[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips June 19, 2002 (Series of Wash. Post Articles on Piracy)

Clips June 19, 2002

ARTICLES

Security Guard
Senator Asks Permission to Bring Laptop to Work
Airport security federalization plan ramps up
Senators Slam U.S. Agency (NSA) on Lapses
The Internet Gets Serious
The View From Hollywood
New Job, Newer Realities
'Ranger' Vs. the Movie Pirates
U.S. Firms Show More Interest in Phone Calls Via Internet
A Global Audience, a World of Worries?
The Slippery Scope of Antitrust Law
Army cleaning up Web sites
Start-up wants your help to fight spam
Wellesley-based search engine takes on Google
Bush Signs Measure to Delay FCC Wireless Sales
Cybersecurity panel looks at Net risks
Disney Shifting to Linux for Film Animation
Spam becoming more annoying
Israel a global pacesetter in high-tech security
The sky is not the limit for Internet, Cerf says
Defense authorization bill filled with tech provisions
Agencies seek industry input on e-gov plan
Airport security panel calls for IT overhaul
Washington state to create digital archives
You can't send mail: a broadband user's plight
Census reveals PC, Net habits
Tender lessons in the ways of government (Australia)
Paths clearing for wireless networks (Australia)
Hiccup, but new system will be ready on July 1
Bush Wants to Ban Spy Plane Tech
House Judiciary Approves Ban on Computer Generated Child Pornography

*****************************
Washington Post
Security Guard
Page H05

Purdue University Prof. Eugene H. Spafford lives and breathes the daily struggle to protect computer systems. But in these increasingly dangerous times, "Spaf," as friends and colleagues call him, says the United States is still too consumed with crisis-based, short-term thinking.

"In the realm of IT security, we have more billions being spent by both government and industry on yet more patches, firewalls and anti-virus programs to shore up weak systems and address problems . . . that we have warned about for decades," said Spafford, founding director of Purdue's CERIAS, the Center for Education and Research in Information Assurance and Security.

For example, he said, "it is lunacy to base a generation of critical military systems on a software platform simply because it is cheaper but requires hundreds of security patches and is still hackable, and that is susceptible to thousands of computer viruses."

Another example is the rapidly expanding use of wireless technology, which is faster and less expensive to deploy than wire-based infrastructure. "The potential hazards posed by their lack of security and control will cost our economy in the tens of millions in the next few years alone," he said.

Spafford, 46, wants government officials to change both their economic approach to security and whom they rely on for information to set policy.

Specifically, he proposes dramatic increases in funding for computer security research and strict rules to ensure that the money is not used for maintenance and short-term fixes.

He also would require the government to retool how it calculates the cost of software systems. Multi-year costs of patch management, support, training and security-protection efforts should be included, he said. Software with poor security records should not be purchased, even if its upfront price is cheaper.

Finally, Spafford said government should rely more on active, academic researchers and less on industry leaders and retired military officials, who often have vested interests.

"The result is a skew in policy, a lack of vision of real constraints and long-term needs," he said. "I have been told by personnel in the executive branch that if academics knew anything worthwhile they'd demonstrate it by leaving the university and running a successful company."

-- Jonathan Krim
************************
Reuters
Senator Asks Permission to Bring Laptop to Work
Tue Jun 18, 6:43 PM ET

WASHINGTON (Reuters) - You can still find brass spittoons on the floor of the United States Senate, but don't look for personal computers -- they're not allowed in the historic chamber.


Sen. Mike Enzi found that out when he first showed up for work in 1997. The Wyoming Republican asked permission to bring his laptop computer onto the Senate floor, where votes and debate take place, but was told to check it at the door by the Senate Rules and Administration Committee.

Citing advances in technology and the need to stay informed, Enzi has asked the committee to reconsider.

In a letter to the committee released on Tuesday, Enzi said that lightweight "notebook" computers were now small enough that they would not damage the historic Senate furniture or interfere with its ambience, and would allow lawmakers to stay on top of the latest bills or amendments being considered.

Wireless networks could beam schedule changes and new bills to members right on the floor, the April 24 letter said, allowing senators to spend less time checking in with their offices and more time engaged in lofty debate.

Notebook computers allowed senators to stay on top of their work when they were shut out of their offices during last October's anthrax scares, Enzi said.

"If we could have then taken those notebook computers on the floor, we would have had access to all that information right at our fingertips as the Senate continued its legislative work," Enzi wrote.

Roughly 35 state legislatures use new computer technology in their chambers, Enzi said, saving millions of sheets of paper and freeing staffers from countless hours in front of the photocopier.

An Enzi spokesman said the chairman of the Rules and Administration Committee has agreed to reconsider the request, but has not yet scheduled a meeting.

Rules Committee staffers were not immediately available for comment.
******************
Government Executive
Airport security federalization plan ramps up
By Tanya N. Ballard
tballard@xxxxxxxxxxx

Assessment teams will arrive at airports across the country over the next two weeks as the Transportation Security Administration steps up its efforts to federalize airport security operations and meet a Dec. 31 deadline for screening checked baggage for explosives.


"There are a lot of steps to the process," TSA Deputy Undersecretary Stephen McHale said at a press conference Tuesday. "When we say an airport is federalized may be different from what the public's perception is."


During the past few months, TSA, which was created in the aftermath of the Sept. 11 attacks, has used Baltimore-Washington International Airport to study security operations, test explosive-detection equipment and train security managers. Using the information gleaned in that process, the agency has authorized Lockheed Martin to send teams to 120 airports by July 7 to assess how much space is available for new screening machines and to gauge how many are needed.


The first teams will report June 23 to 23 airports, including those in Erie, Pa.; Bangor, Maine; Richmond, Va.; Grand Forks, N.D; Palm Springs, Calif.; and South Bend, Ind.


"We now have the necessary tools to proceed," said TSA chief John Magaw. The first 23 teams will focus on reconfiguring airport passenger lines, adding new security technologies and supporting the transition from private baggage screeners to a workforce of federal screeners. Federal employees will begin screening baggage at airports in Louisville, Ky. and Mobile, Ala., next week.


TSA is recruiting screeners at John F. Kennedy International Airport in New York; Newark International Airport in New Jersey; Logan International Airport in Boston; and Bradley International Airport in Connecticut. According to McHale, TSA screeners will begin showing up at more checkpoints beginning in late July. Training new screeners takes five weeks.


"The local approach is to recruit screeners for each airport. Once they are hired, they will be trained," said Gale Rossides, TSA's associate undersecretary for training and quality assurance. "The training is a combination of classroom training with both practical exercises and final exams?. At the end they will get on-the-job training. It's an aggressive schedule?. We're confident we're going to get there."


Five airports will participate in a private security screening pilot program, to test the ability of contractors to achieve federal performance levels for screeners. TSA will soon begin soliciting bids from screening companies to participate in the two-year program.
********************
Associated Press
Senators Slam U.S. Agency on Lapses
Wed Jun 19, 3:12 AM ET
By PETE YOST, Associated Press Writer

WASHINGTON (AP) - The National Security Agency, which eavesdrops on communications around the world, is now being put on the spot along with the FBI ( news - web sites) and the CIA ( news - web sites) for its performance before the Sept. 11 terrorist attacks.

Senate Intelligence Committee chairman Bob Graham and Richard Shelby, the panel's top Republican, say all three agencies experienced intelligence lapses.

Until now, the focus has been on the CIA and the FBI.

"I think that in the best of worlds if information that was available had been seen by one set of human eyes or one group of human eyes, a pattern might have emerged that would have led to further intelligence activities," Graham, D-Fla., said Tuesday.

"There were lapses, in my judgment, in all three" agencies, Graham added.

Shelby, R-Ala., agreed, saying that if certain information collected by the NSA had been translated and disseminated, "perhaps that would have been very useful."

The senators' comments came after a daylong closed-door session with FBI Director Robert Mueller, CIA Director George Tenet and the NSA director, Lt. Gen. Michael V. Hayden.

All three faced a second day of questioning Wednesday before the joint inquiry of the House and Senate intelligence committees looking into the Sept. 11 attacks.

Graham said there were instances before Sept. 11 where "information that should have been communicated to law enforcement, intelligence agencies ... was not." Graham said information later found to have been important was not pursued initially, and that some raw information was not processed and analyzed.

Describing the atmosphere in the hearing room, Shelby joked that "there were no brawls." Shelby has been highly critical of Tenet.

In February, in response to a question from Shelby, the CIA director rejected the notion that there had been intelligence failures at the agency in the pre-Sept. 11 time frame. Last week, Shelby said Tenet had been "in denial, basically" in his February congressional appearance.

Graham said the FBI and CIA now appear to be doing a better job communicating with each other, citing their tracking last month of Jose Padilla, an American now in custody and suspected of plotting to detonate a radiological weapon or "dirty bomb."

Coordination was one of the problems before Sept. 11.

The CIA did not sound the alarm about two of the eventual hijackers until they were already in the United States. The agency in early 2001 had placed the two men at a meeting in January 2000 with an important al-Qaida operative.

The FBI has been criticized for headquarters' refusal to allow an aggressive investigation of Zacarias Moussaoui after he was arrested a month before the attack. Moussaoui now faces trial as a conspirator of the hijackers and Osama bin Laden ( news - web sites). And the FBI didn't follow through on a memo by an agent in Phoenix urging checks of U.S. flight schools before Sept. 11 to see if they were training suspected terrorists.

Graham and Shelby expressed confidence that the intelligence committees will have ample opportunity to help shape the intelligence functions in a new Homeland Security Department that the White House and the congressional leadership are intent on creating as soon as possible.

Several intelligence committee members have expressed reservations about moving so fast on the new department when the congressional inquiry is just in its initial stage.

Graham and Shelby said the intelligence component of the new department which will analyze intelligence provided by other agencies won't be assembled immediately, but will be put together over a period of many months after the department is formed.

"I agree with that" approach, said Graham.
*******************
Washington Post
The Internet Gets Serious
Security, Copyright Problems Must Be Resolved as the Medium Matures

By Jonathan Krim
Washington Post Staff Writer
Wednesday, June 19, 2002; Page H01


Maybe the Internet thrill isn't gone, but is that it over there pulling on its jacket and heading for the door?

The Net promised to let consumers read everything, hear everything, play anything. Any David with a computer could elbow aside the most gargantuan Goliath. No matter the question, the answer was yes, sure, it's possible, do it.

Today, the Internet is messy, dangerous ground. Viruses and system break-ins are on the rise, while vested interests battle over what isn't allowed.

Millions of corporate dollars are fueling a fight to control what consumers can view or listen to, how many times, in what format and over what type of connection. Lawyers are suing, lobbyists are lobbying and policymakers are grasping to figure out what role government should play.

Similarly, governments and industry are pouring millions into protecting computer systems and networks from attacks, whether they be by terrorists or simply mischievous hackers.

These two issues -- making computing safe and determining rights to digital content -- dominate the technology world, experts say. Left unsolved, they threaten to further stunt the development of a U.S. technology industry already hobbled by the bursting of the Internet stock bubble in 2000.

Other issues remain contentious and important to many consumers, such as balancing individual privacy against government surveillance needs, censorship, unwanted e-mail and how to create more competition for high-speed Internet access. Numerous bills continue to make the rounds on Capitol Hill on these issues, often without consensus.

But computer security and digital rights are so vexing because their solutions seek to protect technology from itself. How does one make computer systems secure from code writers whose goal is to defeat such security? And how does one protect digital content when technology, by its nature, encourages copying?

The challenge for policymakers is great. Not only are industries often at war, but even the engineers sometimes disagree on solutions.

Systems Under Siege
Take security. By any measure, attacks on computers are growing dramatically.

According to statistics compiled by the CERT Coordination Center of the Software Engineering Institute, a government contractor, the number of reported attacks of business and government computers worldwide has doubled each year since 2000. In the first quarter of this year, CERT logged 26,829 incidents, but experts say such voluntary reporting mechanisms underestimate the events.

A survey conducted by the Computer Security Institute and the FBI reported that losses from computer and virus outbreaks in a 12-month period spanning 2001 and 2002 totaled $49.97 million. Other company surveys pinpoint the number at $12 billion.

Exacerbating the problem is that the world is increasingly connected through a growing system of networks that are interdependent, thus enhancing their vulnerabilities.

At Microsoft Corp., safer computing has become so important that Chairman Bill Gates made it the company's top priority at the beginning of the year, above development of new features and services. He said the future of the company and the industry depends on it.

But Gates has a different view of how to best achieve computer security than others in the technology community.

Many security experts argue that the government should make greater use of "open source" software, in which the code of the system is available to be enhanced. Under this theory, if the code is exposed, potential flaws can be quickly discovered by the community of users who are in effect all working together. And the users of the system can make fixes to the software in the event of a problem.

Microsoft, a major supplier of software to the government, has argued that systems are more secure when the underlying code is kept private, accessible only by Microsoft engineers. The company has been lobbying federal agencies not to use some open-source software, based in part on security grounds.

Eugene Spafford, a security expert at Purdue University who does not share Microsoft's view, argues that governments at least need to more aggressively factor in security when making procurement decisions. The federal government is beginning to grapple with the issue, putting in place a certification program for testing hardware. The government is supposed to acquire systems only if they are in the pipeline for testing before July 1.

The government also is studying whether to create a separate Internet-like network for critical systems.

Copying or Theft?
The more public and noisy battle is over digital rights and the fundamental question of ownership of creative works. Nothing has been challenged more by the Internet.

Imagine if everyone could see, at the push of a button, what was in your music collection. And with another push of a button, you could share it. That was the idea behind Napster, the technology that turned the Internet into a giant database of digital songs that could be swapped among users, thus obviating the need for many people to go purchase music.

At its peak, Napster had 50 million registered users, and it helped drive up demand for high-speed Internet connections as people sought faster and faster downloads. But the music industry went to court and got the service shut down.

In the industry's view, anyone who copies music files without paying for them is a thief. The movie industry has taken the same view and is refusing to release most movies online until it can ensure that a user cannot copy the file and send it to a thousand of his friends.

To date, the entertainment industry has had Congress, and the courts, on its side. The Digital Millennium Copyright Act, passed in 1998, not only secures digital copyrights but also prohibits the publication of information on how to defeat technology that protects it.

Since Napster's demise, other services have sprung up and continue to flourish, prompting still more legal action by the Recording Industry Association of America and the Motion Picture Association of America.

More recently, the movie industry has been pushing legislation, sponsored by Sen. Ernest F. Hollings (D-S.C.), that would establish technical standards for preventing copying of digital videos. The industry already has been experimenting with DVDs that freeze computers if users attempt to copy the videos.

The bill has been sharply attacked by the technology industry, in what has been dubbed the copyright war between Silicon Valley and Hollywood. The tech industry says it agrees that copies should be paid for but wants any technological solution to develop in the marketplace, not from Congress. Many believe the bill stands little chance of passing in its current form.

In truth, the tech industry needs Napster-like services to jump-start demand for broadband access, which in turn would lead to purchases of new software and hardware.

Critics of the entertainment industry argue that it is simply clinging to a business model that is no longer viable and needs to adjust to new technologies.

By fiercely guarding against mass distribution of copyrighted work, the entertainment industry is failing to allow for "fair use" copying, such as putting a music file on an MP3 player so it can be played in a car, opponents say.

But the industry's problem may be deeper. Internet researchers say that many users, especially younger ones, simply don't care about copyright.

Lee Rainie, head of the Pew Internet and American Life Project, said that recent research shows more than 60 percent of respondents show no concern for digital rights.

"They are really into the peer-to-peer aspect, with no inhibition," Rainie said. "They are anxious to find what they want."

Copyright's Limits
Meanwhile, a group of legal academics and consumer activists has been fighting on another front, arguing that Congress's repeated extensions of copyright terms is unconstitutional. The group, led by Stanford University law professor Lawrence Lessig, won a stunning victory recently when the Supreme Court agreed to hear their challenge to the most recent extension.

Arguments are scheduled for October. If Lessig's team prevails, hundreds of copyrighted works, including Disney's Mickey Mouse, would become available in the public domain.

The purpose of copyright law, Lessig believes, is to spur innovation and creative work by providing short-term protection to the copyright holder. But protection in perpetuity defeats that purpose, preventing artistic works from springing from existing works.

So far, the entertainment industry's clout in Congress has been strong. But Rep. Rick Boucher (D-Va.) is among a handful of legislators who believe that the Digital Millennium Copyright Act needs to be amended to give more protection for fair-use rights.

"What we are now seeing in the policy sphere is . . . an effort on the part of the content community to exercise an unwarranted amount of control," Boucher says.

Others argue that the entertainment industry simply needs to find a business model that works in the digital environment.

"Everyone believes they are entitled to at least as much money as they made before," said Bill Raduchel, chief technology officer of AOL Time Warner Inc., which is in an especially tricky position as both an Internet company and a movie studio. "Everyone wants someone else to take the haircut."
***********************
Washington Post
The View From Hollywood
Compiled by Mike Musgrove

The Motion Picture Association of America has put together a short but far-reaching shopping list of software and piracy issues that it would like to see addressed by the information-technology and consumer-electronics industries. The MPAA and its member studios say that these three issues must be addressed if they are going to feel confident about releasing Hollywood content on digital TV or via broadband services.

PIRACY ISSUE: The broadcast flag
The least controversial of the digital copyright-protection issues at hand, the "broadcast flag," is an invisible digital file that would be attached to all digital television broadcasts. The flag could dictate under what conditions a home viewer could record, copy or retransmit a certain broadcast. Digital TVs and digital video recorders would have to be built to recognize this flag and obey it in order to prevent consumers from copying TV shows and putting them on the Internet.

What Hollywood thinks: Hollywood likes it and says a consensus has been reached on what shape this file will take-what hasn't been decided on is how exactly the flag should be used.

What consumer electronics makers think: Some consumer electronics companies are going along with proposed broadcast-flag technologies, but others fear that Hollywood will use the flag to prevent or inhibit consumers from using features they currently enjoy, such as making copies of their favorite shows or skipping through commercials.

PIRACY ISSUE: The Analog Hole
Hollywood wants to embed certain instructions in digital video files to prevent unauthorized copying. But these instructions cannot pass over analog connections, which carry only the images and sound of a broadcast.

What Hollywood thinks: In a "Content Protection Status Report" sent to Congress in April, the MPAA proposed that the analog hole be blocked by putting watermark-detecting software in all devices that perform analog to digital conversions.

What consumer electronics makers think: Consumer electronics makers point out at least three problems for digital watermark solutions:

1. Computer scientists believe that they can be easily circumvented.

2. By the time any such watermark requirement could become effective there will be hundreds of millions of digital devices that would ignore the watermark in consumer's hands, making the purchase of new devices undesirable.

3. Watermark detectors would increase the cost of all devices and slow performance.

PIRACY ISSUE: The peer-to-peer problem
Programs like Napster, built for exchanging files over the Internet, would be the toughest challenge to stop, as these programs use the Internet for the type of information-sharing that the Internet was designed to do. Napster was the most famous example of "peer to peer," though there are many other P-to-P programs, such as Morpheus or Gnutella, that are more decentralized than Napster and could be much more difficult to shut down by technical means.

What Hollywood thinks: For Hollywood, peer-to-peer is the great boogeyman. If peer-to-peer file sharing could be stopped, movie studios would have significantly less reason to be worried about the analog hole or the broadcast flag.

What consumer electronics makers think: The only technology offered against peer-to-peer file sharing is watermarking technology, which would embed an invisible copy of broadcast-flag-type copying rules in a song, movie or picture. But since watermarking technologies do not have a solid record against hackers, Silicon Valley is encouraging Hollywood to come up with competing, authorized services that would keep "honest people honest" rather than depend on technology for the solution to this problem.

As Will Poole, a vice president at Microsoft, testified to Congress last week: "the self-selecting nature of many P-to-P networks offers immense opportunities for business to quickly and inexpensively identify and exploit discrete consumer markets with great precision."
**********************
Washington Post
New Job, Newer Realities
'E-Government Czar' Assumed a Bigger Role After Sept. 11
By Renae Merle
Page H01

Three months before the Sept. 11 terrorist attacks, Mark Forman became the nation's first "e-government czar" -- a relatively low-profile and nebulous job that many in the technology industry regarded as chiefly responsible for helping federal agencies make better use of the Internet.

That changed after the attacks. National security concerns are now much more acute, and Forman finds himself increasingly at the forefront of the debate over how to balance the public's interest in accessing government services with the need to keep sensitive information off-limits.

The conflicting priorities have meant different things for Forman's various initiatives as associate director of the Office of Management and Budget for e-government and information technology.

Many e-government initiatives can now be framed as homeland security necessities and are being sped through the process. For example, the Federal Emergency Management Agency wants to create a central Web site accessible to state officials and the public in the event of a disaster.

Forman also has received support for projects that seek to better mesh communications and operations for various government agencies.

"People are beginning to realize that technology is an important part of running the government and they [the federal agencies] need to operate as a team to do that," said Forman, who previously served on the staff of the Senate Governmental Affairs Committee.

But while homeland security made some e-government projects a priority, it pushed others to the side. Forman's E-Government Task Force originally proposed 33 initiatives, but it trimmed them to 24 after the attacks. Put on hold, for example, was an initiative to create a portal for science and research.

"It's taken some things out of the limelight," Forman said.

The new emphasis has also raised questions about what information should be available. Since the attacks, several agencies, including the Energy Department and the Environmental Protection Agency, have stripped their Web sites of sensitive information. The Energy Department alone suppressed 9,000 documents from its Information Bridge service on the Web, including many scientific research papers making reference to "nuclear" or "chemical" or "storage."

In late September, the EPA, which gets more than 100 million hits a month on the Web, removed its Envirofacts database, which allowed residents to search for information about their neighborhoods, including finding gas stations, dry cleaners or power plants that have to report to the agency. It partially restored the database several days later, stripping out references to the government's plans for responding to spills at chemical plants.

"It contains enough sensitive information that we're still assessing whether to put it back," said Mike Flynn, deputy director of the agency's Office of Information Analysis and Access.

Security concerns also led the government to sharply reduce the number of people at the EPA who are permitted to change data on the Web site, from 1,300 to 300. It also hired a contractor to help monitor use of the site.

Someone trying to download the entire database of information on drinking-water supplies would set off an alarm, said Linda Travers, an administrator for the Office of Environmental Information.

"I don't want to be explicit about any of the tools we're using," Travers said. "That is the dynamic of this issue: How much do you share?"

The restrictions on information come as Americans are increasingly looking to the Internet for information. More than 68 million have used the Web sites of government agencies, up from 40 million two years ago, according to an April survey by the Pew Internet & American Life Project, a nonprofit research center. FirstGov, a portal connecting all federal agencies, saw its hits double after Sept. 11. In August of last year, the site counted 3.6 million hits; there were 6.2 million in September.

The heightened awareness of e-government initiatives has yet to translate into increased funding. Congress allocated only $5 million of the $20 million Forman requested for e-government initiatives this fiscal year. President Bush has requested an additional $45 million next year, but there are no guarantees, Forman said.

"There remains a lot to be done, of course," Forman said. "But we're at least all talking about the same thing now."
******************
Washington Post
'Ranger' Vs. the Movie Pirates
Software Is Studios' Latest Weapon in A Growing Battle
By Frank Ahrens
Page H01

Ranger is burrowing through the public parts of your computer, sniffing around, turning over bits of data, trying to find out if you've stolen a movie over the Internet.

Ranger is scouring the globe -- Web sites, chat rooms, newsgroups and peer-to-peer file-sharing sites -- spanning 60 countries, searching in English, Chinese and Korean. Ranger's work is helping to bust illegal movie sites in Iran, Taiwan and Hong Kong. Ranger is 24-7. Ranger is relentless.

Ranger is a piece of software that acts like an Internet search engine. It is the latest, most far-reaching weapon in the movie industry's constant and escalating battle against movie piracy.

Hollywood watched in horror as Napster corroded the music industry -- last year, worldwide revenue from CD sales dropped 7 percent as billions of songs were legally and illegally downloaded from the Internet. The movie studios -- led by their lobbying group, the Motion Picture Association of America -- is determined not to let that happen to them.

"We are trying to stem the tide as best as we can," said Jack Valenti, president of the MPAA. "I worry about the future."

Some say the studios are unfairly targeting them.

Internetmovies.com is suing the MPAA because Ranger tagged the Web site as a movie pirate last year, which prompted the company's Internet provider to cut off access. The owner of the Web site is positioning his suit as a David-vs.-Goliath struggle.

"They should be liable for their mistakes," said Michael Rossi, webmaster of Hawaii-based Internetmovies.com. "You can't just go around shutting people's businesses down."

From Goliath's point of view, the problem is simple: It is criminally and morally wrong, and economically damaging, for pirates to steal films and illegally copy and distribute them. It is the MPAA's duty to stop the pirates, the group believes.

The origin of movies circulating on the Internet varies. Some are advance copies of blockbusters, apparently stolen from studios or otherwise leaked to the public before they are shown in theaters. The copies are converted into digital files and put on the Internet, or resold in the form of illegal DVDs and videocassettes.

In other instances, people armed with video recorders will make their way into an early screening of a movie, say "Spider-Man." They will record the movie and turn it into a digital file. The quality is subpar, but that's not the point: The hunger that drives Internet movie piracy is the need to see a movie before everyone else does. "Spider-Man" and "Star Wars, Episode II: Attack of the Clones," for instance, appeared on the Internet within hours of their theatrical release.

Once a movie has been be unleashed on the Internet, it spreads like a virus via peer-to-peer file-sharing services. The downside: Unlike songs, which take only seconds or minutes to download, movies can take hours -- even days -- to transfer because the files must be large to accommodate moving color images as well as sound.

But Valenti and those in the movie industry know that the time barrier is becoming less of an issue as more people gain access to high-speed Internet connections. Now, consumers with broadband can download a feature-length film in about six hours. Within 18 months, Valenti fears, advances in technology will significantly reduce that time.

Even now, 400,000 to 600,000 movies are illegally downloaded worldwide each day, Valenti said, citing statistics from Viant, a technology consultant. "Remember, at the height of Napster, 3 billion songs a month were coming down," he said.

To keep that from happening, the movie industry turned two years ago to San Diego's Ranger Online Inc., a 50-person company that developed the Ranger software.

Ranger is the key element of the MPAA's overall anti-piracy effort, based in Encino, Calif., which takes a "substantial and growing amount of MPAA resources," said MPAA spokesman Richard Taylor, declining to quote figures. The MPAA recently expanded its pirate hunt to include China and South Korea; China because of the sheer population and South Korea because it has the largest penetration of high-speed Internet access of any Asian nation. The MPAA monitors piracy out of offices in Brussels, Hong Kong, Toronto and Mexico City.

The movie studios provide Ranger Online with a constantly updated list of 100 to 150 movie titles, typically those about to be released or just released. In other words, the ones that the industry stands the most to lose from if they're stolen.

If the movie is "It's a Wonderful Life" and "it's on 100,000 times a day in syndication," Valenti said, "we're not too worried about that."

Ranger takes the titles and, "like a bloodhound," Valenti said, sets out on the Internet, looking for those films on Web sites, in chat rooms, on peer-to-peer sites. It is an automated software, speeding across the Internet. When it finds a movie title, it marks the location, decides whether the movie is being used in a way that infringes on its copyright, then moves on. Jeremy Rasmussen, Ranger Online's chief technology executive and founder, won't disclose exactly how his software manages this, except to say: "The challenge is 'How do you cover a lot of area without having to visit every page?' That's part of the intelligent way we scan."

Ranger Online provides the data to the MPAA and prepares cease-and-desist letters. The MPAA reviews the data and decides which letters to send. Last year, the group sent 54,000 letters; this year, it is on pace to send 80,000 to 100,000. Typically, the letters are sent to the Internet service provider hosting a site or user that the MPAA has deemed to possess ill-gotten films. The ISPs take down the offending site 85 to 90 percent of the time, Valenti said. Ranger then checks back periodically on the offending site to make sure it hasn't begun pirating again.

If the letters don't work, then the MPAA may contact local authorities, asking them to seize computer servers storing the pirated films. MPAA action recently led to a server seizure in the Netherlands.

Ranger sells itself to the MPAA and other clients based on its global scope, speed and thorough analysis. But a recent suit questions Ranger's precision.

In April of last year, Internetmovies.com's Rossi got an e-mail from the MPAA and its 14 big studios accusing his site of illegally posting copyrighted material: "We have notified your ISP of the unlawful nature of this web site and have asked for its immediate removal," the e-mail read. The MPAA followed up with a certified letter and a phone call to the ISP. Rossi said his ISP dropped him. He was down for about three days, searching for a new provider.

From New Zealand, where he is attending a film festival, Rossi said he did nothing wrong. All he did, he said, was post links to film trailers already distributed by the studios. He said he never distributed copyrighted material. Rossi filed suit against the MPAA on April 25 of this year, seeking minimal damages.

"I'm not suing for millions of dollars or anything," he said. "It's just the principle of their behavior."

The MPAA stands by its actions, saying Rossi was "at the time, offering for distribution for members [of his Web site] copyrighted films," said Mark Litvack, the MPAA's director of worldwide legal affairs for anti-piracy.

But Rossi said he was unfairly targeted by the automated Ranger, which misinterpreted his site's function. Ranger's Rasmussen said the software's information is analyzed and interpreted by employees, who also scan the Internet themselves.

Rossi is unimpressed. "How can [the movie business] be a billion-dollar industry and be so ignorant?" he asked.
*********************
Washington Post
U.S. Firms Show More Interest in Phone Calls Via Internet
Issues of Competition, Regulation Loom Large
By Christopher Stern
Page H03



It began about six years ago as a geeky cyber-trick. But since then, using computers to make telephone calls over the Internet has become such a huge threat to some state-controlled telecommunications companies around the world that more than a dozen countries have banned the practice.

But elsewhere it has become big business. Analysts estimate that up to 8 percent of all international voice calls travel over the Internet. In hundreds, if not thousands, of Internet cafes around the globe, people line up to make calls that bypass local and long-distance telephone monopolies, creating huge savings for consumers.

Internet telephone service is projected to spread as more countries deregulate their telecommunications industries. In April, India dropped its ban on Internet telephone businesses as it opened its the market to competition. But others continue to block the technology. "In most countries the local phone company is still owned by the government. If people get around it, that could mean a real reduction in revenues," said telecom analyst Peter Jarich. In the United States, where telephone service is comparatively cheap, voice-over-the-Internet technology has been slower to take hold. Initially, the nation's major telephone companies resisted and even tried to block its deployment, but lately, many of the major regional telephone companies have embraced the technology in the hope of cutting costs and shaking off regulators who closely govern their business.

The changes have profound implications not only for competition in the telephone industry but also for people who live in rural or poor areas where telephone service is now heavily subsidized under current regulatory regimes.

Until recently, telephone traffic and data traffic traveled on separate networks. Now, the sound of a voice can be translated into bits of data that are mixed together with all the e-mail and Web downloads that are traveling around the world's fiber-optic networks.

The development provides huge savings to telephone companies and large businesses, which can now manage a single network that carries both voice and data. But it creates headaches for regulators, who have no way of separating the unregulated e-mail from the heavily regulated voice traffic.

Telephone companies say the answer to the problem is to allow voice traffic on the Internet to go unregulated.

"There should be the least amount of regulation possible. Zero would be great," said Pat Quinn, vice president for policy and law at Qwest Communications International Inc. That statement represents a regulatory U-turn for one of the largest and most dominant telephone companies.

Quinn worked for US West -- the local phone provider for 14 western states -- before it was acquired by Qwest. And it was US West that once asked the Federal Communications Commission to ban voice-over-the-Internet technology.

One of the reasons why many of the major local phone companies initially resisted the technology is that it opens the door to fledgling competitors. In theory at least, any Internet service provider could serve their customers with telephone service, just as Internet cafes are doing from Guatemala to Guam.

"I think this is a huge risk" for the regional phone powers, said Vik Grover, a telecommunications analyst for Kaufman Bros., a New York based investment firm that has helped finance some voice-over-the-Internet start-ups.

The move from circuit-based network to a software-based system has created opportunities for other players in the market, such as Net2Phone Inc., which allows users to make calls between computers or special Internet phones around the world.

Among Net2Phone's biggest investors is AT&T Corp. which plans to jump into head-to-head competition with the regional telecommunications companies to deliver local phone service.

Others have their eye on Internet telephone service as well. Microsoft's Windows XP software includes applications that allow people to hook up a handset to their computer and use it to talk via the Internet.

In recent hearings in U.S. District Court, in Washington, D.C., Texas-based SBC Communications Inc. lashed out a proposed antitrust settlement between Microsoft and the Bush administration, saying it would allow the Seattle-based software company to dominate the telecommunications market through its ubiquitous software.

"Unfettered by the proposed settlement, Microsoft can thus use its illegal operating system monopoly to become the literal communications gateway into and out of the American home or office," attorneys for SBC wrote in a brief filed with the court.

Cable companies are also keeping close tabs on the technology, hoping that it will allow them to compete with regional monopolies. Comcast Corp. President Brian L. Roberts often notes that the $20 million circuit switch that most telephone companies now use to route calls will soon be obsolete. He says the future is with routers made by companies such as Cisco Systems Inc. that can direct the same amount of telecommunications traffic for just $50,000. Before that happens, Roberts said, the technology needs further refinements so it can be deployed widely.

But some big companies aren't waiting. Eight months after September terrorist attacks destroyed the offices of Lehman Bros., the New York investment bank regrouped 5,000 employees in a new midtown Manhattan building with full-time bomb-sniffing dogs and a new Internet-based telephone system.

Both the dogs and the new telephone network are a reaction by Lehman to its experience on Sept. 11. The new communications system is less vulnerable to the disruptions and data logjams that shut down service in Manhattan for several days. If Lehman's offices are subject to another disaster, workers will be able to move to new locations while keeping their old phone numbers.

The calls will be rerouted by someone tapping on a keyboard, not by a technician in a hard hat with a truck full of tools.

Turning the sound of a voice into packets of data already has tinkerers dreaming about stunning new applications. One prediction is that technology will be combined with voice-recognition software that will allow for simultaneous translations of foreign languages.

But the migration of big companies such as Lehman Bros. to an unregulated Internet-based system represents a threat to a cornerstone of U.S. telecommunications policy, which is ubiquitous and cheap telephone service. Business customers and residential users in wealthy urban areas provide billions of dollars each year to the "universal service fund" that subsidizes users in poor and rural areas.

Just by avoiding payments to the universal service funds, some big companies could save as much as 10 percent off their total telephone bill, according to a report to Congress filed earlier this year by the General Accounting Office.

Although the FCC has been able to avoid any difficult decisions involving voice-over-the-Internet technology, the agency will ultimately have to tackle the issue.

Essentially, the FCC has two choices. It can classify the technology as an information service, which is the direction it is heading on regulation of high-speed Internet services. Information services are not subject to much regulation and would allow users to avoid paying in to the universal service fund.

Or the agency could declare that telephone conversations, whether they travel over the Internet or established voice networks, are a telecommunications service and therefore subject to all existing regulations and fees.

It is unlikely that the issue will come to a head soon, but if FCC Chairman Michael K. Powell takes up the issue, he may be forced to choose between his natural inclination to take a deregulatory path or supporting price subsidies that ensure lifeline telecommunications service is available to millions of Americans.
*********************
Washington Post
A Global Audience, a World of Worries?
Australian Court's Ruling in Libel Case Could Have a Chilling Effect on Web Publications
By Luba Vangelova
Page H06

SYDNEY -- Web publishers around the world are awaiting a decision in a libel case before Australia's highest court that could determine whether they will be required to adhere to widely differing foreign standards when stories are posted on the Internet.

At issue is how publication is defined in cyberspace: whether material is published when it is uploaded onto computer servers or when it is downloaded by readers.

The hearing in late May marked the culmination of Dow Jones & Co.'s attempts to move a defamation lawsuit from Melbourne to New Jersey. A prominent Melbourne businessman, Joseph Gutnick, sued the publisher over a Barron's article that he said linked him to a jailed money launderer. The article appeared in the magazine's print edition and on its Web site.

The suit was filed in Melbourne, where some of the Web site's readers reside. Gutnick's lawyers argued that this qualified the material as a local publication to which local libel rules should apply. Dow Jones disagreed and filed a motion to move the case to New Jersey, where its Web servers are located. When the motion was denied, Dow Jones appealed to the High Court of Australia.

The venue matters greatly because Australia, like many countries with no equivalent to the First Amendment, has stricter libel laws than the United States. Worried that a ruling in Gutnick's favor would expose them to a multitude of difficult-to-defend foreign libel suits, more than a dozen international media and Internet companies (including CNN, Yahoo and The Washington Post Co.) joined the case in support of Dow Jones.

Legal experts said the case could set an important international precedent because it is the first time a nation's highest court has been asked to define where publication takes places on the Internet for libel purposes. Judges in Britain, Canada, South Africa and other Commonwealth countries would probably look to this case when deciding similar cases.

The judge who denied Dow Jones's motion to move the case to the United States ruled that the Internet was fundamentally no different from other media. Therefore, the judge said, long-standing British and Australian common law -- stating that publication occurs where material is read and understood -- should hold.

Bret Walker, the lawyer representing the companies that intervened on Dow Jones's behalf, disagrees. Whereas print and broadcast material can be disseminated in a controlled fashion, "with the Web, what you publish can go anywhere and everywhere without you knowing where it's being received," he said.

An attorney for Dow Jones declined to comment on the proceedings.

If the judge's ruling stands and is applied elsewhere, some said it could lead to self-censorship. "If an American publisher publishes material about a foreigner, they would have to get legal advice in every jurisdiction where the subject might have a reputation," said Matthew Collins, a Melbourne lawyer and author of "The Law of Defamation and the Internet."

"It would be more likely the publisher would simply drop the story," Collins said.

Software designed to restrict site access in specific countries remains "imperfect," said Ian C. Ballon, a Palo Alto, Calif., lawyer and author of "E-Commerce and Internet Law." Resorting to such restrictive methods would be "unfortunate for the development of the Internet," he said.

Conversely, a ruling in Dow Jones's favor could lead to "forum shopping," where publishers would locate their Web servers in countries with the freest communication laws, said Belinda Thompson, a Melbourne-based defamation lawyer.

Legal experts said Dow Jones faces an uphill battle in persuading the conservative court to amend the traditionally understood place-of-publication rule. The court's final decision could take up to a year.
*********************
Washington Post
The Slippery Scope of Antitrust Law
By Leslie Walker
Page H01

Attempting to regulate antitrust in the age of convergence is like trying to grab jellyfish in the ocean: More and more companies are combining themselves into strange globs as they seek to compete in digital markets as murky as the sea.

That, however, hasn't stopped federal regulators from trying to get their hands around these squishy new creatures.

For the past year or so, the Justice Department has been conducting antitrust investigations into Internet joint ventures formed by market leaders in five industries -- music, movies, travel, bond trading and foreign-currency trading -- to make sure they aren't doing things online that would be considered anti-competitive if they took place offline.

"The Sherman Antitrust Act absolutely reaches into cyberspace. You can't have virtual smoke-filled rooms," said Mark Popofsky, a former Justice Department lawyer who represents clients in the targeted industries.

To exploit the Internet's potential to distribute goods digitally, companies in many industries have been joining forces to create new online ventures. The goals typically are to share costs and maximize their impact beyond what any single player could do alone.

But the same technology that allows for more efficient communication and selling online also makes it easier -- at least theoretically -- for rivals to engage in prohibited activities such as price fixing and excluding competitors from key markets.

Already, those left on the sidelines have complained to federal regulators that the leaders in their respective markets are unfairly trying to curb competition through Web sites they own jointly.

Those under investigation include Orbitz, the online travel agency formed by the five largest airlines in the United States; Pressplay and MusicNet, digital-music subscription services created by the five major record labels; Movielink, a digital-movie downloading service still under development by several Hollywood studios; FXall, an online currency-trading exchange owned by 17 of the world's largest banks; and online fixed-income investing services such as BondDesk.com, Bond Book and Market Axess, developed by groups of financial firms on Wall Street.

Gina Talamona, spokeswoman for the Justice Department, confirmed that the agency is investigating Internet joint ventures in all five industries but would not comment on specifics.

The antitrust heat has been so fierce that at least one Internet joint venture fell apart before it got off the ground: In April, News Corp.'s Fox Entertainment Group abruptly withdrew from a service it was planning with Walt Disney Co. to sell movies online, citing regulatory concerns as a key reason.

As federal lawyers issue requests for information to companies involved, Congress is starting to weigh in with its own concerns.

Rep. Cliff Stearns (R-Fla.), chairman of the House Energy and Commerce Committee's subcommittee on commerce, trade and consumer protection, said through a spokesman that he wants to hold a hearing to look into the issues involved, especially in travel and foreign-currency trading. No date has been set yet.

"I have been carefully following the development of supplier-owned online distribution networks," Stearns saidearlier this month.

Companies joining forces contend that their online consortiums will benefit consumers by making their businesses more efficient and creating cost savings that can be passed on to customers. Most are pursuing individual Web sites, too, some of which compete with their own joint ventures.

Orbitz contends it and other joint ventures are part of the Internet's inevitable march toward eliminating middlemen (think travel agents) who distribute goods in the non-digital world, because the computer network for the first time makes it more practical for producers of many goods (airline tickets, movies, music) to digitize and sell them electronically to consumers.

To do so, however, requires producers to explore entirely new business models. After all, many never sold directly to consumers before and lack experience at retailing. They find it inefficient to underwrite direct selling alone and have been merging, partnering and collaborating with rivals partly to share costs and also to aggregate content in ways that big retailers typically do and shoppers have come to expect.

Regulators are struggling to get their arms around these squishy new corporate entities. They're probing their governance rules, for instance, to make sure the joint ventures don't operate under inherently anti-competitive rules.

While the Justice Department is looking at supplier-owned online marketplaces today, the Federal Trade Commission two years ago took a look at similar buyer-owned exchanges formed to achieve efficiencies in procuring supplies online.

The FTC concluded that Covisint, a jointly owned Web site where automakers buy parts, did not violate antitrust laws. It gave Covisint a yellow light to operate with caution but said regulators would continue monitoring how the procurement exchange evolved.

Still, some companies excluded from such marketplaces are crying foul. A group of competing Internet ticketing agencies, for example, has complained that Orbitz requires its member airlines to give their lowest Web fares to Orbitz, a benefit not guaranteed to other travel sites. The Interactive Travel Services Association, which represents Expedia.com, Travelocity and other travel services, contends the requirement could cripple the competition that helped build the nascent Web travel market.

"What Orbitz is doing is illegal -- you have five horizontal competitors that are working together to control distribution," said Antonella Pianalto, ITSA's executive director. "We feel that is a violation of antitrust law."

At the urging of Congress, the Transportation Department recently formed a commission to probe these issues in the travel industry. William Maloney, executive vice president of the American Society of Travel Agents, told the commission last week that the airlines' Internet distribution policies are designed to induce people not to buy through travel agents.

"If the airlines succeed at their long-run goal," Maloney said in a prepared statement, "consumers will have less access to optimized comparative price and service information for air travel and will pay higher than necessary prices."

Orbitz retorts that the special Web fares are not exclusively available on Orbitz. The airlines are free, if they choose, to display them on rival Web sites as well. Orbitz Vice President Carol Jouzaitis said the requirement that member airlines display their lowest fares on Orbitz was extracted in exchange for Orbitz promising the airlines that it would steadily lower their transaction costs each year for the next decade.

Similar issues are arising elsewhere. In the online market for foreign-currency trading, federal lawyers are looking at a requirement the FXall exchange imposed on its founding banks that they not participate in rival online services. The Internet music market is more complicated because of rampant music piracy, which has made the record labels cautious about distributing their music online. Nonetheless, some independently owned Web sites have groused that the labels seem more interested in licensing music to their own sites than in offering the same or similar terms to independent Internet services.

Jonathan Potter, executive director of the Digital Media Association, said the era of digital content distribution opens up worrisome possibilities for the labels to control distribution more tightly and in ways they never could offline.

Imagine, he said, that Henry Ford had invented a steering wheel but licensed it only to manufacturers who agreed to make black cars, or ones that went only 45 mph. He fears similar scenarios might unfold as the labels enter direct music retailing through their own subscription services and negotiate licensing terms for resale of their music through other Web sites.

"If the intellectual property is broadly licensed, and the licensees compete against one another, consumers win," Potter said. "If the intellectual property is broadly licensed but the competitors are not permitted by terms of the license to compete, then consumers lose."
**********************
Federal Computer Week
Army cleaning up Web sites

The Army is working diligently to remove all potentially damaging data from its publicly accessible Web sites and recently found a new glitch that it is in the process of fixing, the service's director of information assurance said.

Col. Thaddeus Dmuchowski, director of information assurance in the Army's Chief Information Officer Office, said the service was "caught blindsided" when it first learned of more than 70 examples of publicly accessible Army Web sites containing "inappropriate information."

The examples were contained in a report released June 5 from the Defense Department's inspector general and the DOD's Joint Web Risk Assessment Cell.

After learning of the site problems in February when it saw a first draft of the report, the Army established its own Web Risk Assessment Cell and closed every hole identified in the report and even more outlined in the first quarter of this year, he said.

The latest problem, which was identified by the Army in the past week, involves "hidden" sites that are no longer visible to basic searches or indexes, but can still be found through more sophisticated digging. Dmuchowski likened it to a Microsoft Corp. PowerPoint presentation with hidden slides that may not be visible, but are still there.

The problem may have arisen as Webmasters were trying to clean sites and figured that if information was no longer visible, then the requirement was being met. However, that information is now being removed completely as it is found, he said.

The DOD IG report said that from June to August of last year, the joint cell identified 77 public Army sites that contained inappropriate information, including:

* Fourteen examples of operational plans.

* Four cases of personal information.

* Forty-eight instances of policies and procedures on military operations.

* Eleven documents marked for official use only.

Furthermore, in the first quarter of this year, the joint cell identified more than 370 potential problem sites, 174 of which needed remediation in one of seven categories:

* Sixty examples of force protection issues.

* Nineteen in communications.

* Seven in logistics.

* Sixty-two in personnel.

* Eleven in operations.

* Ten in critical infrastructure.

* Five in persistent cookies.

"When you look across the Army, that's not too bad," Dmuschoski said. He added that once problems are identified, it usually takes only a day or two to fix them, and the Army is now focused on "for official use only" as a search term.

Examples of inappropriate information found this year included:

* One post that had building and infrastructure diagrams down to the manhole locations available on a site.

* Pictures of soldiers and their families posted with names, base locations and other sensitive material available in the background.

* The Command and General Staff College (CGSC) posted learning materials, discussion papers and white papers with potentially sensitive data.

The CGSC has removed all the information in question and will be unveiling a new, secure Web site later this month with a different format and structuring "to list those kinds of discussions," he said.

Dmuchowski said the DOD joint cell submits a quarterly list of concerns for the Army to work through, but now the service also is going back in its own to examine command sites and other past problem areas.

"We're at the next level," he said. "We're being preventative as well as reactive. The report was bad, but we've come a long way in four months."
*********************
News.com
Start-up wants your help to fight spam
By Stefanie Olsen

After operating in stealth mode for nearly two-and-a-half years, San Mateo, Calif.-based Cloudmark on Wednesday is taking the wraps off a new spam-fighting tool, called SpamNet, which aims to use the power of the people to weed out unsolicited commercial e-mail.

Conceived by Napster co-founder Jordan Ritter and open-source developer Vipul Ved Prakash, the company is touting the benefits of democracy, networking and collaboration in the war against unscrupulous e-mail marketers.

The company does face challenges. It is charged with transforming a tool that's geared for a small Unix developer community into a product for the masses. It also must offer a system that's simple and effective to reach a critical mass. Finally, it must build in financial support for such a system.

Then there is the Internet itself, whose enormous strengths of openness, flexibility and redundancy have proven insurmountable foes for legions of companies that previously have marched off to vanquish the hordes of spam. Many, such as SpamCop and SpamKiller, already include tools to allow e-mail recipients to report spam to their Internet service providers, a form of democracy in action that has not proven terribly effective.

Technology pundits say most existing anti-spam solutions haven't been able to keep up with the rising flood of junk and the sophistication of marketers sending it. In this environment, Cloudmark is drawing attention for what some analysts call a new approach to the problem.

"What's exciting about Cloudmark is that it's a distributed response to a distributed problem," said Kevin Werbach, technology analyst at venture capital firm EDventure Holdings.

"There are so many spammers out there," he said, "that it's difficult to come up with sophisticated algorithms to catch all the spam and not catch all the e-mail. But if you harness the power of thousands or potentially millions of people on the network, then you can grow the response to the spam almost as fast as the spam itself is growing."

Despite repeated attempts to keep spam down to size, the enemy has proliferated: Internet researcher Jupiter estimates that consumers will receive 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.

If Cloudmark is not the first company to address the problem, its claims are among the boldest. Prakash drew inspiration for the company's name from the sci-fi novel "A Fire Upon The Deep," by a former computer-science professor, Vernor Vinge, who wrote about a router the size of a planet "that could filter spam," Prakash said.

In an interview, Prakash and company CEO Karl Jacob said Cloudmark's software solves the problem of identifying spam and quickly updating e-mail filters by harnessing the intelligence of the Web community at large.

Building on a foundation of trust
"It operates on a trust evaluation system; it evaluates the trustworthiness of the user's suggestion to identify a spam message," said Jacob, an investor in the company who recently left his job as CEO of advice site Keen.com. "It's based on how long they've been in the community, how many messages they've sent that were verified. The effect is it allows a democratic vote."

The software is based on Prakash's open-source software Razor, a collaborative spam-filtering system that sifts out about 5 million messages per day. The technology has about 5,000 "users," or Internet Protocol addresses linked to the community, with more than 60 midsize ISPs. SpamNet will count new users as individuals, however.

Cloudmark's solution requires a free plug-in that plays a minor role in the background of Microsoft's Outlook, the only e-mail client the product is currently available for. Consumers will see a new file folder on the left side of Outlook deemed for spam and a toolbar at the top for reporting spam or "revoking a spam decision." Every time someone receives a new message he considers spam, that person would report the message to the program by clicking the first button.

As the software stands now, it filters junk into the spam folder based on 2.5 million "signatures," or combinations of zeros and ones, which are used to identify a junk mail message. The underlying technology attaches a signature to each incoming message, and based on a consensus among users, it will mark a signature as spam in real time. So the more people who participate, the greater depth the database will have with additional marked signatures.

The signatures are unlike typical spam-fighting tools that are based on "rules" or filters built around spoken language, headers or IP addresses of commercial messages. Anti-spam software company Brightmail uses rules-based filtering, for example. But Jacob says that model doesn't work well because it depends on humans to constantly write new rules and technology that can slow as it compares too many rules to each incoming message. In contrast, Cloudmark uses algorithms to efficiently find similar numerals or signatures in the database without scanning the entire set.

A spokesman for Brightmail, one of the largest spam-filtering services, said the company filtered more than 10 billion e-mails and blocked 1.5 billion junks mails in the past 12 months. The company's rules-based system is constantly updated to avoid latency in scanning messages, he said, adding that the majority of rules are written automatically, with some exceptions for those particularly challenging spam attacks.

Cloudmark says it intends to always offer a free product to consumers, with eventual plans to sell a more advanced service. It also expects to license its technology to enterprise customers, of which it already has some beta customers.

If anything, the company has the angst of Web users on its side.

"A community effort against spam is not something we've seen before, at least not on the scale on what they're attempting to gather," said Ray Everett-Church, chief privacy officer at ePrivacy Group, a Philadelphia-based consultancy. "At least they've got a very fertile community who are sick of spam and who are willing to try something new if it will stop it."


**********************
Boston Globe
Wellesley-based search engine takes on Google
By Hiawatha Bray, Globe Staff, 6/19/2002

For millions of Internet users, the Google search engine is the fastest and most efficient way to search through billions of Web documents. But a Norwegian company with US headquarters in Wellesley is aiming to knock Google from its perch.

Fast Search & Transfer (FAST), based in Oslo, said its search service has indexed nearly 2.1 billion Web pages, compared to 2.07 billion for Google. That would make FAST the most comprehensive search service on the Internet, albeit by a slender margin.

Google officials counter that their search engine indexes a variety of Internet materials not offered by FAST, such as 700 million messages posted on the Usenet public bulletin board system. When all such documents are taken together, Google insists it's still out in front.

''While Google takes FAST and the rest of our competition very seriously, we also remain focused on building the world's best search engine,'' said David Krane, spokesman for Mountain View, Calif.-based Google.

Still, taking the lead in Web pages is a significant milestone, said John M. Lervik, the Norwegian computer scientist who cofounded FAST and serves as its chief executive.

''We have a larger size now, so we should be better at specific queries,'' Lervik said.

He admitted that FAST's edge is a slim one. ''It's not like we were 10 times bigger,'' he said. But Lervik said that, even so, FAST should attract a larger number of serious Internet researchers.

FAST is also betting that it will attract major companies and government agencies, which use search engine technologies to index their own vast internal databases. Indeed, these organizations are FAST's target customers.

Google's Web site, one of the most popular on the Internet, generates millions in revenues for that company through advertising sales. FAST's public Internet site, www.alltheweb.com, also carries some ads, but Lervik said they're only intended to help the site pay its expenses, not to make a significant profit. The goal of the site is to demonstrate FAST's search technology to corporate customers, in an effort to win them away from rival search software from Google and Inktomi Corp.

The Lycos search engine uses FAST search technology; so does IBM Corp.'s e-commerce Web site. But the biggest score of all could come later this month. Google provides the search engine technology used by the immensely popular Yahoo Web site, but Google's contract is about to expire. Google, FAST, and Inktomi are all in the running to win the business.

Danny Sullivan, editor of Search Engine Watch, thinks FAST is a long shot to win the Yahoo contract. But he adds that in the past year, FAST has become Google's biggest competitive threat.

''They have been a very good search engine since about the middle of last year,'' said Sullivan, citing a software upgrade that causes FAST to do a better job of delivering worthwhile search results, rather than a torrent of irrelevant Web pages.

The knack for finding relevent Web sites is exactly the feature that made Google so popular. Now, said Sullivan, FAST is nearly as good, and offers a bigger Web page index as well.

''What this does is position FAST to be the alternative choice'' to Google, he said.

Despite its Norwegian roots, FAST's biggest operation is in Wellesley, where the company runs its engineering operations. About 70 of FAST's 200 workers are in Wellesley. The others are in California, London, and Oslo.

FAST formerly ran its server computers from Waltham but has since moved its data centers to Foster City, Calif., and London.

Hiawatha Bray can be reached at bray@xxxxxxxxxx
***********************
Washington Post
Bush Signs Measure to Delay FCC Wireless Sales
Reuters
Wednesday, June 19, 2002; 9:52 AM

WASHINGTONPresident Bush signed legislation on Wednesday to delay indefinitely most of two government sales of wireless licenses, including one slated to begin on Thursday, yielding a victory for the mobile telephone industry.

The measure, approved by the U.S. House of Representatives and Senate on Tuesday, will allow the sale of a narrow slice of airwaves that are sought by rural mobile telephone carriers to go forward later this summer. The White House said Bush signed the measure on Wednesday.

The mobile telephone industry wanted the auctions delayed because it was not clear when the television broadcasters would give up the airwaves as they move to digital signals.

Carriers also argued that the delay would give the government time to draw up a plan to manage scarce spectrum resources.

But broadcasters like Paxson Communications (PAX.A) had wanted the auctions to go forward, because they could have negotiated profitable deals to clear the airwaves early with the new owners.

The airwaves at issue, in the 700 megahertz (MHz) band, are used by television broadcasters operating channels 52-69, but those stations do not have to give up their airwaves until 2007 at the earliest. The stations are supposed to turn over the airwaves as they move to digital signals.

The Federal Communications Commission had planned to begin selling the airwaves used by channels 52-59 on Thursday and the spectrum for channels 60-69 next January.

The measure signed into law removes the statutory deadlines for those sales to take place but requires the FCC to report to Congress within a year on when the auctions will take place as well as outline progress in the transition to digital television.

Additionally, the law gives the FCC the authority to decide when to holds its wireless auctions. Previous law had required the FCC to sell the airwaves for channels 52-59 by the end of September and airwaves for channels 60-69 were supposed to be sold almost two years ago.

The new law requires the FCC to sell 18 megahertz of spectrum that benefits rural mobile telephone carriers between Aug. 19 and Sept. 19 with the proceeds to be deposited by the year of the year.

Among those who have qualified for the sale to take place later this year are numerous small rural carriers as well as ventures backed by money manager Mario Gabelli and media mogul Paul Allen who owns cable company Charter Communications Inc.
***********************
USA Today
Cybersecurity panel looks at Net risks

ATLANTA (AP) At a town hall meeting on cybersecurity, experts warned that the risks of going online have become especially prevalent as hackers find new ways to poke holes in Internet security systems.

Tom Noonan, chief executive officer for Internet Security Systems, told the gathering Tuesday that logging onto the Internet is like entering a dangerous neighborhood. Risks include identity fraud and intellectual property and credit card theft.

"This is the first national security threat the government can't handle alone," said Noonan, one of five panelists in the meeting on the national strategy to secure the online infrastructure.

The meeting was the fourth in a series of nationwide meetings hosted by the President's Critical Infrastructure Protection Board, formed in October to address Web-related vulnerabilities within the federal government and the private sector. More than 25 national security officials are on the board.

"The critical infrastructure of this country may be the most vulnerable to cyber attack," said former Sen. Sam Nunn, a panelist. "This is a rather unique security challenge. There are no borders in cyberspace."

Howard Schmidt, vice chairman of the board and a panelist, emphasized the importance of providing education and training for mid-career professionals. He said only eight people received Ph.Ds last year in Internet security.

While most universities offer computer science degrees, they seldom have programs focused on Internet security, said Player Pate, spokesman for Atlanta-based Internet Security Systems.

Pate said many people don't know that when they log onto the Internet, they're open to attack even if they have anti-virus protection and a firewall. He recommends an anti-intrusion device.

"You're connecting to the Internet this pipeline," Pate said. "That is what attackers look for."

The panelists agreed that fighting cyberterrorism requires large corporations, the government, international governments, small businesses and consumers to work together.

"Waiting for disaster to happen is not a strategy," Nunn said.
*****************
New York Times
Disney Shifting to Linux for Film Animation
By STEVE LOHR

The Walt Disney Company, the doyen of animation studios, is joining Hollywood's embrace of a technological upstart the GNU Linux operating system.

Disney's animation division is announcing today that it plans to use Hewlett-Packard workstations and data-serving computers running Linux for digital animation work in the future.

The Disney move is the latest commitment by major studios and special-effects houses including DreamWorks SKG, Pixar Animation Studios, Industrial Light and Magic and Digital Domain to Linux, which is a variant of the Unix operating system that is distributed free and under terms that allow programmers to fine-tune the software.

Movie animation is a rarefied niche market for computer technology. The studios have deep pockets, legions of technical experts and plenty of financial incentive to get just the right look and detail in movies like "Shrek" and "Monsters Inc.," since the payoff for a box-office hit can be enormous.

Yet the advance of Linux into Hollywood is a sign that a technology once viewed as part of the counterculture of computing is moving steadily into the mainstream. "Hollywood is at the leading edge of computing, and it shows what Linux can do," said Martin Fink, general manager for Hewlett-Packard's Linux systems division.

At Disney, like other studios, machines running Linux typically take the place of computers running proprietary versions of Unix, like SGI's Irix software. Not only is the Linux software free, but it runs on low-cost personal computer technology, workstations and data-serving computers powered by Intel or Advanced Micro Devices microprocessors. "For us, it's a move to less-expensive commodity technology systems," said John Carey, vice president for Walt Disney Feature Animation.

In animation, Linux made its first inroads a few years ago on the clusters of server computers used in "rendering farms," which require huge amounts of processing to render a finished image of a creature or character as it appears on movie screens.

More recently, Linux has also been used on the workstations used by animators for drawing and modeling their creations, as the leading producers of animation software have tailored their applications to run on Linux. Alias-Wavefront tweaked its Maya program to run on Linux in March 2001, after it had been approached by animation studios and special-effects houses that wanted to use the Linux technology, according to Kevin Turesky, an engineering manager at Alias-Wavefront, a software subsidiary of SGI.

Linux tends to be portrayed as an archenemy of Microsoft and its Windows operating system. In the long run, the rise of an alternative like Linux will limit Microsoft's future growth and market dominance. But in the near term, as the Hollywood experience shows, Linux is gaining at the expense of proprietary versions of Unix.

"Historically, animation has been a Unix environment," said Al Gillen, an analyst at the International Data Corporation. "And what's happening in Hollywood is that another piece of the Unix market is moving into the Linux space."

Indeed, Mr. Carey observed that adopting Linux for part of its animation was part of its migration strategy to move away from its previous "homogeneous technology environment," revolving around SGI's Irix.

The Disney commitment is the second agreement in recent months for Hewlett-Packard systems running Linux in Hollywood. In January, Hewlett-Packard announced a three-year partnership with DreamWorks involving the purchase of Hewlett computers and some joint development of technology.

Hewlett-Packard, to be sure, has a heritage of doing business with Hollywood and Disney. The first product the founders William Hewlett and David Packard sold in 1938 was to Disney, an oscillator used to help produce the rich, textured soundtrack for the animated movie "Fantasia."
**********************
San Francisco Gate
Spam becoming more annoying
Some junk e-mail even uses virus to steal identities
Caroline E. Mayer, Ariana Eunjung Cha, Washington Post

The e-mail with the titillating subject line -- "funny sexy screensaver" -- arrived one recent afternoon in the computers of at least 100 politicians and businessmen. It claimed to be from R. James Woolsey, former director of the Central Intelligence Agency.

But Woolsey didn't send it. It was generated by a spam virus, the kind that hijacks someone's online account and sends out messages in the owner's name. "It was like a small version of identity theft," said Woolsey, now a partner with a Washington law firm.

Millions of e-mail users have been caught by this latest spam twist. They've either had their online identity stolen and used to send messages, or they have mistakenly opened messages that seemed to come from people they knew but turned out to be from, say, a sex hot line.

Electronic mailboxes were already being flooded with offers of weight-loss pills, sexual aids, travel coupons, low-interest mortgages and other solicitations. Now these fraudulent messages only add time and aggravation to e-mail reading, prompting many consumers to reconsider their reliance on e- mail.

"People will tell you e-mail has become the biggest burden in their online lives. There's a real frustration level there," said Jeffrey Cole, a UCLA professor who oversees a long-term study looking at the Internet's effects on society.

To avoid offensive mail, many users are simply deleting large batches of messages with a single stroke without reading them, even though mail they want could also be lost.

In a desperate attempt to control the flood of spam coming through their systems, more than a few corporate computer administrators have blocked e-mail from outside the United States because much bounced spam seems to be from foreign computers. That limits the spam, but it also limits the Internet's potential as a global communications medium.

Brightmail Inc. is one of the nation's largest antispam firms, hunting for the unsolicited and the unwanted through a network of decoy e-mail accounts designed to attract spam. The San Francisco company's researchers use those e- mail addresses to browse Web sites, read newsgroups, sign up for newsletters and do other things a regular user might do.

Brightmail has detected a 600 percent increase in spam. In April 2001, the network counted nearly 700,000 spam attacks, in which hundreds of versions of a message are sent to e-mail accounts worldwide in one shot. Twelve months later, Brightmail counted 4.3 million such attacks.

"Spam is outpacing the growth of e-mail," said Enrique Salem, president of Brightmail, whose filters are used by Internet service providers to block millions of unsolicited messages daily.

It's not just the number of unsolicited messages that is causing alarm, but also their content. "What most people are noticing is its aggressive nature. It's more adult-themed," with people constantly "trying to sell you something, " said America Online spokesman Nicholas Graham.

Often it's hard to tell, even after you open the message, whether the sales pitches are from legitimate firms or individuals or from questionable operations made to look like well-known firms or people the recipient knows.

One popular solution is setting up a filter or creating a mailbox that accepts mail only from predesignated addresses. At Hotmail.com, for instance, about 16 percent of customers have selected exclusive mailboxes that accept mail only from people in each user's electronic address book. But even this approach wouldn't necessarily protect them from fraudulent messages sent from a friend's address.

A step beyond that is to sign up for an Internet service that forces an unknown e-mail sender to go through handshake verification, a two-step challenge/response process based on the premise that a spamming program will not follow through. MailCircuit.com offers free e-mail accounts using this technology and provides a fuller service for $10 a year.

Disposable e-mail addresses can be turned off when spam becomes overwhelming. Customers of Spamex.com pay $10 annually for access to 500 disposable addresses. You can use several at a time, close them if they become inundated with spam and hop to a new address.

Special filters set up by Internet service providers like Yahoo and Hotmail can detect bulk e-mailings, to be rerouted to junk mail folders where they may be checked by the account-holders.

Sometimes these are blocked by an ISP and never arrive in the intended inbox. Last December, AOL bounced back early-admission notices from Harvard University that the filter had deemed to be junk.

Many of Woolsey's associates reported that the fraudulent message that bore his name got through their filters, but then the filters blocked the warning message Woolsey subsequently sent out because it had the word "porn" in it. "It was truly ironic," Woolsey said.
**********************
Mercury News
Israel a global pacesetter in high-tech security
BUT BIOTECHNOLOGY, LIFE SCIENCES ARE FIELDS ON THE HORIZON
By Dan Gillmor
Mercury News Technology Columnist

REHOVOT, Israel - When Israel orbited its Ofeq 5 spy satellite late last month, the payload's origin was no surprise to people familiar with the nation's technology scene.

For Elop Electro-Optics Industries, the company that designed and made the sophisticated but lightweight camera, it was business as usual.

I didn't get a look at this particular model on a visit to the company 10 days ago. The details are mostly secret. But I did get a glimpse into an industry in which Israel is a global pacesetter -- defense and security. A wary nation, surrounded by enemies for much of its half-century of independence, has turned self-protection into a way of life.

Such is Israel's high-tech security expertise that it's an exporter of defense technology. At Elbit Systems, the corporate parent of Elop Electro-Optics (or El-Op for short), roughly half of all sales are to other nations.

Elbit has some 5,000 employees including about 1,000 at its U.S. operations, including a facility in Silicon Valley. El-Op's areas of business include such technologies as infrared sensing, lasers, fancy displays and, of course, satellite cameras.

Infrared photography uses the heat emitted by physical objects to make pictures of them, so total darkness is irrelevant. Gabby Sarusi, El-Op's chief scientist, showed a startlingly clear image of an outdoor scene taken in 1998 by what was then a state-of-the-art camera. He has a better one from a more current camera, he said, but he's not allowed to show it.

About 40 percent of El-Op's employees are scientists and engineers, according to Sarusi, and almost 10 percent of revenue goes into research and development. The company has close ties, naturally, with the Israeli Defense Ministry and the national research institutions.

Most development is done in-house. On a tour, Sarusi pointed into a workshop where prototypes are made. If a scientist or engineer can imagine a design, he said, someone in the workshop can build it.

In another shop, workers are making lenses and other components for cameras. ``We are capable of designing some very sophisticated optics,'' Sarusi said in an understatement.

Many of El-Op's products, which include radar-like devices that help low-flying aircraft dodge ground obstacles, have obvious civilian spin-off potential. At the moment, in a world where security is a growth industry as never before, there seems to be plenty of business. Elbit has a two-year backlog.

Not far from El-Op's headquarters is one of the world's great research centers, the Weizmann Institute of Science. It's a nerve center for what many believe will be Israel's next leap in innovation and a core of its future economy: biotechnology and the life sciences.

Weizmann is also pushing hard in the area of ``technology transfer.'' There's a strong research focus, but there's also great interest in taking discoveries from the laboratory into the marketplace.

Weizmann is the home base for scientists such as Michal Schwartz, professor of neuroimmunology. Her insights -- in particular, the once-doubted recognition that the immune system can do positive things when it aims at the human host's own body -- are leading toward pathbreaking treatments.

Schwartz and her colleagues have developed a treatment for glaucoma, a condition that causes blindness. In effect, they tell the body it's facing a certain kind of invader, stimulating the immune system to stop the damage from getting worse. The potential is wider. Spinal cord injuries may someday respond to this kind of treatment.

Weizmann is also host to Irun Cohen, a professor of immunology who's trying to understand diabetes better. In the process, he's challenging the tendency to think of biological processes as discrete events. Many scientists today try to isolate various systems and reduce them to a set of underlying laws.

The mapping of the human genome, he says, is a fine idea. But treating it as a fantastic blueprint, he says, is missing a key point -- that we can't explain things by looking at the underlying elements of each separate system. We have to understand the multitude of systems in the body, and how they interact with each other. What looks like a lot of informational noise can often hold revealing patterns, he says.

Like other institutions of its kind, Weizmann has a technology-transfer program designed to commercialize the research and generate licensing revenues. Schwartz co-founded a company, Proneuron Biotechnologies, based on her research. She has remained at the institute, holding an advisory role with the company.

Cohen and colleagues from other departments at the institute are working on several information-technology based projects. One is a computer simulation of the immune system. Another is a microprocessor-based system to see how immune cells react to certain conditions.

Weizmann owns the intellectual property its scientists generate on campus, and licenses it to third parties. The original researchers get a cut of the revenues.

The institute doesn't say publicly how much it generates in licensing revenues each year. But Haim Garty, vice president for technology transfer, doesn't dispute (or confirm) a $50 million estimate in an Israeli publication. He does say that the bulk of the money goes back into the institute's basic-science mission.

BREAKING NETWORK BOTTLENECKS: It was a rare event, in several ways, when an Israeli technology company scored $80 million in new financing earlier this year. Not only was that a large amount for any technology company, but the company was in a business that has gone far out of favor.

Chiaro Networks, based in Jerusalem, may be onto something big. It has come up with optical-networking technology it says will relieve key bottlenecks on the Internet.

Founded in 1997 with $800,000 in seed capital, Chiaro has raised more than $200 million in all. It has about 285 employees, including 185 at the U.S. headquarters in Richardson, Texas, with 100 in Jerusalem.

Eyal Shekel, the company's founder, is careful not to predict too much, too soon. But he is quietly persuasive as he describes the technology that he believes will be a breakthrough in the networking arena.

The basic notion is that today's data routers, at least the ones at the core of networks, are not keeping up with the growth in traffic. Substituting optical switching for electronic switching helps solve the problem, Shekel says. Chiaro is eyeing the world's major telecommunications carriers as initial customers.

In a world of outsourcing, Chiaro is an exception. It designs and fabricates the microprocessors at the core of the devices, for example. You don't typically find chip making clean rooms in an office building, but Chiaro has one. ``We do it all ourselves,'' Shekel says.

LINUX RISING: Huge rounds of venture capital are the distinct exception, of course. Bootstrapping is back.

That's the case for Qlusters, a software start-up in Tel Aviv. Ofer Shoshan, the company's chief executive, even brags about how he's saving money with used computers and sub-let office space.

Qlusters is tweaking the Linux operating system to make it work more efficiently on large groups of computers that are running in tandem, working together to solve a single problem. This is known as clustering.

Shoshan's 15 colleagues include a well-known Linux expert, Moshe Bar, the company's chief technology officer. They already have customers, including a university in Italy, and they they're aiming at something that wasn't in favor during the Internet bubble -- near-term sales and profits.

``We have a small team, and a low burn rate,'' Shoshan says. ``And they get the work done.''
**********************
BBC
Pro-Islamic hackers join forces

There is mounting evidence that individual hacker groups connected by a pro-Islamic agenda are working together to carry out hack attacks, say experts.
Security firm mi2g says an alliance of anti-Israel, anti-US and anti-India groups are increasingly highlighting issues such as the Middle East conflict, the war on terrorism and the Kashmir stand-off as part of their destructive digital attacks.

At the height of the tensions between Pakistan and India over Kashmir in May, two groups (Unix Security Guards and World Fantabulous Defacers) carried out a total of 111 digital attacks on Indian educational and business sites.

Security firm mi2g said political and ideological motives were increasingly behind hack attacks.

Digital tensions

At a round table event in London to discuss the security threats in a post-11 September world, Chief Executive of mi2g, DK Matai, said hacktivism posed one of the biggest risks to business and government computer systems.

"Political motivation is an increasingly rising factor in digital attacks," he told delegates at the forum.

"The primary reason why web attacks are increasing is political tensions between Israel and Palestine, India and Pakistan and China and Taiwan."

New viruses decreasing

Israel has suffered a barrage of hack attacks since the start of the Palestinian uprising in September 2000.

An Egyptian hacker group has said it is behind the action. It began its activities shortly after 11 September.

Similar attacks happened during the Serbian conflict in 1999 when Nato and US Department of Defense networks were targeted by pro-Serbian hackers.

Despite the gloomy picture, the total number of new viruses has actually been decreasing since a peak in 1997, according to mi2g.

However, new viruses are causing more havoc because of the number of computers that are now networked together.

"When one catches a cold the entire global organisation catches it," said Mr Matai.
*************************
Government Computer News
The sky is not the limit for Internet, Cerf says
By William Jackson

Internet pioneer Vinton Cerf predicted an interplanetary Internet will be in place by the end of the decade, with communications satellites in orbit around Mars and linked with the Earth.

Cerf, speaking at the Internet Society's INET 2002 conference in Arlington, Va., this morning, said the network is not being designed because anyone thinks there is someone on Mars to use it. It would provide a uniform means of communication for space missions in our planetary neighborhood, much as the Internet does on Earth.

Cerf, a co-developer of the TCP/IP protocols on which the Internet is based, has a visiting professorship at NASA's Jet Propulsion Laboratory. Those protocols will not be adequate for deep space communications, he said.

"TCP/IP doesn't work when the round-trip time is 40 minutes to six hours," he said. TCP/IP would have to be terminated at the planet or space vehicle level. "The long-haul stuff is quite different" and resembles store-and-forward messaging, he said.

At a more down-to-earth level, a panel of speakers that included TCP/IP co-developer Robert Kahn of the Corporation for National Research Initiatives concluded that immediate challenges to the Internet are broadband and wireless access, managing intellectual property rights and development of policy at an international level that does not interfere with the network's functionality. Moving the Internet to the next version of the Internet Protocol, IP v. 6, is key for keeping the Internet functioning and growing, they said.

**************************
Government Executive
Defense authorization bill filled with tech provisions
By Molly M. Peterson, National Journal's Technology Daily

When the Senate considers its version of the fiscal 2003 defense authorization bill this week, it will consider several technology-related provisions that would promote military transformation and increase the private sector's role in homeland security.

"In the wake of the terrorist activities in 2001, an overwhelming number of technology developers have approached the Department of Defense, Office of Homeland Security and Congress with proposals for research or technology in support of the war on terrorism," the Senate Armed Services Committee noted last month in a report on the bill.

The Pentagon received more than 12,000 proposals last fall in response to its broad appeal for new technological ideas to combat terrorism. But Defense officials have yet to review or respond to many of those proposals, according to the committee.

The measure, S. 2514, would establish a panel within the Defense Department to review such proposals and recommend potential contractors to the undersecretary for acquisition, technology and logistics. The review panel would consist of technology experts from the Pentagon and military services, as well as the private and academic sectors.

The new panel would be part of an outreach program required under the bill, which would make it easier for small businesses and non-traditional defense contractors to work with the Pentagon. "This part of the industrial base can and should play a critical role in the development of technologies to fight terrorism at home and overseas," the committee said.

The legislation also would create a $50 million "technology transition" initiative to deliver new technologies to the battlefield more quickly. In the Senate committee report, bill authors noted their "longstanding concern about the [Defense] Department's ability to effectively and efficiently transition technologies out of the laboratory and into the hands of the war-fighter."

The bill calls for a new Technology Transition Council, which would include military acquisitions officials and technology industry leaders. It also would require each branch of the military to designate a senior official to serve as a technology transition advocate.

"Aggressive leadership and championing of new technologies from the highest levels of the department is necessary to overcome organizational and cultural barriers and affect real technological change," the committee wrote.

The legislation also would require the military services and several Defense agencies to improve their software-acquisition processes. "Many major defense acquisition programs are heavily reliant on the development of complex computer software," the committee said. "In a number of cases, mishandling of software acquisition has jeopardized an entire program."

The legislation calls for nearly $10.2 billion for Defense's science and technology programs, which would be a $170 million increase over President Bush's budget request. Those additional funds include $33 million to combat cyber warfare, in part through scholarship programs to train the "next generation of information security specialists."
*************************
Government Executive
Agencies seek industry input on e-gov plan
By Liza Porteus, National Journal's Technology Daily


The federal government is calling on the technology industry to help lay the foundation for the Bush administration's e-government plan.

The General Services Administration on Tuesday hosted an "industry day" to update companies on where the government is on its e-authentication project--one of the 24 e-government initiatives approved by the President's Management Council. The Office of Management and Budget and GSA are spearheading the initiatives.

The e-authentication project includes the development of a Web site that would provide a standard way of authenticating the identities of firms and individuals who conduct business with the government. Use of the gateway would be voluntary for agencies.

Government officials said citizens need to trust the government to put their interests first, particularly in the electronic age. "It's not just about building trust; it's about becoming citizen-centered as a government," said Mark Forman, OMB's associate director for information technology and e-government.

Forman said the Government Paperwork Elimination Act is helping the push toward Web-based government transactions. But the problem is that various agencies are signing separate contracts to put services online, resulting in a hodge-podge of technology systems. The process also costs more than using a single system to execute all similar transactions.

"It's not that we're not online. ... The question is, how smart are we as we bring this to bear for the public," Forman said, adding that e-authentication is just one part of the government's computer-security efforts.

But industry plays a vital role in the government's efforts, officials said.

"It's very important we don't embark on a path in a vacuum," said Steve Timchak, director of the e-authentication project at GSA.

Timchak said a request for information on potential next steps in the project will be issued "very soon." The government will look for industry input on acquisition, funding, interoperability and the privacy implications, among other things. Technology, privacy and policy are the "three legs" to e-authentication, Timchak said. "We have to move forward in concert" on the issues.

Although some groups have expressed concern that government could have too much information about private citizens it works with, David Temoshok stressed that the e-authentication gateway is not designed to issue identification credentials, collect personal information or maintain a repository of information. Temoshok, the public-key infrastructure policy manager for GSA, said the gateway will establish risk and assurance levels for multiple credentials.

Temoshok noted, however, that there is much more to putting government services online. He said the real issue is not whether the technology exists to execute the e-government initiatives but whether the government can gain the public's trust to efficiently and effectively conduct transactions while protecting privacy and allowing a free flow of information.

"This is a cultural change," he said. "This isn't low-hanging fruit here."
**********************
Computerworld
Airport security panel calls for IT overhaul
By DAN VERTON

A select group of IT industry executives based in Silicon Valley this week issued a series of recommendations for improving airport security that could amount to a massive IT overhaul of the nation's air transportation system.
The Blue Ribbon Task Force on Aviation Security and Technology, formed by U.S. Rep. Mike Honda (D-Calif.) and San Jose Mayor Ron Gonzales, issued a 35-page report Monday after 100 days of studying how to use existing information technologies to improve airline and airport security.

The task force's recommendations will be tested at 20 U.S. airports, which are expected to be named by the end of the summer. The recommendations that are found to be the most successful could be considered for deployment throughout the air transportation industry. That decision will be made by Transportation Secretary Norman Y. Mineta. Mineta is scheduled to meet with the task force tomorrow to discuss its final report.

The task force concluded that airport security can be improved through the installation of biometric identification systems to track airport employees and control access to aircraft, the use of Global Positioning System (GPS) devices to monitor vehicles traveling in secure airport areas, cockpit monitoring and access technologies, and enhanced communications networks that would enable airport security personnel to more effectively communicate and share information with one another and with law enforcement agencies.

"The report provides a blueprint or a road map by which the Transportation Security Administration, the Department of Transportation and the city of San Jose can bring about a more secure airport environment," said John Thompson, CEO of Cupertino, Calif.-based antivirus software vendor Symantec Corp. and chairman of the task force. The Norman Y. Mineta San Jose International Airport is one of the busiest of its size and offers a perfect model to test such security technologies, said Thompson. "The problems that this airport has to endure are the same kind of problems that every other airport endures," he said, adding that the task force deliberately avoided recommending specific products or vendors.

Beatriz Infante, CEO of San Jose-based Aspect Communications Corp. and chairwoman of the task force's technology subcommittee, said the report focuses on three areas: validating the identities, location and level of accessof airport workers; validating the integrity and security of the airport facility; and upgrading the airport's communications infrastructure to enable networking of security monitoring systems. Some of the recommendations may require the re-engineering of the physical facility, she said. For example, the San Jose airport recently closed 57 exits and entryways to enable more efficient monitoring of the ones that remain open, she said.

U.S. airports present security challenges on a massive scale, the report concludes. For example, airports are composed of multiple functional areas, such as passenger screening and baggage handling, each of which requires a different level of security. In addition, there aren't always access control points between these areas where workers from different companies can be screened and authenticated, the report states.

"Opportunities exist for unauthorized individuals to compromise the integrity of the work force through the use of false identification ... and 'piggybacking,' an entry process that allows for the possibility of an unauthorized employee to quickly move behind an authorized employee through a doorway entry," the report warns.

Bill Crowell, CEO of Santa Clara, Calif.-based Cylink Corp. and a task force member, said it's critical for airports to migrate their IT infrastructures to digital technology to solve these problems.

"Today, most of the airports have analog devices and sometimes an LAN. The cost of adding technology and keeping it fresh will be prohibitive unless the airports go digital," Crowell said, referring to the use of Ethernet network technology and Wi-Fi wireless systems that are protected by virtual private network technologies. "It will also facilitate using new sensors such as biometrics," Crowell added.

During task force meetings, Crowell said he consistently raised the issue of roles and responsibilities for airport security. According to the final report, there is little or no agreement among federal, local and airline authorities over who is in charge of overall security.

"Under these circumstances, there can be jurisdictional gaps, leading to security breakdowns and significant challenges in real-time coordination of activities during a crisis," according to the report.

"While all of them could describe the piece of the problem they worked on, there is a lot of overlap, some confusion and no one with responsibility for setting standards across all of the areas of responsibility," said Crowell, a former deputy director with the National Security Agency.

Thompson noted that "each airport is a personality unto itself" and that improved security will require a cooperative approach among federal, state and industry representatives. "To suggest that one group is more responsible than another is not the appropriate way to go about improving security at our nation's airports," he said.

Added Crowell, "Unless they convert [to digital] technology to facilitate and strengthen [information sharing and networking], security at airports is hopeless."
************************
Computerworld
Washington state to create digital archives

The Washington Secretary of State's Office yesterday broke ground on a building that will house the state's history recorded through e-mails and electronic documents.
Secretary of State Sam Reed said his research indicates that Washington is the first state government to establish digital archives in the country.

Although the state has done a good job maintaining and preserving paper documents, which are also transferred to microfilm, it has done nothing to ensure that its electronic records are stored for posterity, Reed said.

As a result, much of the state's heritage was slipping away because there was no way to record and archive its electronic history, including e-mail, government Web pages and government databases -- all of which are a matter of public record in the state.

According to Reed, most of the state's public agencies have already lost about 50% of their various electronic records, including e-mail from governors, key legislators and elected officials. In addition, Reed said, the state is also missing records of policy drafts that reveal the thinking behind current legislation.

Reed acknowledged that there's a debate raging in the state about what exactly qualifies as a public record, with much of the controversy centering on the archiving of e-mail.

The $14.3 million, 48,000 square-foot archive building is set to open its doors in the winter of 2004, and will be located on the Eastern Washington University campus in Cheney.

In 15 years it will have the capacity to hold 800TB-worth of government information, or 200 billion pages of text, Reed said. That same information stored as paper documents would fill 80 million standard archive boxes stacked 270 feet high and would run the length of a football field, he said.
**********************
Sydney Morning Herald
You can't send mail: a broadband user's plight





The Mail Abuse Prevention System (MAPS) has blocked several IPs on the Telstra broadband network, acccording to a posting at Whirlpool, a forum for Australian broadband users.

The site says Telstra customer Chris Kraus wrote in to complain that seven IP addresses he received on his ADSL service were blocked by MAPS, a non-profit California organisation which says its mission is to defend the Internet's email system from abuse by spammers. This meant Kraus could not send any mail.

MAPS maintains a database of servers which allow mail relays, or servers which are being used to send unsolicited commercial email (UCE, commonly known as spam). Common mail transfer agents like Sendmail, Exim, Postfix or Qmail can be configured to check incoming mail against the database and reject email coming from, or routed through, any servers listed in the database.

The Whirpool posting said in the past some Telstra IP addresses had been blacklisted as they were running open mail relays. It added that many customers on retail broadband connections ran their own mail servers, something which Telstra permits, due to the unreliability of Telstra's own mail servers.
***********************
Sydney Morning Herald
Census reveals PC, Net habits

Data from the 2001 Australian census shows that in the week preceding the count 7,881,983 people (42 percent) had used a personal computer at home. There were 2,663,168 people (14 percent) aged 0-19 years, 3,359,214 people (18 percent) aged 20-44 years, 1,628,051 people (8.7 percent) aged 45-64 years and 231,550 people (1.2 percent) aged 65 years and over.

The total number who had used the Internet in the week preceding the 2001 Census was 6,966,687. There were 1,018,463 people (5.4 percent) who had used the Internet at work only, 3,505,235 people (19 percent) at home only and 716,155 people (3.8 percent) elsewhere.

There were 1,726,834 people (9.2 percent) who provided a multiple response to the question of Internet use. There were 1,221,430 (6.5 percent) who had used the Internet at home and at work, 371,902 (2.0 percent) who had used the Internet at home and elsewhere, 32,783 (0.17 percent) who had used the Internet at work and elsewhere, and 100,719 (0.53 percent) who had used the Internet at home, work and elsewhere.

People were asked to indicate whether, in the week preceding the Census, they had used a personal computer at home and whether they had used the Internet at home, at work or elsewhere. Multiple responses could be given for use of the Internet. Comparative data is not available as these questions were not asked in the 1996 or 1991 Censuses.
***********************
Sydney Morning Herald
Tender lessons in the ways of government
By Angus Kidman
June 18 2002

When it comes to information technology, government is Australia's biggest spender. The most recent Australian Bureau of Statistics figures show that in the 1999-2000 financial year, federal, state and local governments spent $4.3 billion on IT, not including capital expenditure or education spending.

The government IT market is dominated by federal departments and agencies, responsible for 47 per cent of total expenditure. State governments accounted for another 45 per cent, while local councils made up just 8 per cent. Yet even that small piece of the pie is worth more than $200 million a year in potential business.

As the dominant customers for IT in Australia, government agencies should be able to exploit their immense buying power to ensure the best-value services are delivered to taxpayers.

Companies that sell to government agree that both departments and vendors are aware of the power of the government dollar.

"It's a very competitive sector," says John Grant, chief executive of listed IT company Data#3.

"Government, by its very nature, is chartered to spend its citizens' money wisely. Price is a clear criteria."

Tony Whigham, director of sales for Dimension Data, adds: "They can easily command contracts of $70 million or $80 million - bigger than most corporates. But economies of scale only go so far."

There is general agreement that government bodies have cast aside their reputation as being procedurally driven and have educated themselves to make intelligent technology choices. "They're pretty up to speed on the technology, and they have more resources (to do that) than commercial organisations of similar sizes," says Gregg Rowley, managing director for data security company eSign.

"We've got very mature and sophisticated buyers in government," says Lynette Clunies-Ross of IBM Australia.

"They're a lot more technology savvy."

Whigham agrees: "Government agencies buy as astutely as the commercial sector."

Government is viewed as leading private enterprise in some technology areas, especially business-to-business transactions and data security. There is also a common perception that government agencies are moving towards value considerations rather than simply seeking the cheapest deal.

"Value for money is more important than price as such," says Clunies-Ross.

However, the distinction is not always realised in practice.
***********************
Sydney Morning Herald
Paths clearing for wireless networks
By Sue Cant
June 18 2002

Within weeks, the regulatory clouds shadowing community wireless groups should clear. The Australian Communications Authority is working on a series of tests to allow such groups to operate legally without giving a free kick to commercial operators.

Earlier this year the Minister for Communications, IT and the Arts, Senator Richard Alston, requested his department work with the ACA to resolve the legal standing of community wireless groups effectively providing a public network.

Under the law, such a network requires a $10,000 carrier's licence unless it is not being used for commercial purposes.

Establishing whether such a network is being used for profit is difficult in the wild west of the wireless world.

But forcing potentially innovative users to pay when the philosophy is supposed to be about encouraging new entrants and open access is not the IT-savvy image government wants to project.

"We recognise hobbyists have some trepidation that we may come down hard on them," the ACA's head of telecom licensing, Paul White, says.

"We don't wish to prejudice the hobbyist but we don't wish to give commercial operators a free leg-up."

One of these groups, Melbourne Wireless, which represents thousands of wireless users in Australia and New Zealand, has been lobbying the Federal Government and the ACA for its position to be clarified.

"By preventing organisations such as Melbourne Wireless from establishing their own networks, the long-term interests of end users are being thwarted," the group says in a submission to a parliamentary inquiry into wireless broadband.

Melbourne Wireless president Steven Haigh says present broadband services are not equitable, accessible or affordable, and Melbourne Wireless's network will be free or low-cost.

In the ACA's submission to the inquiry, the regulator says that last December it was approached by Brismesh, a Brisbane group wanting to set up a wireless local area network. Brismesh was seeking advice on the issue of a carrier's licence.

"A requirement for a carrier licence in this instance would make such a proposal unworkable and deny the intended community any benefits that a low-cost broadband service could provide," the ACAsubmisson says.

To meet the concerns of users, the ACA is developing rules to bind wireless groups to a not-for-profit charter.

White says the groups will need to be assessed on a case-by-case basis.

While the regulator is still working on the tests, White says it is likely the ACA will seek information about the arrangements between the network providers and users and how funds are being used by the operators.

Meanwhile, in another submission to the parliamentary inquiry, telecommunications analyst Paul Budde says wireless will never be able to match the reliability, quality and robustness that fixed line offers.

Budde says investment is lacking to make wireless networks function beyond niche markets.

"Without massive government support, the development of wireless systems in most rural and regional areas in Australia will never happen," Budde says.

He says the government missed an opportunity to support such systems by "playing it safe" and selecting Telstra for two large-scale regional projects.

"The other contenders had developed unique wireless solutions that were seen by the government as too risky."

But Budde says the reality is that wireless is a niche market.
************************
Sydney Morning Herald
Hiccup, but new system will be ready on July 1
June 18 2002

The .au Domain Authority (auDA) has announced the new Australian domain system will begin operation on July 1, two weeks later than previously announced. AuDA chief executive Chris Disspain said the extension was to allow registrars to test their interface with the new registry and to ensure information was current. The new system will create competition between registrars of .au domain names and end Melbourne IT's monopoly on registering com.au names. It will also allow "generic" domain names, mostly dictionary words, and will bring into force a new code of conduct for domain-name resellers. Jenny Sinclair

SOFTWARE
Word is it's thumbs up for Sun's StarOffice Writer

US researchers have found experienced Microsoft Word users have little difficulty migrating to Sun Microsystems' cheaper StarOffice Writer word processor. In a study conducted by University of California computer useability researchers, a dozen veteran Word 2000 users found Writer 5.2 was overall as easy to use as the Microsoft software. Researchers Scott Lederer and Katherine Everitt found that although users felt more comfortable and satisfied with Word, there was no significant difference in the frustration users felt between the two applications. Although the dozen preferred Word before starting the test, by the end, their buying allegiance "was not significant one way or the other", the researchers found. But Writer still has some kinks to iron out: participants take twice as long to create tables than with Word, for example. Nathan Cochrane

www.sims.berkeley.edu/courses/is271/f01/projects/WordStar/finalReport.html

TELEVISION
US looks to halt home TV recording

The long-held right to "time-shift" - recording a television program while watching another - is set to disappear after US talks between Hollywood, Silicon Valley and Washington over the future of digital television (DTV). Following a meeting last week of the Broadcast Protection Discussion Group (BPDG), US Republican Congressman and chairman of the influential House Commerce Committee, W.J. "Billy" Tauzin, is reported to have said the US Government will legislate copy-protection over digital free-to-air transmissions if hardware makers and Hollywood couldn't resolve their differences. Set-top boxes and PC TV tuner cards will have to look for the "broadcast flag", which prohibits copying, transmitted with the US-standard ATSC digital signal. Australia uses a modified version of the worldwide DVB standard for digital broadcast, which will have similar limits placed on it by the DVB-copy protection working groups. In a letter of protest to Tauzin, consumer activist the Electronic Frontiers Foundation (EFF) warned that such moves would hinder DTV roll-out by making DTV a complex and expensive alternative to traditional analogue television. Nathan Cochrane
***********************
Wired News
Reporting Web Flaws Still Flawed
Associated Press



Print this

9:55 a.m. June 18, 2002 PDT
WASHINGTON -- A security bug was found in software used by millions of websites. Private experts alerted users and the FBI's computer security division.
Problem is, they didn't tell the maker of the software. Then they issued the wrong prescription for fixing the problem.

The incident Monday involving Apache's Web software shows that the system to insulate the Internet from attack -- a joint effort between the government and private companies -- is still a long way from perfect.

"It would be good if people would agree on some standards," said Chris Wysopal of AtStake, a Boston security firm. "People can't be put at risk like this again and again."

Internet Security Systems of Atlanta published a warning early Monday about vulnerabilities in Apache, which is used on about 60 percent of all Web servers. Many companies, including IBM and Oracle, create products that rely in part on Apache.

Now ISS is under fire for breaking informal industry agreements by rushing out the warning and a partial fix before coordinating with Apache developers.

The issue reveals infighting and hasty decisions that have become common in the computer security industry. Experts say the effect is to confuse users and possibly cause even more security problems.

Several third-party groups are designed to coordinate computer security information. But there may be too many. ISS and the Apache developers chose different ones, and never coordinated with each other.

ISS researcher Chris Rouland said the company talked to the National Infrastructure Protection Center, part of the FBI. Apache developer Mark Cox said his group spoke with researchers at the CERT Coordination Center, based at Carnegie Mellon University in Pittsburgh and partially funded by the Defense Department.

Spokesman Bill Pollak said CERT does share information with NIPC, but would give no specific details on the Apache hole. A spokeswoman for NIPC had no comment.

The Bush administration has called for the consolidation of government computer security groups under the proposed Homeland Security Department, and Bush advisers have admonished the technology community to share more information with government to protect consumers.

Rouland said ISS was rushing to beat hackers to the punch.

"We didn't set out to burn Apache," Rouland said. "We want to make sure we notify our customers appropriately."

Rouland said he didn't notify the developers of Apache because they aren't a formal company. Apache is open-source, meaning that the software and its blueprints are free and managed by programmers who coordinate its evolution.

Complicating the matter, Rouland said he didn't trust Cox, who along with his Apache duties is the senior director of engineering at Red Hat Software, which distributes the Linux operating system. Rouland accused Red Hat of taking credit for earlier ISS research.

Cox said he already knew about the hole from a different researcher, and that the ISS fix doesn't repair the entire problem.

"If ISS had told us before going public, we could have told them their patch was insufficient," Cox said. "The fact that they didn't has caused some problems."
*********************
Wired News
Bush Wants to Ban Spy Plane Tech
By Noah Shachtman

As part of its fight against terrorism, the Bush administration wants to block the export of technology you can find at your local camping store.

In a testimony this week, a senior State Department official, Vann Van Diepen, told a Senate subcommittee that unmanned aerial vehicles, or UAVs -- the robotic spy planes used to spy on al-Qaida hideouts in Afghanistan -- could be modified by evildoers to deliver a biological, chemical, or nuclear attack against the United States. So the administration is pushing to change the international agreement that controls the sale of ballistic missiles to make sure UAV technologies are included.


But this approach is full of holes, according to national security experts, beginning with the fact that UAVs and their components are available everywhere. Even in the mall.

"You can get one of the GPS navigators you find at the camping store and use it to guide a UAV, if you know your stuff," said one administration official.

In fact, most UAVs, especially the lower-end ones, are deliberately built with off-the-shelf parts, so that national secrets won't be spilled when the drones are shot down in enemy territory. For example, the Global Hawk, one of the most advanced UAVs in the U.S. military, uses a Rolls-Royce turbofan engine found in many executive jets.

Both India and Pakistan have deployed UAVs during their most recent flare-up of hostilities. Japan and South Korea use the robot planes to dust crops. And Iraq is believed to be converting a Czech training plane into a UAV, said Dennis Gormley, a defense consultant who testified this week before the Senate governmental affairs subcommittee on international security, proliferation and federal Services. He said there are 40 nations with UAVs in their arsenals.

"UAV technology -- most of it is everywhere. So how do you restrict UAVs without restricting regular airplanes?" asked a Senate committee insider.

But the better question, to many experts, is why bad guys would even bother building the robot planes, when they've repeatedly had success with no-tech terrorism?

"These are not James Bond movie villains, imagining the most complex means to an end," said John Pike, director of Globalsecurity.org. "They look for the simplest plan."

"The harsh fact is that practically anything -- from automobiles to box cutters -- could be used as a weapon of terror," Steven Aftergood, of the Federation of American Scientists, said in an e-mail.

The focus on high-tech terror weapons is part of a major, but largely unnoticed, switch in U.S. national security policy, Pike said, from defending against "probable" threats to defending against "describable" threats, regardless of their likelihood. This shift, begun early in the Bush administration, has only accelerated since Sept. 11.

"The attitude now is, 'these (terrorists) could do anything. So anything we can think of, they can do,'" Pike said.

This outlook actually detracts from national defense, turning focus away from small, manageable, no-tech measures that could prevent terrorist attacks, Pike said.

"We know a small amount of concrete, strategically placed, makes it extremely hard to car bomb a building, a tried-and-true terrorist tactic," Pike said. But there hasn't been a concentrated push to set up these barriers around federal buildings.

The administration's plan for keeping UAVs out of the hands of foes is to expand and update nonproliferation agreements like the 33-nation Missile Technology Control Regime, to make sure the latest drone technologies are covered. (Many of the best-known UAVs, like the Global Hawk, and their associated technologies, already are.)
************************
News.com
States: Sharing code is top antitrust fix
By Reuters
June 19, 2002, 11:35 AM PT

Nine states seeking stiff antitrust sanctions against Microsoft told a judge Wednesday that disclosure of key pieces of computer code that allow rival software to work with the Windows operating system was their most important demand.
"If you forced us to articulate the single highest priority--that's it," states' attorney Steve Kuney told U.S. District Judge Colleen Kollar-Kotelly at the start of final arguments over the best remedy in the 4-year-old case.

Kuney said the sanctions sought by the states would force Microsoft to behave "more like a company facing competition and less like a firm existing in a comfortable monopoly."


The nine states, including California, Connecticut, Iowa and Massachusetts, have refused to sign a settlement of the case reached in November between Microsoft and the U.S. Justice Department and endorsed by nine other states.

Microsoft is scheduled to present its arguments against the dissenting states' proposal later Wednesday.

Kollar-Kotelly issued an order late Tuesday telling both sides to come to court prepared to answer questions on how their proposals could be modified if she were to reject their respective remedies as written.

Her order suggests she is open to some hybrid of the two positions.

Microsoft and the non-settling states are attempting to tie together 32 days of testimony between March and May--including an appearance by Microsoft Chairman Bill Gates.

The dissenting states put disclosure of technical information at the top of their wish list, just ahead of their demand that Microsoft offer a version of Windows in which add-on features like Internet Explorer and the media player could be replaced by competitors' software.

Absent from the states' preferred sanctions was a previous demand for uniform licensing terms and pricing for Windows.

Microsoft has argued that the states demands go way beyond addressing the antitrust violations it actually committed and would harm consumers and the entire computer industry.

But Kuney told Kollar-Kotelly that Gates' testimony, in particular, amounted to the notion that monopoly was the preferred form of economic organization.

"Somehow they know better than anyone else what's best for this PC ecosystem. What's good for Microsoft is therefore good for the economy, good for consumers and good for everybody else," Kuney said.

"Congress has made the judgment that competition is the preferred form of industrial organization," he added. "That's not a topic that's open to debate."

Kuney also cited Supreme Court rulings that allowed aggressive antitrust sanctions that went beyond specific wrongdoing.

Last June, a federal appeals court upheld trial court findings that Microsoft illegally maintained its Windows monopoly in personal computer operating systems by acts that included commingling Web browser code with Windows to fend off Netscape's rival browser.

The appellate judges rejected breaking the company in two to prevent future antitrust violations but sent the case to a new judge, Kollar-Kotelly, to consider the best remedy.

Microsoft has argued that the restrictions being sought by the states would benefit rivals like AOL Time Warner and Sun Microsystems and would deprive consumers of a reliable platform for software.

Under the Justice Department settlement, Microsoft would be required to let computer makers hide desktop icons for some features of its Windows operating system to allow the promotion of competing software by computer makers.

The hold-out states say stricter sanctions are needed to protect new technologies such as Internet services and handheld computers from any anti-competitive tactics.
************************
News.com
The FBI's cybercrime battle
By Margaret Kane
Staff Writer, CNET News.com
June 19, 2002, 10:10 AM PT



newsmakers The FBI was able to nail John Dillinger, but how well would it stack up against uber-hacker Kevin Mitnick?
Probably not well. Sharply criticized for its lack of technical know-how, the FBI has taken a pounding after recent reports disclosed that glitches in the agency's Carnivore online surveillance technology may have hindered investigations into terrorism threats.

Agents have increasingly complained that the Bureau's outdated technology has hampered their ability to analyze other threats. But with the nation's law enforcement agencies turning their attention to the so-called war on terrorism, the FBI is getting an upgrade.



A recent reorganization placed fighting cybercrime at the top of the Bureau's priorities. The job of meeting that challenge falls to Assistant Director Larry Mefford, who heads the Bureau's new Cyber Division. Mefford, who previously worked in counterterrorism security planning at the Los Angeles, Atlanta and Salt Lake City Olympics, served as the Bureau's special agent in charge of the San Francisco office, where he oversaw all operations, including terrorism and cybercrime programs.

CNET News.com recently talked with Mefford about his division's role in the new FBI structure, cybercrime, and the wider war against terror.

Q: Let's talk about your new role. What is the Cyber Division's mission? What areas is it taking on?
A: The director (FBI chief Robert Mueller) created the Cyber Division in order to consolidate a historically fragmented approach to cybercrime. It brings together all of the FBI's responsibilities to conduct investigations of criminal activity that occur over the Internet or involve computers or networks. It's the full gamut of what we refer to as cybercrimes--everything from hacking and (denial-of-service attacks) to Internet fraud, theft of identity, and theft of intellectual property. What we're really looking at are those crimes where computers or networks are either the tools or the targets of activity.

How big is the department?
A lot depends on homeland security. We're still in the process of defining everything, but we're looking at a figure of hundreds at the start-up stage. We'll grow from there.

How will it be managed?

Most of these criminal investigations will be operated out of field offices around the country. Major intrusion cases are likely to be managed directly from headquarters. That's a big change for us. Historically, field offices have run cases. This is similar to the concept (being put in place for) terrorism cases. We'll have a similar approach on major cyberattacks. If we have another (denial-of-service attack), that's likely to be directed from headquarters. But intellectual property, fraud, child porn cases will still be managed at FBI offices around the country. Our role at the Cyber Division will be to provide support and make sure they're successful. We'll be helping them connect the dots, as they say now.

Your division and appointment were announced back in April. Last month, the Bureau announced a major overhaul, and cybersecurity was listed as the No. 3 priority. How does that affect what you're doing? Clearly, being prioritized to that degree affects us significantly. We're in the process of creating this division from scratch. Historically, the responsibilities to address some of the activity we're talking about were fragmented among many different management units. It was difficult for the community and the private sector to interface with us as an organization (because you) had to go to various points. Clearly, 9/11 had an impact on our reorganization, and one area was an initiative to improve the efficiency of operations.

We also have a function to provide protection against counterintelligence and terrorism threats against the U.S. If there were a foreign government attack or a terrorist attack against computer networks, the Cyber Division would have a role in investigating or supporting other FBI entities that have a primary role in (investigating those crimes). We would help the terrorism guys and the people doing counterintelligence or espionage.

And how is that working out in terms of your focus?
The vast majority of our effort is focused on illegal criminal activity. In the past, it was very difficult to find any quantifiable data on the extent of the activity. As part of the Cyber Division, we've incorporated the FBI's Internet Fraud Complaint Center (part of the National White Collar Crime Center), which serves as a conduit to solicit complaints regarding Internet crime. It started (looking at) fraud, and we're going to expand to other types of crime. That data will be analyzed and distributed to the FBI and to local authorities.

The focus there has been on Internet fraud and thefts facilitated by the Internet. We'll be looking at intellectual property violations, economic espionage, theft of trade secrets, and also technology-related crimes, such as counterfeiting of software. As we gear up operations and gain more expertise in the future, we'll be able to do a better job in providing service to the U.S. public.

How important is industry input, both in preventing crime and solving crime?
The relationship with the private sector in the technology arena is critical for us as an agency. It's very difficult for us--because of expenses and other issues--to stay up with the technology. We need to link arms and join forces with private industry, so we can use their expertise and capability for the benefit of the American public, if we can.

Can you talk about your progress in realizing that plan?

We're in the process of creating cybercrime squads throughout the U.S. in FBI field offices. In this calendar year, we'd like to create 20 of these squads and concurrently, form cyber task forces, modeled after terrorism task forces, where we join forces with local law enforcement agencies, private industry and occasionally academia, to attack cybercrime. We're allowed to leverage our capabilities and, at the same time, more efficiently spend training money.

These will be permanent task forces assigned to different regions throughout the country to focus on cyber-related criminal activity as well as terrorism. If we have evidence of a national security issue, these squads that we're trying to form will assist other FBI entities in mitigating and preventing those types of attacks. In the area of criminal activity, what we hope to do is provide enhanced prosecution and work closer with different U.S. attorneys' offices across the country.

In the past, many companies have been reluctant to come forward when they were hacked. Has that attitude changed? How do you persuade people to bring things out in the open?
We have a system in place. Today, the National Infrastructure Protection Center has responsibility inside the FBI for handling all the computer-intrusion cases. It's part of the Cyber Division. We've created internal safeguards to protect companies. Let's say a company comes forward and they have sensitive data they want to share, but they don't want to seek prosecution; they can do that. All the protocols created at NIPC will stay in the Cyber Division.

The White House has proposed moving the NIPC to the new Department of Homeland Security.
We're working with the administration to make an orderly transfer of the NIPC to the new agency. If Congress creates enabling legislation, we will make sure NIPC info is efficiently transferred to the new agency, and the FBI will provide people on a detail basis. NIPC handles only intrusion cases. As for other cybercrime, the new agency will not have any other impact.

Can you give some examples of how technology helps you fight crime?
Certainly, analytical tools allow us to conduct the analysis and intelligence far better than we have before...In the area of technical tools, for example, we're looking at undercover operations the FBI has been operating for years wherein individuals preying on children (online) can be identified. We're looking at techniques to identify them at an early stage.

How much of a priority is cracking down on criminal copyright violations? What areas are the most likely targets--music, movies, books?
That's a challenging and complicated issue, but the fundamental fact is that intellectual property rights will be a high priority. The U.S. business community needs that information to compete worldwide. If you have technology stolen or pirated and a competitor or criminal can replicate software, for instance, at very little charge, the American public and U.S. companies deserve the protection.

One of the things we're doing is enhancing our participation with customers at the (intellectual property rights) center as a focal point to receive complaints regarding those types of violations. We're going to look at doing more aggressive undercover operations in the area of counterfeiting software. We can improve our capability to prosecute criminals. Unfortunately, many are overseas. So one thing we'll do is work very closely with certain federal governments and develop ongoing relationships with certain foreign police agencies.

What about software counterfeiting?
Clearly, illegal counterfeiting of software is a problem. (Organizations that do that are) not only negatively affecting the marketplace. Even though the public may get products at a lower price, the reliability is suspect, and the warranty is suspect. We think we can help protect the public by joining forces with other agencies, like Customs, and working to help avoid counterfeiting of software.

What about piracy of music and movies?
We need to look at that. There are a lot of challenges based on the fact that (technology) is creating completely new concepts in the legal field. We're working with the Justice Department at the U.S. attorneys' offices across country.

**************************
House Judiciary Approves Ban on Computer Generated Child Pornography

House Judiciary Committee passed H.R. 4623, Child Obscenity and Pornography Prevention Act of 2002.
For the bill HR 4623, see http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h4623ih.txt.pdf

For the Supreme Court Decision on April 16, 2002, which struck down the Child Pornography Prevention Act, see http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=search&court=US&case=/us/000/00%2D795.html
*************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx