[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips June 19, 2002 (Series of Wash. Post Articles on Piracy)
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, Charlie Oriez <coriez@xxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;
- Subject: Clips June 19, 2002 (Series of Wash. Post Articles on Piracy)
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 19 Jun 2002 16:09:24 -0400
Clips June 19, 2002
ARTICLES
Security Guard
Senator Asks Permission to Bring Laptop to Work
Airport security federalization plan ramps up
Senators Slam U.S. Agency (NSA) on Lapses
The Internet Gets Serious
The View From Hollywood
New Job, Newer Realities
'Ranger' Vs. the Movie Pirates
U.S. Firms Show More Interest in Phone Calls Via Internet
A Global Audience, a World of Worries?
The Slippery Scope of Antitrust Law
Army cleaning up Web sites
Start-up wants your help to fight spam
Wellesley-based search engine takes on Google
Bush Signs Measure to Delay FCC Wireless Sales
Cybersecurity panel looks at Net risks
Disney Shifting to Linux for Film Animation
Spam becoming more annoying
Israel a global pacesetter in high-tech security
The sky is not the limit for Internet, Cerf says
Defense authorization bill filled with tech provisions
Agencies seek industry input on e-gov plan
Airport security panel calls for IT overhaul
Washington state to create digital archives
You can't send mail: a broadband user's plight
Census reveals PC, Net habits
Tender lessons in the ways of government (Australia)
Paths clearing for wireless networks (Australia)
Hiccup, but new system will be ready on July 1
Bush Wants to Ban Spy Plane Tech
House Judiciary Approves Ban on Computer Generated Child Pornography
*****************************
Washington Post
Security Guard
Page H05
Purdue University Prof. Eugene H. Spafford lives and breathes the daily
struggle to protect computer systems. But in these increasingly dangerous
times, "Spaf," as friends and colleagues call him, says the United States
is still too consumed with crisis-based, short-term thinking.
"In the realm of IT security, we have more billions being spent by both
government and industry on yet more patches, firewalls and anti-virus
programs to shore up weak systems and address problems . . . that we have
warned about for decades," said Spafford, founding director of Purdue's
CERIAS, the Center for Education and Research in Information Assurance and
Security.
For example, he said, "it is lunacy to base a generation of critical
military systems on a software platform simply because it is cheaper but
requires hundreds of security patches and is still hackable, and that is
susceptible to thousands of computer viruses."
Another example is the rapidly expanding use of wireless technology, which
is faster and less expensive to deploy than wire-based infrastructure. "The
potential hazards posed by their lack of security and control will cost our
economy in the tens of millions in the next few years alone," he said.
Spafford, 46, wants government officials to change both their economic
approach to security and whom they rely on for information to set policy.
Specifically, he proposes dramatic increases in funding for computer
security research and strict rules to ensure that the money is not used for
maintenance and short-term fixes.
He also would require the government to retool how it calculates the cost
of software systems. Multi-year costs of patch management, support,
training and security-protection efforts should be included, he said.
Software with poor security records should not be purchased, even if its
upfront price is cheaper.
Finally, Spafford said government should rely more on active, academic
researchers and less on industry leaders and retired military officials,
who often have vested interests.
"The result is a skew in policy, a lack of vision of real constraints and
long-term needs," he said. "I have been told by personnel in the executive
branch that if academics knew anything worthwhile they'd demonstrate it by
leaving the university and running a successful company."
-- Jonathan Krim
************************
Reuters
Senator Asks Permission to Bring Laptop to Work
Tue Jun 18, 6:43 PM ET
WASHINGTON (Reuters) - You can still find brass spittoons on the floor of
the United States Senate, but don't look for personal computers -- they're
not allowed in the historic chamber.
Sen. Mike Enzi found that out when he first showed up for work in 1997. The
Wyoming Republican asked permission to bring his laptop computer onto the
Senate floor, where votes and debate take place, but was told to check it
at the door by the Senate Rules and Administration Committee.
Citing advances in technology and the need to stay informed, Enzi has asked
the committee to reconsider.
In a letter to the committee released on Tuesday, Enzi said that
lightweight "notebook" computers were now small enough that they would not
damage the historic Senate furniture or interfere with its ambience, and
would allow lawmakers to stay on top of the latest bills or amendments
being considered.
Wireless networks could beam schedule changes and new bills to members
right on the floor, the April 24 letter said, allowing senators to spend
less time checking in with their offices and more time engaged in lofty
debate.
Notebook computers allowed senators to stay on top of their work when they
were shut out of their offices during last October's anthrax scares, Enzi
said.
"If we could have then taken those notebook computers on the floor, we
would have had access to all that information right at our fingertips as
the Senate continued its legislative work," Enzi wrote.
Roughly 35 state legislatures use new computer technology in their
chambers, Enzi said, saving millions of sheets of paper and freeing
staffers from countless hours in front of the photocopier.
An Enzi spokesman said the chairman of the Rules and Administration
Committee has agreed to reconsider the request, but has not yet scheduled a
meeting.
Rules Committee staffers were not immediately available for comment.
******************
Government Executive
Airport security federalization plan ramps up
By Tanya N. Ballard
tballard@xxxxxxxxxxx
Assessment teams will arrive at airports across the country over the next
two weeks as the Transportation Security Administration steps up its
efforts to federalize airport security operations and meet a Dec. 31
deadline for screening checked baggage for explosives.
"There are a lot of steps to the process," TSA Deputy Undersecretary
Stephen McHale said at a press conference Tuesday. "When we say an airport
is federalized may be different from what the public's perception is."
During the past few months, TSA, which was created in the aftermath of the
Sept. 11 attacks, has used Baltimore-Washington International Airport to
study security operations, test explosive-detection equipment and train
security managers. Using the information gleaned in that process, the
agency has authorized Lockheed Martin to send teams to 120 airports by July
7 to assess how much space is available for new screening machines and to
gauge how many are needed.
The first teams will report June 23 to 23 airports, including those in
Erie, Pa.; Bangor, Maine; Richmond, Va.; Grand Forks, N.D; Palm Springs,
Calif.; and South Bend, Ind.
"We now have the necessary tools to proceed," said TSA chief John Magaw.
The first 23 teams will focus on reconfiguring airport passenger lines,
adding new security technologies and supporting the transition from private
baggage screeners to a workforce of federal screeners. Federal employees
will begin screening baggage at airports in Louisville, Ky. and Mobile,
Ala., next week.
TSA is recruiting screeners at John F. Kennedy International Airport in New
York; Newark International Airport in New Jersey; Logan International
Airport in Boston; and Bradley International Airport in Connecticut.
According to McHale, TSA screeners will begin showing up at more
checkpoints beginning in late July. Training new screeners takes five weeks.
"The local approach is to recruit screeners for each airport. Once they are
hired, they will be trained," said Gale Rossides, TSA's associate
undersecretary for training and quality assurance. "The training is a
combination of classroom training with both practical exercises and final
exams?. At the end they will get on-the-job training. It's an aggressive
schedule?. We're confident we're going to get there."
Five airports will participate in a private security screening pilot
program, to test the ability of contractors to achieve federal performance
levels for screeners. TSA will soon begin soliciting bids from screening
companies to participate in the two-year program.
********************
Associated Press
Senators Slam U.S. Agency on Lapses
Wed Jun 19, 3:12 AM ET
By PETE YOST, Associated Press Writer
WASHINGTON (AP) - The National Security Agency, which eavesdrops on
communications around the world, is now being put on the spot along with
the FBI ( news - web sites) and the CIA ( news - web sites) for its
performance before the Sept. 11 terrorist attacks.
Senate Intelligence Committee chairman Bob Graham and Richard Shelby, the
panel's top Republican, say all three agencies experienced intelligence lapses.
Until now, the focus has been on the CIA and the FBI.
"I think that in the best of worlds if information that was available had
been seen by one set of human eyes or one group of human eyes, a pattern
might have emerged that would have led to further intelligence activities,"
Graham, D-Fla., said Tuesday.
"There were lapses, in my judgment, in all three" agencies, Graham added.
Shelby, R-Ala., agreed, saying that if certain information collected by the
NSA had been translated and disseminated, "perhaps that would have been
very useful."
The senators' comments came after a daylong closed-door session with FBI
Director Robert Mueller, CIA Director George Tenet and the NSA director,
Lt. Gen. Michael V. Hayden.
All three faced a second day of questioning Wednesday before the joint
inquiry of the House and Senate intelligence committees looking into the
Sept. 11 attacks.
Graham said there were instances before Sept. 11 where "information that
should have been communicated to law enforcement, intelligence agencies ...
was not." Graham said information later found to have been important was
not pursued initially, and that some raw information was not processed and
analyzed.
Describing the atmosphere in the hearing room, Shelby joked that "there
were no brawls." Shelby has been highly critical of Tenet.
In February, in response to a question from Shelby, the CIA director
rejected the notion that there had been intelligence failures at the agency
in the pre-Sept. 11 time frame. Last week, Shelby said Tenet had been "in
denial, basically" in his February congressional appearance.
Graham said the FBI and CIA now appear to be doing a better job
communicating with each other, citing their tracking last month of Jose
Padilla, an American now in custody and suspected of plotting to detonate a
radiological weapon or "dirty bomb."
Coordination was one of the problems before Sept. 11.
The CIA did not sound the alarm about two of the eventual hijackers until
they were already in the United States. The agency in early 2001 had placed
the two men at a meeting in January 2000 with an important al-Qaida operative.
The FBI has been criticized for headquarters' refusal to allow an
aggressive investigation of Zacarias Moussaoui after he was arrested a
month before the attack. Moussaoui now faces trial as a conspirator of the
hijackers and Osama bin Laden ( news - web sites). And the FBI didn't
follow through on a memo by an agent in Phoenix urging checks of U.S.
flight schools before Sept. 11 to see if they were training suspected
terrorists.
Graham and Shelby expressed confidence that the intelligence committees
will have ample opportunity to help shape the intelligence functions in a
new Homeland Security Department that the White House and the congressional
leadership are intent on creating as soon as possible.
Several intelligence committee members have expressed reservations about
moving so fast on the new department when the congressional inquiry is just
in its initial stage.
Graham and Shelby said the intelligence component of the new
department which will analyze intelligence provided by other
agencies won't be assembled immediately, but will be put together over a
period of many months after the department is formed.
"I agree with that" approach, said Graham.
*******************
Washington Post
The Internet Gets Serious
Security, Copyright Problems Must Be Resolved as the Medium Matures
By Jonathan Krim
Washington Post Staff Writer
Wednesday, June 19, 2002; Page H01
Maybe the Internet thrill isn't gone, but is that it over there pulling on
its jacket and heading for the door?
The Net promised to let consumers read everything, hear everything, play
anything. Any David with a computer could elbow aside the most gargantuan
Goliath. No matter the question, the answer was yes, sure, it's possible,
do it.
Today, the Internet is messy, dangerous ground. Viruses and system
break-ins are on the rise, while vested interests battle over what isn't
allowed.
Millions of corporate dollars are fueling a fight to control what consumers
can view or listen to, how many times, in what format and over what type of
connection. Lawyers are suing, lobbyists are lobbying and policymakers are
grasping to figure out what role government should play.
Similarly, governments and industry are pouring millions into protecting
computer systems and networks from attacks, whether they be by terrorists
or simply mischievous hackers.
These two issues -- making computing safe and determining rights to digital
content -- dominate the technology world, experts say. Left unsolved, they
threaten to further stunt the development of a U.S. technology industry
already hobbled by the bursting of the Internet stock bubble in 2000.
Other issues remain contentious and important to many consumers, such as
balancing individual privacy against government surveillance needs,
censorship, unwanted e-mail and how to create more competition for
high-speed Internet access. Numerous bills continue to make the rounds on
Capitol Hill on these issues, often without consensus.
But computer security and digital rights are so vexing because their
solutions seek to protect technology from itself. How does one make
computer systems secure from code writers whose goal is to defeat such
security? And how does one protect digital content when technology, by its
nature, encourages copying?
The challenge for policymakers is great. Not only are industries often at
war, but even the engineers sometimes disagree on solutions.
Systems Under Siege
Take security. By any measure, attacks on computers are growing dramatically.
According to statistics compiled by the CERT Coordination Center of the
Software Engineering Institute, a government contractor, the number of
reported attacks of business and government computers worldwide has doubled
each year since 2000. In the first quarter of this year, CERT logged 26,829
incidents, but experts say such voluntary reporting mechanisms
underestimate the events.
A survey conducted by the Computer Security Institute and the FBI reported
that losses from computer and virus outbreaks in a 12-month period spanning
2001 and 2002 totaled $49.97 million. Other company surveys pinpoint the
number at $12 billion.
Exacerbating the problem is that the world is increasingly connected
through a growing system of networks that are interdependent, thus
enhancing their vulnerabilities.
At Microsoft Corp., safer computing has become so important that Chairman
Bill Gates made it the company's top priority at the beginning of the year,
above development of new features and services. He said the future of the
company and the industry depends on it.
But Gates has a different view of how to best achieve computer security
than others in the technology community.
Many security experts argue that the government should make greater use of
"open source" software, in which the code of the system is available to be
enhanced. Under this theory, if the code is exposed, potential flaws can be
quickly discovered by the community of users who are in effect all working
together. And the users of the system can make fixes to the software in the
event of a problem.
Microsoft, a major supplier of software to the government, has argued that
systems are more secure when the underlying code is kept private,
accessible only by Microsoft engineers. The company has been lobbying
federal agencies not to use some open-source software, based in part on
security grounds.
Eugene Spafford, a security expert at Purdue University who does not share
Microsoft's view, argues that governments at least need to more
aggressively factor in security when making procurement decisions. The
federal government is beginning to grapple with the issue, putting in place
a certification program for testing hardware. The government is supposed to
acquire systems only if they are in the pipeline for testing before July 1.
The government also is studying whether to create a separate Internet-like
network for critical systems.
Copying or Theft?
The more public and noisy battle is over digital rights and the fundamental
question of ownership of creative works. Nothing has been challenged more
by the Internet.
Imagine if everyone could see, at the push of a button, what was in your
music collection. And with another push of a button, you could share it.
That was the idea behind Napster, the technology that turned the Internet
into a giant database of digital songs that could be swapped among users,
thus obviating the need for many people to go purchase music.
At its peak, Napster had 50 million registered users, and it helped drive
up demand for high-speed Internet connections as people sought faster and
faster downloads. But the music industry went to court and got the service
shut down.
In the industry's view, anyone who copies music files without paying for
them is a thief. The movie industry has taken the same view and is refusing
to release most movies online until it can ensure that a user cannot copy
the file and send it to a thousand of his friends.
To date, the entertainment industry has had Congress, and the courts, on
its side. The Digital Millennium Copyright Act, passed in 1998, not only
secures digital copyrights but also prohibits the publication of
information on how to defeat technology that protects it.
Since Napster's demise, other services have sprung up and continue to
flourish, prompting still more legal action by the Recording Industry
Association of America and the Motion Picture Association of America.
More recently, the movie industry has been pushing legislation, sponsored
by Sen. Ernest F. Hollings (D-S.C.), that would establish technical
standards for preventing copying of digital videos. The industry already
has been experimenting with DVDs that freeze computers if users attempt to
copy the videos.
The bill has been sharply attacked by the technology industry, in what has
been dubbed the copyright war between Silicon Valley and Hollywood. The
tech industry says it agrees that copies should be paid for but wants any
technological solution to develop in the marketplace, not from Congress.
Many believe the bill stands little chance of passing in its current form.
In truth, the tech industry needs Napster-like services to jump-start
demand for broadband access, which in turn would lead to purchases of new
software and hardware.
Critics of the entertainment industry argue that it is simply clinging to a
business model that is no longer viable and needs to adjust to new
technologies.
By fiercely guarding against mass distribution of copyrighted work, the
entertainment industry is failing to allow for "fair use" copying, such as
putting a music file on an MP3 player so it can be played in a car,
opponents say.
But the industry's problem may be deeper. Internet researchers say that
many users, especially younger ones, simply don't care about copyright.
Lee Rainie, head of the Pew Internet and American Life Project, said that
recent research shows more than 60 percent of respondents show no concern
for digital rights.
"They are really into the peer-to-peer aspect, with no inhibition," Rainie
said. "They are anxious to find what they want."
Copyright's Limits
Meanwhile, a group of legal academics and consumer activists has been
fighting on another front, arguing that Congress's repeated extensions of
copyright terms is unconstitutional. The group, led by Stanford University
law professor Lawrence Lessig, won a stunning victory recently when the
Supreme Court agreed to hear their challenge to the most recent extension.
Arguments are scheduled for October. If Lessig's team prevails, hundreds of
copyrighted works, including Disney's Mickey Mouse, would become available
in the public domain.
The purpose of copyright law, Lessig believes, is to spur innovation and
creative work by providing short-term protection to the copyright holder.
But protection in perpetuity defeats that purpose, preventing artistic
works from springing from existing works.
So far, the entertainment industry's clout in Congress has been strong. But
Rep. Rick Boucher (D-Va.) is among a handful of legislators who believe
that the Digital Millennium Copyright Act needs to be amended to give more
protection for fair-use rights.
"What we are now seeing in the policy sphere is . . . an effort on the part
of the content community to exercise an unwarranted amount of control,"
Boucher says.
Others argue that the entertainment industry simply needs to find a
business model that works in the digital environment.
"Everyone believes they are entitled to at least as much money as they made
before," said Bill Raduchel, chief technology officer of AOL Time Warner
Inc., which is in an especially tricky position as both an Internet company
and a movie studio. "Everyone wants someone else to take the haircut."
***********************
Washington Post
The View From Hollywood
Compiled by Mike Musgrove
The Motion Picture Association of America has put together a short but
far-reaching shopping list of software and piracy issues that it would like
to see addressed by the information-technology and consumer-electronics
industries. The MPAA and its member studios say that these three issues
must be addressed if they are going to feel confident about releasing
Hollywood content on digital TV or via broadband services.
PIRACY ISSUE: The broadcast flag
The least controversial of the digital copyright-protection issues at hand,
the "broadcast flag," is an invisible digital file that would be attached
to all digital television broadcasts. The flag could dictate under what
conditions a home viewer could record, copy or retransmit a certain
broadcast. Digital TVs and digital video recorders would have to be built
to recognize this flag and obey it in order to prevent consumers from
copying TV shows and putting them on the Internet.
What Hollywood thinks: Hollywood likes it and says a consensus has been
reached on what shape this file will take-what hasn't been decided on is
how exactly the flag should be used.
What consumer electronics makers think: Some consumer electronics companies
are going along with proposed broadcast-flag technologies, but others fear
that Hollywood will use the flag to prevent or inhibit consumers from using
features they currently enjoy, such as making copies of their favorite
shows or skipping through commercials.
PIRACY ISSUE: The Analog Hole
Hollywood wants to embed certain instructions in digital video files to
prevent unauthorized copying. But these instructions cannot pass over
analog connections, which carry only the images and sound of a broadcast.
What Hollywood thinks: In a "Content Protection Status Report" sent to
Congress in April, the MPAA proposed that the analog hole be blocked by
putting watermark-detecting software in all devices that perform analog to
digital conversions.
What consumer electronics makers think: Consumer electronics makers point
out at least three problems for digital watermark solutions:
1. Computer scientists believe that they can be easily circumvented.
2. By the time any such watermark requirement could become effective there
will be hundreds of millions of digital devices that would ignore the
watermark in consumer's hands, making the purchase of new devices undesirable.
3. Watermark detectors would increase the cost of all devices and slow
performance.
PIRACY ISSUE: The peer-to-peer problem
Programs like Napster, built for exchanging files over the Internet, would
be the toughest challenge to stop, as these programs use the Internet for
the type of information-sharing that the Internet was designed to do.
Napster was the most famous example of "peer to peer," though there are
many other P-to-P programs, such as Morpheus or Gnutella, that are more
decentralized than Napster and could be much more difficult to shut down by
technical means.
What Hollywood thinks: For Hollywood, peer-to-peer is the great boogeyman.
If peer-to-peer file sharing could be stopped, movie studios would have
significantly less reason to be worried about the analog hole or the
broadcast flag.
What consumer electronics makers think: The only technology offered against
peer-to-peer file sharing is watermarking technology, which would embed an
invisible copy of broadcast-flag-type copying rules in a song, movie or
picture. But since watermarking technologies do not have a solid record
against hackers, Silicon Valley is encouraging Hollywood to come up with
competing, authorized services that would keep "honest people honest"
rather than depend on technology for the solution to this problem.
As Will Poole, a vice president at Microsoft, testified to Congress last
week: "the self-selecting nature of many P-to-P networks offers immense
opportunities for business to quickly and inexpensively identify and
exploit discrete consumer markets with great precision."
**********************
Washington Post
New Job, Newer Realities
'E-Government Czar' Assumed a Bigger Role After Sept. 11
By Renae Merle
Page H01
Three months before the Sept. 11 terrorist attacks, Mark Forman became the
nation's first "e-government czar" -- a relatively low-profile and nebulous
job that many in the technology industry regarded as chiefly responsible
for helping federal agencies make better use of the Internet.
That changed after the attacks. National security concerns are now much
more acute, and Forman finds himself increasingly at the forefront of the
debate over how to balance the public's interest in accessing government
services with the need to keep sensitive information off-limits.
The conflicting priorities have meant different things for Forman's various
initiatives as associate director of the Office of Management and Budget
for e-government and information technology.
Many e-government initiatives can now be framed as homeland security
necessities and are being sped through the process. For example, the
Federal Emergency Management Agency wants to create a central Web site
accessible to state officials and the public in the event of a disaster.
Forman also has received support for projects that seek to better mesh
communications and operations for various government agencies.
"People are beginning to realize that technology is an important part of
running the government and they [the federal agencies] need to operate as a
team to do that," said Forman, who previously served on the staff of the
Senate Governmental Affairs Committee.
But while homeland security made some e-government projects a priority, it
pushed others to the side. Forman's E-Government Task Force originally
proposed 33 initiatives, but it trimmed them to 24 after the attacks. Put
on hold, for example, was an initiative to create a portal for science and
research.
"It's taken some things out of the limelight," Forman said.
The new emphasis has also raised questions about what information should be
available. Since the attacks, several agencies, including the Energy
Department and the Environmental Protection Agency, have stripped their Web
sites of sensitive information. The Energy Department alone suppressed
9,000 documents from its Information Bridge service on the Web, including
many scientific research papers making reference to "nuclear" or "chemical"
or "storage."
In late September, the EPA, which gets more than 100 million hits a month
on the Web, removed its Envirofacts database, which allowed residents to
search for information about their neighborhoods, including finding gas
stations, dry cleaners or power plants that have to report to the agency.
It partially restored the database several days later, stripping out
references to the government's plans for responding to spills at chemical
plants.
"It contains enough sensitive information that we're still assessing
whether to put it back," said Mike Flynn, deputy director of the agency's
Office of Information Analysis and Access.
Security concerns also led the government to sharply reduce the number of
people at the EPA who are permitted to change data on the Web site, from
1,300 to 300. It also hired a contractor to help monitor use of the site.
Someone trying to download the entire database of information on
drinking-water supplies would set off an alarm, said Linda Travers, an
administrator for the Office of Environmental Information.
"I don't want to be explicit about any of the tools we're using," Travers
said. "That is the dynamic of this issue: How much do you share?"
The restrictions on information come as Americans are increasingly looking
to the Internet for information. More than 68 million have used the Web
sites of government agencies, up from 40 million two years ago, according
to an April survey by the Pew Internet & American Life Project, a nonprofit
research center. FirstGov, a portal connecting all federal agencies, saw
its hits double after Sept. 11. In August of last year, the site counted
3.6 million hits; there were 6.2 million in September.
The heightened awareness of e-government initiatives has yet to translate
into increased funding. Congress allocated only $5 million of the $20
million Forman requested for e-government initiatives this fiscal year.
President Bush has requested an additional $45 million next year, but there
are no guarantees, Forman said.
"There remains a lot to be done, of course," Forman said. "But we're at
least all talking about the same thing now."
******************
Washington Post
'Ranger' Vs. the Movie Pirates
Software Is Studios' Latest Weapon in A Growing Battle
By Frank Ahrens
Page H01
Ranger is burrowing through the public parts of your computer, sniffing
around, turning over bits of data, trying to find out if you've stolen a
movie over the Internet.
Ranger is scouring the globe -- Web sites, chat rooms, newsgroups and
peer-to-peer file-sharing sites -- spanning 60 countries, searching in
English, Chinese and Korean. Ranger's work is helping to bust illegal movie
sites in Iran, Taiwan and Hong Kong. Ranger is 24-7. Ranger is relentless.
Ranger is a piece of software that acts like an Internet search engine. It
is the latest, most far-reaching weapon in the movie industry's constant
and escalating battle against movie piracy.
Hollywood watched in horror as Napster corroded the music industry -- last
year, worldwide revenue from CD sales dropped 7 percent as billions of
songs were legally and illegally downloaded from the Internet. The movie
studios -- led by their lobbying group, the Motion Picture Association of
America -- is determined not to let that happen to them.
"We are trying to stem the tide as best as we can," said Jack Valenti,
president of the MPAA. "I worry about the future."
Some say the studios are unfairly targeting them.
Internetmovies.com is suing the MPAA because Ranger tagged the Web site as
a movie pirate last year, which prompted the company's Internet provider to
cut off access. The owner of the Web site is positioning his suit as a
David-vs.-Goliath struggle.
"They should be liable for their mistakes," said Michael Rossi, webmaster
of Hawaii-based Internetmovies.com. "You can't just go around shutting
people's businesses down."
From Goliath's point of view, the problem is simple: It is criminally and
morally wrong, and economically damaging, for pirates to steal films and
illegally copy and distribute them. It is the MPAA's duty to stop the
pirates, the group believes.
The origin of movies circulating on the Internet varies. Some are advance
copies of blockbusters, apparently stolen from studios or otherwise leaked
to the public before they are shown in theaters. The copies are converted
into digital files and put on the Internet, or resold in the form of
illegal DVDs and videocassettes.
In other instances, people armed with video recorders will make their way
into an early screening of a movie, say "Spider-Man." They will record the
movie and turn it into a digital file. The quality is subpar, but that's
not the point: The hunger that drives Internet movie piracy is the need to
see a movie before everyone else does. "Spider-Man" and "Star Wars, Episode
II: Attack of the Clones," for instance, appeared on the Internet within
hours of their theatrical release.
Once a movie has been be unleashed on the Internet, it spreads like a virus
via peer-to-peer file-sharing services. The downside: Unlike songs, which
take only seconds or minutes to download, movies can take hours -- even
days -- to transfer because the files must be large to accommodate moving
color images as well as sound.
But Valenti and those in the movie industry know that the time barrier is
becoming less of an issue as more people gain access to high-speed Internet
connections. Now, consumers with broadband can download a feature-length
film in about six hours. Within 18 months, Valenti fears, advances in
technology will significantly reduce that time.
Even now, 400,000 to 600,000 movies are illegally downloaded worldwide each
day, Valenti said, citing statistics from Viant, a technology consultant.
"Remember, at the height of Napster, 3 billion songs a month were coming
down," he said.
To keep that from happening, the movie industry turned two years ago to San
Diego's Ranger Online Inc., a 50-person company that developed the Ranger
software.
Ranger is the key element of the MPAA's overall anti-piracy effort, based
in Encino, Calif., which takes a "substantial and growing amount of MPAA
resources," said MPAA spokesman Richard Taylor, declining to quote figures.
The MPAA recently expanded its pirate hunt to include China and South
Korea; China because of the sheer population and South Korea because it has
the largest penetration of high-speed Internet access of any Asian nation.
The MPAA monitors piracy out of offices in Brussels, Hong Kong, Toronto and
Mexico City.
The movie studios provide Ranger Online with a constantly updated list of
100 to 150 movie titles, typically those about to be released or just
released. In other words, the ones that the industry stands the most to
lose from if they're stolen.
If the movie is "It's a Wonderful Life" and "it's on 100,000 times a day in
syndication," Valenti said, "we're not too worried about that."
Ranger takes the titles and, "like a bloodhound," Valenti said, sets out on
the Internet, looking for those films on Web sites, in chat rooms, on
peer-to-peer sites. It is an automated software, speeding across the
Internet. When it finds a movie title, it marks the location, decides
whether the movie is being used in a way that infringes on its copyright,
then moves on. Jeremy Rasmussen, Ranger Online's chief technology executive
and founder, won't disclose exactly how his software manages this, except
to say: "The challenge is 'How do you cover a lot of area without having to
visit every page?' That's part of the intelligent way we scan."
Ranger Online provides the data to the MPAA and prepares cease-and-desist
letters. The MPAA reviews the data and decides which letters to send. Last
year, the group sent 54,000 letters; this year, it is on pace to send
80,000 to 100,000. Typically, the letters are sent to the Internet service
provider hosting a site or user that the MPAA has deemed to possess
ill-gotten films. The ISPs take down the offending site 85 to 90 percent of
the time, Valenti said. Ranger then checks back periodically on the
offending site to make sure it hasn't begun pirating again.
If the letters don't work, then the MPAA may contact local authorities,
asking them to seize computer servers storing the pirated films. MPAA
action recently led to a server seizure in the Netherlands.
Ranger sells itself to the MPAA and other clients based on its global
scope, speed and thorough analysis. But a recent suit questions Ranger's
precision.
In April of last year, Internetmovies.com's Rossi got an e-mail from the
MPAA and its 14 big studios accusing his site of illegally posting
copyrighted material: "We have notified your ISP of the unlawful nature of
this web site and have asked for its immediate removal," the e-mail read.
The MPAA followed up with a certified letter and a phone call to the ISP.
Rossi said his ISP dropped him. He was down for about three days, searching
for a new provider.
From New Zealand, where he is attending a film festival, Rossi said he did
nothing wrong. All he did, he said, was post links to film trailers already
distributed by the studios. He said he never distributed copyrighted
material. Rossi filed suit against the MPAA on April 25 of this year,
seeking minimal damages.
"I'm not suing for millions of dollars or anything," he said. "It's just
the principle of their behavior."
The MPAA stands by its actions, saying Rossi was "at the time, offering for
distribution for members [of his Web site] copyrighted films," said Mark
Litvack, the MPAA's director of worldwide legal affairs for anti-piracy.
But Rossi said he was unfairly targeted by the automated Ranger, which
misinterpreted his site's function. Ranger's Rasmussen said the software's
information is analyzed and interpreted by employees, who also scan the
Internet themselves.
Rossi is unimpressed. "How can [the movie business] be a billion-dollar
industry and be so ignorant?" he asked.
*********************
Washington Post
U.S. Firms Show More Interest in Phone Calls Via Internet
Issues of Competition, Regulation Loom Large
By Christopher Stern
Page H03
It began about six years ago as a geeky cyber-trick. But since then, using
computers to make telephone calls over the Internet has become such a huge
threat to some state-controlled telecommunications companies around the
world that more than a dozen countries have banned the practice.
But elsewhere it has become big business. Analysts estimate that up to 8
percent of all international voice calls travel over the Internet. In
hundreds, if not thousands, of Internet cafes around the globe, people line
up to make calls that bypass local and long-distance telephone monopolies,
creating huge savings for consumers.
Internet telephone service is projected to spread as more countries
deregulate their telecommunications industries. In April, India dropped its
ban on Internet telephone businesses as it opened its the market to
competition. But others continue to block the technology. "In most
countries the local phone company is still owned by the government. If
people get around it, that could mean a real reduction in revenues," said
telecom analyst Peter Jarich. In the United States, where telephone service
is comparatively cheap, voice-over-the-Internet technology has been slower
to take hold. Initially, the nation's major telephone companies resisted
and even tried to block its deployment, but lately, many of the major
regional telephone companies have embraced the technology in the hope of
cutting costs and shaking off regulators who closely govern their business.
The changes have profound implications not only for competition in the
telephone industry but also for people who live in rural or poor areas
where telephone service is now heavily subsidized under current regulatory
regimes.
Until recently, telephone traffic and data traffic traveled on separate
networks. Now, the sound of a voice can be translated into bits of data
that are mixed together with all the e-mail and Web downloads that are
traveling around the world's fiber-optic networks.
The development provides huge savings to telephone companies and large
businesses, which can now manage a single network that carries both voice
and data. But it creates headaches for regulators, who have no way of
separating the unregulated e-mail from the heavily regulated voice traffic.
Telephone companies say the answer to the problem is to allow voice traffic
on the Internet to go unregulated.
"There should be the least amount of regulation possible. Zero would be
great," said Pat Quinn, vice president for policy and law at Qwest
Communications International Inc. That statement represents a regulatory
U-turn for one of the largest and most dominant telephone companies.
Quinn worked for US West -- the local phone provider for 14 western states
-- before it was acquired by Qwest. And it was US West that once asked the
Federal Communications Commission to ban voice-over-the-Internet technology.
One of the reasons why many of the major local phone companies initially
resisted the technology is that it opens the door to fledgling competitors.
In theory at least, any Internet service provider could serve their
customers with telephone service, just as Internet cafes are doing from
Guatemala to Guam.
"I think this is a huge risk" for the regional phone powers, said Vik
Grover, a telecommunications analyst for Kaufman Bros., a New York based
investment firm that has helped finance some voice-over-the-Internet start-ups.
The move from circuit-based network to a software-based system has created
opportunities for other players in the market, such as Net2Phone Inc.,
which allows users to make calls between computers or special Internet
phones around the world.
Among Net2Phone's biggest investors is AT&T Corp. which plans to jump into
head-to-head competition with the regional telecommunications companies to
deliver local phone service.
Others have their eye on Internet telephone service as well. Microsoft's
Windows XP software includes applications that allow people to hook up a
handset to their computer and use it to talk via the Internet.
In recent hearings in U.S. District Court, in Washington, D.C., Texas-based
SBC Communications Inc. lashed out a proposed antitrust settlement between
Microsoft and the Bush administration, saying it would allow the
Seattle-based software company to dominate the telecommunications market
through its ubiquitous software.
"Unfettered by the proposed settlement, Microsoft can thus use its illegal
operating system monopoly to become the literal communications gateway into
and out of the American home or office," attorneys for SBC wrote in a brief
filed with the court.
Cable companies are also keeping close tabs on the technology, hoping that
it will allow them to compete with regional monopolies. Comcast Corp.
President Brian L. Roberts often notes that the $20 million circuit switch
that most telephone companies now use to route calls will soon be obsolete.
He says the future is with routers made by companies such as Cisco Systems
Inc. that can direct the same amount of telecommunications traffic for just
$50,000. Before that happens, Roberts said, the technology needs further
refinements so it can be deployed widely.
But some big companies aren't waiting. Eight months after September
terrorist attacks destroyed the offices of Lehman Bros., the New York
investment bank regrouped 5,000 employees in a new midtown Manhattan
building with full-time bomb-sniffing dogs and a new Internet-based
telephone system.
Both the dogs and the new telephone network are a reaction by Lehman to its
experience on Sept. 11. The new communications system is less vulnerable to
the disruptions and data logjams that shut down service in Manhattan for
several days. If Lehman's offices are subject to another disaster, workers
will be able to move to new locations while keeping their old phone numbers.
The calls will be rerouted by someone tapping on a keyboard, not by a
technician in a hard hat with a truck full of tools.
Turning the sound of a voice into packets of data already has tinkerers
dreaming about stunning new applications. One prediction is that technology
will be combined with voice-recognition software that will allow for
simultaneous translations of foreign languages.
But the migration of big companies such as Lehman Bros. to an unregulated
Internet-based system represents a threat to a cornerstone of U.S.
telecommunications policy, which is ubiquitous and cheap telephone service.
Business customers and residential users in wealthy urban areas provide
billions of dollars each year to the "universal service fund" that
subsidizes users in poor and rural areas.
Just by avoiding payments to the universal service funds, some big
companies could save as much as 10 percent off their total telephone bill,
according to a report to Congress filed earlier this year by the General
Accounting Office.
Although the FCC has been able to avoid any difficult decisions involving
voice-over-the-Internet technology, the agency will ultimately have to
tackle the issue.
Essentially, the FCC has two choices. It can classify the technology as an
information service, which is the direction it is heading on regulation of
high-speed Internet services. Information services are not subject to much
regulation and would allow users to avoid paying in to the universal
service fund.
Or the agency could declare that telephone conversations, whether they
travel over the Internet or established voice networks, are a
telecommunications service and therefore subject to all existing
regulations and fees.
It is unlikely that the issue will come to a head soon, but if FCC Chairman
Michael K. Powell takes up the issue, he may be forced to choose between
his natural inclination to take a deregulatory path or supporting price
subsidies that ensure lifeline telecommunications service is available to
millions of Americans.
*********************
Washington Post
A Global Audience, a World of Worries?
Australian Court's Ruling in Libel Case Could Have a Chilling Effect on Web
Publications
By Luba Vangelova
Page H06
SYDNEY -- Web publishers around the world are awaiting a decision in a
libel case before Australia's highest court that could determine whether
they will be required to adhere to widely differing foreign standards when
stories are posted on the Internet.
At issue is how publication is defined in cyberspace: whether material is
published when it is uploaded onto computer servers or when it is
downloaded by readers.
The hearing in late May marked the culmination of Dow Jones & Co.'s
attempts to move a defamation lawsuit from Melbourne to New Jersey. A
prominent Melbourne businessman, Joseph Gutnick, sued the publisher over a
Barron's article that he said linked him to a jailed money launderer. The
article appeared in the magazine's print edition and on its Web site.
The suit was filed in Melbourne, where some of the Web site's readers
reside. Gutnick's lawyers argued that this qualified the material as a
local publication to which local libel rules should apply. Dow Jones
disagreed and filed a motion to move the case to New Jersey, where its Web
servers are located. When the motion was denied, Dow Jones appealed to the
High Court of Australia.
The venue matters greatly because Australia, like many countries with no
equivalent to the First Amendment, has stricter libel laws than the United
States. Worried that a ruling in Gutnick's favor would expose them to a
multitude of difficult-to-defend foreign libel suits, more than a dozen
international media and Internet companies (including CNN, Yahoo and The
Washington Post Co.) joined the case in support of Dow Jones.
Legal experts said the case could set an important international precedent
because it is the first time a nation's highest court has been asked to
define where publication takes places on the Internet for libel purposes.
Judges in Britain, Canada, South Africa and other Commonwealth countries
would probably look to this case when deciding similar cases.
The judge who denied Dow Jones's motion to move the case to the United
States ruled that the Internet was fundamentally no different from other
media. Therefore, the judge said, long-standing British and Australian
common law -- stating that publication occurs where material is read and
understood -- should hold.
Bret Walker, the lawyer representing the companies that intervened on Dow
Jones's behalf, disagrees. Whereas print and broadcast material can be
disseminated in a controlled fashion, "with the Web, what you publish can
go anywhere and everywhere without you knowing where it's being received,"
he said.
An attorney for Dow Jones declined to comment on the proceedings.
If the judge's ruling stands and is applied elsewhere, some said it could
lead to self-censorship. "If an American publisher publishes material about
a foreigner, they would have to get legal advice in every jurisdiction
where the subject might have a reputation," said Matthew Collins, a
Melbourne lawyer and author of "The Law of Defamation and the Internet."
"It would be more likely the publisher would simply drop the story,"
Collins said.
Software designed to restrict site access in specific countries remains
"imperfect," said Ian C. Ballon, a Palo Alto, Calif., lawyer and author of
"E-Commerce and Internet Law." Resorting to such restrictive methods would
be "unfortunate for the development of the Internet," he said.
Conversely, a ruling in Dow Jones's favor could lead to "forum shopping,"
where publishers would locate their Web servers in countries with the
freest communication laws, said Belinda Thompson, a Melbourne-based
defamation lawyer.
Legal experts said Dow Jones faces an uphill battle in persuading the
conservative court to amend the traditionally understood
place-of-publication rule. The court's final decision could take up to a year.
*********************
Washington Post
The Slippery Scope of Antitrust Law
By Leslie Walker
Page H01
Attempting to regulate antitrust in the age of convergence is like trying
to grab jellyfish in the ocean: More and more companies are combining
themselves into strange globs as they seek to compete in digital markets as
murky as the sea.
That, however, hasn't stopped federal regulators from trying to get their
hands around these squishy new creatures.
For the past year or so, the Justice Department has been conducting
antitrust investigations into Internet joint ventures formed by market
leaders in five industries -- music, movies, travel, bond trading and
foreign-currency trading -- to make sure they aren't doing things online
that would be considered anti-competitive if they took place offline.
"The Sherman Antitrust Act absolutely reaches into cyberspace. You can't
have virtual smoke-filled rooms," said Mark Popofsky, a former Justice
Department lawyer who represents clients in the targeted industries.
To exploit the Internet's potential to distribute goods digitally,
companies in many industries have been joining forces to create new online
ventures. The goals typically are to share costs and maximize their impact
beyond what any single player could do alone.
But the same technology that allows for more efficient communication and
selling online also makes it easier -- at least theoretically -- for rivals
to engage in prohibited activities such as price fixing and excluding
competitors from key markets.
Already, those left on the sidelines have complained to federal regulators
that the leaders in their respective markets are unfairly trying to curb
competition through Web sites they own jointly.
Those under investigation include Orbitz, the online travel agency formed
by the five largest airlines in the United States; Pressplay and MusicNet,
digital-music subscription services created by the five major record
labels; Movielink, a digital-movie downloading service still under
development by several Hollywood studios; FXall, an online currency-trading
exchange owned by 17 of the world's largest banks; and online fixed-income
investing services such as BondDesk.com, Bond Book and Market Axess,
developed by groups of financial firms on Wall Street.
Gina Talamona, spokeswoman for the Justice Department, confirmed that the
agency is investigating Internet joint ventures in all five industries but
would not comment on specifics.
The antitrust heat has been so fierce that at least one Internet joint
venture fell apart before it got off the ground: In April, News Corp.'s Fox
Entertainment Group abruptly withdrew from a service it was planning with
Walt Disney Co. to sell movies online, citing regulatory concerns as a key
reason.
As federal lawyers issue requests for information to companies involved,
Congress is starting to weigh in with its own concerns.
Rep. Cliff Stearns (R-Fla.), chairman of the House Energy and Commerce
Committee's subcommittee on commerce, trade and consumer protection, said
through a spokesman that he wants to hold a hearing to look into the issues
involved, especially in travel and foreign-currency trading. No date has
been set yet.
"I have been carefully following the development of supplier-owned online
distribution networks," Stearns saidearlier this month.
Companies joining forces contend that their online consortiums will benefit
consumers by making their businesses more efficient and creating cost
savings that can be passed on to customers. Most are pursuing individual
Web sites, too, some of which compete with their own joint ventures.
Orbitz contends it and other joint ventures are part of the Internet's
inevitable march toward eliminating middlemen (think travel agents) who
distribute goods in the non-digital world, because the computer network for
the first time makes it more practical for producers of many goods (airline
tickets, movies, music) to digitize and sell them electronically to consumers.
To do so, however, requires producers to explore entirely new business
models. After all, many never sold directly to consumers before and lack
experience at retailing. They find it inefficient to underwrite direct
selling alone and have been merging, partnering and collaborating with
rivals partly to share costs and also to aggregate content in ways that big
retailers typically do and shoppers have come to expect.
Regulators are struggling to get their arms around these squishy new
corporate entities. They're probing their governance rules, for instance,
to make sure the joint ventures don't operate under inherently
anti-competitive rules.
While the Justice Department is looking at supplier-owned online
marketplaces today, the Federal Trade Commission two years ago took a look
at similar buyer-owned exchanges formed to achieve efficiencies in
procuring supplies online.
The FTC concluded that Covisint, a jointly owned Web site where automakers
buy parts, did not violate antitrust laws. It gave Covisint a yellow light
to operate with caution but said regulators would continue monitoring how
the procurement exchange evolved.
Still, some companies excluded from such marketplaces are crying foul. A
group of competing Internet ticketing agencies, for example, has complained
that Orbitz requires its member airlines to give their lowest Web fares to
Orbitz, a benefit not guaranteed to other travel sites. The Interactive
Travel Services Association, which represents Expedia.com, Travelocity and
other travel services, contends the requirement could cripple the
competition that helped build the nascent Web travel market.
"What Orbitz is doing is illegal -- you have five horizontal competitors
that are working together to control distribution," said Antonella
Pianalto, ITSA's executive director. "We feel that is a violation of
antitrust law."
At the urging of Congress, the Transportation Department recently formed a
commission to probe these issues in the travel industry. William Maloney,
executive vice president of the American Society of Travel Agents, told the
commission last week that the airlines' Internet distribution policies are
designed to induce people not to buy through travel agents.
"If the airlines succeed at their long-run goal," Maloney said in a
prepared statement, "consumers will have less access to optimized
comparative price and service information for air travel and will pay
higher than necessary prices."
Orbitz retorts that the special Web fares are not exclusively available on
Orbitz. The airlines are free, if they choose, to display them on rival Web
sites as well. Orbitz Vice President Carol Jouzaitis said the requirement
that member airlines display their lowest fares on Orbitz was extracted in
exchange for Orbitz promising the airlines that it would steadily lower
their transaction costs each year for the next decade.
Similar issues are arising elsewhere. In the online market for
foreign-currency trading, federal lawyers are looking at a requirement the
FXall exchange imposed on its founding banks that they not participate in
rival online services. The Internet music market is more complicated
because of rampant music piracy, which has made the record labels cautious
about distributing their music online. Nonetheless, some independently
owned Web sites have groused that the labels seem more interested in
licensing music to their own sites than in offering the same or similar
terms to independent Internet services.
Jonathan Potter, executive director of the Digital Media Association, said
the era of digital content distribution opens up worrisome possibilities
for the labels to control distribution more tightly and in ways they never
could offline.
Imagine, he said, that Henry Ford had invented a steering wheel but
licensed it only to manufacturers who agreed to make black cars, or ones
that went only 45 mph. He fears similar scenarios might unfold as the
labels enter direct music retailing through their own subscription services
and negotiate licensing terms for resale of their music through other Web
sites.
"If the intellectual property is broadly licensed, and the licensees
compete against one another, consumers win," Potter said. "If the
intellectual property is broadly licensed but the competitors are not
permitted by terms of the license to compete, then consumers lose."
**********************
Federal Computer Week
Army cleaning up Web sites
The Army is working diligently to remove all potentially damaging data from
its publicly accessible Web sites and recently found a new glitch that it
is in the process of fixing, the service's director of information
assurance said.
Col. Thaddeus Dmuchowski, director of information assurance in the Army's
Chief Information Officer Office, said the service was "caught blindsided"
when it first learned of more than 70 examples of publicly accessible Army
Web sites containing "inappropriate information."
The examples were contained in a report released June 5 from the Defense
Department's inspector general and the DOD's Joint Web Risk Assessment Cell.
After learning of the site problems in February when it saw a first draft
of the report, the Army established its own Web Risk Assessment Cell and
closed every hole identified in the report and even more outlined in the
first quarter of this year, he said.
The latest problem, which was identified by the Army in the past week,
involves "hidden" sites that are no longer visible to basic searches or
indexes, but can still be found through more sophisticated digging.
Dmuchowski likened it to a Microsoft Corp. PowerPoint presentation with
hidden slides that may not be visible, but are still there.
The problem may have arisen as Webmasters were trying to clean sites and
figured that if information was no longer visible, then the requirement was
being met. However, that information is now being removed completely as it
is found, he said.
The DOD IG report said that from June to August of last year, the joint
cell identified 77 public Army sites that contained inappropriate
information, including:
* Fourteen examples of operational plans.
* Four cases of personal information.
* Forty-eight instances of policies and procedures on military operations.
* Eleven documents marked for official use only.
Furthermore, in the first quarter of this year, the joint cell identified
more than 370 potential problem sites, 174 of which needed remediation in
one of seven categories:
* Sixty examples of force protection issues.
* Nineteen in communications.
* Seven in logistics.
* Sixty-two in personnel.
* Eleven in operations.
* Ten in critical infrastructure.
* Five in persistent cookies.
"When you look across the Army, that's not too bad," Dmuschoski said. He
added that once problems are identified, it usually takes only a day or two
to fix them, and the Army is now focused on "for official use only" as a
search term.
Examples of inappropriate information found this year included:
* One post that had building and infrastructure diagrams down to the
manhole locations available on a site.
* Pictures of soldiers and their families posted with names, base locations
and other sensitive material available in the background.
* The Command and General Staff College (CGSC) posted learning materials,
discussion papers and white papers with potentially sensitive data.
The CGSC has removed all the information in question and will be unveiling
a new, secure Web site later this month with a different format and
structuring "to list those kinds of discussions," he said.
Dmuchowski said the DOD joint cell submits a quarterly list of concerns for
the Army to work through, but now the service also is going back in its own
to examine command sites and other past problem areas.
"We're at the next level," he said. "We're being preventative as well as
reactive. The report was bad, but we've come a long way in four months."
*********************
News.com
Start-up wants your help to fight spam
By Stefanie Olsen
After operating in stealth mode for nearly two-and-a-half years, San Mateo,
Calif.-based Cloudmark on Wednesday is taking the wraps off a new
spam-fighting tool, called SpamNet, which aims to use the power of the
people to weed out unsolicited commercial e-mail.
Conceived by Napster co-founder Jordan Ritter and open-source developer
Vipul Ved Prakash, the company is touting the benefits of democracy,
networking and collaboration in the war against unscrupulous e-mail marketers.
The company does face challenges. It is charged with transforming a tool
that's geared for a small Unix developer community into a product for the
masses. It also must offer a system that's simple and effective to reach a
critical mass. Finally, it must build in financial support for such a system.
Then there is the Internet itself, whose enormous strengths of openness,
flexibility and redundancy have proven insurmountable foes for legions of
companies that previously have marched off to vanquish the hordes of spam.
Many, such as SpamCop and SpamKiller, already include tools to allow e-mail
recipients to report spam to their Internet service providers, a form of
democracy in action that has not proven terribly effective.
Technology pundits say most existing anti-spam solutions haven't been able
to keep up with the rising flood of junk and the sophistication of
marketers sending it. In this environment, Cloudmark is drawing attention
for what some analysts call a new approach to the problem.
"What's exciting about Cloudmark is that it's a distributed response to a
distributed problem," said Kevin Werbach, technology analyst at venture
capital firm EDventure Holdings.
"There are so many spammers out there," he said, "that it's difficult to
come up with sophisticated algorithms to catch all the spam and not catch
all the e-mail. But if you harness the power of thousands or potentially
millions of people on the network, then you can grow the response to the
spam almost as fast as the spam itself is growing."
Despite repeated attempts to keep spam down to size, the enemy has
proliferated: Internet researcher Jupiter estimates that consumers will
receive 206 billion junk e-mailings in 2006--an average of 1,400 per
person, compared with about 700 per person this year.
If Cloudmark is not the first company to address the problem, its claims
are among the boldest. Prakash drew inspiration for the company's name from
the sci-fi novel "A Fire Upon The Deep," by a former computer-science
professor, Vernor Vinge, who wrote about a router the size of a planet
"that could filter spam," Prakash said.
In an interview, Prakash and company CEO Karl Jacob said Cloudmark's
software solves the problem of identifying spam and quickly updating e-mail
filters by harnessing the intelligence of the Web community at large.
Building on a foundation of trust
"It operates on a trust evaluation system; it evaluates the trustworthiness
of the user's suggestion to identify a spam message," said Jacob, an
investor in the company who recently left his job as CEO of advice site
Keen.com. "It's based on how long they've been in the community, how many
messages they've sent that were verified. The effect is it allows a
democratic vote."
The software is based on Prakash's open-source software Razor, a
collaborative spam-filtering system that sifts out about 5 million messages
per day. The technology has about 5,000 "users," or Internet Protocol
addresses linked to the community, with more than 60 midsize ISPs. SpamNet
will count new users as individuals, however.
Cloudmark's solution requires a free plug-in that plays a minor role in the
background of Microsoft's Outlook, the only e-mail client the product is
currently available for. Consumers will see a new file folder on the left
side of Outlook deemed for spam and a toolbar at the top for reporting spam
or "revoking a spam decision." Every time someone receives a new message he
considers spam, that person would report the message to the program by
clicking the first button.
As the software stands now, it filters junk into the spam folder based on
2.5 million "signatures," or combinations of zeros and ones, which are used
to identify a junk mail message. The underlying technology attaches a
signature to each incoming message, and based on a consensus among users,
it will mark a signature as spam in real time. So the more people who
participate, the greater depth the database will have with additional
marked signatures.
The signatures are unlike typical spam-fighting tools that are based on
"rules" or filters built around spoken language, headers or IP addresses of
commercial messages. Anti-spam software company Brightmail uses rules-based
filtering, for example. But Jacob says that model doesn't work well because
it depends on humans to constantly write new rules and technology that can
slow as it compares too many rules to each incoming message. In contrast,
Cloudmark uses algorithms to efficiently find similar numerals or
signatures in the database without scanning the entire set.
A spokesman for Brightmail, one of the largest spam-filtering services,
said the company filtered more than 10 billion e-mails and blocked 1.5
billion junks mails in the past 12 months. The company's rules-based system
is constantly updated to avoid latency in scanning messages, he said,
adding that the majority of rules are written automatically, with some
exceptions for those particularly challenging spam attacks.
Cloudmark says it intends to always offer a free product to consumers, with
eventual plans to sell a more advanced service. It also expects to license
its technology to enterprise customers, of which it already has some beta
customers.
If anything, the company has the angst of Web users on its side.
"A community effort against spam is not something we've seen before, at
least not on the scale on what they're attempting to gather," said Ray
Everett-Church, chief privacy officer at ePrivacy Group, a
Philadelphia-based consultancy. "At least they've got a very fertile
community who are sick of spam and who are willing to try something new if
it will stop it."
**********************
Boston Globe
Wellesley-based search engine takes on Google
By Hiawatha Bray, Globe Staff, 6/19/2002
For millions of Internet users, the Google search engine is the fastest and
most efficient way to search through billions of Web documents. But a
Norwegian company with US headquarters in Wellesley is aiming to knock
Google from its perch.
Fast Search & Transfer (FAST), based in Oslo, said its search service has
indexed nearly 2.1 billion Web pages, compared to 2.07 billion for Google.
That would make FAST the most comprehensive search service on the Internet,
albeit by a slender margin.
Google officials counter that their search engine indexes a variety of
Internet materials not offered by FAST, such as 700 million messages posted
on the Usenet public bulletin board system. When all such documents are
taken together, Google insists it's still out in front.
''While Google takes FAST and the rest of our competition very seriously,
we also remain focused on building the world's best search engine,'' said
David Krane, spokesman for Mountain View, Calif.-based Google.
Still, taking the lead in Web pages is a significant milestone, said John
M. Lervik, the Norwegian computer scientist who cofounded FAST and serves
as its chief executive.
''We have a larger size now, so we should be better at specific queries,''
Lervik said.
He admitted that FAST's edge is a slim one. ''It's not like we were 10
times bigger,'' he said. But Lervik said that, even so, FAST should attract
a larger number of serious Internet researchers.
FAST is also betting that it will attract major companies and government
agencies, which use search engine technologies to index their own vast
internal databases. Indeed, these organizations are FAST's target customers.
Google's Web site, one of the most popular on the Internet, generates
millions in revenues for that company through advertising sales. FAST's
public Internet site, www.alltheweb.com, also carries some ads, but Lervik
said they're only intended to help the site pay its expenses, not to make a
significant profit. The goal of the site is to demonstrate FAST's search
technology to corporate customers, in an effort to win them away from rival
search software from Google and Inktomi Corp.
The Lycos search engine uses FAST search technology; so does IBM Corp.'s
e-commerce Web site. But the biggest score of all could come later this
month. Google provides the search engine technology used by the immensely
popular Yahoo Web site, but Google's contract is about to expire. Google,
FAST, and Inktomi are all in the running to win the business.
Danny Sullivan, editor of Search Engine Watch, thinks FAST is a long shot
to win the Yahoo contract. But he adds that in the past year, FAST has
become Google's biggest competitive threat.
''They have been a very good search engine since about the middle of last
year,'' said Sullivan, citing a software upgrade that causes FAST to do a
better job of delivering worthwhile search results, rather than a torrent
of irrelevant Web pages.
The knack for finding relevent Web sites is exactly the feature that made
Google so popular. Now, said Sullivan, FAST is nearly as good, and offers a
bigger Web page index as well.
''What this does is position FAST to be the alternative choice'' to Google,
he said.
Despite its Norwegian roots, FAST's biggest operation is in Wellesley,
where the company runs its engineering operations. About 70 of FAST's 200
workers are in Wellesley. The others are in California, London, and Oslo.
FAST formerly ran its server computers from Waltham but has since moved its
data centers to Foster City, Calif., and London.
Hiawatha Bray can be reached at bray@xxxxxxxxxx
***********************
Washington Post
Bush Signs Measure to Delay FCC Wireless Sales
Reuters
Wednesday, June 19, 2002; 9:52 AM
WASHINGTONPresident Bush signed legislation on Wednesday to delay
indefinitely most of two government sales of wireless licenses, including
one slated to begin on Thursday, yielding a victory for the mobile
telephone industry.
The measure, approved by the U.S. House of Representatives and Senate on
Tuesday, will allow the sale of a narrow slice of airwaves that are sought
by rural mobile telephone carriers to go forward later this summer. The
White House said Bush signed the measure on Wednesday.
The mobile telephone industry wanted the auctions delayed because it was
not clear when the television broadcasters would give up the airwaves as
they move to digital signals.
Carriers also argued that the delay would give the government time to draw
up a plan to manage scarce spectrum resources.
But broadcasters like Paxson Communications (PAX.A) had wanted the auctions
to go forward, because they could have negotiated profitable deals to clear
the airwaves early with the new owners.
The airwaves at issue, in the 700 megahertz (MHz) band, are used by
television broadcasters operating channels 52-69, but those stations do not
have to give up their airwaves until 2007 at the earliest. The stations are
supposed to turn over the airwaves as they move to digital signals.
The Federal Communications Commission had planned to begin selling the
airwaves used by channels 52-59 on Thursday and the spectrum for channels
60-69 next January.
The measure signed into law removes the statutory deadlines for those sales
to take place but requires the FCC to report to Congress within a year on
when the auctions will take place as well as outline progress in the
transition to digital television.
Additionally, the law gives the FCC the authority to decide when to holds
its wireless auctions. Previous law had required the FCC to sell the
airwaves for channels 52-59 by the end of September and airwaves for
channels 60-69 were supposed to be sold almost two years ago.
The new law requires the FCC to sell 18 megahertz of spectrum that benefits
rural mobile telephone carriers between Aug. 19 and Sept. 19 with the
proceeds to be deposited by the year of the year.
Among those who have qualified for the sale to take place later this year
are numerous small rural carriers as well as ventures backed by money
manager Mario Gabelli and media mogul Paul Allen who owns cable company
Charter Communications Inc.
***********************
USA Today
Cybersecurity panel looks at Net risks
ATLANTA (AP) At a town hall meeting on cybersecurity, experts warned that
the risks of going online have become especially prevalent as hackers find
new ways to poke holes in Internet security systems.
Tom Noonan, chief executive officer for Internet Security Systems, told the
gathering Tuesday that logging onto the Internet is like entering a
dangerous neighborhood. Risks include identity fraud and intellectual
property and credit card theft.
"This is the first national security threat the government can't handle
alone," said Noonan, one of five panelists in the meeting on the national
strategy to secure the online infrastructure.
The meeting was the fourth in a series of nationwide meetings hosted by the
President's Critical Infrastructure Protection Board, formed in October to
address Web-related vulnerabilities within the federal government and the
private sector. More than 25 national security officials are on the board.
"The critical infrastructure of this country may be the most vulnerable to
cyber attack," said former Sen. Sam Nunn, a panelist. "This is a rather
unique security challenge. There are no borders in cyberspace."
Howard Schmidt, vice chairman of the board and a panelist, emphasized the
importance of providing education and training for mid-career
professionals. He said only eight people received Ph.Ds last year in
Internet security.
While most universities offer computer science degrees, they seldom have
programs focused on Internet security, said Player Pate, spokesman for
Atlanta-based Internet Security Systems.
Pate said many people don't know that when they log onto the Internet,
they're open to attack even if they have anti-virus protection and a
firewall. He recommends an anti-intrusion device.
"You're connecting to the Internet this pipeline," Pate said. "That is
what attackers look for."
The panelists agreed that fighting cyberterrorism requires large
corporations, the government, international governments, small businesses
and consumers to work together.
"Waiting for disaster to happen is not a strategy," Nunn said.
*****************
New York Times
Disney Shifting to Linux for Film Animation
By STEVE LOHR
The Walt Disney Company, the doyen of animation studios, is joining
Hollywood's embrace of a technological upstart the GNU Linux operating system.
Disney's animation division is announcing today that it plans to use
Hewlett-Packard workstations and data-serving computers running Linux for
digital animation work in the future.
The Disney move is the latest commitment by major studios and
special-effects houses including DreamWorks SKG, Pixar Animation Studios,
Industrial Light and Magic and Digital Domain to Linux, which is a variant
of the Unix operating system that is distributed free and under terms that
allow programmers to fine-tune the software.
Movie animation is a rarefied niche market for computer technology. The
studios have deep pockets, legions of technical experts and plenty of
financial incentive to get just the right look and detail in movies like
"Shrek" and "Monsters Inc.," since the payoff for a box-office hit can be
enormous.
Yet the advance of Linux into Hollywood is a sign that a technology once
viewed as part of the counterculture of computing is moving steadily into
the mainstream. "Hollywood is at the leading edge of computing, and it
shows what Linux can do," said Martin Fink, general manager for
Hewlett-Packard's Linux systems division.
At Disney, like other studios, machines running Linux typically take the
place of computers running proprietary versions of Unix, like SGI's Irix
software. Not only is the Linux software free, but it runs on low-cost
personal computer technology, workstations and data-serving computers
powered by Intel or Advanced Micro Devices microprocessors. "For us, it's a
move to less-expensive commodity technology systems," said John Carey, vice
president for Walt Disney Feature Animation.
In animation, Linux made its first inroads a few years ago on the clusters
of server computers used in "rendering farms," which require huge amounts
of processing to render a finished image of a creature or character as it
appears on movie screens.
More recently, Linux has also been used on the workstations used by
animators for drawing and modeling their creations, as the leading
producers of animation software have tailored their applications to run on
Linux. Alias-Wavefront tweaked its Maya program to run on Linux in March
2001, after it had been approached by animation studios and special-effects
houses that wanted to use the Linux technology, according to Kevin Turesky,
an engineering manager at Alias-Wavefront, a software subsidiary of SGI.
Linux tends to be portrayed as an archenemy of Microsoft and its Windows
operating system. In the long run, the rise of an alternative like Linux
will limit Microsoft's future growth and market dominance. But in the near
term, as the Hollywood experience shows, Linux is gaining at the expense of
proprietary versions of Unix.
"Historically, animation has been a Unix environment," said Al Gillen, an
analyst at the International Data Corporation. "And what's happening in
Hollywood is that another piece of the Unix market is moving into the Linux
space."
Indeed, Mr. Carey observed that adopting Linux for part of its animation
was part of its migration strategy to move away from its previous
"homogeneous technology environment," revolving around SGI's Irix.
The Disney commitment is the second agreement in recent months for
Hewlett-Packard systems running Linux in Hollywood. In January,
Hewlett-Packard announced a three-year partnership with DreamWorks
involving the purchase of Hewlett computers and some joint development of
technology.
Hewlett-Packard, to be sure, has a heritage of doing business with
Hollywood and Disney. The first product the founders William Hewlett and
David Packard sold in 1938 was to Disney, an oscillator used to help
produce the rich, textured soundtrack for the animated movie "Fantasia."
**********************
San Francisco Gate
Spam becoming more annoying
Some junk e-mail even uses virus to steal identities
Caroline E. Mayer, Ariana Eunjung Cha, Washington Post
The e-mail with the titillating subject line -- "funny sexy screensaver" --
arrived one recent afternoon in the computers of at least 100 politicians
and businessmen. It claimed to be from R. James Woolsey, former director of
the Central Intelligence Agency.
But Woolsey didn't send it. It was generated by a spam virus, the kind that
hijacks someone's online account and sends out messages in the owner's
name. "It was like a small version of identity theft," said Woolsey, now a
partner with a Washington law firm.
Millions of e-mail users have been caught by this latest spam twist.
They've either had their online identity stolen and used to send messages,
or they have mistakenly opened messages that seemed to come from people
they knew but turned out to be from, say, a sex hot line.
Electronic mailboxes were already being flooded with offers of weight-loss
pills, sexual aids, travel coupons, low-interest mortgages and other
solicitations. Now these fraudulent messages only add time and aggravation
to e-mail reading, prompting many consumers to reconsider their reliance on
e- mail.
"People will tell you e-mail has become the biggest burden in their online
lives. There's a real frustration level there," said Jeffrey Cole, a UCLA
professor who oversees a long-term study looking at the Internet's effects
on society.
To avoid offensive mail, many users are simply deleting large batches of
messages with a single stroke without reading them, even though mail they
want could also be lost.
In a desperate attempt to control the flood of spam coming through their
systems, more than a few corporate computer administrators have blocked
e-mail from outside the United States because much bounced spam seems to be
from foreign computers. That limits the spam, but it also limits the
Internet's potential as a global communications medium.
Brightmail Inc. is one of the nation's largest antispam firms, hunting for
the unsolicited and the unwanted through a network of decoy e-mail accounts
designed to attract spam. The San Francisco company's researchers use those
e- mail addresses to browse Web sites, read newsgroups, sign up for
newsletters and do other things a regular user might do.
Brightmail has detected a 600 percent increase in spam. In April 2001, the
network counted nearly 700,000 spam attacks, in which hundreds of versions
of a message are sent to e-mail accounts worldwide in one shot. Twelve
months later, Brightmail counted 4.3 million such attacks.
"Spam is outpacing the growth of e-mail," said Enrique Salem, president of
Brightmail, whose filters are used by Internet service providers to block
millions of unsolicited messages daily.
It's not just the number of unsolicited messages that is causing alarm, but
also their content. "What most people are noticing is its aggressive
nature. It's more adult-themed," with people constantly "trying to sell you
something, " said America Online spokesman Nicholas Graham.
Often it's hard to tell, even after you open the message, whether the sales
pitches are from legitimate firms or individuals or from questionable
operations made to look like well-known firms or people the recipient knows.
One popular solution is setting up a filter or creating a mailbox that
accepts mail only from predesignated addresses. At Hotmail.com, for
instance, about 16 percent of customers have selected exclusive mailboxes
that accept mail only from people in each user's electronic address book.
But even this approach wouldn't necessarily protect them from fraudulent
messages sent from a friend's address.
A step beyond that is to sign up for an Internet service that forces an
unknown e-mail sender to go through handshake verification, a two-step
challenge/response process based on the premise that a spamming program
will not follow through. MailCircuit.com offers free e-mail accounts using
this technology and provides a fuller service for $10 a year.
Disposable e-mail addresses can be turned off when spam becomes
overwhelming. Customers of Spamex.com pay $10 annually for access to 500
disposable addresses. You can use several at a time, close them if they
become inundated with spam and hop to a new address.
Special filters set up by Internet service providers like Yahoo and Hotmail
can detect bulk e-mailings, to be rerouted to junk mail folders where they
may be checked by the account-holders.
Sometimes these are blocked by an ISP and never arrive in the intended
inbox. Last December, AOL bounced back early-admission notices from Harvard
University that the filter had deemed to be junk.
Many of Woolsey's associates reported that the fraudulent message that bore
his name got through their filters, but then the filters blocked the
warning message Woolsey subsequently sent out because it had the word
"porn" in it. "It was truly ironic," Woolsey said.
**********************
Mercury News
Israel a global pacesetter in high-tech security
BUT BIOTECHNOLOGY, LIFE SCIENCES ARE FIELDS ON THE HORIZON
By Dan Gillmor
Mercury News Technology Columnist
REHOVOT, Israel - When Israel orbited its Ofeq 5 spy satellite late last
month, the payload's origin was no surprise to people familiar with the
nation's technology scene.
For Elop Electro-Optics Industries, the company that designed and made the
sophisticated but lightweight camera, it was business as usual.
I didn't get a look at this particular model on a visit to the company 10
days ago. The details are mostly secret. But I did get a glimpse into an
industry in which Israel is a global pacesetter -- defense and security. A
wary nation, surrounded by enemies for much of its half-century of
independence, has turned self-protection into a way of life.
Such is Israel's high-tech security expertise that it's an exporter of
defense technology. At Elbit Systems, the corporate parent of Elop
Electro-Optics (or El-Op for short), roughly half of all sales are to other
nations.
Elbit has some 5,000 employees including about 1,000 at its U.S.
operations, including a facility in Silicon Valley. El-Op's areas of
business include such technologies as infrared sensing, lasers, fancy
displays and, of course, satellite cameras.
Infrared photography uses the heat emitted by physical objects to make
pictures of them, so total darkness is irrelevant. Gabby Sarusi, El-Op's
chief scientist, showed a startlingly clear image of an outdoor scene taken
in 1998 by what was then a state-of-the-art camera. He has a better one
from a more current camera, he said, but he's not allowed to show it.
About 40 percent of El-Op's employees are scientists and engineers,
according to Sarusi, and almost 10 percent of revenue goes into research
and development. The company has close ties, naturally, with the Israeli
Defense Ministry and the national research institutions.
Most development is done in-house. On a tour, Sarusi pointed into a
workshop where prototypes are made. If a scientist or engineer can imagine
a design, he said, someone in the workshop can build it.
In another shop, workers are making lenses and other components for
cameras. ``We are capable of designing some very sophisticated optics,''
Sarusi said in an understatement.
Many of El-Op's products, which include radar-like devices that help
low-flying aircraft dodge ground obstacles, have obvious civilian spin-off
potential. At the moment, in a world where security is a growth industry as
never before, there seems to be plenty of business. Elbit has a two-year
backlog.
Not far from El-Op's headquarters is one of the world's great research
centers, the Weizmann Institute of Science. It's a nerve center for what
many believe will be Israel's next leap in innovation and a core of its
future economy: biotechnology and the life sciences.
Weizmann is also pushing hard in the area of ``technology transfer.''
There's a strong research focus, but there's also great interest in taking
discoveries from the laboratory into the marketplace.
Weizmann is the home base for scientists such as Michal Schwartz, professor
of neuroimmunology. Her insights -- in particular, the once-doubted
recognition that the immune system can do positive things when it aims at
the human host's own body -- are leading toward pathbreaking treatments.
Schwartz and her colleagues have developed a treatment for glaucoma, a
condition that causes blindness. In effect, they tell the body it's facing
a certain kind of invader, stimulating the immune system to stop the damage
from getting worse. The potential is wider. Spinal cord injuries may
someday respond to this kind of treatment.
Weizmann is also host to Irun Cohen, a professor of immunology who's trying
to understand diabetes better. In the process, he's challenging the
tendency to think of biological processes as discrete events. Many
scientists today try to isolate various systems and reduce them to a set of
underlying laws.
The mapping of the human genome, he says, is a fine idea. But treating it
as a fantastic blueprint, he says, is missing a key point -- that we can't
explain things by looking at the underlying elements of each separate
system. We have to understand the multitude of systems in the body, and how
they interact with each other. What looks like a lot of informational noise
can often hold revealing patterns, he says.
Like other institutions of its kind, Weizmann has a technology-transfer
program designed to commercialize the research and generate licensing
revenues. Schwartz co-founded a company, Proneuron Biotechnologies, based
on her research. She has remained at the institute, holding an advisory
role with the company.
Cohen and colleagues from other departments at the institute are working on
several information-technology based projects. One is a computer simulation
of the immune system. Another is a microprocessor-based system to see how
immune cells react to certain conditions.
Weizmann owns the intellectual property its scientists generate on campus,
and licenses it to third parties. The original researchers get a cut of the
revenues.
The institute doesn't say publicly how much it generates in licensing
revenues each year. But Haim Garty, vice president for technology transfer,
doesn't dispute (or confirm) a $50 million estimate in an Israeli
publication. He does say that the bulk of the money goes back into the
institute's basic-science mission.
BREAKING NETWORK BOTTLENECKS: It was a rare event, in several ways, when an
Israeli technology company scored $80 million in new financing earlier this
year. Not only was that a large amount for any technology company, but the
company was in a business that has gone far out of favor.
Chiaro Networks, based in Jerusalem, may be onto something big. It has come
up with optical-networking technology it says will relieve key bottlenecks
on the Internet.
Founded in 1997 with $800,000 in seed capital, Chiaro has raised more than
$200 million in all. It has about 285 employees, including 185 at the U.S.
headquarters in Richardson, Texas, with 100 in Jerusalem.
Eyal Shekel, the company's founder, is careful not to predict too much, too
soon. But he is quietly persuasive as he describes the technology that he
believes will be a breakthrough in the networking arena.
The basic notion is that today's data routers, at least the ones at the
core of networks, are not keeping up with the growth in traffic.
Substituting optical switching for electronic switching helps solve the
problem, Shekel says. Chiaro is eyeing the world's major telecommunications
carriers as initial customers.
In a world of outsourcing, Chiaro is an exception. It designs and
fabricates the microprocessors at the core of the devices, for example. You
don't typically find chip making clean rooms in an office building, but
Chiaro has one. ``We do it all ourselves,'' Shekel says.
LINUX RISING: Huge rounds of venture capital are the distinct exception, of
course. Bootstrapping is back.
That's the case for Qlusters, a software start-up in Tel Aviv. Ofer
Shoshan, the company's chief executive, even brags about how he's saving
money with used computers and sub-let office space.
Qlusters is tweaking the Linux operating system to make it work more
efficiently on large groups of computers that are running in tandem,
working together to solve a single problem. This is known as clustering.
Shoshan's 15 colleagues include a well-known Linux expert, Moshe Bar, the
company's chief technology officer. They already have customers, including
a university in Italy, and they they're aiming at something that wasn't in
favor during the Internet bubble -- near-term sales and profits.
``We have a small team, and a low burn rate,'' Shoshan says. ``And they get
the work done.''
**********************
BBC
Pro-Islamic hackers join forces
There is mounting evidence that individual hacker groups connected by a
pro-Islamic agenda are working together to carry out hack attacks, say
experts.
Security firm mi2g says an alliance of anti-Israel, anti-US and anti-India
groups are increasingly highlighting issues such as the Middle East
conflict, the war on terrorism and the Kashmir stand-off as part of their
destructive digital attacks.
At the height of the tensions between Pakistan and India over Kashmir in
May, two groups (Unix Security Guards and World Fantabulous Defacers)
carried out a total of 111 digital attacks on Indian educational and
business sites.
Security firm mi2g said political and ideological motives were increasingly
behind hack attacks.
Digital tensions
At a round table event in London to discuss the security threats in a
post-11 September world, Chief Executive of mi2g, DK Matai, said hacktivism
posed one of the biggest risks to business and government computer systems.
"Political motivation is an increasingly rising factor in digital attacks,"
he told delegates at the forum.
"The primary reason why web attacks are increasing is political tensions
between Israel and Palestine, India and Pakistan and China and Taiwan."
New viruses decreasing
Israel has suffered a barrage of hack attacks since the start of the
Palestinian uprising in September 2000.
An Egyptian hacker group has said it is behind the action. It began its
activities shortly after 11 September.
Similar attacks happened during the Serbian conflict in 1999 when Nato and
US Department of Defense networks were targeted by pro-Serbian hackers.
Despite the gloomy picture, the total number of new viruses has actually
been decreasing since a peak in 1997, according to mi2g.
However, new viruses are causing more havoc because of the number of
computers that are now networked together.
"When one catches a cold the entire global organisation catches it," said
Mr Matai.
*************************
Government Computer News
The sky is not the limit for Internet, Cerf says
By William Jackson
Internet pioneer Vinton Cerf predicted an interplanetary Internet will be
in place by the end of the decade, with communications satellites in orbit
around Mars and linked with the Earth.
Cerf, speaking at the Internet Society's INET 2002 conference in Arlington,
Va., this morning, said the network is not being designed because anyone
thinks there is someone on Mars to use it. It would provide a uniform means
of communication for space missions in our planetary neighborhood, much as
the Internet does on Earth.
Cerf, a co-developer of the TCP/IP protocols on which the Internet is
based, has a visiting professorship at NASA's Jet Propulsion Laboratory.
Those protocols will not be adequate for deep space communications, he said.
"TCP/IP doesn't work when the round-trip time is 40 minutes to six hours,"
he said. TCP/IP would have to be terminated at the planet or space vehicle
level. "The long-haul stuff is quite different" and resembles
store-and-forward messaging, he said.
At a more down-to-earth level, a panel of speakers that included TCP/IP
co-developer Robert Kahn of the Corporation for National Research
Initiatives concluded that immediate challenges to the Internet are
broadband and wireless access, managing intellectual property rights and
development of policy at an international level that does not interfere
with the network's functionality. Moving the Internet to the next version
of the Internet Protocol, IP v. 6, is key for keeping the Internet
functioning and growing, they said.
**************************
Government Executive
Defense authorization bill filled with tech provisions
By Molly M. Peterson, National Journal's Technology Daily
When the Senate considers its version of the fiscal 2003 defense
authorization bill this week, it will consider several technology-related
provisions that would promote military transformation and increase the
private sector's role in homeland security.
"In the wake of the terrorist activities in 2001, an overwhelming number of
technology developers have approached the Department of Defense, Office of
Homeland Security and Congress with proposals for research or technology in
support of the war on terrorism," the Senate Armed Services Committee noted
last month in a report on the bill.
The Pentagon received more than 12,000 proposals last fall in response to
its broad appeal for new technological ideas to combat terrorism. But
Defense officials have yet to review or respond to many of those proposals,
according to the committee.
The measure, S. 2514, would establish a panel within the Defense Department
to review such proposals and recommend potential contractors to the
undersecretary for acquisition, technology and logistics. The review panel
would consist of technology experts from the Pentagon and military
services, as well as the private and academic sectors.
The new panel would be part of an outreach program required under the bill,
which would make it easier for small businesses and non-traditional defense
contractors to work with the Pentagon. "This part of the industrial base
can and should play a critical role in the development of technologies to
fight terrorism at home and overseas," the committee said.
The legislation also would create a $50 million "technology transition"
initiative to deliver new technologies to the battlefield more quickly. In
the Senate committee report, bill authors noted their "longstanding concern
about the [Defense] Department's ability to effectively and efficiently
transition technologies out of the laboratory and into the hands of the
war-fighter."
The bill calls for a new Technology Transition Council, which would include
military acquisitions officials and technology industry leaders. It also
would require each branch of the military to designate a senior official to
serve as a technology transition advocate.
"Aggressive leadership and championing of new technologies from the highest
levels of the department is necessary to overcome organizational and
cultural barriers and affect real technological change," the committee wrote.
The legislation also would require the military services and several
Defense agencies to improve their software-acquisition processes. "Many
major defense acquisition programs are heavily reliant on the development
of complex computer software," the committee said. "In a number of cases,
mishandling of software acquisition has jeopardized an entire program."
The legislation calls for nearly $10.2 billion for Defense's science and
technology programs, which would be a $170 million increase over President
Bush's budget request. Those additional funds include $33 million to combat
cyber warfare, in part through scholarship programs to train the "next
generation of information security specialists."
*************************
Government Executive
Agencies seek industry input on e-gov plan
By Liza Porteus, National Journal's Technology Daily
The federal government is calling on the technology industry to help lay
the foundation for the Bush administration's e-government plan.
The General Services Administration on Tuesday hosted an "industry day" to
update companies on where the government is on its e-authentication
project--one of the 24 e-government initiatives approved by the President's
Management Council. The Office of Management and Budget and GSA are
spearheading the initiatives.
The e-authentication project includes the development of a Web site that
would provide a standard way of authenticating the identities of firms and
individuals who conduct business with the government. Use of the gateway
would be voluntary for agencies.
Government officials said citizens need to trust the government to put
their interests first, particularly in the electronic age. "It's not just
about building trust; it's about becoming citizen-centered as a
government," said Mark Forman, OMB's associate director for information
technology and e-government.
Forman said the Government Paperwork Elimination Act is helping the push
toward Web-based government transactions. But the problem is that various
agencies are signing separate contracts to put services online, resulting
in a hodge-podge of technology systems. The process also costs more than
using a single system to execute all similar transactions.
"It's not that we're not online. ... The question is, how smart are we as
we bring this to bear for the public," Forman said, adding that
e-authentication is just one part of the government's computer-security
efforts.
But industry plays a vital role in the government's efforts, officials said.
"It's very important we don't embark on a path in a vacuum," said Steve
Timchak, director of the e-authentication project at GSA.
Timchak said a request for information on potential next steps in the
project will be issued "very soon." The government will look for industry
input on acquisition, funding, interoperability and the privacy
implications, among other things. Technology, privacy and policy are the
"three legs" to e-authentication, Timchak said. "We have to move forward in
concert" on the issues.
Although some groups have expressed concern that government could have too
much information about private citizens it works with, David Temoshok
stressed that the e-authentication gateway is not designed to issue
identification credentials, collect personal information or maintain a
repository of information. Temoshok, the public-key infrastructure policy
manager for GSA, said the gateway will establish risk and assurance levels
for multiple credentials.
Temoshok noted, however, that there is much more to putting government
services online. He said the real issue is not whether the technology
exists to execute the e-government initiatives but whether the government
can gain the public's trust to efficiently and effectively conduct
transactions while protecting privacy and allowing a free flow of information.
"This is a cultural change," he said. "This isn't low-hanging fruit here."
**********************
Computerworld
Airport security panel calls for IT overhaul
By DAN VERTON
A select group of IT industry executives based in Silicon Valley this week
issued a series of recommendations for improving airport security that
could amount to a massive IT overhaul of the nation's air transportation
system.
The Blue Ribbon Task Force on Aviation Security and Technology, formed by
U.S. Rep. Mike Honda (D-Calif.) and San Jose Mayor Ron Gonzales, issued a
35-page report Monday after 100 days of studying how to use existing
information technologies to improve airline and airport security.
The task force's recommendations will be tested at 20 U.S. airports, which
are expected to be named by the end of the summer. The recommendations that
are found to be the most successful could be considered for deployment
throughout the air transportation industry. That decision will be made by
Transportation Secretary Norman Y. Mineta. Mineta is scheduled to meet with
the task force tomorrow to discuss its final report.
The task force concluded that airport security can be improved through the
installation of biometric identification systems to track airport employees
and control access to aircraft, the use of Global Positioning System (GPS)
devices to monitor vehicles traveling in secure airport areas, cockpit
monitoring and access technologies, and enhanced communications networks
that would enable airport security personnel to more effectively
communicate and share information with one another and with law enforcement
agencies.
"The report provides a blueprint or a road map by which the Transportation
Security Administration, the Department of Transportation and the city of
San Jose can bring about a more secure airport environment," said John
Thompson, CEO of Cupertino, Calif.-based antivirus software vendor Symantec
Corp. and chairman of the task force. The Norman Y. Mineta San Jose
International Airport is one of the busiest of its size and offers a
perfect model to test such security technologies, said Thompson. "The
problems that this airport has to endure are the same kind of problems that
every other airport endures," he said, adding that the task force
deliberately avoided recommending specific products or vendors.
Beatriz Infante, CEO of San Jose-based Aspect Communications Corp. and
chairwoman of the task force's technology subcommittee, said the report
focuses on three areas: validating the identities, location and level of
accessof airport workers; validating the integrity and security of the
airport facility; and upgrading the airport's communications infrastructure
to enable networking of security monitoring systems. Some of the
recommendations may require the re-engineering of the physical facility,
she said. For example, the San Jose airport recently closed 57 exits and
entryways to enable more efficient monitoring of the ones that remain open,
she said.
U.S. airports present security challenges on a massive scale, the report
concludes. For example, airports are composed of multiple functional areas,
such as passenger screening and baggage handling, each of which requires a
different level of security. In addition, there aren't always access
control points between these areas where workers from different companies
can be screened and authenticated, the report states.
"Opportunities exist for unauthorized individuals to compromise the
integrity of the work force through the use of false identification ... and
'piggybacking,' an entry process that allows for the possibility of an
unauthorized employee to quickly move behind an authorized employee through
a doorway entry," the report warns.
Bill Crowell, CEO of Santa Clara, Calif.-based Cylink Corp. and a task
force member, said it's critical for airports to migrate their IT
infrastructures to digital technology to solve these problems.
"Today, most of the airports have analog devices and sometimes an LAN. The
cost of adding technology and keeping it fresh will be prohibitive unless
the airports go digital," Crowell said, referring to the use of Ethernet
network technology and Wi-Fi wireless systems that are protected by virtual
private network technologies. "It will also facilitate using new sensors
such as biometrics," Crowell added.
During task force meetings, Crowell said he consistently raised the issue
of roles and responsibilities for airport security. According to the final
report, there is little or no agreement among federal, local and airline
authorities over who is in charge of overall security.
"Under these circumstances, there can be jurisdictional gaps, leading to
security breakdowns and significant challenges in real-time coordination of
activities during a crisis," according to the report.
"While all of them could describe the piece of the problem they worked on,
there is a lot of overlap, some confusion and no one with responsibility
for setting standards across all of the areas of responsibility," said
Crowell, a former deputy director with the National Security Agency.
Thompson noted that "each airport is a personality unto itself" and that
improved security will require a cooperative approach among federal, state
and industry representatives. "To suggest that one group is more
responsible than another is not the appropriate way to go about improving
security at our nation's airports," he said.
Added Crowell, "Unless they convert [to digital] technology to facilitate
and strengthen [information sharing and networking], security at airports
is hopeless."
************************
Computerworld
Washington state to create digital archives
The Washington Secretary of State's Office yesterday broke ground on a
building that will house the state's history recorded through e-mails and
electronic documents.
Secretary of State Sam Reed said his research indicates that Washington is
the first state government to establish digital archives in the country.
Although the state has done a good job maintaining and preserving paper
documents, which are also transferred to microfilm, it has done nothing to
ensure that its electronic records are stored for posterity, Reed said.
As a result, much of the state's heritage was slipping away because there
was no way to record and archive its electronic history, including e-mail,
government Web pages and government databases -- all of which are a matter
of public record in the state.
According to Reed, most of the state's public agencies have already lost
about 50% of their various electronic records, including e-mail from
governors, key legislators and elected officials. In addition, Reed said,
the state is also missing records of policy drafts that reveal the thinking
behind current legislation.
Reed acknowledged that there's a debate raging in the state about what
exactly qualifies as a public record, with much of the controversy
centering on the archiving of e-mail.
The $14.3 million, 48,000 square-foot archive building is set to open its
doors in the winter of 2004, and will be located on the Eastern Washington
University campus in Cheney.
In 15 years it will have the capacity to hold 800TB-worth of government
information, or 200 billion pages of text, Reed said. That same information
stored as paper documents would fill 80 million standard archive boxes
stacked 270 feet high and would run the length of a football field, he said.
**********************
Sydney Morning Herald
You can't send mail: a broadband user's plight
The Mail Abuse Prevention System (MAPS) has blocked several IPs on the
Telstra broadband network, acccording to a posting at Whirlpool, a forum
for Australian broadband users.
The site says Telstra customer Chris Kraus wrote in to complain that seven
IP addresses he received on his ADSL service were blocked by MAPS, a
non-profit California organisation which says its mission is to defend the
Internet's email system from abuse by spammers. This meant Kraus could not
send any mail.
MAPS maintains a database of servers which allow mail relays, or servers
which are being used to send unsolicited commercial email (UCE, commonly
known as spam). Common mail transfer agents like Sendmail, Exim, Postfix or
Qmail can be configured to check incoming mail against the database and
reject email coming from, or routed through, any servers listed in the
database.
The Whirpool posting said in the past some Telstra IP addresses had been
blacklisted as they were running open mail relays. It added that many
customers on retail broadband connections ran their own mail servers,
something which Telstra permits, due to the unreliability of Telstra's own
mail servers.
***********************
Sydney Morning Herald
Census reveals PC, Net habits
Data from the 2001 Australian census shows that in the week preceding the
count 7,881,983 people (42 percent) had used a personal computer at home.
There were 2,663,168 people (14 percent) aged 0-19 years, 3,359,214 people
(18 percent) aged 20-44 years, 1,628,051 people (8.7 percent) aged 45-64
years and 231,550 people (1.2 percent) aged 65 years and over.
The total number who had used the Internet in the week preceding the 2001
Census was 6,966,687. There were 1,018,463 people (5.4 percent) who had
used the Internet at work only, 3,505,235 people (19 percent) at home only
and 716,155 people (3.8 percent) elsewhere.
There were 1,726,834 people (9.2 percent) who provided a multiple response
to the question of Internet use. There were 1,221,430 (6.5 percent) who had
used the Internet at home and at work, 371,902 (2.0 percent) who had used
the Internet at home and elsewhere, 32,783 (0.17 percent) who had used the
Internet at work and elsewhere, and 100,719 (0.53 percent) who had used the
Internet at home, work and elsewhere.
People were asked to indicate whether, in the week preceding the Census,
they had used a personal computer at home and whether they had used the
Internet at home, at work or elsewhere. Multiple responses could be given
for use of the Internet. Comparative data is not available as these
questions were not asked in the 1996 or 1991 Censuses.
***********************
Sydney Morning Herald
Tender lessons in the ways of government
By Angus Kidman
June 18 2002
When it comes to information technology, government is Australia's biggest
spender. The most recent Australian Bureau of Statistics figures show that
in the 1999-2000 financial year, federal, state and local governments spent
$4.3 billion on IT, not including capital expenditure or education spending.
The government IT market is dominated by federal departments and agencies,
responsible for 47 per cent of total expenditure. State governments
accounted for another 45 per cent, while local councils made up just 8 per
cent. Yet even that small piece of the pie is worth more than $200 million
a year in potential business.
As the dominant customers for IT in Australia, government agencies should
be able to exploit their immense buying power to ensure the best-value
services are delivered to taxpayers.
Companies that sell to government agree that both departments and vendors
are aware of the power of the government dollar.
"It's a very competitive sector," says John Grant, chief executive of
listed IT company Data#3.
"Government, by its very nature, is chartered to spend its citizens' money
wisely. Price is a clear criteria."
Tony Whigham, director of sales for Dimension Data, adds: "They can easily
command contracts of $70 million or $80 million - bigger than most
corporates. But economies of scale only go so far."
There is general agreement that government bodies have cast aside their
reputation as being procedurally driven and have educated themselves to
make intelligent technology choices. "They're pretty up to speed on the
technology, and they have more resources (to do that) than commercial
organisations of similar sizes," says Gregg Rowley, managing director for
data security company eSign.
"We've got very mature and sophisticated buyers in government," says
Lynette Clunies-Ross of IBM Australia.
"They're a lot more technology savvy."
Whigham agrees: "Government agencies buy as astutely as the commercial sector."
Government is viewed as leading private enterprise in some technology
areas, especially business-to-business transactions and data security.
There is also a common perception that government agencies are moving
towards value considerations rather than simply seeking the cheapest deal.
"Value for money is more important than price as such," says Clunies-Ross.
However, the distinction is not always realised in practice.
***********************
Sydney Morning Herald
Paths clearing for wireless networks
By Sue Cant
June 18 2002
Within weeks, the regulatory clouds shadowing community wireless groups
should clear. The Australian Communications Authority is working on a
series of tests to allow such groups to operate legally without giving a
free kick to commercial operators.
Earlier this year the Minister for Communications, IT and the Arts, Senator
Richard Alston, requested his department work with the ACA to resolve the
legal standing of community wireless groups effectively providing a public
network.
Under the law, such a network requires a $10,000 carrier's licence unless
it is not being used for commercial purposes.
Establishing whether such a network is being used for profit is difficult
in the wild west of the wireless world.
But forcing potentially innovative users to pay when the philosophy is
supposed to be about encouraging new entrants and open access is not the
IT-savvy image government wants to project.
"We recognise hobbyists have some trepidation that we may come down hard on
them," the ACA's head of telecom licensing, Paul White, says.
"We don't wish to prejudice the hobbyist but we don't wish to give
commercial operators a free leg-up."
One of these groups, Melbourne Wireless, which represents thousands of
wireless users in Australia and New Zealand, has been lobbying the Federal
Government and the ACA for its position to be clarified.
"By preventing organisations such as Melbourne Wireless from establishing
their own networks, the long-term interests of end users are being
thwarted," the group says in a submission to a parliamentary inquiry into
wireless broadband.
Melbourne Wireless president Steven Haigh says present broadband services
are not equitable, accessible or affordable, and Melbourne Wireless's
network will be free or low-cost.
In the ACA's submission to the inquiry, the regulator says that last
December it was approached by Brismesh, a Brisbane group wanting to set up
a wireless local area network. Brismesh was seeking advice on the issue of
a carrier's licence.
"A requirement for a carrier licence in this instance would make such a
proposal unworkable and deny the intended community any benefits that a
low-cost broadband service could provide," the ACAsubmisson says.
To meet the concerns of users, the ACA is developing rules to bind wireless
groups to a not-for-profit charter.
White says the groups will need to be assessed on a case-by-case basis.
While the regulator is still working on the tests, White says it is likely
the ACA will seek information about the arrangements between the network
providers and users and how funds are being used by the operators.
Meanwhile, in another submission to the parliamentary inquiry,
telecommunications analyst Paul Budde says wireless will never be able to
match the reliability, quality and robustness that fixed line offers.
Budde says investment is lacking to make wireless networks function beyond
niche markets.
"Without massive government support, the development of wireless systems in
most rural and regional areas in Australia will never happen," Budde says.
He says the government missed an opportunity to support such systems by
"playing it safe" and selecting Telstra for two large-scale regional projects.
"The other contenders had developed unique wireless solutions that were
seen by the government as too risky."
But Budde says the reality is that wireless is a niche market.
************************
Sydney Morning Herald
Hiccup, but new system will be ready on July 1
June 18 2002
The .au Domain Authority (auDA) has announced the new Australian domain
system will begin operation on July 1, two weeks later than previously
announced. AuDA chief executive Chris Disspain said the extension was to
allow registrars to test their interface with the new registry and to
ensure information was current. The new system will create competition
between registrars of .au domain names and end Melbourne IT's monopoly on
registering com.au names. It will also allow "generic" domain names, mostly
dictionary words, and will bring into force a new code of conduct for
domain-name resellers. Jenny Sinclair
SOFTWARE
Word is it's thumbs up for Sun's StarOffice Writer
US researchers have found experienced Microsoft Word users have little
difficulty migrating to Sun Microsystems' cheaper StarOffice Writer word
processor. In a study conducted by University of California computer
useability researchers, a dozen veteran Word 2000 users found Writer 5.2
was overall as easy to use as the Microsoft software. Researchers Scott
Lederer and Katherine Everitt found that although users felt more
comfortable and satisfied with Word, there was no significant difference in
the frustration users felt between the two applications. Although the dozen
preferred Word before starting the test, by the end, their buying
allegiance "was not significant one way or the other", the researchers
found. But Writer still has some kinks to iron out: participants take twice
as long to create tables than with Word, for example. Nathan Cochrane
www.sims.berkeley.edu/courses/is271/f01/projects/WordStar/finalReport.html
TELEVISION
US looks to halt home TV recording
The long-held right to "time-shift" - recording a television program while
watching another - is set to disappear after US talks between Hollywood,
Silicon Valley and Washington over the future of digital television (DTV).
Following a meeting last week of the Broadcast Protection Discussion Group
(BPDG), US Republican Congressman and chairman of the influential House
Commerce Committee, W.J. "Billy" Tauzin, is reported to have said the US
Government will legislate copy-protection over digital free-to-air
transmissions if hardware makers and Hollywood couldn't resolve their
differences. Set-top boxes and PC TV tuner cards will have to look for the
"broadcast flag", which prohibits copying, transmitted with the US-standard
ATSC digital signal. Australia uses a modified version of the worldwide DVB
standard for digital broadcast, which will have similar limits placed on it
by the DVB-copy protection working groups. In a letter of protest to
Tauzin, consumer activist the Electronic Frontiers Foundation (EFF) warned
that such moves would hinder DTV roll-out by making DTV a complex and
expensive alternative to traditional analogue television. Nathan Cochrane
***********************
Wired News
Reporting Web Flaws Still Flawed
Associated Press
Print this
9:55 a.m. June 18, 2002 PDT
WASHINGTON -- A security bug was found in software used by millions of
websites. Private experts alerted users and the FBI's computer security
division.
Problem is, they didn't tell the maker of the software. Then they issued
the wrong prescription for fixing the problem.
The incident Monday involving Apache's Web software shows that the system
to insulate the Internet from attack -- a joint effort between the
government and private companies -- is still a long way from perfect.
"It would be good if people would agree on some standards," said Chris
Wysopal of AtStake, a Boston security firm. "People can't be put at risk
like this again and again."
Internet Security Systems of Atlanta published a warning early Monday about
vulnerabilities in Apache, which is used on about 60 percent of all Web
servers. Many companies, including IBM and Oracle, create products that
rely in part on Apache.
Now ISS is under fire for breaking informal industry agreements by rushing
out the warning and a partial fix before coordinating with Apache developers.
The issue reveals infighting and hasty decisions that have become common in
the computer security industry. Experts say the effect is to confuse users
and possibly cause even more security problems.
Several third-party groups are designed to coordinate computer security
information. But there may be too many. ISS and the Apache developers chose
different ones, and never coordinated with each other.
ISS researcher Chris Rouland said the company talked to the National
Infrastructure Protection Center, part of the FBI. Apache developer Mark
Cox said his group spoke with researchers at the CERT Coordination Center,
based at Carnegie Mellon University in Pittsburgh and partially funded by
the Defense Department.
Spokesman Bill Pollak said CERT does share information with NIPC, but would
give no specific details on the Apache hole. A spokeswoman for NIPC had no
comment.
The Bush administration has called for the consolidation of government
computer security groups under the proposed Homeland Security Department,
and Bush advisers have admonished the technology community to share more
information with government to protect consumers.
Rouland said ISS was rushing to beat hackers to the punch.
"We didn't set out to burn Apache," Rouland said. "We want to make sure we
notify our customers appropriately."
Rouland said he didn't notify the developers of Apache because they aren't
a formal company. Apache is open-source, meaning that the software and its
blueprints are free and managed by programmers who coordinate its evolution.
Complicating the matter, Rouland said he didn't trust Cox, who along with
his Apache duties is the senior director of engineering at Red Hat
Software, which distributes the Linux operating system. Rouland accused Red
Hat of taking credit for earlier ISS research.
Cox said he already knew about the hole from a different researcher, and
that the ISS fix doesn't repair the entire problem.
"If ISS had told us before going public, we could have told them their
patch was insufficient," Cox said. "The fact that they didn't has caused
some problems."
*********************
Wired News
Bush Wants to Ban Spy Plane Tech
By Noah Shachtman
As part of its fight against terrorism, the Bush administration wants to
block the export of technology you can find at your local camping store.
In a testimony this week, a senior State Department official, Vann Van
Diepen, told a Senate subcommittee that unmanned aerial vehicles, or UAVs
-- the robotic spy planes used to spy on al-Qaida hideouts in Afghanistan
-- could be modified by evildoers to deliver a biological, chemical, or
nuclear attack against the United States. So the administration is pushing
to change the international agreement that controls the sale of ballistic
missiles to make sure UAV technologies are included.
But this approach is full of holes, according to national security experts,
beginning with the fact that UAVs and their components are available
everywhere. Even in the mall.
"You can get one of the GPS navigators you find at the camping store and
use it to guide a UAV, if you know your stuff," said one administration
official.
In fact, most UAVs, especially the lower-end ones, are deliberately built
with off-the-shelf parts, so that national secrets won't be spilled when
the drones are shot down in enemy territory. For example, the Global Hawk,
one of the most advanced UAVs in the U.S. military, uses a Rolls-Royce
turbofan engine found in many executive jets.
Both India and Pakistan have deployed UAVs during their most recent
flare-up of hostilities. Japan and South Korea use the robot planes to dust
crops. And Iraq is believed to be converting a Czech training plane into a
UAV, said Dennis Gormley, a defense consultant who testified this week
before the Senate governmental affairs subcommittee on international
security, proliferation and federal Services. He said there are 40 nations
with UAVs in their arsenals.
"UAV technology -- most of it is everywhere. So how do you restrict UAVs
without restricting regular airplanes?" asked a Senate committee insider.
But the better question, to many experts, is why bad guys would even bother
building the robot planes, when they've repeatedly had success with no-tech
terrorism?
"These are not James Bond movie villains, imagining the most complex means
to an end," said John Pike, director of Globalsecurity.org. "They look for
the simplest plan."
"The harsh fact is that practically anything -- from automobiles to box
cutters -- could be used as a weapon of terror," Steven Aftergood, of the
Federation of American Scientists, said in an e-mail.
The focus on high-tech terror weapons is part of a major, but largely
unnoticed, switch in U.S. national security policy, Pike said, from
defending against "probable" threats to defending against "describable"
threats, regardless of their likelihood. This shift, begun early in the
Bush administration, has only accelerated since Sept. 11.
"The attitude now is, 'these (terrorists) could do anything. So anything we
can think of, they can do,'" Pike said.
This outlook actually detracts from national defense, turning focus away
from small, manageable, no-tech measures that could prevent terrorist
attacks, Pike said.
"We know a small amount of concrete, strategically placed, makes it
extremely hard to car bomb a building, a tried-and-true terrorist tactic,"
Pike said. But there hasn't been a concentrated push to set up these
barriers around federal buildings.
The administration's plan for keeping UAVs out of the hands of foes is to
expand and update nonproliferation agreements like the 33-nation Missile
Technology Control Regime, to make sure the latest drone technologies are
covered. (Many of the best-known UAVs, like the Global Hawk, and their
associated technologies, already are.)
************************
News.com
States: Sharing code is top antitrust fix
By Reuters
June 19, 2002, 11:35 AM PT
Nine states seeking stiff antitrust sanctions against Microsoft told a
judge Wednesday that disclosure of key pieces of computer code that allow
rival software to work with the Windows operating system was their most
important demand.
"If you forced us to articulate the single highest priority--that's it,"
states' attorney Steve Kuney told U.S. District Judge Colleen
Kollar-Kotelly at the start of final arguments over the best remedy in the
4-year-old case.
Kuney said the sanctions sought by the states would force Microsoft to
behave "more like a company facing competition and less like a firm
existing in a comfortable monopoly."
The nine states, including California, Connecticut, Iowa and Massachusetts,
have refused to sign a settlement of the case reached in November between
Microsoft and the U.S. Justice Department and endorsed by nine other states.
Microsoft is scheduled to present its arguments against the dissenting
states' proposal later Wednesday.
Kollar-Kotelly issued an order late Tuesday telling both sides to come to
court prepared to answer questions on how their proposals could be modified
if she were to reject their respective remedies as written.
Her order suggests she is open to some hybrid of the two positions.
Microsoft and the non-settling states are attempting to tie together 32
days of testimony between March and May--including an appearance by
Microsoft Chairman Bill Gates.
The dissenting states put disclosure of technical information at the top of
their wish list, just ahead of their demand that Microsoft offer a version
of Windows in which add-on features like Internet Explorer and the media
player could be replaced by competitors' software.
Absent from the states' preferred sanctions was a previous demand for
uniform licensing terms and pricing for Windows.
Microsoft has argued that the states demands go way beyond addressing the
antitrust violations it actually committed and would harm consumers and the
entire computer industry.
But Kuney told Kollar-Kotelly that Gates' testimony, in particular,
amounted to the notion that monopoly was the preferred form of economic
organization.
"Somehow they know better than anyone else what's best for this PC
ecosystem. What's good for Microsoft is therefore good for the economy,
good for consumers and good for everybody else," Kuney said.
"Congress has made the judgment that competition is the preferred form of
industrial organization," he added. "That's not a topic that's open to
debate."
Kuney also cited Supreme Court rulings that allowed aggressive antitrust
sanctions that went beyond specific wrongdoing.
Last June, a federal appeals court upheld trial court findings that
Microsoft illegally maintained its Windows monopoly in personal computer
operating systems by acts that included commingling Web browser code with
Windows to fend off Netscape's rival browser.
The appellate judges rejected breaking the company in two to prevent future
antitrust violations but sent the case to a new judge, Kollar-Kotelly, to
consider the best remedy.
Microsoft has argued that the restrictions being sought by the states would
benefit rivals like AOL Time Warner and Sun Microsystems and would deprive
consumers of a reliable platform for software.
Under the Justice Department settlement, Microsoft would be required to let
computer makers hide desktop icons for some features of its Windows
operating system to allow the promotion of competing software by computer
makers.
The hold-out states say stricter sanctions are needed to protect new
technologies such as Internet services and handheld computers from any
anti-competitive tactics.
************************
News.com
The FBI's cybercrime battle
By Margaret Kane
Staff Writer, CNET News.com
June 19, 2002, 10:10 AM PT
newsmakers The FBI was able to nail John Dillinger, but how well would it
stack up against uber-hacker Kevin Mitnick?
Probably not well. Sharply criticized for its lack of technical know-how,
the FBI has taken a pounding after recent reports disclosed that glitches
in the agency's Carnivore online surveillance technology may have hindered
investigations into terrorism threats.
Agents have increasingly complained that the Bureau's outdated technology
has hampered their ability to analyze other threats. But with the nation's
law enforcement agencies turning their attention to the so-called war on
terrorism, the FBI is getting an upgrade.
A recent reorganization placed fighting cybercrime at the top of the
Bureau's priorities. The job of meeting that challenge falls to Assistant
Director Larry Mefford, who heads the Bureau's new Cyber Division. Mefford,
who previously worked in counterterrorism security planning at the Los
Angeles, Atlanta and Salt Lake City Olympics, served as the Bureau's
special agent in charge of the San Francisco office, where he oversaw all
operations, including terrorism and cybercrime programs.
CNET News.com recently talked with Mefford about his division's role in the
new FBI structure, cybercrime, and the wider war against terror.
Q: Let's talk about your new role. What is the Cyber Division's mission?
What areas is it taking on?
A: The director (FBI chief Robert Mueller) created the Cyber Division in
order to consolidate a historically fragmented approach to cybercrime. It
brings together all of the FBI's responsibilities to conduct investigations
of criminal activity that occur over the Internet or involve computers or
networks. It's the full gamut of what we refer to as
cybercrimes--everything from hacking and (denial-of-service attacks) to
Internet fraud, theft of identity, and theft of intellectual property. What
we're really looking at are those crimes where computers or networks are
either the tools or the targets of activity.
How big is the department?
A lot depends on homeland security. We're still in the process of defining
everything, but we're looking at a figure of hundreds at the start-up
stage. We'll grow from there.
How will it be managed?
Most of these criminal investigations will be operated out of field offices
around the country. Major intrusion cases are likely to be managed directly
from headquarters. That's a big change for us. Historically, field offices
have run cases. This is similar to the concept (being put in place for)
terrorism cases. We'll have a similar approach on major cyberattacks. If we
have another (denial-of-service attack), that's likely to be directed from
headquarters. But intellectual property, fraud, child porn cases will still
be managed at FBI offices around the country. Our role at the Cyber
Division will be to provide support and make sure they're successful. We'll
be helping them connect the dots, as they say now.
Your division and appointment were announced back in April. Last month, the
Bureau announced a major overhaul, and cybersecurity was listed as the No.
3 priority. How does that affect what you're doing? Clearly, being
prioritized to that degree affects us significantly. We're in the process
of creating this division from scratch. Historically, the responsibilities
to address some of the activity we're talking about were fragmented among
many different management units. It was difficult for the community and the
private sector to interface with us as an organization (because you) had to
go to various points. Clearly, 9/11 had an impact on our reorganization,
and one area was an initiative to improve the efficiency of operations.
We also have a function to provide protection against counterintelligence
and terrorism threats against the U.S. If there were a foreign government
attack or a terrorist attack against computer networks, the Cyber Division
would have a role in investigating or supporting other FBI entities that
have a primary role in (investigating those crimes). We would help the
terrorism guys and the people doing counterintelligence or espionage.
And how is that working out in terms of your focus?
The vast majority of our effort is focused on illegal criminal activity. In
the past, it was very difficult to find any quantifiable data on the extent
of the activity. As part of the Cyber Division, we've incorporated the
FBI's Internet Fraud Complaint Center (part of the National White Collar
Crime Center), which serves as a conduit to solicit complaints regarding
Internet crime. It started (looking at) fraud, and we're going to expand to
other types of crime. That data will be analyzed and distributed to the FBI
and to local authorities.
The focus there has been on Internet fraud and thefts facilitated by the
Internet. We'll be looking at intellectual property violations, economic
espionage, theft of trade secrets, and also technology-related crimes, such
as counterfeiting of software. As we gear up operations and gain more
expertise in the future, we'll be able to do a better job in providing
service to the U.S. public.
How important is industry input, both in preventing crime and solving crime?
The relationship with the private sector in the technology arena is
critical for us as an agency. It's very difficult for us--because of
expenses and other issues--to stay up with the technology. We need to link
arms and join forces with private industry, so we can use their expertise
and capability for the benefit of the American public, if we can.
Can you talk about your progress in realizing that plan?
We're in the process of creating cybercrime squads throughout the U.S. in
FBI field offices. In this calendar year, we'd like to create 20 of these
squads and concurrently, form cyber task forces, modeled after terrorism
task forces, where we join forces with local law enforcement agencies,
private industry and occasionally academia, to attack cybercrime. We're
allowed to leverage our capabilities and, at the same time, more
efficiently spend training money.
These will be permanent task forces assigned to different regions
throughout the country to focus on cyber-related criminal activity as well
as terrorism. If we have evidence of a national security issue, these
squads that we're trying to form will assist other FBI entities in
mitigating and preventing those types of attacks. In the area of criminal
activity, what we hope to do is provide enhanced prosecution and work
closer with different U.S. attorneys' offices across the country.
In the past, many companies have been reluctant to come forward when they
were hacked. Has that attitude changed? How do you persuade people to bring
things out in the open?
We have a system in place. Today, the National Infrastructure Protection
Center has responsibility inside the FBI for handling all the
computer-intrusion cases. It's part of the Cyber Division. We've created
internal safeguards to protect companies. Let's say a company comes forward
and they have sensitive data they want to share, but they don't want to
seek prosecution; they can do that. All the protocols created at NIPC will
stay in the Cyber Division.
The White House has proposed moving the NIPC to the new Department of
Homeland Security.
We're working with the administration to make an orderly transfer of the
NIPC to the new agency. If Congress creates enabling legislation, we will
make sure NIPC info is efficiently transferred to the new agency, and the
FBI will provide people on a detail basis. NIPC handles only intrusion
cases. As for other cybercrime, the new agency will not have any other impact.
Can you give some examples of how technology helps you fight crime?
Certainly, analytical tools allow us to conduct the analysis and
intelligence far better than we have before...In the area of technical
tools, for example, we're looking at undercover operations the FBI has been
operating for years wherein individuals preying on children (online) can be
identified. We're looking at techniques to identify them at an early stage.
How much of a priority is cracking down on criminal copyright violations?
What areas are the most likely targets--music, movies, books?
That's a challenging and complicated issue, but the fundamental fact is
that intellectual property rights will be a high priority. The U.S.
business community needs that information to compete worldwide. If you have
technology stolen or pirated and a competitor or criminal can replicate
software, for instance, at very little charge, the American public and U.S.
companies deserve the protection.
One of the things we're doing is enhancing our participation with customers
at the (intellectual property rights) center as a focal point to receive
complaints regarding those types of violations. We're going to look at
doing more aggressive undercover operations in the area of counterfeiting
software. We can improve our capability to prosecute criminals.
Unfortunately, many are overseas. So one thing we'll do is work very
closely with certain federal governments and develop ongoing relationships
with certain foreign police agencies.
What about software counterfeiting?
Clearly, illegal counterfeiting of software is a problem. (Organizations
that do that are) not only negatively affecting the marketplace. Even
though the public may get products at a lower price, the reliability is
suspect, and the warranty is suspect. We think we can help protect the
public by joining forces with other agencies, like Customs, and working to
help avoid counterfeiting of software.
What about piracy of music and movies?
We need to look at that. There are a lot of challenges based on the fact
that (technology) is creating completely new concepts in the legal field.
We're working with the Justice Department at the U.S. attorneys' offices
across country.
**************************
House Judiciary Approves Ban on Computer Generated Child Pornography
House Judiciary Committee passed H.R. 4623, Child Obscenity and Pornography
Prevention Act of 2002.
For the bill HR 4623, see
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h4623ih.txt.pdf
For the Supreme Court Decision on April 16, 2002, which struck down the
Child Pornography Prevention Act, see
http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=search&court=US&case=/us/000/00%2D795.html
*************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx