost
SEATTLE (Reuters) Boeing Thursday said it signed British Airways as a
second trial customer for its Connexion in-flight Internet service, the
first good news for the program since the Sept. 11 attacks.
British Air, Europe's largest carrier, joins German flag carrier Deutsche
Lufthansa in trials with Connexion, which lost three major U.S. airline
investors and slashed its workforce after the attacks sent airlines into
survival mode.
Connexion President Scott Carson said air travelers' demand for the
high-speed service would grow once they begin to see it, pressuring other
airlines to follow suit or lose passengers who need to stay connected.
"There is no doubt in my mind," Carson told reporters aboard a parked
Boeing 737 jetliner outfitted to demonstrate Connexion at the company's
narrow-body jet delivery facility in Seattle.
British Air and Lufthansa will each offer the service on one Boeing 747-400
during three-month trials in early 2003. Boeing plans to formally launch
the service in 2004.
BA's director of marketing, Martin George, said research showed that 75% of
its business-class travelers carry laptop computers to their seats when
they fly.
Ultimately Carson hopes to install Connexion on about 4,000 jets about a
third of the world's commercial fleet over the next 10 years, bringing in
$3 billion to $5 billion in annual revenues.
During the demonstration, e-mails sent via satellite through a roof-mounted
antenna reached their addressees moments later while the laptop computer
also showed a delayed video news feed from the CNN network.
But an attempt to demonstrate the service via a handheld personal digital
assistant using a wireless modem failed, prompting a message indicating an
incompatible Web browser and offering options for downloading a new one.
British Air will likely charge 20 to 30 pounds ($29.40 to $44.10) per
flight segment to use the service during the trial, Boeing said, while U.S.
customers would likely charge $20 to $30 per flight segment, Carson said.
For that price customers would get Internet access and a variety of options
for video entertainment. Were the full service available today, it might
show taped World Cup soccer games, for example.
Airlines would pay Boeing a one-time fee to install the 600 pounds of
hardware needed to run the service and would share some of the passenger
revenues with Connexion, which leases bandwidth from satellite
communications providers.
The top three U.S. airlines AMR unit American Airlines, UAL's United
Airlines and Delta Air Lines abandoned an investment in Connexion last
fall, but may still take the service, Boeing said.
Connexion's main rival, Seattle-based Tenzing Communications, has also cut
jobs and delayed some customer rollouts of its narrow-band service as
airlines fight back a sea of red ink amid shrinking passenger flows.
Boeing rival Airbus, held jointly by European Aeronautic Defence and Space
(EADS), with an 80% stake, and Britain's BAE Systems, owns 30% of Tenzing.
***************************
USA Today
Net piracy ring busted
LAS VEGAS (AP) Twenty-one people in 14 states and Canada are facing
federal charges in an Internet computer software, game and movie piracy
ring dubbed "Rogue Warriorz," authorities in Las Vegas announced Wednesday.
Assistant U.S. Attorney Steve Myhre, who outlined the Rogue Warriorz
operation during a news conference at the FBI office in Las Vegas, said an
indictment was filed Tuesday in U.S. District Court in Las Vegas.
Myhre said the 21 people have not been arrested, but would be summoned to
appear in federal court on charges of conspiracy to commit criminal
copyright infringement, a felony that could result in five years in prison
and a $250,000 fine. None of those indicted lives in Nevada.
Myhre said the case will be prosecuted in Las Vegas, but some hearings
could be held in federal courts elsewhere.
The indictment said that in the six months before the operation ended Dec.
11, the ring made available to undercover investigators 8,434 computer
application and utility software programs, 356 movies and 432 computer games.
It put the combined value of the programs at more than $7 million.
Assistant U.S. Attorney Matt Parrella said investigators obtained the movie
Harry Potter and the Sorcerer's Stone before its Christmas-season release
in U.S. theaters.
Other movies cited in the indictment included Legally Blonde, Zoolander,
and American Pie 2. Software programs included Adobe Page Maker, NFL
Gameday 2002, Microsoft Windows XP and Audiowriter version 1.4.
Parella alleged that the participants knew they were violating copyright laws.
Ellen Knowlton, special agent in charge of the Las Vegas FBI office, said
the sting developed after authorities received a tip that a Las Vegas-based
computer system was threatened by attack during the Y2K millennium celebration.
FBI, federal Environmental Protection Agency and Defense Criminal
Investigative Service investigators set up an Internet site in Las Vegas
that became a conduit for swapping materials from what Myhre characterized
as "Internet warehouses for pirated software."
Parrella said the Las Vegas investigation was part of a wide-ranging
Internet piracy investigation dubbed "Operation Bandwidth."
He characterized Las Vegas undercover investigators as receivers and not
contributors of pirated materials. Parrella said the Las Vegas Internet
site, known as Shatnet, was dismantled after alleged Rogue Warriorz members
around the country were served with search warrants in December.
The indictment said members of the ring set up a security hierarchy to
elude authorities.
According to the indictment, applicants were screened and placed on
probation before being granted membership. Some served as site operators
and others were couriers who contributed programs, games and movies to swap.
Members communicated through a password-protected Internet relay chat
system using names including roguewarriorz.EFnet, rwz.EFnet and
rwzchat.EFnet. They occasionally voted on issues including site security
and the performance of members in the organization hierarchy, the
indictment alleges.
Parella declined to say how the members were traced or to say whether
others would be charged.
************************
USA Today
FBI arrests 3 for extortion via the Net
LOUISVILLE, Ky. (AP) The FBI has arrested three men charged with extorting
money via e-mail from people across the country who visited a
child-pornography Web site.
Lamont Cordaro, 23, from Cleveland, Ohio; Robert Walker, 31, of Oldham
County, Ky., and Harvey Holder from Irvine, Ky. were arrested Tuesday at
the Intown Suites in suburban Louisville, according to FBI testimony heard
Thursday afternoon.
The men, also charged with conspiracy, are accused of hacking into their
victims' computers and demanding money from them, said Brian Blanchard, the
leading FBI agent in Kentucky for the case.
Twenty-one people from around the country as far away as Sacramento,
Calif. reported the attempted extortion, Blanchard said. All the people
acknowledged visiting a child pornography site on the Internet, said David
Beyer, a spokesman for the FBI in Kentucky.
After questioning Holder, Blanchard said the men would visit a chat room on
the Internet "that would appeal to people with an interest in child
pornography." The men would then establish a link for chat room users to
click on to download pornography. Instead, the Internet users would receive
an e-mail titled "Going to Jail," Blanchard said.
The letter said a group called "Hacker Group 109" was reporting people to
the police who had downloaded child pornography.
Blanchard said the message promised that if the recipient sent the group
money, they would not be reported to the police.
One of the people who contacted the FBI lives in Mount Washington, Ky., and
allowed Blanchard to use his computer to contact the hackers.
"Hacker Group 109 was consistent in all the complaints," Blanchard said
during a hearing in U.S. Federal Court. "The letters received in other
field offices were pretty much the same as the complaint in Kentucky."
Blanchard was told to put $1,000 into a Western Union account. He
negotiated with the accused to only make a payment of $300.
Western Union notified the FBI that the $300 had been withdrawn at a Kroger
supermarket on Taylor Boulevard in Louisville. Blanchard said the FBI then
determined the e-mail had come from an Internet service provider that
served the Intown Suites. The agents also used surveillance photos from the
store to get a description of one of the suspects.
A surveillance team arrested Walker and Holder in their hotel room on
Friday, while Cordaro was arrested outside the room, Blanchard said.
After Thursday's hearing, U.S. Magistrate Judge James Moyer ordered all
three men to be detained until their arraignment on July 16. By request of
Cordaro's attorney, the judge ordered that Cordaro be evaluated for mental
competency.
If convicted of both conspiracy and extortion through interstate commerce,
they could face up to seven years in prison and be fined up to $500,000 each.
Attorneys for the three men said their goal was to target child
pornographers and punish them.
Blanchard said more than 4,000 computers were hacked into by the men, but
only 21 people sent money. The men have received nearly $8,000 in the last
two months.
***************************
USA Today
Bill seeks to make car computer codes public
WASHINGTON (AP) With more cars relying on computers that only dealers can
access for repairs, efforts are building in Congress to force auto
manufacturers to share their diagnostic codes with car owners and
independent mechanics.
"Consumers shouldn't be in a position where the only place they can take
the car is the dealership," said Sen. Paul Wellstone, D-Minn., who
introduced legislation Thursday aimed at prying open access to the codes.
"This is anticompetitive, it's anti-small business and it's anti-consumer.
It's a little guy-big guy fight."
Identical legislation has already been introduced in the House.
Auto manufacturers began equipping cars with computers in 1996 to meet
emission standards, but soon began tying other functions of the car, such
as air bags and brakes, to computers.
Bob Redding, a lobbyist for the Automotive Service Association, which
represents 15,000 independent repair shop owners, said a membership survey
found that 10% of cars couldn't be repaired because of a lack of codes.
That number is getting higher, he said, as newer cars replace pre-1996 models.
"This will shut our guys down," he said. "We're worried to death."
AAA also supports the bill.
"AAA considers the right to information generated by a motor vehicle to be
a top-priority consumer issue," said spokesman Geoff Sundstrom.
The Wellstone bill would mandate that manufacturers disclose information
needed to diagnose and repair an automobile to the owner, a repair facility
and the Federal Trade Commission. It would ban the FTC from disclosing any
"trade secrets" in the codes.
Mike Stanton, a lobbyist for the Alliance of Automobile Manufacturers, said
his group is working on resolving the issue without legislation.
"It is certainly in our best interest to have all of the repair facilities
be able to obtain the information so that they can repair the vehicles," he
said.
Stanton said the auto manufacturers are putting together a database with
the codes, which should be available by the end of the year.
Wellstone said he would be happy if the automakers resolve the issue
without legislation.
"We'll either move this as an amendment, or the automotive industry will
sit down with the mechanics and they'll negotiate a deal," he said.
***********************
MSNBC
The moral dilemma of data leaks
Are computer geeks obligated to blow the whistle?
By Bob Sullivan
June 13 Dana started like many computer system administrators do,
providing tech support to employees. Then, life was simple rebooting
computers, installing software, recovering lost data. But one day, Dana
discovered that the lost data included customer credit card numbers, and
they most likely had been stolen by a computer criminal. Now what? Warn the
customers, and lose the job, or quietly fix the problem and hope for the best?
CERTIFICATE PROGRAMS for network administrators deal with
firewalls, access control lists, even strong password requirements but
moral dilemmas? It's the "bad day at work" every computer security employee
knows will come, but dreads.
Dana, the network administrator, was hired as a contractor by an
as-yet-unnamed Web site when the site's former administrator quit. He
discovered the break-in while reading up on his new job. He requested
anonymity.
"I've been thrown into a net. adm. position and am in charge of a
server containing credit cards (used for repeat billing). I know the server
has been compromised," Dana wrote anonymously to CardCops.com, a Web site
devoted to protecting credit card security that has an "amnesty" e-mail
address which solicits such anonymous confessions. There's no way to be
sure, but on a scale of 1 to 10, Dana said the likelihood that the site's
2,000 credit cards were stolen was about an 8.
He told his boss to notify their customers, now potential victims of
credit card theft. The boss said no.
"He said to me, 'How do we know if the numbers are really out
there?' That was his argument. 'I don't know anything bad has happened, and
I know if I take action something bad will happen to me,'" Dana said. "It's
real easy to believe maybe nothing bad has happened and nothing bad will
happen."
When a potential data leak occurs, it is tempting to just keep
quiet you'll almost certainly never hear about the consequences. Stolen
credit card numbers make their way around the Internet, and are eventually
used to steal merchandise. But the "victim" card holder simply calls Visa,
MasterCard, or American Express, and has the charges removed. Only the
merchant, left holding the bill for selling merchandise to a thief,
suffers. And the odds of the network administrator hearing about that
victim are almost zero.
"I think there are many stories like this one out there, where he
knows about a compromise...and won't tell anyone for fear of losing his
job," says Dan Clements, who operates CardCops.com. He says he's spoken to
20 such administrators in recent months who have made the choice to keep
the secret.
Security experts agree the situation is common, but there is hardly
consensus about what should happen next.
Joel de la Garza, a computer security consultant, said the employee
must at least be sure the credit card companies are informed to prevent
crime from taking place even if it means going around the boss.
"If the company wouldn't fess up, I'd use an anonymous remailer and
tell the credit card companies behind my employer's back," he said.
"Allowing bad things to happen is just as morally reprehensible as
committing them yourself. Problems arise when clear cut moral decisions,
such has notifying law enforcement, come into conflict with things like
keeping your job."
But the issue is hardly black and white, says Alan Paller, who heads
the SANS Institute, which hosts classes for network administrators.
Companies that have leaked data need to fulfill their contractual
obligations with credit card companies, Paller said, but he's not convinced
the victims need to know. In fact, it may accomplish little other than
"making people worry," he said.
"If you can avoid harm to someone then you have some form of
ethical obligation to act... But just letting people know things isn't
necessarily going to make things better," he said. "Given that the person
who's card is stolen has no economic liability, and we don't know if it was
actually stolen, my guess is the only obligation is to meet the requirement
under their privacy policy. I don't think people have an obligation to say
'I screwed up.'"
And the system administrator certainly isn't burdened with that
responsibility, says Paul Wouters, administrator and legal council for
Dutch ISP consultant firm Xtended Internet. Each Web site should have clear
policies do deal with a break-in in place, he said, and workers should know
what they are in advance. Employees should follow the policy.
"It is not the sysadmin's dilemma. It's his legal department's or
his supplier's legal department's issue," Wouters said. Credit card
companies and merchant banks have policies for reporting stolen data, he
said, and the administrator should simply follow those rules. "Something
like 'tell us, don't tell the individuals' so (the companies) can keep
extra taps on the possibly stolen data."
Larry Ponemon, CEO of the Privacy Council, concedes that businesses
have little to gain and much to lose by going public with a break-in but
he thinks they should do so anyway.
"In the event of a breech, there is an ethical obligation of
disclosure. If (victims) have the information on a compromise in the early
stages, they may be able to do something," Ponemon said.
In some organizations, ignorance is bliss, he said. When a company
learns that a data leak might have occurred, they forbid further
investigation, to prevent discovery of a "smoking gun."
"If you can make an argument that it isn't an absolutely certainty
that information was stolen, there are some who will believe they are
operating in safety zone by not disclosing. The safety zone is
rationalization."
His firm recently audited a medical company that sold private data
to a marketing firm, against its own privacy policy. He has tried
unsuccessfully to convince the firm to come clean. "I don't think we'll be
doing their second audit."
But what about the administrator, who knows about the data leak,
and also knows nothing is being done to protect the victims. Are they
obligated to come forward? That seems a bit unfair, he said.
"If the person has a belief there's probably a break in, they might
believe they have responsibility or culpability also," he said. "But they
are also afraid they will lose their job, and in this job market people are
frightened. You probably see people making the decision not to do anything
about it."
On the other hand, says Clements, "He's the one that has to sleep
at night."
In Dana's case, he decided to let the issue drop after the boss
fought off his arguments for disclosure. "I felt like the damage had
already been done," he said. Some of the data was two years old, and may
not even be valid any longer. "I just wanted to make sure to set things
right going forward. I'm not sure it's the right way to feel, but it's the
way I feel."
****************************
Government Executive
Homeland department likely to house cybersecurity office
By William New, National Journal's Technology Daily
The White House Office of Cyberspace Security would "change a bit" under a
proposal to create a Homeland Security Department but would retain its
basic functions, the senior director of that office said Thursday.
Paul Kurtz said that the position of Cybersecurity Director Richard Clarke
"would likely remain the same" and that Clarke would continue to report to
the National Security Council (NSC), headed by Condoleezza Rice, and to the
new department head. He spoke on a panel at the TechNet International
conference of the Association for Communications, Electronics, Intelligence
and Information Systems Professionals.
Clarke currently reports to the council and the White House Homeland
Security Office as chairman of the Critical Infrastructure Protection
Board. The position of Vice Chairman Howard Schmidt also likely would
remain, Kurtz said. He said the board membership might change as portions
of agencies are moved, but "we will have a coordinating mechanism on
cybersecurity."
The board coordinates across government agencies on the protection of
critical infrastructures, including information infrastructure, which Kurtz
called the nation's "bloodline." The board includes representation from
agencies involved in research and development, law enforcement, and
incident coordination and crisis response.
Kurtz also said his office would complete work in mid-July on a national
strategy for homeland security being developed by Homeland Security
Director Tom Ridge, and he added that the plan probably would be released
in early fall. He emphasized that the strategy is "not going to be authored
by bureaucrats" but rather involves the input of home users, the private
sector and others.
A series of town-hall meetings on the subject is being held. Clarke and
Schmidt have visited four cities and will continue the gatherings in the
coming months.
The homeland strategy will be updated frequently, he said. "We'll make
mistakes," Kurtz said. "We're new at this."
Kurtz named cybersecurity priorities for the White House, including making
the Internet less vulnerable to attacks ("hardening" the Internet),
enhancing the security of federal systems being overseen by the White House
Office of Management and Budget, improving crisis response, and
coordinating education and research and development. Other priorities are
increasing awareness through the Web site "staysafeonline.info," and
creating a digital-controls system, advanced systems and a National
Security Emergency Preparedness program.
That preparedness program was highlighted by Brenton Greene, deputy manager
of the National Communications System, which advises the president, the
NSC, the White House Office of Science and Technology Policy, OMB and the
Office of Homeland Security on telecommunications functions in emergency
preparedness. Greene said the 22 government agencies that are major telecom
users hold regular coordination meetings on crisis communications.
Kurtz left the event to join an interagency meeting on critical
infrastructure protection, at the State Department with Japanese officials.
The first formal meeting with Japan on the topic included officials from
the Defense, State, Transportation and Treasury departments. Similar
meetings have been held with the United Kingdom, Australia, India and
Singapore, he said.
***************************
CNN
Charges filed in Net piracy case
Combined value of programs estimated at $7 million
LAS VEGAS, Nevada (AP) -- Twenty-one people in 14 states and Canada are
facing federal charges in an Internet computer software, game and movie
piracy ring, authorities in Las Vegas announced Wednesday.
Assistant United States Attorney Steve Myhre, who outlined the so-called
"Rogue Warriorz" operation said an indictment was filed Tuesday in U.S.
District Court in Las Vegas.
Myhre said the 21 people have not been arrested, but would be summoned to
appear in federal court on charges of conspiracy to commit criminal
copyright infringement, a felony that could result in five years in prison
and a $250,000 fine.
Myhre said the case will be prosecuted in Las Vegas, Nevada.
The indictment said that in the six months before the operation ended
December 11, the ring made available to undercover investigators 8,434
computer application and utility software programs, 356 movies and 432
computer games.
It put the combined value of the programs at more than $7 million.
**************************
Nando Times
The illusion of privacy
JUDY OLIAN
Scripps Howard News Service
(June 14, 2002 11:28 a.m. EDT) - In this era of electronic data sharing,
privacy isn't what it used to be and it's unclear whether people care to do
much about it. Survey results just released by an online consulting
company, Jupiter Media Matrix, suggest inconsistency between individuals'
concern for privacy protections and their actual online behaviors.
Seventy percent of those surveyed say they're worried about online privacy
but only 42 percent read Web site privacy statements. At the same time, in
return for the chance to win $100, 82 percent of those surveyed were
willing to release substantial personal information to online retailers.
Congress may soon step in to protect online consumers from themselves.
Currently, Republicans and Democrats are debating competing Internet
privacy protection bills. The Senate bill, offered by Democrats, is the
stronger of the two and would require that consumers provide explicit
consent to Internet companies before they can collect sensitive data like
Social Security numbers and medical or financial information.
Interestingly, the European Parliament just shifted in the other direction
in the wake of Sept. 11, requiring all Internet service providers to retain
indefinitely the data files of all users' communication should they ever be
needed by law-enforcement agencies.
Despite tacit understanding that nothing is truly private, online
communication is so ubiquitous that individuals seem incapable of
restraining themselves from spilling the beans - their intimate love life,
gossip about workplace peers and superiors, or personal details about their
families and finances. The online medium creates the illusion of privacy
(after all, it's just you and your keyboard), and it loosens lips.
This is also true of online behavior in the workplace. Sixty-five percent
of employees now have e-mail at work and 52 percent have Internet access
(American Management Association, 2001). For these employees, e-mail and
the Internet have become the dominant channels of communication and
information sharing, aside from verbal exchanges. Many use e-mail as a
substitute for personal interaction and are lax at self-censoring even if
directed to do so by their company's legal department and reminded through
repeated online warnings.
In reality, e-mail communication can be easily penetrated within a
company's intranet. The courts have affirmed that online communication on a
company network - whether from home or work - is "owned" by employers
because it's an extension of the physical work space. Many employers store
e-mail communication for an extended period should these exchanges ever
become material in legal proceedings. In fact, according to a 2001 survey
of employer monitoring and surveillance practices by the American
Management Association, almost half of all employers (46.5 percent) store
and review e-mail messages, compared to just 15 percent in 1997. That's a
threefold increase in e-mail monitoring in less than five years.
Almost two-thirds (63 percent) of employers monitor Internet connections.
Some software like Tumbleweed can be deployed to alert employers if certain
data are transmitted or received. A virus or key words reflecting
proprietary information or questionable Internet sites could trigger a red
flag.
Why do employers go to the trouble to scrutinize employees' online
behavior? The most obvious answer is that it's a form of productivity
monitoring. Just as they monitor customer-service calls or speed of
computer strokes, employers are making sure that employees aren't spending
hours a day shopping online or finding their next date. Companies may also
bear liability for the illegal behavior of their employees, such as
employees who traffic in child pornography or engage in discriminatory
behavior, including sexual harassment or gender discrimination communicated
via e-mail. More pragmatically, some firms monitor e-mails to protect
against leakage of intellectual property. Employees who reveal trade
secrets can be sued, and companies can take pre-emptive action if e-mails
reveal that employees are being lured away by competitors or headhunter firms.
Since 2000 there's been discussion of federal legislation - the Notice of
Electronic Monitoring Act - that would provide employees with significant
protection against unwarranted electronic monitoring. The pending
legislation would require employers to show substantial potential harm, and
provide advance notice, before they could engage in electronic monitoring.
There's no doubt that employees feel violated if they perceive that their
employer goes off on routine electronic snooping expeditions for no obvious
business purpose. And, no matter how loud the warnings that company
networks are a public channel, many employees still act as if their secrets
are safe online. Like consumers, employees are leaving indelible records
for which they may be vulnerable.
My advice to employers is to monitor electronically only when there's a
clear business need, and to provide information to employees that describes
the business purpose and scope of monitoring, reminding them frequently of
the transparency of their Internet and e-mail behavior.
And to employees: Don't say or do anything online you wouldn't want
ascribed to you in the company newsletter.
Judy Olian is dean of Penn State University's Smeal College of Business and
a leading expert in strategic human-resources management.
**************************
New Zealand Herald
Telecom seals internet protocol deal with Alcatel
Telecom New Zealand has announced it will partner with French equipment
maker Alcatel to upgrade its fixed network. The deal will see Alcatel bring
Telecom's fixed network up to IP or "internet protocol", the standard that
combines voice and data over the same line. It will include Telecom's links
with customers in Australia.
Telecom said it hoped to make "significant" operational savings which were
likely to run into the tens of millions of dollars over the next few years.
The agreement was Telecom's most major move yet towards broadband and more
sophisticated services, an industry observer said.
"The distinguishing element of this relationship is that Alcatel will be
the primary supplier of equipment to provide new services in New Zealand,"
Telecom's general manager for network investment, Rhoda Holmes, said.
She said Telecom currently invests around $300 million in capital
expenditure each year on its New Zealand network.
"We envisage that over time, a large slice of this expenditure in New
Zealand will go to Alcatel."
The move came as Telecom addressed its annual $600 million operational cost
base, Mrs Holmes said.
"The total relationship benefits will come from lower costs as a result of
more efficient operational models and increased revenues as we use
Alcatel's global knowledge and expertise about products and services."
The new IP network would mean Telecom could combine voice and data on the
same line, roll out new services more quickly and cheaply, and increase
data speeds for many customers.
Mrs Holmes said the changes meant taking the huge leap from the digital
world to an IP world. Alcatel would design and supply the operational
support systems (OSS) for the network. EDS, Telecom's IT service arm, was
expected to integrate the OSS with the carrier's business systems.
The agreement was based on partnering rather than outsourcing, Mrs Holmes
said.
Mark Giles, Alcatel New Zealand's managing director, also welcomed the
decision. He said one out of every five subscribers in the world was
"Alcatel connected".
*************************
Taipei Times
Two surveys highlight dangers of the Internet
By Chang Yu-jung
STAFF REPORTER
Some 300,000 of Taiwan's 6 million Internet users may be sufferers of a
condition known as Internet addiction disorder, and 10 percent of
adolescents under 15 years old have sought sex on the Internet according to
two surveys released yesterday.
`Possible sufferers'
A survey carried out by the Ministry of Transportation and Communication
last year showed that about 5 percent of Internet users are "possible
sufferers" of the Internet addiction disorder, according to Chen Kuo Hwa
(³¯°êµØ), a doctor in the department of psychiatry at Cathay General Hospital.
Internet addiction disorder has been defined by the American Psychiatric
Association as a psychophysiological disorder involving tolerance of long
online hours, withdrawal symptoms such as anxiety and depression and a
failure to regulate daily Internet use, resulting in the impairment of
social relationships.
But the research is insufficient to enable more specific criteria to be
established so doctors can diagnose the condition, hence the survey's
reference to "possible sufferers."
"Since internet addiction disorder is not yet regarded as a disease,
diagnosis of the condition depends on individual medical professionals,"
Chen Kuo Hwa (³¯°êµØ), a doctor in the department of psychiatry at the
Cathay General Hospital, told the Taipei Times.
A mere "disorder," which differs from a "disease" -- which has a clear
cause, symptoms and forms of treatment -- could have various causes,
changeable symptoms, and many different treatments, he said.
Kimberly Young, a psychiatrist at the University of Pittsburgh, however,
has devised an eight-point definition of the condition, but other scholars
argue that research in the field is insufficiently advanced for her
criteria to be considered definitive.
Second survey
Results of another survey, conducted by the Garden of Hope Foundation
(ÀyÄÉ°òª÷·|), were also announced yesterday and showed that nearly 10
percent of adolescents under 15 years of age have used the Internet to seek
casual sex. The percentages among older age groups range between 5.2 and
5.8 percent.
"These youngsters are lost in a virtual world in which there are nearly no
rational conversations or genuine humanity," said Chi Hui-jung (¬ö´f®e),
director of the foundation.
She also said that teenagers and people with limited educations could
easily fall prey to criminals or suffer as a result of "dangerous"
interactions with anonymous people over the Internet.
"Teachers should really try to enter the online chatrooms in order to fully
understand Internet language and the way adolescents interact with each
other online," said Chi.
The seminar, attended by over a hundred high school and junior high school
teachers, was aimed at educating teachers in theories about Internet use,
recent trends in Internet usage, and the possible negative influences on
the nation's youth.
"Although many teachers recognize the problems of adolescents'
overindulgent use of the Internet or the negative influences of the
Internet on their students, they do not know what to do about these
problems due to their ignorance of the Internet," said Chen Jing-chang
(³¯´º³¹), director of the MOE's computer center.
*********************
Computerworld
Spam, viruses hit bottom line in U.S.
By JENNIFER DISABATINO
The intrusion of viruses and spam on corporate networks has grown from an
annoyance to a costly problem in the U.S., even forcing companies to double
up on prevention. In Europe, however, privacy protections may be limiting
the spam problem.
Alan Pawlak, security manager at Aetna Inc., is installing antivirus and
antispam software from Tokyo-based Trend Micro Inc. Aetna already has
antivirus software from Cupertino, Calif.-based Symantec Corp.
Hartford, Conn.-based Aetna has Trend Micro's InterScan software at the
gateway to scan incoming e-mails for viruses and spam; the Symantex
software is already running and will continue to do so.
"Our belief is that most security products fail eventually, in some way.
But when they do, they don't [all] fail in the same way," Pawlak said. The
additional cost of a second gateway antivirus product was a "no-brainer,"
he said.
In Europe, stricter privacy guidelines prohibit the publishing or
collecting of personal information, such as e-mail addresses, without the
explicit permission of the individual. That may help cut down on the
problem, users there say.
Dietrich Schneider, director of technology operation and strategic global
integration at Germany's DaimlerChrysler AG, said he seldom sees
unsolicited commercial e-mail, commonly known as spam, and it's probably
because of the privacy guidelines.
"I've never had any of that e-mail myself," said Ben Krutzen, information
management manager at Royal Dutch/Shell Group of Companies in Amsterdam.
Most companies won't enumerate the costs of spam and virus attacks, but
studies indicate they are high, at least in the U.S.
Raymond Huff, president of Trans Pacific Stores Ltd. in Lakewood, Colo.,
said he knows of the cost firsthand. He was forced to take down his network
for a day and a half last month after spammers began using him as a relay.
After that, Huff deleted all of Trans Pacific's active e-mail accounts and
renamed them so that spam would bounce.
In a March report, ICSA Labs found that only 32 of the 300 companies it
surveyed were willing to discuss the cost of a virus infection, even
anonymously. Among those who did respond, the estimated cost of infections
ranged from $100 to $1 million. Mechanicsburg, Pa.-based ICSA Labs, an
independent division of TruSecure Corp. in Herndon, Va., sets baseline
criteria for security vendors.
According to San Francisco-based Ferris Research Inc., the annual cost of
viruses to corporations is at least $6 billion. Spam attacks are less
expensive, said company President David Ferris.
Although Aetna relies on information such as that, it also conducts
reality-checking in-house by running analysis on captured viruses to see
what effect they would have had on its systems, Pawlak said.
***************************
Computerworld
Woman charged with breaking into company's e-mail system
mailto:LINDA_ROSENCRANCE@xxxxxxxxxxxxxxxxx
Massachusetts Attorney General Tom Reilly has filed charges against a
Middleton, Mass., woman, accusing her of hacking into her former boss'
computer system and forwarding confidential e-mails to former co-workers.
According to a statement issued by Reilly's office, Wendy Sholds, 38, faces
two counts of unauthorized access to a computer system. She is scheduled to
be arraigned July 1 in Salem District Court.
The charges against her stem from an incident at Middleton-based Business
Travel International (BTI) in February, Reilly's office said.
At that time, two BTI employees reported that they had received an e-mail
that appeared to have been sent by the company's CEO, according to Reilly.
The e-mail allegedly contained actual correspondence between the CEO and a
company vice president discussing the termination of the two employees,
Reilly's office said.
An investigation by Massachusetts State Police assigned to Reilly's office
and the Boston Computer Crime Unit, found that the CEO had not sent the
e-mail to the two employees. Through the investigation, the law enforcement
agencies found that Sholds had allegedly used the CEO's username and
password to access her BTI e-mail account and then forwarded the message to
the two employees.
The attorney general's office said Sholds also allegedly used the vice
president's username and password to access private information on the
password-protected BTI Web site.
Sholds couldn't be reached for comment today.
John Grossman, chief of the Attorney General's High Tech and Computer
Crimes Division, which is handling the case, said Sholds could face 30 days
in the state House of Corrections if convicted of the misdemeanor crime.
Reilly's office has filed legislation to increase the penalties for
hacking, but the bill has not yet been acted on by the state Legislature,
he said.
Under that measure, anyone convicted of a serious hacking incident such as
breaking into a pharmacy's computer system, downloading customers' personal
information and posting it to another Web site, could be sentenced to up to
five years in state prison, Grossman said. Such a crime would be considered
a felony.
Someone convicted of a lesser, misdemeanor hacking offense such as unlawful
trespassing could be sentenced to up to 2 1/2 years in prison. Currently,
Grossman said, both such crimes are considered misdemeanors and thus
subject to the maximum penalty of 30 days behind bars.
"These statutes were passed in the early '90s, when no one envisioned
[what's happening now], and the state didn't comtemplate the damage that
could be done," Grossman said.
*************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx