[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 21, 2002

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
Subject: Clips August 21, 2002
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Wed, 21 Aug 2002 11:01:35 -0400

Clips August 21, 2002

ARTICLES

Feds to clamp down on wireless LANs
Ashcroft threatened with Hill subpoena
A New Tactic in the Download War
Small ISP fights back against entertainment industry's anti-piracy tactics
Administration highlights systems R&D work in report to Congress
U.S. Probes Firm In Security Breach
Reston Nonprofit Leads Pack in Quest for Control of '.org'
Security flaw in key Microsoft services
Career Channels Federal IT job openings
Homeland info sharing advances
Web links law enforcement nets
Congressman: 9-11 attacks could have been detected, stopped
Plans emerging for national security data sharing
Music Debate Heads to the Hill
Anti-spammers shouldn't tread on the innocent
Internet to reach South Pole
Media chief decries Net's moral fiber
Stolen data reveal undercover cops

***************************
Network World Fusion
Feds to clamp down on wireless LANs

GAITHERSBURG, MD. - A federal agency is readying a report that will recommend against the U.S. government using wireless LANs - except when applying a long, detailed list of security controls.

Even though wireless LANs are a billion-dollar business and growing fast, reports such as the one coming out from the National Institute of Standards and Technology (NIST) continue to dog the technology.

Source say, the U.S. Department of Defense also is said to be considering restrictions on wireless LAN usage for classified and nonclassified environments, government.

For the complete story, see: http://www.nwfusion.com/news/2002/134874_08-19-2002.html ************************* Washington Times Ashcroft threatened with Hill subpoena

A top House Republican is threatening to subpoena John Ashcroft over accusations that the attorney general is withholding information on how the post-September 11 Patriot Act is being implemented.

Rep. F. James Sensenbrenner Jr. of Wisconsin, chairman of the Judiciary Committee, said he will "start blowing a fuse" if answers to 50 questions are not provided by Labor Day. "I've never signed a subpoena in my 5½ years as chairman. I guess there's a first time for everything," Mr. Sensenbrenner said Monday during a meeting with the Milwaukee Journal Sentinel. Mr. Sensenbrenner was not available for comment yesterday; however, his spokesman in Washington confirmed the report and said the committee expects to receive full answers by the deadline. "The Justice Department is well aware of the committee's determination to get complete answers to the oversight questions that we sent," spokesman Jeff Lungren said. "These are legitimate oversight questions, and the chairman and committee will be answered [to] appropriately," Mr. Lungren said. The Patriot Act created new investigative tools to combat terrorism, and was sharply scrutinized as it moved through Congress to ensure it did not infringe on civil liberties. After intense negotiations with the White House, a sunset provision allowing the legislation to expire automatically after five years proved key in getting the bipartisan support needed for the bill's final passage. Mr. Sensenbrenner told the paper he told Mr. Ashcroft he was prepared to use the sunset provision to kill the law if the Justice Department did not cooperate. "If you want to play 'I've got a secret,' good luck getting the Patriot Act extended," Mr. Sensenbrenner said. "Because if you've got a bipartisan anger in the Congress, the sunset will come and go and the Patriot Act disappears." Mr. Sensenbrenner and Rep. John Conyers Jr. of Michigan, the panel's ranking Democrat, sent the questions June 13 asking for answers by July 9, but only 28 were answered by July 26. Answering the questions, which are very detailed with multiple subparts "required extensive gathering of information that is quite labor-intensive on our end," said Barbara Comstock, Justice Department spokeswoman. "We have literally had armies of lawyers collating, gathering and evaluating information to provide answers to questions and we are very committed to being as responsive as quickly as we can," she said. "We respect their role in oversight," she said. At issue are six answers that were given instead to the House Permanent Select Committee on Intelligence. Miss Comstock said it is "normal procedure" to direct classified information to that committee, "where it is reviewed in an entirely secure environment." The questions ask for details on roving surveillance orders, tracking phone numbers called or being called in foreign investigations, how records from libraries, bookstores or newspapers are being used, and how many citizens have been subjected to new surveillance orders. The remaining unanswered questions will be answered before the deadline, Miss Comstock said. This isn't the first time the two Republicans have locked horns. Mr. Sensenbrenner canceled a May committee hearing because Mr. Ashcroft's testimony was not received two days in advance, but e-mailed the night before, a violation of committee protocol. *************************** News.com DOJ to swappers: Law's not on your side


By Declan McCullagh
Staff Writer, CNET News.com
August 20, 2002, 2:27 PM PT

ASPEN, Colo.--The U.S. Department of Justice is prepared to begin prosecuting peer-to-peer pirates, a top government official said on Tuesday. John Malcolm, a deputy assistant attorney general, said Americans should realize that swapping illicit copies of music and movies is a criminal offense that can result in lengthy prison terms.

"A lot of people think these activities are legal, and they think they ought to be legal," Malcolm told an audience at the Progress and Freedom Foundation's annual technology and politics summit.

Malcolm said the Internet has become "the world's largest copy machine" and that criminal prosecutions of copyright offenders are now necessary to preserve the viability of America's content industries. "There does have to be some kind of a public message that stealing is stealing is stealing," said Malcolm, who oversees the arm of the Justice Department that prosecutes copyright and computer crime cases.

In an interview, Malcolm would not say when prosecutions would begin. The response to the Sept. 11 terrorist attacks temporarily diverted the department's resources and prevented its attorneys from focusing on this earlier, he said.

A few weeks ago, some of the most senior members of Congress pressured the Justice Department to invoke a little-known law, the No Electronic Theft (NET) Act, against peer-to-peer users who swap files without permission.

Under the NET Act, signed by President Clinton in 1997, it is a federal crime to share copies of copyrighted products such as software, movies or music with anyone, even friends or family members, if the value of the work exceeds $1,000. Violations are punishable by one year in prison, or if the value tops $2,500, "not more than five years" in prison.

Cary Sherman, president of the Recording Industry Association of America (RIAA), said his industry would "welcome" prosecutions that send a message to song-swappers.

"Some prosecutions that make that clear could be very helpful...I think they would think twice if they thought there was a risk of criminal prosecution," said Sherman, who was on the same conference panel.

Christopher Cookson, executive vice president of Warner Bros. and another panelist, said there was "a need for governments to step in and maintain order in society."

Swapping files in violation of the law has always been a civil offense, and the RIAA and the Motion Picture Association of America (MPAA) have the option of suing individual infringers and seeking damages.

But, Malcolm said, criminal prosecutions can be much more effective in intimidating file-swappers who have little assets at risk in a civil suit. "Civil remedies are not adequate...Law enforcement in that regard does have several advantages," Malcolm said. "We have the advantage, when appropriate, of opening up and conducting multi-jurisdictional and international investigations.

"Most parents would be horrified if they walked into a child's room and found 100 stolen CDs...However, these same parents think nothing of having their children spend time online downloading hundreds of songs without paying a dime."

Gary Shapiro, president of the Consumer Electronics Association, said he was skeptical about the view that peer-to-peer piracy should be a criminal offense. "If we have 70 million people in the United States who are breaking the law, we have a big issue."

The DOJ already has used the NET Act to imprison noncommercial software pirates, which software lobbyists hailed as "an important component of the overall effort to prevent software theft."

During his confirmation hearing in June 2001, Attorney General John Ashcroft told Congress that "given the fact that much of America's strength in the world economy is a result of our being the developer and promoter of most of the valuable software, we cannot allow the assets that are held electronically to be pirated or infringed. And so we will make a priority of cybercrime issues."

The letter from Congress complains of "a staggering increase in the amount of intellectual property pirated over the Internet through peer-to-peer systems." Signed by 19 members of Congress, including Sen. Joseph Biden, D-Del., Rep. James Sensenbrenner, R-Wis., and Sen. Dianne Feinstein, D-Ca., the letter urged Ashcroft "to prosecute individuals who intentionally allow mass copying from their computer over peer-to-peer networks." ***************************** Associated Press Theaters to Warn on Movie Piracy Tue Aug 20,10:08 PM ET By CATHERINE TSAI, AP Business Writer

ASPEN, Colo. (AP) - A leading theater chain has agreed to run before movies public service announcements that warn against copyright infringement, the president of News Corp. said Tuesday, describing an effort to take the entertainment industry's war against the online swapping of movies to theaters.

The spots, which also would appear on network television and video releases, say downloading movies instead of buying a ticket or a video would hurt the film industry's behind-the-scenes, yet crucial workers, including makeup artists, custodians and others, said Peter Chernin, Fox Group chief executive and News Corp. president,

Chernin would not name the theater chain involved.

"These are people's livelihoods at stake. It's not just a bunch of fat-cat Hollywood people," Chernin said during the last day of the Aspen Summit, an annual gathering of information technology leaders held by The Progress and Freedom Foundation think tank.

Deputy Assistant Attorney General John Malcolm said 500,000 movies a day are downloaded illegally, calling the Internet "the world's largest copy machine."

"Stealing is stealing is stealing, whether it's done with sleight of hand by sticking something in a pocket or it's done with the click of a mouse," he said.

Chernin argued that piracy will not only hurt creators of original content but also consumers if movie studios lose so many ticket sales that they begin cutting expenses. He said online piracy does not seem to have the same stigma as shoplifting.

Chernin also decried efforts to download copies of the latest Star Wars installment. About 10 million people tried to download "Star Wars: Episode II Attack of the Clones" and "Spider-Man" in the weekend after its release, and 4 million succeeded, he said.

"It took about four years to make that film, about four clicks of a mouse to steal it, and that crime was perpetrated 4 million times," Chernin said. "If looters stole 4 million dresses from Wal-Mart, this country would condemn the act in a nationwide chorus."

But Gary Shapiro, head of the Consumer Electronics Association, suggested there should be a distinction between stealing real property and copying intellectual property like music or movies.

"When you copy intellectual property, there may or may not be harm," he said. "They assume that every copy made is a copy lost. That's not always the case." ************************* Washington Post A New Tactic in the Download War Online 'Spoofing' Turns the Tables on Music Pirates By David Segal

The first time Travis Daub got "spoofed," he figured faulty software was to blame. Hoping to sample the new album by Moby, he downloaded one of its songs, "We Are All Made of Stars," from the Web site LimeWire.com. But what wound up on his hard drive wasn't what he expected.

"It was just 20 seconds of the song, repeated over and over," says Daub, a 26-year-old design director who lives in Arlington. "At first I thought it was a glitch. Then I realized someone had posted this on purpose."

The identity of that someone is a mystery -- Moby's label and management team say it wasn't them. But in recent weeks, scads of "spoof" files have been anonymously posted to the hugely popular sites where music fans illegally trade songs online. Spoofs are typically nothing more than repetitive loops or snippets filled with crackle and hiss, and thousands are now unwittingly downloaded every day from file-sharing services, like Kazaa and Morpheus, that sprang up after Napster's demise.

Record labels are reluctant to discuss spoofing, but their trade group, the Recording Industry Association of America, has called it a legitimate way to combat piracy. And at least one company acknowledges that it has been hired to distribute spoofs, although it won't say by whom.

All of this suggests that the dummy files are part of a second front in the record industry's war against illegal music copying. For years, the fight focused on Web sites and their owners. Now it's starting to focus on the fans themselves.

For the labels, any anti-piracy campaign that targets consumers is risky, since it could alienate many who also spend heavily on store-bought discs. But given a two-year slide in CD sales that the industry says has cost it billions, many executives and artists believe they don't have a choice. New file-sharing ventures sprout all the time, and 2 billion songs a month are now traded online, according to the RIAA, far more than during Napster's heyday. Meantime, sales of blank CDs, which can be used to copy songs on the cheap, are skyrocketing.

So labels are racing to develop uncopyable CDs and -- if indeed they're behind the spoofs -- employing guerrilla tactics that complicate the unlawful uploading and downloading of songs. The labels are also supporting a bill, now under consideration in Congress, that would make it legal to "impair the operation of peer-to-peer" networks, such as LimeWire. That could be done, for example, by overloading file-sharing services with so many requests that they slow to a crawl.

"I think in the history of the music business, we've been, with regard to enforcing our rights, pretty generous with consumers," said Hilary Rosen, chairwoman of the RIAA. "But we're looking for a way to stop gross infringers, and there are measures we can take to prevent people from making 100 copies or uploading CDs for millions to take."

The strategy has generated plenty of skepticism, however, and not just among those who regard music thievery as a sacred mission. Some executives in the online music world say the majors -- Sony, Universal, Warner Bros., BMG and EMI -- are wasting their time. Foolproof locks, they say, don't exist in the digital realm, where it takes just one dedicated hacker to open the vault for everyone else.

"All this smacks of desperation," says Eric Garland, president of BigChampagne, a company hired by major labels to measure online file-sharing traffic. "When you've got a consumer movement of this magnitude, when tens of millions of people say, 'I think CD copying is cool and I'm within my rights to do it,' it gets to the point where you have to say uncle and build a business model around it rather than fight it."

Sounding a Sour Note The record labels have been spurred to action by figures they find terrifying: The number of "units shipped" -- CDs sent to record stores or directly to consumers -- fell by more than 6 percent last year, and it's widely expected to fall 6 to 10 percent more by the end of 2002. Those drops are already hitting the industry hard. Labels are laying off employees, ditching artists, slashing budgets for tours and videos, and combing their back catalogues for reissues that cost almost nothing to release.

Pinpointing the cause of the sales decline is difficult. Entertainment options have multiplied in the past 20 years -- the video game industry, for instance, now dwarfs the music business -- giving kids a lot of new places to spend money.

There's evidence, though, that Americans are spending more time than ever listening to CDs. Market surveys suggest that more blank CDs (CD-Rs) than recorded CDs are now sold in the United States. Recorded discs still generate far more revenue, of course, since they sell for about $17 apiece, a sum that will buy about 50 CD-Rs. And CD-Rs have plenty of uses other than bootlegging music -- they store photos and data, too. But analysts and retailers say the CD-R is fast replacing the cassette as the music-copying medium of choice, with sound quality that far outclasses analog tapes.

Labels claim that sales of CD-Rs spike during the same week a major new release hits stores -- a sign that people are buying, say, the new Bruce Springsteen CD and making free copies of it for their friends.

Thus far, only halting, low-key steps have been taken to thwart mass copying. Just four titles, including an album by country singer Charley Pride, have been released in the United States with reconfigured coding intended to render them unplayable in computer hard drives, which is where most CD burning and uploading to Web sites takes place. Even these tentative moves proved controversial, however, because buyers who merely wanted to play the CDs on their computers couldn't do so. And one congressman said the labels warning consumers that the discs didn't play on PCs were so small that he threatened legislation.

"The labels run the risk of angering millions of their best customers with these copy-protected CDs," Rep. Rich Boucher, a Virginia Democrat and Internet policy maven, said in a recent phone interview. "That's a business call on their part. But I think there's a role for Congress to make sure that copy-protected CDs are adequately labeled."

For the labels, this first stab at safeguarding had an even greater liability: It didn't work very well. Hackers gleefully reported that they could defeat the security encryption with a felt-tip pen, and artists declined to release copy-protected albums, figuring that the discs would annoy fans without plumping their royalty checks. "It just doesn't work," said David Bowie, whose latest album, "Heathen," was released protection-free. "I mean, what's the point?"

The majors seem to appreciate that these initial experiments were flawed. Though mum about upcoming releases with protection, they say they're back in the lab, hoping to devise software that allows legal copying (for personal use, such as a copy for the car), while blocking illegal activity (like sharing a song with millions of other fans on Napster-like services).

The ultimate goal is to retire the so-called "Red Book" CD standard that was developed in 1980 by Sony and Phillips, and which is embedded in nearly every recorded compact disc sold today. The Red Book CD was one of the most successful entertainment products in history, but unlike the DVD, it was designed without virtual security bolts. Labels won't abandon the good old five-inch plastic disc -- it's a medium that consumers clearly love -- but in the coming two or three years, they'll phase in new and more secure audio standards.

"What we'll see is new media coming out that will have a lot of flexibility built into the format," said Larry Kenswil of Universal Music Group.

It's unclear, though, if labels can win a spy-vs.-spy game of technology upgrades against hardware manufacturers and hackers. On the market already are devices like the Ripflash. Plug the $179 gadget into your stereo and it will convert anything that plays over your speakers -- an LP, a cassette, a CD -- into an MP3 file, the software format of choice for online song swappers.

"If you play it, we can record it in MP3," says Bob Fullerton of Pogo Products, which makes Ripflash. "And there's no legal way to restrict that, that I know of."

Digital Do-It-Yourselfers In the past, whenever consumers swooned for a new music format, like CDs, the record industry made a fortune from the conversion. This time, millions of listeners are again getting their music in a new medium -- MP3s and other modem-friendly formats -- but the labels aren't profiting from the revolution. This time the revolution is actually hurting them.

"Kids are consuming music, it's just that they're doing it in ways that aren't making money for the industry," says David Pakman, a senior vice president with Bertelsmann's BeMusic, the company's Internet music division. "Kids are saying, 'We want music, but we want it on different terms.' "

To a large extent, those terms were shaped by Napster, an early Internet star that drew millions of fans before being sued and shut down by the labels. Some of the terms are simply impossible for the industry to meet. Competing against Kazaa and Morpheus on price can't be done, since those sites don't charge a cent.

Then again, the labels have largely ignored consumer demand for song-at-a-time buying. CD singles are being phased out, apparently to push consumers to the far more profitable full-length CD. And the labels have only recently allowed subscribers to their pay-to-play Web sites, like Pressplay, to burn music onto discs.

"They've got a promotional system designed to implant a 30-second hook in your head, but it's difficult to buy just that song," said Garland of BigChampagne. "That's like Coke advertising cans on TV but selling only 12-packs in stores."

The industry counters that even if fans don't like their buying options, swiping songs isn't justified. "If I wanted to buy pants and the store will only sell it as part of a suit, I'm not allowed to steal the pants just because I'm [ticked] off," says the RIAA's Rosen.

Fans like Travis Daub don't think of themselves as shoplifters. He's running afoul of the law by downloading from LimeWire, but he's also the sort of regular CD buyer that labels adore. "I use it like radio," Daub says of the Internet. "It's easier to get hooked on an artist via MP3s."

It's getting harder now. Daub says that recent searches for an Eminem song turned up hundreds of hits that were obviously "spoofs," making it nearly impossible to find non-spoofed copies.

That delights Marc Morgenstern, CEO of Overpeer, a company that specializes in spreading spoof files over the Internet. Morgenstern is diplomatically tight-lipped: He won't disclose the names of his clients, nor will he discuss Overpeer's methods.

"We use various methods of disguise," he said. "When someone clicks on our file, they're not getting an illegal file. They receive what our clients want them to receive."

Spoofing is hardly a permanent solution to the file-sharing problem. The most downloaded album in Internet history -- the recently released "The Eminem Show" -- is also the best-selling album of the year, which suggests that at least some fans were spurred to buy the disc even though they already had it stashed on their hard drives. At best, spoofing is an annoyance and one that some file-sharing sites are already working to outsmart through user rating systems that, in theory, will relegate unlistenable files to the bottom of search lists.

Long-term solutions to piracy, say experts, won't come through hurdles dreamed up by techies but in authorized Web sites and technology so irresistible, so loaded with extras and so convenient that it's more appealing than anything offered by rivals.

"They'll come up with a compelling model, but the question is whether it will be compelling enough to win back consumers," said Orin Herskowitz of the Boston Consulting Group, a consulting firm. "If they just sue and hassle people without an alternative, they'll eventually lose."

That might leave money in the pocket of Travis Daub that otherwise might have been spent on music. "I lost interest in that particular song," he says of his unhappy attempt to listen to the Moby tune. "And I didn't buy the album, either." *************************** Mercury News Small ISP fights back against entertainment industry's anti-piracy tactics

NEW YORK (AP) - Upset by legislation that would give the entertainment industry broad technical powers to smother online copyright infringement, a small Internet service provider has decided to fight back.

Omachonu Ogali, owner of Information Wave Technologies, said he would use techniques similar to a honeypot meant to attract pests.

The method would involve placing fake music files on the Gnutella file-sharing network to identify computers that attempt to disrupt that network.

Those computers, presumably working on behalf of the movie and music industries, would later be blocked from reaching the Information Wave Technologies network.

Ogali also began blocking customers Monday from accessing the Recording Industry Association of America's Web site.

The effect will be mostly symbolic.

Information Wave has only about 25 customers, mostly business, in New York, New Jersey and Connecticut, and it's unlikely any blocks to his network would stop the industry's efforts elsewhere.

A bill proposed by Rep. Howard L. Berman, D-Calif., would give the entertainment industry broad new powers -- including deliberately interfering with only file-sharing programs -- to try to stop people from swapping pirated music and movies.

Berman has said the bill would not allow industry to spread viruses across file-trading networks or destroy files. But Ogali said mistakes could occur and if a customer is pirating music, ``it's up to the ISP to terminate the customer's access, not the RIAA to come in as the law-enforcement agency.''

In a statement on Ogali's initiative, the RIAA said ``games like this neither serve the interests of music fans nor protect Internet service providers from their legal obligations.''

ISPs lose exemption from copyright lawsuits if they actively or knowingly contribute to violations or fail to stop them upon notice, such as by terminating a customer's account.

On Friday, several recording companies sued four Internet service providers -- Ogali's was not one of them -- seeking an immediate court order forcing them to block access to a Chinese Web site accused of distributing pirated music.

Ogali said the lawsuit, for him, was the last straw.
***************************
Government Computer News
Administration highlights systems R&D work in report to Congress
By Jason Miller

The White House yesterday released a report detailing progress and future plans for the administration's Networking and Information Technology R&D program.

The administration sent the study, Strengthening National, Homeland and Economic Security, to Congress as a supplement to President Bush's fiscal 2003 budget request. Bush requested $1.8 billion for NITRD in 2003, a $59 million increase over 2002.

The report outlines the role federal R&D played in the cleanup and recovery efforts that followed the Sept. 11 terrorist attacks. Some examples: Small robotic vehicles with infrared sensors searched the wreckage; NASA deployed advanced remote-sensing capabilities; and Defense Department expanded its use of the Global Positioning System. It also summarizes other work related to homeland security.

For 2003, NITRD will focus on seven IT research challenges: Cost-effective, high-end computing to provide data storage and computing power for intelligence analysis and other critical scientific research Large-scale data mining and information management technologies Advanced cryptography and authentication technologies New methods to achieve security, attack-resistance and self-healing in high-speed wireless and wired devices Embedded, networked sensor technologies High-assurance software for mission-critical systems Improved interfaces for and interoperability of IT devices.

The program also will continue supporting advanced and specialized IT training at colleges and universities, the administration said. NITRD offers fellowships for graduate students and provides research funding for postdoctoral students.

The NITRD program has 12 participating agencies, including the Defense Advanced Research Projects Agency, the Energy Department¡¦s Office of Science, NASA, the National Institute of Standards and Technology and the National Science Foundation.

The Office of Science and Technology Policy within the White House oversees the National Science and Technology Council, which wrote the report. Bush is the chairman of the council and some of the other members are the vice president and the cabinet secretaries.

To see a copy of the report, visit http://www.nitrd.gov/pubs/blue03/index.html.
***************************
Washington Post
U.S. Probes Firm In Security Breach
Consultants Invaded Federal Computers
By Robert O'Harrow Jr.

Federal law enforcement authorities searched the computers of a San Diego security firm that used the Internet to access government and military computers without authorization this summer, officials said yesterday.

Investigators from the FBI, the Army and NASA visited the offices of ForensicTec Solutions Inc. over the weekend and on Monday, seeking details about how the company gained access to computers at Fort Hood in Texas and at the Energy Department, NASA and other government facilities, officials said.

The searches began hours after The Washington Post reported that ForensicTec consultants used free software to identify vulnerable computers and then peruse hundreds of confidential files containing military procedures, e-mail, Social Security numbers and financial data, according to records maintained by the company.

Consultants said the files were virtually open to inspection for those who knew where to look, or were protected only by easily guessed or easily cracked passwords.

While ForensicTec officials said they wanted to help the government and "get some positive exposure for themselves," authorities are pursuing the matter as a criminal case. Under U.S. law, it is a felony to access a computer without permission.

A spokesman for the FBI in San Diego acknowledged that a search warrant had been issued, but said he could not discuss the case because the warrant had been sealed. One official familiar with the case said about 20 investigators searched the company's offices on Friday.

ForensicTec President Brett O'Keeffe, who was questioned by investigators late Friday and early Saturday, declined to comment.

Marc Raimondi, spokesman for the Army Criminal Investigation Command, also declined to discuss the particulars of the military investigation. "We're supporting the FBI in their investigation," he said. "Unauthorized intrusion into Army computers, regardless of the justification, violates federal law."

Tiffany Olson, spokeswoman for the President's Critical Infrastructure Protection Board, said people who come across vulnerabilities should report them. "They shouldn't go ahead and exploit that," she said. "They should contact the government or company that is responsible for that vulnerability and report it."

ForensicTec officials said they stumbled upon the military networks about two months ago, while checking on network security for a private-sector client. They scanned the networks with software that is available free on the Internet and found that many of the computers were open to scrutiny. Some machines were accessed, they said, by passwords such as "administrator" or "password." The consultants said they also used software that automatically cracks passwords.

While examining the networks at Fort Hood, they found the online identifiers, known as IP addresses, of computers at other government and military facilities. As former employees of a private investigation firm -- and relative newcomers to the security field -- the ForensicTec consultants said they continued examining the system because they were curious, and appalled by how easy it was.

Last week, O'Keeffe said his consultants concluded that they had found a serious problem and wanted to help the government by bringing it to light. "We could have easily walked away from it," he said last week.

Army investigators had been made aware of the intrusions at Fort Hood weeks earlier and had been looking into the situation when ForensicTec made public what it found, one government official said. ************************* Washington Post Reston Nonprofit Leads Pack in Quest for Control of '.org' By David McGuire

The Reston-based Internet Society has become the prohibitive favorite to win the contract to operate the global ".org" Internet domain, the online home to many nonprofit groups.

If successful in its bid, the Internet Society, or Isoc, would take over management of the Internet's fifth-largest domain in December under a recommendation made by the Internet Corporation for Assigned Names and Numbers.

ICANN operates the Internet's global domain-name system under an agreement with the U.S. government.

"We're really pleased that they showed such confidence in our ability . . . to run the .org registry," Isoc spokeswoman Julie Williams said.

Isoc, founded in 1991, has members in more than 100 countries and serves as the institutional home for two key Internet standards bodies, the Internet Engineering Task Force and the Internet Architecture Board.

VeriSign Inc., the current operator of the .org registry, is giving up its management of the domain at the end of the year as part of a deal it struck with ICANN last year to cement its control of the valuable ".com" domain.

Accounting for more than 2.3 million Internet addresses worldwide, .org would be a substantial source of revenue for the group that wins the registry. VeriSign charges $6 per year for every .org name it sells to Net address retailers. The retailers, in turn, charge varying prices to individuals. Last month, Williams said Isoc planned to keep the annual wholesale cost of a .org name at or below $6.

Ten other groups, both commercial and nonprofit, applied to operate the .org registry. ICANN commissioned three independent evaluation teams to weigh the technical and social merits of the proposals.

ICANN President Stuart Lynn said yesterday that Isoc's was the only proposal ranked in the top tier by all three evaluation teams.

But some industry observers question the ICANN staff's decision to recommend a single candidate rather than offering a menu of options to the board of directors, which has final say.

Milton Mueller, who served on the evaluation team that weighed the applicants, said ICANN should have simply presented the board with the data from the evaluations.

While Mueller's team ranked Isoc among the top applicants, it deemed two applications -- those of the Geneva-based Unity Registry and the Stewart Point, Calif.-based Internet Multicasting Service -- to be better.

In addition, ICANN's ties to Isoc have been called into question. Several ICANN directors are Isoc members. Two have held top positions in the organization.

Lynn said the evaluation teams did not confer with ICANN and had no bias in favor of Isoc.

"It's a calumny that anyone would make any sort of an accusation," Lynn said. "This was an independent, objective assessment by teams that had no ax to grind."

Lynn also said the staff report was just a recommendation and did not bind the board to a decision. There will be a public comment period before the recommendation is submitted to the board for approval in late September. *************************** News.com Security flaw in key Microsoft services By Joe Wilcox

Microsoft on Tuesday warned users of a number of its subscription programs, including product testing and volume licensing, of a potential security flaw affecting the software they use for downloads. The Redmond, Wash.-based software giant strongly urged customers using the File Transfer Manager (FTM) program to upgrade to the newest version. Microsoft released the new version, FTM 4.0.0.72, in late June. Affected customers can download the update from Microsoft's FTM Web site.

FTM is used to automatically download software for use with some Microsoft services. Microsoft distributes FTM to beta testers, companies participating in volume licensing programs and Microsoft Developer Network (MSDN) subscribers, among others.

In its e-mail to customers, Microsoft thanked Russian programmer Andrew Tereschenko for identifying the security flaw, which the company would not clearly identify.

Lynn Terwoerds, senior program manager for Microsoft's Security Response Center, said the flaw was originally reported to another division within the company. "The security response center has been handling this for about a month," she added.

"There's a vulnerability in the File Transfer Manager," Terwoerds said. "In that component there's a way for a person to take over the machine. In most cases here, we are dealing simply with a bug that is of a security class that would allow a user or attacker to gain higher privileges than what would be appropriate."

Terwoerds downplayed the number of affected customers because the new version of the software has been available for two months. "We think it's a fairly small number, because not a lot of customers use (the older version)...or have (it) installed on their machines," she said. "I don't know the exact number, but not everyone will have this."

Terwoerds said that's the reason Microsoft did not post a broader bulletin or distribute a warning to the 500,000 people subscribing to the company's security alerts service.

"We let the people who really needed to know about this, know about this," Terwoerds said. "It was a focused mailing."

But analysts were not convinced the unidentified vulnerability would be so limited, because of how infrequently companies update software. In fact, one of Microsoft's biggest ongoing security problems has been companies waiting months or even years to install important patches or security updates.

"By and large, there are a good number of businesses that don't regularly update their software nor send updates to their end users," said Technology Business Research analyst Bob Sutherland. "Something like this provides Microsoft an opportunity to get back in touch with their customers and get them to pay more attention when there's a security bulletin."

Grappling with security Microsoft has been issuing security alerts on a fairly frequent basis since January, when company Chairman Bill Gates made security a top priority for the company. Microsoft's security Web site lists 41 alerts issued so far this year compared to about 46 for the same period a year ago. But, as with the FTM flaw, Microsoft issues other security alerts to specific customers rather than posting bulletins for everyone.

Among recent incidents: Last week, Microsoft issued a cumulative patch for security problems affecting SQL Server. A day earlier, the company warned of a critical flaw in Windows 2000's Connection Manager.

A mid-August security bug potentially exposed credit card transactions made using Internet Explorer. In early August, the software giant identified a bug affecting Commerce Server 2001. A few weeks earlier, Microsoft issued four security alerts. The most serious addressed a hole that would allow hackers to take over SQL Server 2000.

In early July, Microsoft warned of an e-mail bug with Outlook. A late June security patch plugged a hole that could have allowed hackers to seize control of a computer using Windows Media Player. Weeks earlier, Microsoft warned of a Gopher security hole in Internet Explorer that also could allow hackers to take control of computers or servers.

Microsoft also incorporates cumulative security patches with the release of service packs, which are software bug-fix and update packages. Microsoft released Windows 2000 Service Pack 3 at the end of July. The software giant could release Windows XP Service Pack 1 as early as next Wednesday.

The company is nearing the final testing stage for the important update, which introduces changes mandated by Microsoft's antitrust settlement with the Justice Department and nine of 18 states. According to the settlement, Microsoft must also disclose technical information about application programming interfaces (APIs) by the time Windows XP Service Pack 1 ships. Microsoft plans to disclose the API information Wednesday. *************************** Federal Computer Week Career Channels Federal IT job openings

Series/Grade: GS-335-7 Position Title: Computer Assistant, Anniston, AL (S) (Request vacancy; must address ranking factors) Announcement #: SCAH020093184 Closing Date: Aug. 28, 2002 Contact: Department of Army, SC Staff Div, Sparkman Complex Building, Redstone Arsenal, AL 35898; 256-235-4840

*** Series/Grade: GS-2210-7 Position Title: Information Technology Specialist, Seaside/Monterey, CA (NS) (Request vacancy; must address ranking factors) Announcement #: PHSE-2-152820S0 Closing Date: Aug. 28, 2002 Contact: Department of Defense, 600 Arch St., Room 3400, Philadelphia, PA 19106; 215-861-3074 *** Series/Grade: GS-2210-11 Position Title: Information Technology Specialist, San Bernardino, CA (S) (Request vacancy; must address ranking factors) Announcement #: SB-0011-02 Closing Date: Sept. 5, 2002 Contact: Department of Defense, DFAS-IQRSD, (Resumix Team), 8899 E. 56th St., Indianapolis, IN 46246-6450; Marilyn Bowling 937-296-8897

*** Series/Grade: GS-2210-5/9 Position Title: Computer Assistant/Information Technology Specialist, Denver, CO (S) (Request vacancy; must address ranking factors) Announcement #: HAC-02-40 Closing Date: Sept. 4, 2002

Contact: Department of Veterans Affairs, Box 65022, Denver, CO 80206-9022; 303-331-7885 ***

Series/Grade: GS-1530-11/13 Position Title: Statistician, Washington, D.C. (S) (Request vacancy; must address ranking factors) Announcement #: RE-MSH-2002-0248Z Closing Date: Aug. 26, 2002 Contact: Housing & Urban Development, 451 7th St. SW Room 2153, Attn: Job Info Ctr, (Staff 9-30) (DK), Washington, D.C. 20410; 202-708-34 ***

Series/Grade: GS-1530-11/13 Position Title: Statistician, Washington, D.C. (NS) (Request vacancy; must address ranking factors) Announcement #: RE-DEU-2002-0125Z Closing Date: Aug. 26, 2002 Contact: Housing & Urban Development, 451 7th St. SW Room 2153, Attn: Job Info Ctr, (Staff 9-30) (DK), Washington, D.C. 20410; 202-708-34 ***

Series/Grade: GS-2210-14 Position Title: Information Technology Specialist, Washington, D.C. (S) (Request vacancy; must address ranking factors) Announcement #: OF02-14 Closing Date: Sept. 3, 2002 Contact: Department of Veterans Affairs, 810 Vermont Ave. NW, Rm 142, Washington, D.C. 20003; 202-273-9705 ***

Series/Grade: GS-854-13/14 Position Title: Computer Engineer, Linthicum, MD (NS) (Request vacancy; must address ranking factors) Announcement #: 02DTAP-019 Closing Date: Sept. 6, 2002 Contact: Department of Navy, Box 26234, Arlington, VA 22215; Colette Brown 703-602-1708 ***

Series/Grade: GS-2210-14 Position Title: Supervisory IT Specialist (Policy & Planning), Warren, MI (NS) (Request vacancy; must address ranking facto Announcement #: BV-DEU-02-3491 Closing Date: Aug. 28, 2002 Contact: Department of Army, DAPE-CP-NC, Building 102, NCCPOC, 1 Rock Island, IL 61299-7650; Janice Wilson 586-574-6638

***

Series/Grade: GS-2210-7/9 Position Title: Information Technology Specialist (Database), Taos, NM (S) (Request vacancy; must address ranking factors) Announcement #: R302-038-02R Closing Date: Aug. 26, 2002 Contact: Department of Agriculture, Forest Svc, 208 Cruz Alta Road, HR R302-038-02R, Taos, NM 87571; Tom Wenk 505-758-6371 ***

Series/Grade: GS-2210-11 Position Title: Computer Specialist, Oklahoma City, OK (S) (Request vacancy; must address ranking factors) Announcement #: MP 2002-023 Closing Date: Aug. 26, 2002 Contact: Department of Veterans Affairs, 921 NE 13th St., Oklahoma City, OK 73104; J. Freeman 405-270-5127 ***

Series/Grade: GS-2210-13 Position Title: Information Technology Specialist, State College, PA (S) (Request vacancy; must address ranking factors) Announcement #: E-NWS-02374.ELC Closing Date: Aug. 26, 2002 Contact: Department of Commerce, HRD, 200 Granby St., Norfolk, VA 23510-1624; Sharon Turner 757-441-3837 ***

Series/Grade: GS-1530-7/12 Position Title: Statistician (Economics), Arlington, VA (NS) (Request vacancy; must address ranking factors) Announcement #: NEHT02064971 Closing Date: Dec. 31, 2002 Contact: Department of Army, NE Staff Div, 314 Johnson St., Aberdeen PG, MD 21005-5283; Cindy Sepulveda 410-306-1780 ***

Series/Grade: GS-1530-7/9 Position Title: Statistician (Economics), Herndon, VA (NS) (Request vacancy; must address ranking factors) Announcement #: MMS-LK-2-0023 Closing Date: Aug. 26, 2002 Contact: Department of Interior, Minerals Mgmt, DEU, 381 Elden St., MS 2400, Herndon, VA 20170-4817; 703-787-1446 ***

Series/Grade: GS-1530-11/13 Position Title: Statistician, Herndon, VA (NS) (Request vacancy; must address ranking factors) Announcement #: MMS-LK-2-0026 Closing Date: Aug. 27, 2002 Contact: Department of Interior Minerals Mgmt, DEU, 381 Elden St., MS 2400, Herndon, VA 20170-4817; Becca Stoltz 703-787-1445 ***

Series/Grade: GS-1550-13/15 Position Title: Program Officer (Computer Scientist), Arlington,VA (S) (Request vacancy; must address ranking factors) Announcement #: ONR-OC-0084 Closing Date: Open Until Filled Contact: Department of Navy, ATTN RESUMIX, 111 S. Independence Mall East, Philadelphia, PA 19106; 215-408-4433 ************************* Federal Computer Week Homeland info sharing advances

The Office of Homeland Security is moving forward with several initiatives to develop a homeland security information technology enterprise architecture that encompasses not only federal requirements but also the needs of state and local governments and the private sector.

Within the next month, the office will launch a Web site for people at all levels of the public and private sectors to access and share information on existing homeland security-related projects, best practices and centers of excellence, said Steve Cooper, senior director for information integration and chief information officer for the Office of Homeland Security. Cooper was speaking Aug. 19 at the Government Symposium on Information Sharing and Homeland Security in Philadelphia.

The Office of Homeland Security is working on several pilot projects based on initiatives at the state and local levels, including a 10-state coalition testing methods for sharing federal law enforcement information and intelligence with state law enforcement agencies, Cooper said. The more projects and practices that the government can find and build on, the more likely it is that change will occur, he said.

"This Web site will enable us to begin to share and communicate what's going on," he said.

In another effort to reach out to the state and local level, Office of Homeland Security officials met with the National Association of State Chief Information Officers (NASCIO) last week in Cincinnati to start working on state requirements for the enterprise architecture. In that first meeting, officials dealt with the basic questions of definitions and the approach that should be taken, Cooper said.

Because local-level officials are dispersed, homeland security officials are still trying to figure out the best way to contact them and keep in touch, he said.

"It is imperative that we all participate and that we get this enterprise architecture right," Cooper said. "We have got to hear from everybody."

The Office of Homeland Security has also chartered three CIO working groups at the federal level, looking at the architecture needs for border security, emergency response, and chemical, biological, radiological and nuclear hazards. These working groups align with the areas outlined in the Bush administration's proposed structure for the proposed Homeland Security Department, Cooper said.

The working groups pull together the CIOs from the agencies involved in each of these efforts, and other working groups will be assembled as they are needed, he said.

The Defense Department and the intelligence community are already talking with the Office of Homeland Security about the possibility of setting up another working group for intelligence information, said Roseanne Hynes, senior executive of DOD's homeland security task force. *************************** Federal Computer Week Web links law enforcement nets

Federal, state and local law enforcement agencies soon will have a single Web interface linking separate collaborative networks already in place to increase information sharing across all levels of government.

The FBI's Law Enforcement Online (LEO) network and the Regional Information Sharing Systems (RISS) network each serve collaborative needs for various levels of the law enforcement community. By bringing them together through a single Web interface, users will have access to computing resources as well as people and expertise across the entire spectrum, said George March, director of the RISS Office of Information Technology. March was speaking Aug. 19 at the Government Symposium on Information Sharing and Homeland Security in Philadelphia.

One of LEO's biggest advantages is the ability to offer a secure online space for specific interest groups to work and share information. On the other hand, RISS excels in providing Web access to multiple databases in local jurisdictions across the country, March said.

After Sept. 11, both the Justice Department and the White House Office of Homeland Security started looking for solutions to connect the entire law enforcement community, and in the end, both turned to the connection between the existing networks, March said.

The hardware and software for the connection is in place, and the interface has been tested by Justice and has gone through full certification and accreditation under the federal requirements, March said. Final approval should come through soon, and then all that is left to do is flip the switch, he said.

Both networks will continue to exist as separate entities, because there are different users in each environment, but the Web interface that the LEO and RISS teams have been developing will provide a seamless bridge between the two.

A single advisory committee will oversee the integration of the two networks. March said that part of the plan is to play to the strengths of both networks moving forward, putting LEO in charge of advancing Web-based applications and RISS in charge of handling the database applications.

A single directory and e-mail system will be put in place that will allow any member of either network to connect to the person or group with the appropriate expertise at any time. The directory also will enable full security on the network by setting access according to individual identity.

One potential application for this connection will be for LEO to be the central point through which local law enforcement will receive alerts from federal homeland security officials, March said. ************************** Computerworld Congressman: 9-11 attacks could have been detected, stopped

PHILADELPHIA -- Legislation that Congress failed to adopt two years ago would have created an interagency data mining capability that could have detected and helped prevent the terrorist attacks of last September, a senior Republican member of Congress asserted yesterday. Speaking near his home district at this week's Information Sharing & Homeland Security conference here, Rep. Curt Weldon, (R-Pa.), lambasted the government, including Congress, for failing to act on critical data mining and intelligence integration proposals that he and others authored years before the terrorist attacks.

"There are 33 classified agency systems in the federal government, but none of them link their raw data together," said Weldon, chairman of the House Subcommittee on Military Research and Development. "We could have and should have had a better data-fusion capability on and before 9-11."

The eight-term Republican referred specifically to a governmentwide data mining agency he proposed two years ago as part of the fiscal 2001 Defense Department budget. The National Operations and Analysis Hub, or NOAH, as he called it, would have been responsible for supporting the intelligence community in developing threat profiles of terrorists and global hot spots.

According to Weldon, he briefed John Hamre, then deputy secretary of defense, on the idea, and Hamre agreed to fund the new agency.

But "on Sept. 11, that capability did not exist and we paid the price," said Weldon.

His plan had been to model the agency after the Army's Land Information Warfare Activity (LIWA) at Fort Belvoir, Va., which Weldon credits with having one of the most effective open-source data-mining capabilities in the intelligence community.

Weldon came up with the idea for the agency in 1999, when he led a high-level delegation to Vienna to help negotiate the terms of Russia's participation in peacekeeping operations in Kosovo. Arriving in Europe, he found himself negotiating with Dragomir Karic, a member of an influential Kosovan family and a close ally of Yugoslavian President Slobodan Milosevic. Faced with the prospect of bargaining with an individual he knew nothing about, Weldon asked the CIA for a profile of Karic. But the agency knew very little about him and was unable to deliver the details Weldon needed.

He turned to LIWA, which handed over eight pages of documentation, including detailed information on Karic's association with Milosevic and his financial dealings.

When word got out about the source of Weldon's information, he was contacted by the FBI and the CIA, neither of which knew about the LIWA, said Weldon.

Now Weldon is convinced that a centralized data mining capability within the intelligence community would have gathered indications and warnings that a terrorist attack was being planned. In fact, a year before the Sept. 11 attacks, an Italian newspaper printed an interview with an alleged member of al-Qaeda who told the newspaper that the terrorist organization was training pilots for kamikaze-style attacks, said Weldon.

"We had never anticipated this type of incident," he said. "The problem was that the CIA didn't have data mining technology to pore through open-source information." **************************** Computerworld Plans emerging for national security data sharing

PHILADELPHIA -- They may not be the Continental Congress, but hundreds of IT experts from the defense and intelligence communities gathered here yesterday to share ideas and plans on emergency responses to a terrorist attack on the nation. Only blocks from the spot where the Founding Fathers signed the Declaration of Independence, more than 900 government and private-sector officials met to discuss efforts to improve collaboration and information sharing among the hundreds of federal, state and local agencies in charge of emergency response in the event of future terrorist attacks.

On the first day of the three-day Information Sharing and Homeland Security conference, officials have been clear on what the overall strategy is for detecting and preventing future attacks: Create a nationwide information-sharing architecture by leveraging the billions of dollars in federal IT investments, rather than building something from scratch.

"We're trying to use the existing capabilities of the [intelligence] community," said Bill Dawson, a deputy intelligence community CIO for the office that advises the director of central intelligence on IT policy.

In particular, Dawson was referring to an IT project begun before the Sept. 11 attacks that has acquired a new sense of momentum. The system, known as the Intelligence Community System for Information Sharing (ICSIS), provides controlled and secure gateway interfaces between networks with different security controls and classification levels.

For example, ICSIS, which is still in the first phase of development, will enable analysts to share sanitized versions of top-secret intelligence reports with other analysts and possibly state and local officials who might have only a secret-level security clearance, said Dawson. The system will automatically remove information pertaining to sources and methods of intelligence collection, thereby downgrading the security classification of the documents, said Dawson.

Phase one "enablers" under development include a public-key infrastructure; a full-service directory for identifying experts and analysts throughout the 14 different agencies that comprise the intelligence community; a collaborative tool suite; additional trusted and controlled interfaces between agency-specific communities of interest; and metadata and interoperability standards to support data discovery throughout the intelligence community.

"What we're really doing is going beyond the baseline we have now with Intelink," said Dolly Greenwood, director of architecture at ICSIS, referring to the widely used classified intelligence community intranet.

Since its inception in 1994, Intelink has grown to the point where it isn't always effective, said Stephen Selwyn, director of knowledge management at the Intelligence Community CIO Office. "Searching Intelink is like shooting craps," he said, referring to the 2.4 million Web pages that now populate the classified intranet.

"We're trying to enable analysts to come from a native desktop without additional infrastructure and enter a collaborative space [online]," said Selwyn. He noted that a project known as the Intelligence Community Collaborative Presence (ICCP), which will be Web-based and rely on Secure Socket Layer and digital certificates, will be ready for full deployment by November. ICCP will rely on a software-based tool kit to enable cross-community, real-time collaboration.

Still, officials are working on additional VPN connections that will provide secure bridges between ICSIS and information-sharing networks managed by the State Department, FBI, Defense Department and state and local agencies, said John Brantley, direct of the Intelink management office.

"Take AOL, Yahoo and MSN and link them to a bunch of classified data, and that's Intelink," said Brantley, calling the intranet the "basis for how people share information" in the intelligence community. And while he acknowledged that searching Intelink can be like shooting craps, Brantley maintains that despite the intranet's size, analysts shoot craps "with loaded dice."

That point hasn't been lost on the State Department, which is pushing hard to ensure that valuable intelligence information collected by foreign service officers overseas is communicated to U.S. analysts as fast as possible. In fact, Hunter Ledbetter, coordinator for the Department's Intelligence Resources and Planning division, said the secret version of Intelink is deployed at 125 of the State Department's 257 posts around the world. Plans call for it to be in all of them by the end of next year. ****************************** Washington Post Music Debate Heads to the Hill By Teresa Wiltz

While record companies scramble to find new ways to foil the piracy of copyrighted material, federal legislation is pending that would greatly aid them -- bills that their opponents insist will encourage vigilantism on the Internet.

Last month Rep. Howard Berman (D-Calif.) introduced a bill to address copyright infringement on publicly accessible computer file-sharing networks such as Gnutella, Morpheus and Kazaa.

The bill would allow copyright holders -- anyone from songwriters to photographers to needlepoint designers -- to employ technological tools designed to thwart those who download and distribute creative works through computer file-sharing.

Meanwhile, Sen. Joseph Biden (D-Del.), along with other lawmakers, wrote a letter to Attorney General John Ashcroft urging him to ratchet up criminal penalties for digital piracy. And in April, Biden introduced the Anticounterfeiting Amendments of 2002, which would "prevent and punish counterfeiting and copyright piracy." The bill would make it illegal to "traffic in counterfeit labels, illicit physical authentication features, or counterfeit documentation or packaging."

The Senate Judiciary Committee deleted the word "physical" from the bill, a move that extends criminal penalties to those who alter digital watermarks on software in order to access copyrighted songs or movies.

And in March Sen. Ernest Hollings (D-S.C.) introduced the Consumer Broadband and Digital Television Promotion Act, which would require the manufacturer of "digital media devices" that can reproduce copyrighted works to include "government-approved security standards." The standards have not been agreed upon.

The Hollings bill is currently in the Senate Commerce Committee. No action has been taken on the Berman bill. The Biden legislation is up for consideration by the Senate.

The proposed legislation, and Berman's bill in particular, is adding an even greater rift to an already large digital debate.

On one side are the recording industry and other copyright holders, who say it's high time they were armed against what they see as the wholesale rip-off of their material.

On the other side are technology associations, consumer organizations and civil libertarians, who counter that the bill augurs an invasion of privacy, permitting anyone with a grudge to hack into personal computers and providing little or no redress for those who incur damages as a result. Moreover, they argue, the government should not be charged with striking a balance between consumers and copyright holders.

The privacy argument, not surprisingly, doesn't fly with the recording industry, which says that people who grant other computer users easy access to their files shouldn't expect privacy.

Says Hilary Rosen, chairwoman of the Recording Industry Association of America: "It would be like if I were standing on Connecticut Avenue with a sign and then complaining if someone read it that it was an invasion of my privacy. People are opening up their computers by choice.

"We're not jumping into people's computers. There is nothing in that bill that allows you to go into a person's computer physically. It just allows you to manipulate files that are on the network."

That, according to digital technology experts, amounts to hacking.

Robin Gross, staff attorney for the "cyber-liberties" Electronic Frontier Foundation, says Rosen "is using definitions for hacking loosely. She's not physically breaking into your physical computer, but that does not mean that she can't interfere with your ability to talk to other computers."

According to Gross, Berman's bill in effect would let copyright holders attack computer files, tying up the network by "spoofing" with fake or empty files or crowding the system with multiple requests, disrupting Internet traffic. It is, she says, the equivalent of allowing anyone with a checking account to rob a bank because he feels the bank has overcharged him.

"This is more power than we give to law enforcement to go after terrorists," Gross says. "This bill proposes to give this kind of power to Hollywood. . . . You're not allowed to go and destroy someone's property because you feel they've done harm to you."

It is unclear what will happen if the bill passes. The language of the bill is vague -- purposefully so, according to Berman press secretary Gene Smith. It does not specify what a copyright holder may do to battle piracy.

"Technology is a dynamic thing," Smith said. "Something we might not know about today might be in our hands tomorrow."

What is needed, said Jonathan Potter, executive director of the Digital Media Association, is a middle ground: Consumers need to be educated about intellectual property, that stealing someone's art is the same as stealing someone's jewelry. And copyright holders need to find a way to protect their property without alienating consumers or trampling on civil liberties.

"Should the consumer be nervous about someone sniffing around in your hard drive? Absolutely," Potter said. "If you can't kick down my door to see what's in my living room, can you kick down my door to see what's on my hard drive?" *************************** Mercury News Anti-spammers shouldn't tread on the innocent By Dan Gillmor

Sometimes adjectives go naturally with subjects. One such case is ``unscrupulous spammers'' -- a near-redundancy if I've ever seen one.

Wanting to see spammers put out of business, however, doesn't mean I want to see innocent folks harmed in the process. But the vigilantes seem to be taking over the town -- and the results are often unfair, sometimes grotesque.

Consider the case of Steve Outing, a writer whose e-mail newsletter doesn't always make it to the Inbox of the intended recipient because spam-blocking software keeps messages containing certain language -- words like ``sex,'' for example, or items written IN ALL CAPITAL LETTERS -- from getting there.

``If you never use such `controversial' words in your opt-in newsletters (that is, e-mail publications that subscribers have asked to receive free, or paid to receive), the odds are much higher that your subscribers will receive your messages,'' he wrote recently in a column posted on the Web site of Editor & Publisher, a trade magazine for the newspaper industry.

``Use any of those words and the likelihood increases that your subscribers will go unfulfilled (and if they're paying for your e-publication, they'll probably be angry).''

Computer-science Professor Ed Felten, meanwhile, says he has been the victim of something even worse -- the temporary loss of his Internet account after he was wrongly accused of being a spammer. His weblog (www.freedom-to-tinker.com) is back up and running, but his story of the way it was brought down (you can find it on the weblog) is chilling.

Let's be clear on something. The anti-spamming forces are on the side of the angels, in most respects. They're trying to do something about the torrent of garbage polluting our mailboxes every day. Spammers are unprincipled -- why else would they forge return addresses? -- and often sheer lawbreakers, pitching fraud and hoping to get the occasional sucker to fall for the scam. In that context, the anti-spammers are doing their best to fight back.

But fighting fire with fire is improper if it punishes the innocent with the guilty. When Internet service providers keep Outing's newsletter from his subscribers, and the subscribers have no alternative except to find a new ISP, that's unfair. If Outing or other authors must take care not to use certain words, for fear of running afoul of brain-damaged filters, that's ridiculous. And when a site can be brought down because of an unfounded spam report, as seems to have happened with Felten, that's outrageous.

Now let's separate two issues: getting rid of unwanted junk e-mail after it has been sent, and stopping spam at the source. Plainly, stopping it entirely is the best idea, but it's more difficult to accomplish.

Some interesting intermediary-type systems have been popping up. One that's getting good reviews is a Windows-only service called ChoiceMail (www.digiport.com). It's a ``challenge and response'' system that forces your correspondents to acknowledge that they're for real, thereby blocking the auto-mailers that send thousands or millions of messages in a short period of time. You can check the blocked messages for mail lists you want to be on, and put them back in your OK-to-receive list.

I tend to think that the best place for filters is on my own computer. But I have been distinctly unimpressed with the performance of the filtering software that comes with popular e-mail software for my Macintosh. That may change, if early reports about the mail software that comes with OS X 10.2 (``Jaguar'') are accurate.

I've taken the simple approach with my main e-mail address. Rather than use a filter at all, I just select every new message in my Inbox and then de-select the ones I want to read. Then I delete everything else. Because my work e-mail address is online in so many places, I am a spam magnet, which means that about 90 percent of what I get is garbage.

I tried using a filter, but I still had to check the filtered mail just to check whether something important was inadvertently mis-directed to the Junk folder. It takes me no more time -- I would estimate 2 minutes per day -- to simply select what I want to read and delete everything else.

I also have several private addresses that only a few people know about. I'm sorry, but I'm not going to tell you what they are. So far, they're pretty much spam-free.

The best way to fight spammers is to attack them at the source. This is what some of the anti-spamming operations try to do, by punishing ISPs that allow spammers to use their systems to pollute the e-mail landscape. Again, the innocent sometimes get punished in the process, and that's unacceptable.

We need laws that will allow spamming victims -- I think ISPs, which have to pay for extra storage, bandwidth and labor to handle the flood, are the chief victims -- to sue and collect major-league judgments. Because spammers are trying to sell something, they eventually give away their locations, which means that a phony return e-mail address isn't going to prevent them from being found eventually. Get the assets of some of these folks, and others may think twice about joining the party.

Of course, spamming itself would be pointless if people weren't so foolish so much of the time. It continues to amaze me that anyone would ever buy something advertised in an unsolicited e-mail message. I wish people would do what I've done -- resolve never, ever to buy anything that is pitched by e-mail, unless it's from a company I've specifically asked to send me e-mail for this purpose. (I've signed up with exactly two of these so far.)

Meanwhile, the war continues. But I'd rather get some unwanted mail than see innocent people harmed by efforts, even in good faith, to rid the planet of the spamming scourge.

NOTE: Let me know what you do with spam. I'll publish some of the responses on my weblog (www.dangillmor.com). ******************************** BBC Internet to reach South Pole

The internet is coming to the South Pole following a decision to lay a fibre-optic cable nearly two thousand kilometres across the polar ice.

It will be one of the most dramatic and challenging engineering tasks ever carried out in Antarctica. It will take years to design and construct, but when finished it will revolutionise communications with the South Pole.

The South Pole is the only permanently inhabited place on Earth that cannot see geosynchronous communication satellites, a fact that severely restricts communication with the base.

The American National Science Foundation has just issued a request for industry to bid to build the trans-Antarctic fibre optic link. It is planned to be in use in 2009.

Present satellite communication with the base is unsatisfactory. It involves using aging satellites that have drifted away from their geostationary orbits into ones that can, for a part of the day at least, be just visible from the South Pole base.

Some satellites in elongated orbits that take them above the pole are also used but they are difficult to work with, say scientists.

Significant engineering problem

A permanent high-capacity fibre optic cable would solve all these problems. The data link will give high-speed and reliable internet access to the South Pole station. Scientists will be able to transmit data, and researchers in other parts of the world would be able to control Antarctic experiments remotely.

It will also provide straightforward telephone contact for the first time as well as much better medical data about the people there to be monitored.

The cost of the fibre optic cable is put at about $250 million and it is clear that it will be a major technological challenge and engineering feat.

It would run from the South Pole to Concordia, a permanently-manned French station in a region called Dome C. The cable distance is about 1670 kilometres (1040 miles). Concordia is at latitude 75 deg S and is in direct line of sight with geostationary satellites.

The cable will be placed directly on top of the polar plateau. It will have to be laid during the Antarctic's summer months but at the moment engineers do not know how many seasons it would take to lay.

Cable strain

The Polar Plateau is one of the most inhospitable places on Earth. It has an average elevation of 3,000 m (9,900 ft) and the ice is typically 4 km thick. The ice moves a few metres a year but it is quite flat.

In some parts of the traverse crevasses would be a problem. Where there is a risk tractors usually have a radar probe protruding in front of them looking for cracks in the ice.

The cable would be covered with ice where it is expected that it would be subjected to a stable minus 50 deg C.

A significant engineering problem will be how to deal with increased strain in the cable cause by the ice flowing under it and distorting its direct path.

"This is going to be a major problem," Professor Gordon Hamilton of the Department of Earth and Environmental Studies at the University of Maine told BBC News Online.

"The cable will have to stretch as the ice moves. It is important we find a way to allow it to do this that does not freeze and snap the cable."

Just getting the cable to the ice will be a major task.

One plan under consideration calls for tractor traverses from the base on the coast at McMurdo to the pole via the newly established Leverett Glacier route to transport the cable. Alternatively it could be shipped to the French port Durmont d'Urville and traversed to Concordia (1110 km or 690 miles) from there.

It might be necessary to develop new snow tractors and some engineers believe that the current ones, capable of towing 60,000 lbs, are not powerful enough. ************************** News.com Media chief decries Net's moral fiber By Declan McCullagh

ASPEN, Colo.--The president of media giant News Corp. warns that the Internet has become a "moral-free zone," with the medium's future threatened by pornography, spam and rampant piracy. Speaking Tuesday at an annual conference organized by the Progress & Freedom Foundation, Peter Chernin decried the "enormous amount" of worthless content online. He also predicted that without new laws to stave off illicit copying, News Corp.'s vast library of movies may never be made available in digital form.

"The vast potential of broadband has so far benefited nobody as clearly as it's benefited downloaders of pornography and pirates of digital content," Chernin told an audience of about 200. News Corp. owns 20th Century Fox and Fox Television.

Chernin called for a broader understanding that unapproved copying is morally wrong, while admitting that his own children sometimes wavered. He said that the federal government must support technological and legal methods to thwart Internet piracy.

"The stall tactics and smoke screens of those who have purposely ignored digital shoplifting can no longer be tolerated and can no longer mask the ulterior motives that have driven them all along," Chernin said. "The truth is that anyone unwilling to condemn outright theft by digital means is either amoral or wholly self-serving."

Chernin's comments come as Congress considers an unusually large number of proposals that would disrupt peer-to-peer networks, boost technology used for digital rights management and grant more power to copyright holders. All have been introduced by Democrats, and all have been criticized by computer scientists, programmers and academics.

In an interview after his speech, Chernin threw News Corp.'s support behind three controversial bills. The company backs a plan by Sen. Fritz Hollings, D-S.C., to implant copy-protection technology in software and hardware devices, as well as a bill introduced last month by Rep. Howard Berman, D-Calif., that would authorize copyright holders to hack into and disrupt peer-to-peer networks.

News Corp. also endorses a bill by Sen. Joseph Biden, D-Del., who hopes to make it a federal felony to try to trick certain types of devices into playing unauthorized music or executing unapproved computer programs.

"We support efforts to help us fight digital piracy," Chernin said. "We applaud any of those guys in Congress who are helping to wave the flag for us."

Rick Lane, a lobbyist for News Corp., said he recognized that some of the bills have drawn strident criticism. "We're having those discussions with members of Congress...It's all part of the deliberative process," Lane said.

Chernin decisively attacked sexually explicit material on the Internet.

"The prevalence of pornographic Web sites and e-mails is a lot more than an insult to common decency," Chernin said. "It's an increasing reason to keep kids and families off the Internet. And these are only part of the virtual logjam of valueless clutter."

Others at the conference disagreed.

Bruce Mehlman, an assistant secretary at the Commerce Department, wondered whether it was fair to blame technology for social and political problems. He said that the Internet was still young and that many problems could be worked out over time. ************************** MSNBC Stolen data reveal undercover cops Surveillance firm's client list is stolen and posted on Internet; undercover police officers, Secret Service names revealed By Bob Sullivan

Aug. 20 Computer intruders have allegedly broken into the online files of a Florida company that provides surveillance technology to the U.S. military, federal agencies and local police forces, and posted confidential information, including the names and email addresses of undercover police officers on a public Web site, MSNBC.com has learned. INFORMATION ABOUT UNDERCOVER narcotics officers, U.S. Secret Service Investigators, Department of Defense special agents and hundreds of other local and federal law enforcement workers was revealed when the data from Audio Intelligence Devices Inc.'s files were posted on the Internet. The Florida-based private company sells highly specialized video surveillance equipment and teaches spy courses to federal agencies and local police forces in the United States, and to some foreign governments. Lon D. Guarino, Vice President, Sales & Marketing for Audio Intelligence Devices did not answer questions about the incident, but in an e-mail to MSNBC.com defended the company's security practices. "Contrary to any recent reports, Audio Intelligence Devices is confident in its current security practices and treats its customer information with complete confidentiality," Guarino wrote. "We are actively investigating the origin of the information in question at this time." MSNBC.com contacted each law enforcement official whose e-mail address was taken from the AID files and listed on an Internet page 349 in all. Of those who replied, none said they knew their information had been made public until they were contacted by MSNBC.com. AID only sells to law enforcement workers, according to the company's Web site. The list viewed by MSNBC.com was a Who's Who of domestic and international law enforcement agencies, including the U.S. Army, Navy and Air Force, Sandia National Laboratories, Ministry of Foreign Economic Relations in Uzbekistan, and the Montreal Police Department. Until recently, the site offered a Web form that allowed agents to request equipment catalogs or information on spy classes. It appears that a computer criminal managed to access the data entered on the form by AID's customers. The form on AID's site is currently disabled. A message on the site says: "The online catalog request is temporarily unavailable."

UNDERCOVER DRUG COPS LISTED The stolen data lists hundreds of names, addresses, job titles, phone numbers and e-mail addresses of investigators, and in some cases, details on the kind of equipment they were seeking to buy. The data appeared on a Web site, Cryptome.org, earlier this month. Site operator John Young says Cryptome.org is devoted to publicizing various government efforts to monitor U.S. citizens. He said an anonymous contributor sent him the data. Young is a well-known First Amendment advocate and a popular critic of government surveillance efforts. Young speculated that the data may have been stolen and leaked by a competitor or former employer, citing the often cutthroat nature of the spying business. But it's not clear how the computer thieves got their hands on AID's data. Young says that the anonymous contributor who tipped him off about the file told him it was left up for grabs by AID, available for download to anyone using simple File Transfer Protocol software. The file is no longer available at AID's site, Young said. The data doesn't include financially sensitive information like credit card numbers. But in some cases it includes names of undercover narcotics detectives who rely on their anonymity in their everyday work. "I wouldn't have wanted anyone to know I was working narcotics," said one police officer, whose name was on the list. The officer, who said he has since moved out of drug enforcement work, was concerned that criminals might now know what kind of video surveillance technologies law enforcement agents are using, and be able to prepare counter-measures. "We certainly don't want the frequencies to be out there. If they know how widespread it is, they will probably start checking the frequencies." Another narcotics detective, whose name was also on the list, echoed those comments. "This is a problem. Most people contacting AID are in narcotics task force groups, or money laundering, where confidentiality and undercover work go hand in hand," he said. Most of the information in the file is available from public sources such as main police phone numbers or street addresses. But some of the e-mail addresses, agents contacted by MSNBC.com said, were designed for obscurity, and some may double as network login names for government computer systems. "I wouldn't have wanted anyone to know I was working narcotics," said one police officer, whose name was on the list. The officer, who said he has since moved out of drug enforcement work, was concerned that criminals might now know what kind of video surveillance technologies law enforcement agents are using, and be able to prepare counter-measures. "We certainly don't want the frequencies to be out there. If they know how widespread it is, they will probably start checking the frequencies." Another narcotics detective, whose name was also on the list, echoed those comments. "This is a problem. Most people contacting AID are in narcotics task force groups, or money laundering, where confidentiality and undercover work go hand in hand," he said. Most of the information in the file is available from public sources such as main police phone numbers or street addresses. But some of the e-mail addresses, agents contacted by MSNBC.com said, were designed for obscurity, and some may double as network login names for government computer systems. ***************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx

Prev by Date: Clips August 20, 2002
Next by Date: ACM TechNews - Wednesday, August 21, 2002
Previous by thread: Clips August 20, 2002
Next by thread: ACM TechNews - Wednesday, August 21, 2002
Index(es):
- Date
- Thread