[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 22, 2002



Clips August 22, 2002

ARTICLES

Short-Text Messaging May Get Boost as Political Ad Vehicle
White House Officials Debating Rules for Cyberwarfare
OHS to test emergency links
Porn Biz Has a Net Stalker
DrinkOrDie member gets 33 months in prison
Entrepreneur files suit over junk faxes
States Struggle With Online Records
Appalachia Technology Faces Hurdles
Rumsfeld outlines risks, rewards
Data security hinges on money, not technology, feds say
Civil Liberties Groups Want Patriot Act Info
Network to support Washington area emergency workers
Privacy bill watered down
Law professor fights Web link ban
Profiteering On Homeland Defense
New Salvo in Piracy, Privacy War
Filtering Spam with Blocklists

************************
Washington Post
Short-Text Messaging May Get Boost as Political Ad Vehicle
By Brian Krebs

Campaign 2002 may be coming to a cell phone near you.

The Federal Election Commission is expected to decide Thursday whether groups should be allowed to deliver text-based political ads over mobile phones and other wireless devices without disclosing who paid for them.

A New Jersey technology firm, joined by advertising industry groups and a Republican campaign committee, has asked the FEC to waive disclosure rules for political ads delivered via SMS, or "short message service." SMS is featured on a wide range of wireless devices, from digital mobile phones to Blackberries to two-way pagers.

Target Wireless of Fort Lee, N.J., says current FEC disclosure rules would require political advertisers to use up too much of the limited amount of text -- 160 characters total -- available for individual SMS messages.

The FEC has already granted exemptions for advertising media that are limited to small numbers of text characters, including bumper stickers, buttons, pens and pencils, skywriting, balloons and water towers.

But the Target Wireless petition has alarmed some public interest and disclosure advocates, who say that backers of an SMS exemption assume that all political messages delivered over SMS will be positive.

Exempting SMS could open the floodgates to political and commercial spam over wireless devices, said David Farber, a professor of computer science and public policy at the University of Pennsylvania.

"If they allow this exemption for political advertising, everyone else is going to want to jump on the bandwagon," Farber said. "It's hard enough with the ads already out there to figure out who's really paying for what, and if you drop (the disclosure requirement), I see mischief all over the place."

"The disclaimers are there to protect both campaigns and citizens," said Mike Cornfield, director of research for The George Washington University's Institute for Politics, Democracy and the Internet.

An alternative to waiving disclosure altogether would be to require SMS ads to include the sponsor Web site name or URL, Cornfield said. Such a requirement would allow campaigns protect the integrity of their messages by discouraging "spoofed" SMS messages from rival candidates or parties, he said.

An attorney in the FEC's campaign finance section said he doesn't know how the commission will rule on Thursday. But if the impressions of one political watchdog group are any indication, the FEC might be inclined to agree with the Target Wireless petition as a matter of common sense.

"These disclaimers are important, but the rules recognize the practicalities of the situations," said Don Simon, general counsel for Common Cause. "We recognize that you have to apply common sense to the application of rules and that you don't want to apply them in a way that gets you silly results."

The question, however, is whether there's a viable market for a political SMS ad service.

Target Wireless President Craig Krueger declined to name any potential clients for his company's service, but its petition is being backed by the National Republican Senatorial Committee, the Cellular Telecommunications and Internet Association, the American Association of Advertising Agencies and the Association of National Advertisers. Kreuger said his company hopes to begin selling political ads for delivery to customers who have "opted-in," or asked to receive, more information from a given campaign via SMS.

SMS is hugely popular in other parts of the world but has been slow to catch on in the states. According to the Boston-based consulting firm Yankee Group, there were roughly 131 million cell phone subscribers in the United States by the end of 2001. And while a third of those users had SMS-enabled phones, only about 4.3 million actually used the service.

By contrast, nearly all of the 293 million wireless users in Europe had two-way SMS capable devices by the end of last year, and roughly 175 million regularly used the service, Yankee analysts found.

Phil Noble, founder of PoliticsOnline.com and a leading cheerleader for e-politics, said candidates' interest in SMS is likely to grow in the 2002 campaign season, albeit on a small scale.

"All politics is about front-runners and underdogs," Noble said. "Front-runners ask, 'What did we do last time, and can we do it again?' Underdogs look for what is new and different and try to find an edge."

Mike Connell, president and CEO of New Media Communications, hopes the FEC will grant Target Wireless's petition. His company, which built the Bush 2000 general election Web site and used SMS in two state Senate races in 2000, has plans to run get-out-the-vote campaigns over SMS in the days leading up to this year's election.

"Campaigns go through considerable time and expense to win hearts and minds of people, and once you've gone through all that you've still got to make sure they turn out on Election Day," Connell said.

In addition concerns about the Target Wireless's FEC petition, the company's business plan has attracted its share of skeptics.

"Why would anyone who needs to be persuaded to vote for a particular candidate opt-in to receive text messages from a campaign they already support," said Steve Clift, editor of Democracies Online newsletter.

And Ben Green, co-founder of Crossroad Strategies and former director of Internet operations for the Gore 2000 president campaign, said he would advise clients against using the technology in this year's election.

"Campaigns are typically on a tight budget and have to spend their dollars wisely," Green said. "The fact is that the political Internet industry landscape is littered with the wreckage of companies that think they've found the killer ap, only to fall flat on their faces."

Krueger maintains that his request will clear the way for innovative uses of SMS in future elections, and says he is only trying to secure the viability of his company's business model.

"The fact of the matter is that no candidate is going to commit to target wireless users until the FEC says it's legal to do so," he said.
******************************
Washington Post
White House Officials Debating Rules for Cyberwarfare
By Ariana Eunjung Cha and Jonathan Krim


The Bush administration is stepping up an internal debate on the rules of engagement for cyberwarfare as evidence mounts that foreign governments are surreptitiously exploring our digital infrastructure, a top official said yesterday.

Richard A. Clarke, head of the Office of Cyberspace Security, said the government has begun to regard nation-states rather than terrorist groups as the most dangerous threat to this country's computer security after several suspicious break-ins involving federal networks.

"There are terrorist groups that are interested. We now know that al Qaeda was interested. But the real major threat is from the information-warfare brigade or squadron of five or six countries," Clarke said in an interview with Washington Post editors and reporters.

The White House last week called in Gregory J. Rattray, an Air Force officer and author of "Strategic Warfare in Cyberspace," to accelerate the process of sorting out the legal and ethical issues surrounding such attacks.

In one series of incidents in 1999 and 2000, unidentified hackers downloaded scores of "sensitive but unclassified" internal documents from the Los Alamos and Livermore national laboratories and the Defense Department. Investigators traced the electronic trail back to an unnamed foreign country; officially, the government there denied being involved, but the intrusions suddenly stopped, he said.

U.S. officials also believe it is possible that a foreign government helped create the Code Red virus that took control of 314,000 servers last year and directed them to attack White House computers.

For the past nine months, Clarke -- who reports both to Homeland Security Director Tom Ridge and national security adviser Condoleezza Rice -- has been preparing a plan that will involve the government, private companies and average citizens in defending against future attacks. This national strategy will be outlined next month in Silicon Valley.

Among the recommendations is that Internet service providers for cable and DSL companies package their faster always-on services with "firewalls," or security software that repels outside intrusion and monitors what information is sent out to the Internet. Clarke said many people have connected to the Internet through such services in recent years without being told their computers are open to intruders.

"Our goal is not to prevent cyberattacks but to withstand them," Clarke said.

Clarke said the country has made some progress in shoring up its defenses since Sept. 11 but it will be years before it can fix the numerous vulnerabilities that have existed on the Internet since its creation. He said the government also is assessing whether some critical computers should be disconnected from the Internet or run on a private network.

Federal agencies have increased their information technology spending to $4.5 billion in the fiscal year beginning in October, up 64 percent from the previous year. Major software companies such as Microsoft Corp. and Oracle Corp. have made security a top priority. But companies in other sectors, especially telecommunications, have been slower to respond because of financial difficulties, Clarke said.

Meanwhile, Clarke said, more and more countries, especially poorer ones, are coming to see the advantage of cyberwarfare over traditional warfare. Such efforts are less expensive, costing thousands of dollars, compared with billions for a nuclear weapons program. Cyberattacks also are easier to conceal.

The specter of more significant cyberattacks from enemy countries has pushed the U.S. government to explore how far it should go in its own use of technology in war.

The U.S. military's use of cyberwarfare so far has been limited mostly to defensive efforts and information collection.

After the NATO campaign in Kosovo in 1999, Gen. Henry H. Shelton, chairman of the Joint Chiefs of Staff, disclosed that the military had jammed Serbian computer networks. But Clarke said the United States has yet to engage in a major attack that damages other systems.

Clarke describes the situation today as analogous to the dilemma the U.S. government faced several decades ago when it had nuclear capability but lacked rules on when or how to use the weapons.

Under the Geneva Convention, the operative international law of war, attacks on noncombatants are prohibited. Thus, a cyberattack on the banking system or electricity grid of a country believed to be helping terrorists would raise unresolved legal issues because of the damage it might inflict on innocent people.

"It's okay to blow up a bridge and kill everyone, including civilians" if the bridge is believed to serve a military purpose, said Mark Rasch, a technology security consultant and former Justice Department prosecutor. "But it might not be okay to hack into computer systems" that are not obviously serving a military purpose.

And it could be particularly hard to control the impact of an electronic attack. For example, any virus the military might unleash on its enemies would probably spread beyond the target because so many of the world's computers are linked to the Internet.

Some officials in the Bush administration also are concerned about creating dangerous precedents by launching the first major Internet attack given that the United States could have more to lose than any opponent in such a conflict.

American businesses and governmental entities depend on technology to a far greater degree than do relatively undeveloped countries and loose-knit terrorist groups -- and retaliation could be a major danger.

"We live in the largest glass house on the street when it comes to that," said Daniel T. Kuehl, a professor at National Defense University, an education arm of the military.

Staff writer Vernon Loeb contributed to this report.
****************************
News.com
ISPs off the hook in swapping suit
By Lisa M. Bowman

The Recording Industry Association of America has dropped a contentious lawsuit against major Internet service and network companies that sought their help in shutting down communications to a China-based music copying site.

The RIAA had filed a federal suit Friday against network and ISP (Internet service provider) divisions of companies including AT&T, Cable & Wireless, Advanced Network Services and WorldCom, accusing the companies of allowing people to access the Listen4ever Web site and illegally copy music.

However, the RIAA said Wednesday that it was dropping the suit because the Listen4ever site has been shut down. The site offered music from artists including Bruce Springsteen, Christina Aguilera and The Red Hot Chili Peppers as well as some unreleased music, according to the suit.


"This particular network was a crass attempt to evade our copyright laws by setting up shop in China while offering a treasure trove of mostly American music for free," RIAA CEO Hilary Rosen said.


The RIAA, which has sued networks including Napster to the brink of extinction, could not track down the operator of Listen4ever. Instead, it took the controversial step of suing ISPs for offering access to the network.

"The fact that this file-sharing service went to such lengths to conceal its origins demonstrates again the awareness that this is an illegal activity--for both the operators and users of these unauthorized networks," Rosen said.

The RIAA, a trade group representing major music labels, has become increasingly aggressive in its efforts to stop piracy and maintain control over distribution of its music in the digital age. In addition to filing suits against Napster, Scour and Morpheus, the organization has pursued companies that allow employees to swap files and is moving closer to going after individual users.

A representative for AT&T Broadband confirmed that the suit was dropped but had no further comment. Representatives from the other companies named in the suit did not immediately respond to requests for comment.
****************************
Federal Computer Week
OHS to test emergency links


Within the next two months, the Office of Homeland Security will lead an exercise to test the possibility of linking federal, state and local incident command centers across the country with the White House situation room during times of emergency.

During the past several months, the office has set up off-site incident coordination and support centers that provide around-the-clock assistance for prevention and response, said Stephen King, director of investigations and law enforcement within the Office of Homeland Security's Threat, Countermeasures and Incident Management Directorate. King was speaking Aug. 20 at the Government Symposium on Information Sharing and Homeland Security in Philadelphia.

The Office of Homeland Security Coordination Center is a high-level interagency group that is constantly on call to monitor and respond to threats identified by intelligence and law enforcement. While the members of that group come together in response to a call usually within a half an hour the Office of Homeland Security Incident Support Group provides a live video link between the White House and state and local first responders, King said.

The exercise will test the links for this support group, King said. A communications working group already is in place with participants from federal, state and local agencies looking at the specific technology issues involved in creating the nationwide connection, he said.

"That sort of connectivity will be critical to quick response," King said.
***************************
Wired News
Porn Biz Has a Net Stalker

An Internet stalker is haunting the porn industry.

In recent months, blue-movie luminaries have received dozens of e-mails, from aliases like "zodiac_killer" and "pornhater2002," filled with racial epithets and grisly descriptions of murder and torture.

"(Porn director) Rob Black's a piss-drinkin', shit-eatin' rodent. I'll stab 'til dead 3 times over both him and the sewage called his wife," reads a typical rant.

Some in the adult entertainment community say they're unfazed by the screeds. But the messages have gotten so voluminous, and so creepy, that the FBI has begun to investigate.

"I have received about a hundred hateful e-mails," Jenna Jameson, the X-rated superstar, posted to Gene Ross Extreme, a website devoted to porn industry gossip. "I have forwarded them to the FBI. So many of his e-mails are threatening and just flat out scary. He is the type a (sic) guy who slips a gear and ends up killing people!"

Making interstate "threats to injure" is a federal crime, punishable by up to five years in the clink and a fine. So is using a "telecommunications device" to harass someone, and it carries a maximum sentence of two years.

The blue movie business attracts more than its fair share of the panting brown-overcoat crowd. But acts of violence are rare -- the shooting of Hustler magazine magnate Larry Flynt is the notable exception. Online stalking is rarer still, according to industry insiders. One performer, Christy Lake, said she's never been electronically harassed. Dave Cummings, the 62-year-old star of the Sugar Daddy skin-flick series, said that before now, he had only received one violent threat in seven years -- and the guy apologized a few days later.

Lately, however, this dynamic has begun to change. A recent letter from a "Chad Luke," sent to several porn production houses, compared smut-mongers to terrorists.

Then there's Bryan Sullivan, who admitted last August on Gene Ross Extreme to breaking into the website of actress Samantha Sterling.

In the summer of 2001, Sullivan became a frequent contributor to the raucous discussions of the blue movie business on Gene Ross Extreme and LukeFord.com, another gossip site. High-end porn performers, he wrote in a typical post, "have the audaciousness to think that they are the betters of the whores that get pissed on, slapped around, shit and spit on."

These kinds of comments were considered fair game, even typical, for these sites. But this spring, Sullivan's mass e-missives broke these flimsy boundaries, and entered the realm of the downright scary. "Fucking butt-ugly gook [Tera Patrick]; shoot one dead today!" was the title of one message, dated April 5, referring to a popular starlet.

A day earlier, Sullivan e-mailed Rodger Jenkins, an adult movie screenwriter who contributes to LukeFord.com under the name "Martin Brimmer" -- that "cyberstalking is an equal opportunity crime but porn stars are more likely to be harassed (by me in particular)."

Sullivan then went on to describe the various ways he could locate personal information about an actress.

"I can see exactly where she lives," he wrote. "Convenient, since she's not answering my repeated threatening e-mails and I've been thinking about paying her a visit."

On April 9, Tony Olson, a security official at Road Runner, the high-speed ISP, sent Sullivan a warning that the company had received complaints of harassing e-mail from his account.

That same day, the FBI came calling.

"They went through my hard drive and looked at all my e-mails and one of them said, 'This is more comical than threatening,'" Sullivan told Jenkins. "They said that they don't need this aggravation and for me to watch what I do and tone it down and hopefully I won't have to hear from them again."
Sullivan did not respond to multiple invitations to comment on this story.


E-mails from "zodiac_killer" and "pornhater2002" began appearing in the inboxes of the adult community around the same time. Several of these messages were addressed to Sullivan. In turn, many of Sullivan's e-mails were now addressed to "zodiac_killer" or "pornhater2002."

"Filthy Smelly Gooks Tera Patrick, Wanker Wang" was the title of one message from "pornhater2002." A message from "pornhater" on May 16 was particularly toxic. The message was signed, "Sir Sylvester Sullivan." Although the e-mails seem to implicate Sullivan, there is no evidence that he is behind them.

For Dave Cummings, this was too much. Cummings -- a purported 25-year veteran of the Army who earned a bronze star in Vietnam -- contacted the FBI field office in his hometown of San Diego.

The FBI is taking the matter seriously, Cummings said. There's now an "active investigation" underway, with Cummings serving as liaison to the lewd community. Through him, the e-mails that shocked the most unflappable of industries are being sent to the San Diego office of the FBI.

The FBI won't publicly comment on the case. But one agent involved said, "We're at square one with this thing. There are a whole lot of other people we're going to have to get involved."
****************************
Computerworld
DrinkOrDie member gets 33 months in prison


A 24-year-old member of DrinkOrDie, one of the oldest international piracy groups on the Internet, has been sentenced to 33 months in federal prison for conspiring to violate criminal copyright laws.
Christopher Tresco of Allston, Mass., pleaded guilty in May in U.S. District Court for the Eastern District of Virginia of using his employer's computers to distribute copyrighted material, including movies, software, games and music, according to a U.S. Department of Justice statement (download PDF).


Tresco faced up to five years in prison and $250,000 in fines. He is scheduled to surrender Nov. 1 to begin serving his sentence.

"Chris made an error in judgment in getting involved in this activity and he has acknowledged to the court that he violated the law," said Tresco's Boston-based attorney, Gary Crossen. "He hopes others will learn from him the lesson to avoid computer crimes and respect federal copyright laws."

Tresco is one of 40 people worldwide targeted by Operation Buccaneer, a 14-month undercover investigation into copyright violations by the U.S. Customs Service (see story). One of Tresco's co-conspirators pleaded guilty to conspiracy charges earlier this year (see story) and was sentenced to 46 months in prison.

Operation Buccaneer also netted members of other online piracy groups, including RiSC, RAZOR1911, RiSCISO, and POPZ. To date, 13 people have pleaded guilty to charges in connection with Operation Buccaneer; 10 have already been sentenced. Federal prosecutors said DrinkOrDie consisted of approximately 65 members from more than a dozen countries including England, Australia, Sweden, Norway and Finland.

Federal prosecutors said Tresco, known by his screen name "BigRar," took advantage of his job as systems administrator for the Economics Department at MIT to install and operate a number of DrinkOrDie file storage/transfer sites on the MIT system. This included DrinkOrDie's "drop site," a computer connected full time to the Internet that served as the workstation and initial distribution point for all the group's release work of copyrighted material, according to prosecutors. The group would defeat security features, then distribute the counterfeit titles around the world.

In addition, Justice officials said, Tresco installed and operated a number of the group's FTP "leach" sites containing tens of thousands of software, game, movie and movie titles for copying and downloading by DrinkOrDie members.
*************************
Mercury News
Entrepreneur files suit over junk faxes


When Silicon Valley entrepreneur and philanthropist Steve Kirsch gets a pet peeve, beware.

Tired of his fax machine whirring at 3 a.m. with unsolicited faxes, Kirsch plans today to file two suits against Fax.com, the country's largest fax-broadcasting company.

Kirsch, who rarely does anything on a small scale, is seeking an astronomical $500 billion in statutory damages -- an unprecedented amount that may garner media attention but likely would never be awarded.

``This is not a publicity stunt; our goal is to shut Fax.com down and make any advertiser thinking of sending an unsolicited fax think twice,'' Kirsch said.

He had to be talked down to that damage amount, confided an adviser.

Kirsch is seeking class-action status for a federal suit and a separate California one, saying that ``Fax.com has fax numbers for every machine in the U.S.''

Fax.com did not return calls for comment but has questioned the constitutionality of junk-fax bans.

Kirsch's suits come two weeks after the Federal Communications Commission proposed a $5.38 million fine against Fax.com, based in Orange County. That fine has also prompted renewed interest in toughening California law banning junk faxes, and California Attorney General Bill Lockyer has subpoenaed Fax.com records as part of an investigation.

Kirsch acknowledged that junk e-mail has become a bigger headache than junk faxes, but said the laws governing faxes are stronger.

Spammers, however, could be next, he warned.

``I have the resources, time and money,'' he said. But even the multitasking Kirsch will have his hands full today.

He's holding his press conference at El Camino Hospital in Mountain View to highlight how a medical center could be threatened by nuisance faxes, as happened in a Washington state case.

El Camino happens to be where Kirsch's wife, who went into labor Wednesday, is due to give birth to their third daughter.
**************************
Associated Press
States Struggle With Online Records
Wed Aug 21, 3:15 PM ET
By D. IAN HOPPER, AP Technology Writer


WASHINGTON (AP) - States have made significant progress in putting their court records online, allowing the public to examine criminal cases, lawsuits and divorces. However, all are struggling to develop privacy standards that keep pace with the technology, says a report released Wednesday.



The Washington-based Center for Democracy and Technology said states are trying to figure out how to balance the right to access public records with the risks of putting a battered wife's address on the Internet or posting uncorroborated child abuse allegations for all to see.

"It is clear that those concerns are out there and each state is trying to take a stab at addressing them," CDT policy analyst Ari Schwartz said.

Some states, like Florida, have gone so far as to consider placing a moratorium on online court records until they develop a policy. Florida has one of the nation's most explicit open records provisions, a constitutional guarantee for access to public records.

"There's also, by the way, a constitutional right of privacy right next to it. So we're not sure what the two of them mean together," said Steve Henley, who handles such matters for Florida's Supreme Court.

According to the report, every state in the nation puts their court records online and open to the public to some degree. But each state differs in its approach.

Montana's Web sites have a free, searchable database of Montana Supreme Court opinions and orders. Some courts in Alaska have listings of closed civil cases, probate cases (involving wills and estates) and divorce cases.

California's state court gives access to civil, probate and family law cases for a yearly fee, while county courts offer their own records online under varying rules.

All of these court records can have unintended consequences. Some courts delete obviously sensitive data like social security ( news - web sites) numbers, but one could also find bank account numbers as well as a person's name and address, information that could help an identity thief.

There's also information that is almost never sealed by definition, but could still be sensitive or embarrassing, like accusations of battling spouses in a divorce case or the names of biological parents in an adoption.

Victim's rights advocates have called for taking spousal abuse and family law cases off-line to respect the privacy of a battered wife or abused child. The wife's address, frequently found within court documents, could help a stalker.

"That could have life-threatening ramifications," said Martha Steketee of the National Center for State Courts.

Steketee's group, a nonprofit organization designed to help states devise judicial policy, is behind one of a handful of state and federal efforts to address the online records problem and write guidelines. The center is finalizing its recommendations, and plans to release a report in October.

Meanwhile, states are left to work out the problems on their own, Steketee said.

"Courts are at wide and varying extremes with this," Steketee said. "There are some courts that have tried putting up huge amounts of information, and some have stopped putting out any information electronically."

Most states are in Florida's position. Henley, the Florida official, had a simple answer. "Without a statewide policy, we essentially have 67 policies," he said.

Privacy advocates and state officials don't expect the issue to be resolved overnight, but they hope that greater awareness of the problems will bring some standards.

"Even judges and lawyers in the system don't realize the extent and the nature of the personal information contained in court filings," Henley said. "Everything that goes on in society to some extent ends up in court."

___

On the Net:

Center for Democracy and Technology: http://www.cdt.org

National Center for State Courts: http://www.courtaccess.org

Florida State Courts: http://www.flcourts.org/
****************************
Associated Press
Appalachia Technology Faces Hurdles
Thu Aug 22, 2:13 AM ET
By GAVIN McCORMICK, AP Business Writer

CHARLESTON, W.Va. (AP) - The Appalachian region must leap several sizable hurdles for its technology economy to run at the same pace as the rest of the nation, concludes a university study to be released Thursday.



Across a largely rural area spreading 200,000 square miles across 13 states, the technology sector is small and grew only about two-thirds as fast as the region's overall economy between 1989 and 1998, says a report by the University of North Carolina Office of Economic Development.

Shortages of entrepreneurs, scientists, university education and public and private sector research continue to hamper the region's ability to develop a technology-centered economy, the authors say.

The report was prepared for the Appalachian Regional Commission, a federally funded agency created in 1965 to help the region's development.

ARC boundaries spread beyond Appalachia's hilly core to encompass 406 counties in 13 states ranging from New York to Mississippi.

Appalachian urban areas have a significantly lower number of scientists, engineers and technicians than the United States as a whole, the report says.

The number of federal research grants, which often go to university or government laboratories, is concentrated in just a few areas such as Huntsville, Ala., Blacksburg, Va., Pittsburgh and State College, Pa., and Ithaca, N.Y.

Also, the region's four-year colleges and universities grant proportionately fewer degrees in industrial engineering than do universities nationwide. And its two-year schools grant substantially fewer computer science degrees than does the rest of the nation.

While many state-funded programs are trying to develop the area's high-tech economy, the report says, few are focused on the two areas projected to grow fastest in the next decade: information technology and biotechnology.

The report identifies for the region 100 technology "clusters," or areas with concentrations of high-tech employment and research. Yet more than half of those clusters are in cities such as Atlanta, Cincinnati and Washington, D.C., which lie on the region's periphery.

"That means the ARC region's high-tech prospects are heavily dependent on spillover effects from neighboring cities," the report concludes. "Unfortunately, those spillovers are neither certain nor necessarily positive."

___

On the Net:

Appalachian Regional Commission: http://www.arc.gov
******************************
Federal Computer Week
Rumsfeld outlines risks, rewards

The Defense Department's focus on network-centric operations carries the responsibility that those systems are secure and available if the United States is going to fight effectively, Defense Secretary Donald Rumsfeld said in his annual report to Congress and President Bush.

"U.S. forces must leverage information technology and innovative network-centric concepts of operation to develop increasingly capable joint forces," Rumsfeld said in the document, issued Aug. 16. He said that the war in Afghanistan has demonstrated the military's ability to use a variety of network combat elements from all of the services.

"This joint action only hints at the potential opportunities that can be exploited through new ways to connect seamlessly our air, sea and ground forces," he wrote. "IT holds vast potential for maximizing the effectiveness of American men and women in uniform."

But those information systems must be protected from attack and new capabilities for effective information operations must be developed, Rumsfeld wrote.

"The emergence of advanced information networks holds promise for vast improvements in joint U.S. capabilities, and it also provides the tools for non-kinetic attacks by U.S. forces," he said. Potential adversaries could exploit vulnerabilities if they are left unchecked, he warned.

"In a networked environment, information assurance is critical," Rumsfeld said. "Information systems must be protected from attack, and new capabilities for effective information operations must be developed."

The United States must also carry that information assurance effort to space because of the service's dependence on space-based technologies that enable network-centric operations through use of satellite communications.

"No nation relies more on space for its national security than the United States," he said. "Yet elements of the U.S. space architecture ground stations, launch assets and satellites in orbit are threatened by capabilities that are increasingly available."

The report also stresses the importance of Rumsfeld's "transformation" effort.

"Transformation is fundamentally about redefining war on our terms by harnessing an ongoing revolution in military affairs," he said. That transformation has conceptual, cultural and technological dimensions.

"Fundamental changes in the conceptualization of war as well as in organizational culture and behavior are required to bring it about," he said.

The annual report also stresses DOD's efforts to streamline its business operations by improving its financial management and its ability to buy new technology.

"Transforming DOD's outdated support structure is a key step in achieving a more capable fighting force," Rumsfeld said.
***************************
Government Computer News
Data security hinges on money, not technology, feds say
By William Jackson


Government customers can foster information assurance by demanding it from vendors, said officials charged with overseeing the safety of the nation's critical infrastructure.

"Money talks," said Richard H.L. Marshall, principle deputy director of the Critical Infrastructure Assurance Office. "Put your money where your mouth is, and you're going to have good behavior. Make vendors be responsible for creating good products."

Customer demands have begun to have an impact, said Howard A. Schmidt, vice chairman of the President's Critical Infrastructure Protection Board. A number of software and hardware providers, such as Microsoft Corp. and Sun Microsystems Inc., have decided that "security will trump feature sets" in future products, he said.

Marshall and Schmidt were among a panel of federal and corporate experts discussing responsibility and accountability in information assurance today at the Sector5 cybersecurity conference in Washington.

The panelists, who also included Ronald Dick, director of the National Infrastructure Protection Center, and Secret Service agent Bob Weaver, who heads the New York Electronic Crimes Taskforce, agreed that security conditions should focus on prevention rather than response.

"It's all pre-incident," Weaver said. "That's where your efforts should be."

But getting the money to adequately secure systems has always been a problem. Today's discussion had a sense of déjà vu about it, Schmidt said. Although problems have long been known, "we're all saying the same thing two or three years later," he said.
**************************
Washington Post
Civil Liberties Groups Want Patriot Act Info


The American Civil Liberties Union (ACLU) today asked that the Justice Department reveal how its agents are using the expanded surveillance powers granted to law enforcers under the USA Patriot Act. Joined by the Electronic Privacy Information Center and the American Booksellers Foundation, the ACLU filed a Freedom of Information Act request seeking information on how federal law enforcers are using Patriot Act to track suspected criminals and terrorists. Introduced shortly after the Sept. 11 terrorist attacks and passed late last year, the law broadens federal phone and electronic surveillance authority; makes it easier for government officials to obtain phone, Internet and business records; and loosens evidentiary requirements for obtaining wiretaps in terrorism cases.
-- David McGuire (08/21/02)
***************************
USA Today
Network to support Washington area emergency workers


WASHINGTON (AP) Police, fire and other emergency personnel in the Washington area will soon be able to use a wireless network to communicate and share databases when responding to everything from traffic accidents to terrorist attacks.


The network, which participants call the first of its kind, is called the Capital Wireless Integrated Network, or CapWIN. IBM will build the $20 million system, funded by Congress, over the next two years.


"For us old warhorses, this is like a dream come true when it comes to communicating in emergencies," said Chief Charles Samarra of the Alexandria, Va., police.

The network will cover police, fire, ambulance and transportation officials in Washington and its Maryland and Virginia suburbs, as well as federal agencies such as the FBI and the Capitol Police.

It will allow authorities with different jurisdictions to communicate in electronic "chat rooms" on laptop computers, handheld computers and cell phones. Authorities currently have no means of reliable communication outside of their own jurisdictions, Samarra said.

Two years ago, after an incident on a bridge connecting Virginia and Maryland, federal officials and authorities from both states came to the scene.

"We found ourselves all on the bridge and unable to communicate adequately with each other," Samarra said. "We had to end up sending notes by runners." Traffic was backed up for five hours due to the incident.

The system will make data sharing easier. Currently, a Virginia police officer who pulls over a District of Columbia driver can instantly find out whether the driver is wanted on a national or Virginia warrant. Searches in other jurisdictions take far longer.

"Because of the time involved, most officers are just not going to do it," Samarra said.

The new network will give almost instant access to crime databases. Maryland police officers have used a test version to recover stolen vehicles.

An interstate task force would be able to establish its own chat room on the network, letting members stay in touch during ongoing investigations.

IBM officials said the network will be designed to handle 10,000 users, and complies with the FBI's standards for wireless computer security. The network runs on existing gadgets, IBM said, so local agencies won't need to buy new hardware.

Several recent reports have highlighted communications problems in New York as emergency personnel converged at the World Trade Center on Sept. 11. A report released earlier this week by New York officials said the city's police communications system was incompatible with the network used by firefighters, and radio problems left many commanders and firefighters unable to communicate with each other.

"If New York could have had CapWIN, a lot of the things I read about in the paper would not have been issues," Samarra said.
***************************
Mercury News
Privacy bill watered down
By Ann E. Marimow


SACRAMENTO - Landmark legislation to give consumers more control over their personal financial information cleared a major hurdle Wednesday, but not without being diluted over the objections of consumer advocates.

Proponents, however, vowed to strengthen the bill to clamp down on companies that share and sell information on their consumers' finances when the measure moves today to another Assembly committee considered friendlier toward privacy legislation.

When the bill's sponsors let their guard down Wednesday, banking committee Chairman Lou Papan, D-Millbrae, pushed through an amendment that would make it easier for some companies to share customers' private data without their permission. When the sponsors discovered what had happened, they reacted with disbelief.

The move came just two days after the sponsor, Sen. Jackie Speier, D-San Mateo, announced a ``breakthrough compromise'' with Assemblyman Joe Nation, D-San Rafael, that made the measure more palatable to key moderate Democrats, including Assemblywoman Rebecca Cohn, D-Campbell.

``It's a horrible amendment,'' said Rosemary Shahan of the Consumer Federation of California, referring to the change made in the banking committee. ``But the potential to protect privacy lives on.''

Speier said the further weakening of the bill Wednesday stripped the legislation of its power to allow customers to keep private information such as bank account balances and credit histories.

``This takes away choice for consumers,'' Speier said. ``And it's precisely what the insurance industry wants.''

The amendment's sponsor, Assemblyman Phil Wyman, R-Tehachapi, disagreed.

``Your bill doesn't help consumers,'' he said. ``It goes beyond federal law and hurts the economy of California.''

The watering down of the measure, SB 773, and the political wrangling at the hearing Wednesday was another obstacle in Speier's 2-year-old push to enact what would be some of the toughest privacy restrictions in the nation on how banks and other companies can use a customer's financial information.

Speier's bill was defeated last year, despite many hours she spent negotiating with the governor's office and business leaders. She blamed the governor and some moderate Democrats for caving to pressure from business, an accusation her opponents denied.

This year, Gov. Gray Davis backed another bill sponsored by Nation that was opposed by both business and consumer advocates.

Under the compromise announced this week, banks and insurance companies would have to ask permission to trade or sell customers' information with non-financial third parties like telemarketers.

But they would not have to ask to share this information with company affiliates and some outside financial companies. Consumers, however, could fill out a form to prevent it.

The amendment approved Wednesday would take away that option for consumers when financial companies want to share this information with affiliate companies engaged in similar businesses.

Despite their apparent victory, representatives for the financial industry said they will have to work hard to keep the amendment in when the bill goes to the Judiciary Committee today. Even as amended, they said the measure would be a burden on businesses.

``We're not encouraged that the amendment will stay in the bill,'' said Diane Colborn of the Personal Insurance Federation of California.

Early in the five-hour hearing, Speier asked that the vote taken on the amendment be put on hold to try to round up sufficient opposition.

Speier and Nation were later shocked to learn that Papan instead declared the vote final without letting them know.

``They were in the room, they just weren't paying attention,'' Papan said.

The sponsors tried unsuccessfully to reverse the outcome, arguing that the decision to declare the vote final happened after they had left the room.

``Don't argue with me. I cleared the vote!'' said Papan in the gruff style that has made him a feared figure throughout his career. Papan retires at the end of this year.
*************************
Nando Times
Law professor fights Web link ban


SAN FRANCISCO (August 21, 2002 6:56 p.m. EDT) - A U.S. law professor is defying a growing number of companies that want to ban the practice of "linking" - where a Web site points to another page on the Internet.

Courts around the world have been grappling with entities trying to restrict the practice.

Last month, a Dutch court held that a site that links to news stories from other media was barred from the practice, due to copyright constraints.

Courts in Scotland and the U.S. have also grappled with the ban, usually deciding to bar someone from linking to copyrighted material.

But that bar rankles Internet aficionados, who claim linking is a basic function of the world wide web.

"It's a silly ban, really," said David Sorkin, a professor of law at the John Marshall Law School in Chicago. "Someone has to point that out."

Sorkin has now erected a web site, www.dontlink.com, which flouts anti-linking policies by linking to companies that seek to ban the practice. These include The American Cancer Society, the Chicago Tribune and National Public Radio.

Sorkin said he has yet to receive a formal complaint from the companies on his site.

"Maybe once they see I'm a law professor, they'll have second thoughts about fighting me," he said.
*****************************
Information Week
Profiteering On Homeland Defense


Since Sept. 11, vendors of a cornucopia of protective gear have beseeched Americans and their government to buy in the name of 'homeland security.'
By Jim Krane, AP Technology Writer


NEW YORK--Since the days when Samuel Colt made a fortune peddling his Peacemaker revolvers to frightened frontiersmen and a budding U.S. Army, astute entrepreneurs have profited by selling goods to Americans worried about security. Full story, see: http://www.informationweek.com/story/IWK20020821S0001
*****************************
Wired News
New Salvo in Piracy, Privacy War
By Brad King


The music industry's trade association is asking a federal district court to force an Internet service provider to turn over private information for a subscriber, heating up the legal war between technology and entertainment companies.

The Recording Industry Association of America wants Verizon Internet Services to turn over information on one of its subscribers, who the RIAA suspects of offering a large collection of MP3s for download.

Wednesday's legal filing with the Federal District Court for the District of Columbia came after Verizon refused to comply with a July 24 subpoena issued by the same court, saying the legal merits of the order were wrong. A spokesman said the company would continue to fight the matter.

"Under any circumstances, we are concerned with the privacy of our subscribers and with the copyrights of the entertainment industry," said Eric Rabe, Verizon's vice president of media relations. "But this isn't an area that we should be rushing into. We'll comply with proper legal orders, but we want to make sure we are not overreactive."

Verizon finds itself on a slippery slope. ISPs promise users to protect their identities, but entertainment companies are increasingly putting pressure on Congress and the Justice Department to crack down on people illegally sharing songs and movies.

At issue in the Verizon case is how much protection ISPs have from prosecution under the Digital Millennium Copyright Act, the controversial law meant to thwart digital piracy.

While the DMCA lets copyright holders stop anyone from distributing software that removes security locks from content, it doesn't allow them to challenge the company that provides the gateway to the Internet.

Legislators gave service providers "safe harbor" protection, which means ISPs can't be held liable for what their subscribers get up to online.

There is a catch, however. The protection disappears if the ISP finds out that a subscriber is illegally sharing files. The RIAA claims that Verizon's protection should have been dissolved after it informed the ISP of the infringement by this individual. The court agreed, and ordered Verizon to turn over the subscriber's name.

It's a chilling prospect that an ISP could be forced to turn over private information on its customers, but the recording industry said this action is limited to one subscriber who is engaged in massive piracy.

"The subpoena seeks limited information relating to a computer connected to the Verizon network that is a hub for significant music piracy," said court papers filed in July.
************************
USA Today
Broadband companies increase move toward rate plans
Michelle Kessler USA TODAY


SAN FRANCISCO -- The days of one-price-fits-all for high-speed Internet access are ending.

No. 3 broadband Internet provider SBC Communications Wednesday became the latest to say it would charge a range of prices for consumers, as it already does for big businesses.

SBC currently charges all consumer broadband users $50 a month. Starting this fall, the company will offer six rate plans. Prices haven't been set. No range was given.

Rivals Covad Communications and AT&T Broadband also announced tiered service plans this summer. ''By the start of next year, I expect every major broadband carrier to go this route,'' says ARS analyst Mark Kersey.

More choices will mean lower prices for many consumers, especially average Internet users, analysts say. But heavy users, such as avid gamers, will likely have to pay more. And, over time, tiered pricing could make it easier for carriers to raise rates, because multiple plans make small increases less noticeable.

''I don't think you'll see (price increases) in the next six months, but (they're possible) within a year or two,'' Kersey says.

In most cases, the tiered plans offer unlimited Web surfing at different speeds. The slower the speed, the lower the cost.

For example: Covad's cheapest digital subscriber line service costs $40 a month -- after a $22 four-month trial period -- and is about five times faster than regular dial-up. Its most expensive DSL service costs $89 and is about 25 times faster than dial-up. Broadband services such as DSL are gaining favor because they're fast, don't tie up phone lines and are always on.

Carriers hope more choices will lure customers to the market. Fewer than 17% of U.S. households have high-speed access.

But carriers might end up undermining themselves, says Forrester Research analyst Charles Golvin.

Many small businesses, for example, often pay hundreds of dollars a month for special business-class high-speed lines. Now, they could get similar service for less than $90.

Some residential customers might also end up paying less for a lesser service -- if given the choice, Golvin says. That's one reason not every carrier has switched. For example, No. 1 broadband provider Road Runner, owned by Time Warner Cable, offers only one residential plan for $45 a month.

Still, analysts say they expect tiered pricing to become the norm, despite challenges. ''The problem is they're coming out with this during a recession,'' says Giga Information Group analyst Lisa Pierce. ''I have modest expectations until the economy recovers.''
***************************
Sydney Morning Herald
Cracking the hackers' code
By Suelette Dreyfus
August 20 2002
Next






If your organisation suffered a computer crime in the past few years and reported it to AusCERT, it was probably an attack from outside your walls. Nearly 90 per cent of Australian organisations that reported an incident were attacked externally, according to the 2002 Australian Computer Crime and Security Survey. This is the first time the threat of being attacked from outside surpassed the likelihood of an assault from inside.

It might be increasingly difficult to keep out external hackers but there are signs IT managers are finding it easier to win support within companies for improving security. Management consulting firm McKinsey & Co recently studied security best practices at Fortune 500 companies. About 30 of these companies, including AOL Time Warner, Merrill Lynch, Microsoft and Visa International, had appointed a chief security officer or other senior executive to oversee information security. In some cases, this executive had the power to stop the launch of new products or systems, and answered only to the chief executive.

The recent AusCERT study stated that 70 per cent of Australian organisations surveyed had increased spending on information security in the past year.

All of this is good news for IT managers. Most attempted attacks come via script kiddies, according to Neal Wise, senior security consultant for eSec, a Melbourne-based security technology company. Keeping software up to date should provide a good first-line defence but he also recommends putting pressure on vendors to release security patches in a timely fashion. "You can vote with your wallet," he says.

Yet Grant Bayley, organiser of Sydney's 2600 group, a gathering of security enthusiasts, says that while the number of hackers has increased, the percentage of highly skilled hackers has stayed the same, suggesting their total numbers are up as well. "These are the people who are really good at writing exploits - original and very obscure exploits. And people don't write exploits just to have them sit there and look pretty."

More sophisticated hackers may be more difficult to defend against, in part because their motivations may be complex. A small subset of these hackers obsess about a problem day after day, ignoring the rest of their lives. If you are running a network or a system, understanding what drives people to break in will help you to defend your organisation.

Meeting "Higgs", formerly one of the most skilled illegal hackers of the Australian computer underground, can be a high-stress experience; Higgs fidgets with other people's things until they break.

He doesn't mean to break them, he just pulls and prods at them incessantly while he bounces his knee up and down and talks. When the item cracks or snaps, he looks utterly surprised, as though he had no idea the item was in his hand. He sheepishly slips the broken pieces into his pocket, adding to his sins by running off with the evidence.

He sometimes has one-way conversations with people, meaning he talks and they try to get a word in edgewise. He is always right, and he is only interested in "the truth", no matter how bare and brutal. This inflexible, seemingly arrogant attitude frequently gets him into trouble, in part because he is usually right. Or because when he's wrong, he's so wildly off the mark, it's funny. He's also anti-social, partly due to shyness, but also because most people bore him. He says they don't feed him information fast enough. "I can't do that chit-chat stuff," he says.

Like a number of other technically elite hackers, Higgs shows characteristics similar to those shown by people with Asperger syndrome. This neurobiological disorder, which may resemble mild autism, has often been misdiagnosed in the past. The condition only made it into the Diagnostic and Statistical Manual of Mental Disorders in 1994.

Like elite-end hackers, many "aspies" are exceptionally skilled in a specialised area. A 2001 University of Cambridge study into the syndrome showed a higher incidence of AS/High-Functioning Autism, which seem to be related, among scientists and mathematicians. Tests of 840 students showed "that mathematicians scored higher than engineers, physical and computer sciences, who scored higher than medicine and biology". The condition is also more common among males and may have a genetic component.

There does not appear to be any in-depth research linking illegal hacking and Asperger syndrome. However, one of the world's leading AS experts, Australian clinical psychologist Tony Attwood, believes some hackers may share characteristics with "Aspies", as they refer to themselves.

"The link between AS and computers is well known. Computers were designed by - and for - people with AS," Attwood, based in Queensland, says. "Those with AS seem to know the language of computers better than social or conventional languages. It is quite plausible that people with AS may pursue an interest in cracking."

Historically, AS has been linked to at least one area that has become a key part of computer security: cryptography.

"The team that cracked the Enigma code appeared to include several individuals who showed characteristics of Asperger's," Attwood says. This included the father of modern computing, Alan Turing.

"It's the sheer challenge rather than any (criminal intent). It's the pursuit of knowledge and truth - with different priorities and perceptions ¤ They see it as an intellectual challenge and a prize, (and) they look at the success of what they have done rather than the consequences of the lives of people they have affected."

Aspies typically have an almost obsessional approach to solving problems and are often oblivious to their peers' view that a given problem is "unsolvable". Both are often prerequisites to becoming an elite-end hacker.

What effect might hacking have on an Aspie?

"Hacking is giving them an intellectual orgasm. And they are addicted to the intellectual orgasm," Attwood says.

This doesn't mean all illegal hackers have AS, or that these hackers should escape criminal conviction. However, the linking of AS and hacking could have an impact on conviction or sentencing in future.

Previously, what experts termed an extreme addiction to hacking played a key role in a landmark British hacking case. Based on the descriptions of the hacker's behaviour, the apparent addiction could well have been a manifestation of AS. In a jury trial, the legal defence team of the British hacker "Wandii" showed the hacker was obsessed with computers and the intellectual challenge of beating them. The jury acquitted him of criminal charges in just 90 minutes, apparently because it decided he lacked mens rea, or awareness of criminal wrongdoing.

"You would not use AS to say a person is of unsound mind, because such people are very logical (if) eccentric," Attwood says.

"But (a diagnosis) could alter sentencing in two ways. First, in (assessing) the degree of criminal intent. And, second, in deterrence. They may need treatment for a compulsion, which may be irresistible, rather than a prison sentence or a psychiatric institution."

In the US, convicted hackers have been banned from using computers for long periods as part of their sentences. Attwood says this approach is likely to be inappropriate for Aspies. Denying them use of computers is very different than for most people.

"What we might look at instead is controlled access in a constructive way for convicted offenders," he says.

"Res" is a skilled Australian Black Hat hacker. Extremely private, street smart, he holds back, watching you, taking your measure. He slips in a little cynical humour now and again, showing he's cool but not cold. But he's a contrast to the stereotypical Hollywood geek hacker because he has a life.

"I haven't spent a Friday or Saturday night at home since I was 17," Res says.

While not showing any visible signs of AS, he's clearly capable of obsessional behaviour. "I am obsessive: I collect things. I like having everything, I never delete anything. I am a radical person. I'm all or nothing."

He says he doesn't read books but that's not quite true. He buys technical textbooks. Other than specialist mailing lists and the newspaper, the only other thing he reads is the Slashdot website.

The Cambridge study suggests a "continuum" of disability, "with AS as the bridge between autism and normality". Res may represent a point on the spectrum between AS and obsessive - a place other top hackers might also occupy.

Hacker group 2600's Grant Bayley estimates that, based on his experience, "You probably wouldn't find more than two AS symptoms in any one hacker but you would find more symptoms in 50 to 70 per cent of hackers in the mid to upper-skill level."

Higgs recognises he has some AS traits and he believes having AS could definitely contribute to hackers rising in the ranks of the elite underground.

"It is not that AS gets you to the top of the pile but it can help. Because there are some things that are broken, you are forced to use other parts of the brain instead. The ability to blinker everything else and not get distracted helps."

He views the AS-affected hacker mind as being like the Internet: "That hacker's mind sees group dynamics as damage and routes around it."

However, after interacting with a number of top hackers around the globe over several years, he argues there are other contributing factors.

"For these people to get where they have, Asperger's isn't enough. They have something else. Clearly (convicted American hacker Kevin) Mitnick's talent doesn't just come from AS; there is something else there. Like his social engineering talent - you just wouldn't associate that with AS," he says.

"The 'f***-you' attitude is also a requirement. Every one (of the top hackers) has had the 'f***-you' ingredient ¤ You cannot defy authority and break the law thousands of times a year without the 'f***-you' ingredient."

Suelette Dreyfus is the author of Underground and an honorary fellow at the University of Melbourne's department of information systems.

How to deter the obsessive attacker

What is the best way to defend your network against illegal hackers who show Asperger syndrome-like characteristics?

A former highly skilled and obsessive hacker, "Higgs" suggests breaking the patterns of usual defensive behaviour.

Trip wires in packaged software might be anticipated by a pattern-based hacker. "Set up trip wires that are unique," he says.

Also, use your logs in different ways for tell-tale signs of a hacker's trespass.

"Backdoor the 'ls' command (in UNIX), which gives you a list of files. Record its arguments and when it is used. A (pattern-based) hacker might not think to look for logs of that.

"Backdoor the SSH (secure shell) client to record who is using it and when. Keep secret log files in unusual locations."
***************************
Sunspot.net (Chicago Tribune)
Online tutors making grade
Free, fee-based programs -- including those by Baltimore-based Sylvan -- help struggling pupils


CHICAGO -- Hearing that your child might flunk is not good news. But that's what teachers at Chicago's Stephen K. Hayt School told Susanne Todd last spring. It didn't take her long to decide that a tutor was needed.

But Todd, an e-commerce analyst, tends to work late and her 14-year-old son, Nick, is too young to drive, making transportation a difficult issue. Having a stranger tutor Nick brought another set of concerns.

So Todd turned to eSylvan, the online tutoring wing of Baltimore-based Sylvan Learning Centers. She had taken technology certification courses at Sylvan years ago and felt a Web-based program would fit her and Nick's schedules.

"We didn't want to see him fail and redo the 8th grade," she said. "It's very helpful for me because I work long hours, and if I had to drive him around, he wouldn't make it on time."

Parents across the country are increasingly looking to the Web as a just-in-time learning tool. They point to the convenience, thoroughness and safety of Web-based programs -- which typically conduct background and credential checks on staffers -- as big drawing points for online learning. They're also getting savvier by equipping their homes and kids with the latest tech gear to boost grades and improve the quality of their school work.

Nick was reluctant to try the Web-based program. "I didn't think it would work at all," he said. But "my teacher said if I didn't buckle down and get the grade up, she would hold me back. I didn't want that."

After six weeks of the 18-week tutoring program, Nick bumped his reading grade up from a failing D- to a C+, enough to pass. He credits one-on-one time with Holly Cook, a state-certified English teacher in Williamsville, N.Y., for boosting his grade and reading comprehension.

Nick never met Cook in the real world. Instead, he heard her instructions via eSylvan's headset. A digital sketchpad and pen allowed Cook to underline concepts as Nick completed the lessons.

"I'm the type of person who would like to see how to do it; I can't understand when you tell me," he said.

Sam Booker, 15, is another student who found help online. Four years of science is an entrance requirement at most colleges, yet Sam brought home C's and D's in those courses. As a consequence, the junior at Evanston Township High School said he was "forced" into summer school chemistry by his parents. To write a report on argon, a noble gas, Sam's dad, Ellis, steered him to WebElements.com, a help site for chemistry questions.

"It's much faster than going through the tedious process of finding stuff in a book and reading through the whole thing," said Sam, who earned an A in chemistry. "The Internet is briefer and more condensed."

Ellis Booker set up a wireless network to make it easier for his sons to share the home's broadband connection. He also installed Microsoft Windows XP and set up individual accounts for his sons and himself.

"It's a great thing because I don't have to worry about [my little brother] George poking around in my stuff," Sam said.

But online tutoring programs, like eSylvan, and home-based wireless networks aren't for every child and every parent's pocketbook. ESylvan cost $1,400 for 18 weeks. And not all parents have the knowledge or money to buy and set up a wireless network for their kids. The wireless router and laptop card costs about $350 for an 802.11b network, plus about $50 per month for broadband.

Still, Web-based learning is catching on. A growing number of paid programs exist, and numerous school districts offer free Web-based learning and tutoring programs.

The Barrington Public Library District and Lake Zurich's Ela Area Public Library began offering online homework assistance through Tutor.com last year. Parents can subscribe to the service for $99 per month or develop a customized package with a tutor through the Web site. Personal tutoring costs about $25 to $30 per hour.

On the state level, Illinois' technology initiatives are on par with the rest of the country's. About 25 states have online high school courses, and another five have programs in the works.

Illinois offers 76 Web courses through Illinois Virtual High School, including an Advanced Placement Exam Review and calculus. Courses are generally free to students. Participating schools reimburse the state $300 per course. The state has spent $2.5 million on the Web-based program.

But most technology programs are conducted on a district level and depend upon the enthusiasm of tech devotees and parents to get off the ground.

At Westinghouse Career Academy in Chicago, students used online college prep courses from educational services firm Kaplan to study for the SAT and ACT. The program starts with a subject matter assessment then steers the student through tutorials in subjects for which their skills are weak. The program is free for students after participating schools pay an access fee for the courses. Students can log on from home or school at any hour.

St. Ignatius, a private high school in Chicago, plans to offer an AP-level studio art course this fall. Students can use the school's digital art studio and iMac computers during the yearlong course to create portfolios of digital film and graphic arts.

Niles North and West High Schools, for example, will offer Web-based tutorials through the Atomic Learning Library (www.atomiclearning.com). Using a personal ID and password, students can log on and view short training films on popular applications, like Apple iMovie, Macromedia Flash and Microsoft Excel and PowerPoint.

The site also offers step-by-step instructions on creating a newsletter or storytelling using digital photojournalism techniques. Parents can use the training site too.

"It's very difficult to squeeze everything into the school day," said Guy Ballard, director of technology at Niles Township High School District 219. "This provides our students with the resources to learn on their own, which saves us time and energy to concentrate on the curriculum. The students can be their own teachers."

Though the AP Exam Review is Illinois Virtual High School's most popular course, attracting more than 3,000 students, courses in computer networking and repair certification draw large enrollments.

"This is a digital generation that's very hands-on with computer technology," said Brad Woodruff, e-learning supervisor at the Illinois Department of Education. "Part of the key to e-learning is getting the parent's generation involved in teaching technology."

Sam Booker agrees. The difference between acing chemistry this summer and barely passing biology last year had less to do with Web sites and broadband, he said, than being motivated to succeed and getting help from his dad.

"It doesn't matter what kind of Internet connection you have. You have to want to apply it," he said. "I learned it the hard way."

Study programs target younger pupils

Most Web-based educational programs are aimed at high school students, who possess the mental stamina to sit through online tutorials and interactive study guides. But there's still plenty of computer and Web-based programs for younger students.

At Chicago's Region 6, about 200 5th- through 8th-grade students at Shoop and Curtis Elementary Schools used Kaplan Inc.'s online program (www.achieva.com) to improve their study skills. The program focuses on study techniques, like taking notes, developing essays and keeping a calendar, as opposed to learning math or reading. The students attended the computer lab twice a week with English teachers.

"If you just tutor the student in social studies, then they're just about social studies, but if you teach study skills they can apply that to any study area," said Lee Brown, a Region 6 education officer. "Parents work hard with the kids, but many aren't familiar with technology and techniques to improve study skills."

The Start-To-Finish Books CD-ROM series is another learning tool for younger students who are struggling with reading. The computerized books from Don Johnston Inc. (www.donjohnston.com) highlight the text as the narrator goes through the story. The series includes about 60 titles.

But Alexis Sarovich, a Chicago-based learning specialist, cautions that online tutorials and coursework aren't right for every child. Some children don't have the focus necessary for computer-based learning, yet any child stands to benefit from parental involvement in educational activities and homework.

"When parents work with their children, it builds them up and gives them confidence to succeed, and it's something that a computer cannot do," Sarovich said.

A classroom of one's own

Whether a student needs help with ABCs or SATs, a range of online help is available.

PRODUCT: eSylvan, www.esylvan.com

SERVICES: Personalized programs in math (grades 3-8) and reading (grades 4-9).

COST: $135 for skills assessment, $150 for starter kit, and $37-$40 an hour for tutoring.

PRODUCT: Tutor.com, www.tutor.com

SERVICES: Online tutoring in more than 200 subjects for students in kindergarten through college.

COST: $99.99 a month for unlimited live homework help, or personalized packages at $20-$30 an hour.

PRODUCT: Kaplan, www.kaplan.com

SERVICES: Online preparation for standardized tests, including GRE, ACT and SAT (I and II).

COST: Packages range from $29 to $349, depending on number of courses and whether help via e-mail is included.
*************************
Earthweb.com
Filtering Spam with Blocklists
By Nathan Segal


For business professionals, spam is a huge problem that causes clogged in-boxes and wastes many hours of productive time to sort through it. Once you have an email address, it's only a matter of time before you start getting unwanted email.

Even with email blocking software, it might be necessary to close the account and start again if the problem becomes too severe, but then you have to update everyone in your address book. And even then, it won't be long before your new address winds up on a spammers list. So what do you do?

To stem the tide, many companies resort to blocklists, or blacklists as they are sometimes called, for filtering spam. Some of these companies such as Brightmail or SpamCop are commercial software companies.

Others, such as MAPS (Mail Abuse Prevention System a.k.a. The Realtime Blackhole List) are designed to create intentional network outages (a.k.a. blackholes) to limit the transport of unwanted mass e-mails. Spamhaus, a European resource, lists IP addresses of spammers and uses their Register of Known Spam Operations (ROKSO), which they believe are behind 90% of American and European spam.

"The whole concept of blacklists is essentially giving out IP addresses or top-level domains that are known or in most cases suspected sources of spam," says Linda Munyan, marketing communications manager for Brightmail. "These can be permission-based marketing groups or open relays that are being used by spammers. Often you hear these days about companies or ISPs who are blocking anything coming in from certain countries, such as Russia, China or Korea.

"Top-level domain refers to blocking from a certain country as opposed to IP addresses which are pointing to a certain machine. As an example, anything that comes in with a .ru in the 'From' portion of the header information is not accepted because there's so much spam coming from that country (Russia)," she says.

When filtering spam, an issue is 'false positives,' something filtered as spam, when in fact it is legitimate mail. In the case of Brightmail, their rate of false positives is one in 100,000. But in some cases, spam has become such a huge problem that service providers resort to drastic measures, taking the risk of blocking legitimate mail from getting through to their end users.

Decoy Accounts And Attack Algorithms

"With Brightmail, we install filtering software at our customer sites," says Munyan. "Our solution is comprised of three components. The first part is called the Probe Network, a network of decoy email accounts that we've put out across the Internet. Each customer that we bring on board is required to provide us with a certain percentage of statistical representation of their total email box universe. These are brand new accounts that have never been used.

"At Brightmail, our business intelligence team creates names for those new, unused accounts and they seed them across the Internet, into places such as Usenet groups where spammers are known to harvest email addresses," Munyan says. "Our Probe Network has a statistical reach of 100 million email boxes and that's what we use as our net (sometimes known as a spam trap or honey pot). The Probe Network attracts an incredible amount of spam and our business intelligence team constantly monitors the probes, refining them and making sure that they're productive.

"Then we have a pretty sophisticated set of algorithms which groups this spam into attacks. A spam attack is any group of messages that are similar in nature. Many spammers try to randomize their messages so that filtering software techniques such as ours are thwarted. But our grouping algorithms strip out all that randomizing stuff, (numbers, spaces, dashes, dots, the university diploma, etc.) to its core essence and groups it into a spam attack. From there, we can write rules against it," she says.

"The third component is called bloc. That's the Brightmail statistics and operations center, where we have a group of people who work 24/7 and who service a QA function, making sure that the rules are working properly, that we haven't caught anything that's legitimate mail and that the rules are delivered out to our customers in a timely manner.

"The original focus of Brightmail was with very large ISPs, such as Earthlink, AT&T and Worldnet," Munyan says. "We've just recently started moving into enterprises, companies like Cypress Semiconductor, Cisco, Motorola, and that's where our focus is today. For ISPs, the fee for using the software would be $1-$2/user/year. For enterprises, the fee would be $5-$15/user/year (comparable to AV pricing). As an example, the fee for an enterprise with 1,000 employees would be around $15,000."

"Both pricing structures are dependent upon the number of end-users (employees in the case of enterprises or subscribers in the case of ISPs). Obviously, ISPs are larger than enterprises, so their average pricing structure will be overall lower."

How to Avoid Getting Blacklisted

To create legitimate mailing lists, the double opt-in approach is now considered to be the best way to go as opposed to a single opt-in, where you click once or something is already filled in for you and then you're considered to have opted into a mailing list.

With double opt-in, you have to actively take the first step of clicking a box saying that you want to be a part of a list. Next, you have to respond positively back to an email message that says: 'You indicated that you wanted to join this user group, newsletter, etc. If so, please reply back to this message.' This is the second piece of the double opt-in approach.

To solve the problem of being blacklisted, MAPS is trying to drive businesses toward the double opt-in approach so that they don't get blacklisted. But sometimes, people do get blacklisted for a variety of reasons. An example is if the packet size of their bulk email is too large and it's caught by some of MAPS customer base, etc.

To get off a blocklist, you have to contact the service in question. According to information on the MAPS Web site: "Your first step in getting off of the MAPS RBL is to contact us, by phone if necessary (650-779-7080) or by e-mail if possible. Tell us the IP address you think is being affected since we can't do anything that could affect your domain name, and tell us what you're doing or would like our help to start doing to become less friendly to spammers. The moment you demonstrate favorable intentions toward stopping spam from using your resources, we will as a good faith gesture take you off of the MAPS RBL."

Another interesting wrinkle is being falsely accused of spamming. According to SpamCop: "False spam reports are not tolerated. Users who file false reports will be banned from the SpamCop service and/or fined. If you would like to take action against a user who has erroneously accused you of spamming, please forward the entire SpamCop report, including full headers and the entire spam and proof that the user in question did subscribe for your list.

"If you would like to pursue action with the user's Internet provider, SpamCop reports include all the information you need, including the IP address and datestamp of the complainant. You can even feed a SpamCop report to SpamCop to determine the originating point."

The big question though, is how a fine of the above nature would be enforced. That information was not found on the SpamCop website, despite a thorough search.
******************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx