Clips August 22, 2002

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips August 22, 2002

ARTICLES

Short-Text Messaging May Get Boost as Political Ad Vehicle
White House Officials Debating Rules for Cyberwarfare
OHS to test emergency links
Porn Biz Has a Net Stalker
DrinkOrDie member gets 33 months in prison
Entrepreneur files suit over junk faxes
States Struggle With Online Records
Appalachia Technology Faces Hurdles
Rumsfeld outlines risks, rewards
Data security hinges on money, not technology, feds say
Civil Liberties Groups Want Patriot Act Info
Network to support Washington area emergency workers
Privacy bill watered down
Law professor fights Web link ban
Profiteering On Homeland Defense
New Salvo in Piracy, Privacy War
Filtering Spam with Blocklists

************************
Washington Post
Short-Text Messaging May Get Boost as Political Ad Vehicle
By Brian Krebs

Campaign 2002 may be coming to a cell phone near you.

The Federal Election Commission is expected to decide Thursday whether 
groups should be allowed to deliver text-based political ads over mobile 
phones and other wireless devices without disclosing who paid for them.

A New Jersey technology firm, joined by advertising industry groups and a 
Republican campaign committee, has asked the FEC to waive disclosure rules 
for political ads delivered via SMS, or "short message service." SMS is 
featured on a wide range of wireless devices, from digital mobile phones to 
Blackberries to two-way pagers.

Target Wireless of Fort Lee, N.J., says current FEC disclosure rules would 
require political advertisers to use up too much of the limited amount of 
text -- 160 characters total -- available for individual SMS messages.

The FEC has already granted exemptions for advertising media that are 
limited to small numbers of text characters, including bumper stickers, 
buttons, pens and pencils, skywriting, balloons and water towers.

But the Target Wireless petition has alarmed some public interest and 
disclosure advocates, who say that backers of an SMS exemption assume that 
all political messages delivered over SMS will be positive.

Exempting SMS could open the floodgates to political and commercial spam 
over wireless devices, said David Farber, a professor of computer science 
and public policy at the University of Pennsylvania.

"If they allow this exemption for political advertising, everyone else is 
going to want to jump on the bandwagon," Farber said. "It's hard enough 
with the ads already out there to figure out who's really paying for what, 
and if you drop (the disclosure requirement), I see mischief all over the 
place."

"The disclaimers are there to protect both campaigns and citizens," said 
Mike Cornfield, director of research for The George Washington University's 
Institute for Politics, Democracy and the Internet.

An alternative to waiving disclosure altogether would be to require SMS ads 
to include the sponsor Web site name or URL, Cornfield said. Such a 
requirement would allow campaigns protect the integrity of their messages 
by discouraging "spoofed" SMS messages from rival candidates or parties, he 
said.

An attorney in the FEC's campaign finance section said he doesn't know how 
the commission will rule on Thursday. But if the impressions of one 
political watchdog group are any indication, the FEC might be inclined to 
agree with the Target Wireless petition as a matter of common sense.

"These disclaimers are important, but the rules recognize the 
practicalities of the situations," said Don Simon, general counsel for 
Common Cause. "We recognize that you have to apply common sense to the 
application of rules and that you don't want to apply them in a way that 
gets you silly results."

The question, however, is whether there's a viable market for a political 
SMS ad service.

Target Wireless President Craig Krueger declined to name any potential 
clients for his company's service, but its petition is being backed by the 
National Republican Senatorial Committee, the Cellular Telecommunications 
and Internet Association, the American Association of Advertising Agencies 
and the Association of National Advertisers. Kreuger said his company hopes 
to begin selling political ads for delivery to customers who have 
"opted-in," or asked to receive, more information from a given campaign via 
SMS.

SMS is hugely popular in other parts of the world but has been slow to 
catch on in the states. According to the Boston-based consulting firm 
Yankee Group, there were roughly 131 million cell phone subscribers in the 
United States by the end of 2001. And while a third of those users had 
SMS-enabled phones, only about 4.3 million actually used the service.

By contrast, nearly all of the 293 million wireless users in Europe had 
two-way SMS capable devices by the end of last year, and roughly 175 
million regularly used the service, Yankee analysts found.

Phil Noble, founder of PoliticsOnline.com and a leading cheerleader for 
e-politics, said candidates' interest in SMS is likely to grow in the 2002 
campaign season, albeit on a small scale.

"All politics is about front-runners and underdogs," Noble said. 
"Front-runners ask, 'What did we do last time, and can we do it again?' 
Underdogs look for what is new and different and try to find an edge."

Mike Connell, president and CEO of New Media Communications, hopes the FEC 
will grant Target Wireless's petition. His company, which built the Bush 
2000 general election Web site and used SMS in two state Senate races in 
2000, has plans to run get-out-the-vote campaigns over SMS in the days 
leading up to this year's election.

"Campaigns go through considerable time and expense to win hearts and minds 
of people, and once you've gone through all that you've still got to make 
sure they turn out on Election Day," Connell said.

In addition concerns about the Target Wireless's FEC petition, the 
company's business plan has attracted its share of skeptics.

"Why would anyone who needs to be persuaded to vote for a particular 
candidate opt-in to receive text messages from a campaign they already 
support," said Steve Clift, editor of Democracies Online newsletter.

And Ben Green, co-founder of Crossroad Strategies and former director of 
Internet operations for the Gore 2000 president campaign, said he would 
advise clients against using the technology in this year's election.

"Campaigns are typically on a tight budget and have to spend their dollars 
wisely," Green said. "The fact is that the political Internet industry 
landscape is littered with the wreckage of companies that think they've 
found the killer ap, only to fall flat on their faces."

Krueger maintains that his request will clear the way for innovative uses 
of SMS in future elections, and says he is only trying to secure the 
viability of his company's business model.

"The fact of the matter is that no candidate is going to commit to target 
wireless users until the FEC says it's legal to do so," he said.
******************************
Washington Post
White House Officials Debating Rules for Cyberwarfare
By Ariana Eunjung Cha and Jonathan Krim

The Bush administration is stepping up an internal debate on the rules of 
engagement for cyberwarfare as evidence mounts that foreign governments are 
surreptitiously exploring our digital infrastructure, a top official said 
yesterday.

Richard A. Clarke, head of the Office of Cyberspace Security, said the 
government has begun to regard nation-states rather than terrorist groups 
as the most dangerous threat to this country's computer security after 
several suspicious break-ins involving federal networks.

"There are terrorist groups that are interested. We now know that al Qaeda 
was interested. But the real major threat is from the information-warfare 
brigade or squadron of five or six countries," Clarke said in an interview 
with Washington Post editors and reporters.

The White House last week called in Gregory J. Rattray, an Air Force 
officer and author of "Strategic Warfare in Cyberspace," to accelerate the 
process of sorting out the legal and ethical issues surrounding such attacks.

In one series of incidents in 1999 and 2000, unidentified hackers 
downloaded scores of "sensitive but unclassified" internal documents from 
the Los Alamos and Livermore national laboratories and the Defense 
Department. Investigators traced the electronic trail back to an unnamed 
foreign country; officially, the government there denied being involved, 
but the intrusions suddenly stopped, he said.

U.S. officials also believe it is possible that a foreign government helped 
create the Code Red virus that took control of 314,000 servers last year 
and directed them to attack White House computers.

For the past nine months, Clarke -- who reports both to Homeland Security 
Director Tom Ridge and national security adviser Condoleezza Rice -- has 
been preparing a plan that will involve the government, private companies 
and average citizens in defending against future attacks. This national 
strategy will be outlined next month in Silicon Valley.

Among the recommendations is that Internet service providers for cable and 
DSL companies package their faster always-on services with "firewalls," or 
security software that repels outside intrusion and monitors what 
information is sent out to the Internet. Clarke said many people have 
connected to the Internet through such services in recent years without 
being told their computers are open to intruders.

"Our goal is not to prevent cyberattacks but to withstand them," Clarke said.

Clarke said the country has made some progress in shoring up its defenses 
since Sept. 11 but it will be years before it can fix the numerous 
vulnerabilities that have existed on the Internet since its creation. He 
said the government also is assessing whether some critical computers 
should be disconnected from the Internet or run on a private network.

Federal agencies have increased their information technology spending to 
$4.5 billion in the fiscal year beginning in October, up 64 percent from 
the previous year. Major software companies such as Microsoft Corp. and 
Oracle Corp. have made security a top priority. But companies in other 
sectors, especially telecommunications, have been slower to respond because 
of financial difficulties, Clarke said.

Meanwhile, Clarke said, more and more countries, especially poorer ones, 
are coming to see the advantage of cyberwarfare over traditional warfare. 
Such efforts are less expensive, costing thousands of dollars, compared 
with billions for a nuclear weapons program. Cyberattacks also are easier 
to conceal.

The specter of more significant cyberattacks from enemy countries has 
pushed the U.S. government to explore how far it should go in its own use 
of technology in war.

The U.S. military's use of cyberwarfare so far has been limited mostly to 
defensive efforts and information collection.

After the NATO campaign in Kosovo in 1999, Gen. Henry H. Shelton, chairman 
of the Joint Chiefs of Staff, disclosed that the military had jammed 
Serbian computer networks. But Clarke said the United States has yet to 
engage in a major attack that damages other systems.

Clarke describes the situation today as analogous to the dilemma the U.S. 
government faced several decades ago when it had nuclear capability but 
lacked rules on when or how to use the weapons.

Under the Geneva Convention, the operative international law of war, 
attacks on noncombatants are prohibited. Thus, a cyberattack on the banking 
system or electricity grid of a country believed to be helping terrorists 
would raise unresolved legal issues because of the damage it might inflict 
on innocent people.

"It's okay to blow up a bridge and kill everyone, including civilians" if 
the bridge is believed to serve a military purpose, said Mark Rasch, a 
technology security consultant and former Justice Department prosecutor. 
"But it might not be okay to hack into computer systems" that are not 
obviously serving a military purpose.

And it could be particularly hard to control the impact of an electronic 
attack. For example, any virus the military might unleash on its enemies 
would probably spread beyond the target because so many of the world's 
computers are linked to the Internet.

Some officials in the Bush administration also are concerned about creating 
dangerous precedents by launching the first major Internet attack given 
that the United States could have more to lose than any opponent in such a 
conflict.

American businesses and governmental entities depend on technology to a far 
greater degree than do relatively undeveloped countries and loose-knit 
terrorist groups -- and retaliation could be a major danger.

"We live in the largest glass house on the street when it comes to that," 
said Daniel T. Kuehl, a professor at National Defense University, an 
education arm of the military.

Staff writer Vernon Loeb contributed to this report.
****************************
News.com
ISPs off the hook in swapping suit
By Lisa M. Bowman

The Recording Industry Association of America has dropped a contentious 
lawsuit against major Internet service and network companies that sought 
their help in shutting down communications to a China-based music copying 
site.

The RIAA had filed a federal suit Friday against network and ISP (Internet 
service provider) divisions of companies including AT&T, Cable & Wireless, 
Advanced Network Services and WorldCom, accusing the companies of allowing 
people to access the Listen4ever Web site and illegally copy music.

However, the RIAA said Wednesday that it was dropping the suit because the 
Listen4ever site has been shut down. The site offered music from artists 
including Bruce Springsteen, Christina Aguilera and The Red Hot Chili 
Peppers as well as some unreleased music, according to the suit.


"This particular network was a crass attempt to evade our copyright laws by 
setting up shop in China while offering a treasure trove of mostly American 
music for free," RIAA CEO Hilary Rosen said.

The RIAA, which has sued networks including Napster to the brink of 
extinction, could not track down the operator of Listen4ever. Instead, it 
took the controversial step of suing ISPs for offering access to the network.

"The fact that this file-sharing service went to such lengths to conceal 
its origins demonstrates again the awareness that this is an illegal 
activity--for both the operators and users of these unauthorized networks," 
Rosen said.

The RIAA, a trade group representing major music labels, has become 
increasingly aggressive in its efforts to stop piracy and maintain control 
over distribution of its music in the digital age. In addition to filing 
suits against Napster, Scour and Morpheus, the organization has pursued 
companies that allow employees to swap files and is moving closer to going 
after individual users.

A representative for AT&T Broadband confirmed that the suit was dropped but 
had no further comment. Representatives from the other companies named in 
the suit did not immediately respond to requests for comment.
****************************
Federal Computer Week
OHS to test emergency links

Within the next two months, the Office of Homeland Security will lead an 
exercise to test the possibility of linking federal, state and local 
incident command centers across the country with the White House situation 
room during times of emergency.

During the past several months, the office has set up off-site incident 
coordination and support centers that provide around-the-clock assistance 
for prevention and response, said Stephen King, director of investigations 
and law enforcement within the Office of Homeland Security's Threat, 
Countermeasures and Incident Management Directorate. King was speaking Aug. 
20 at the Government Symposium on Information Sharing and Homeland Security 
in Philadelphia.

The Office of Homeland Security Coordination Center is a high-level 
interagency group that is constantly on call to monitor and respond to 
threats identified by intelligence and law enforcement. While the members 
of that group come together in response to a call  usually within a half an 
hour  the Office of Homeland Security Incident Support Group provides a 
live video link between the White House and state and local first 
responders, King said.

The exercise will test the links for this support group, King said. A 
communications working group already is in place with participants from 
federal, state and local agencies looking at the specific technology issues 
involved in creating the nationwide connection, he said.

"That sort of connectivity will be critical to quick response," King said.
***************************
Wired News
Porn Biz Has a Net Stalker

An Internet stalker is haunting the porn industry.

In recent months, blue-movie luminaries have received dozens of e-mails, 
from aliases like "zodiac_killer" and "pornhater2002," filled with racial 
epithets and grisly descriptions of murder and torture.

"(Porn director) Rob Black's a piss-drinkin', shit-eatin' rodent. I'll stab 
'til dead 3 times over both him and the sewage called his wife," reads a 
typical rant.

Some in the adult entertainment community say they're unfazed by the 
screeds. But the messages have gotten so voluminous, and so creepy, that 
the FBI has begun to investigate.

"I have received about a hundred hateful e-mails," Jenna Jameson, the 
X-rated superstar, posted to Gene Ross Extreme, a website devoted to porn 
industry gossip. "I have forwarded them to the FBI. So many of his e-mails 
are threatening and just flat out scary. He is the type a (sic) guy who 
slips a gear and ends up killing people!"

Making interstate "threats to injure" is a federal crime, punishable by up 
to five years in the clink and a fine. So is using a "telecommunications 
device" to harass someone, and it carries a maximum sentence of two years.

The blue movie business attracts more than its fair share of the panting 
brown-overcoat crowd. But acts of violence are rare -- the shooting of 
Hustler magazine magnate Larry Flynt is the notable exception. Online 
stalking is rarer still, according to industry insiders. One performer, 
Christy Lake, said she's never been electronically harassed. Dave Cummings, 
the 62-year-old star of the Sugar Daddy skin-flick series, said that before 
now, he had only received one violent threat in seven years -- and the guy 
apologized a few days later.

Lately, however, this dynamic has begun to change. A recent letter from a 
"Chad Luke," sent to several porn production houses, compared smut-mongers 
to terrorists.

Then there's Bryan Sullivan, who admitted last August on Gene Ross Extreme 
to breaking into the website of actress Samantha Sterling.

In the summer of 2001, Sullivan became a frequent contributor to the 
raucous discussions of the blue movie business on Gene Ross Extreme and 
LukeFord.com, another gossip site. High-end porn performers, he wrote in a 
typical post, "have the audaciousness to think that they are the betters of 
the whores that get pissed on, slapped around, shit and spit on."

These kinds of comments were considered fair game, even typical, for these 
sites. But this spring, Sullivan's mass e-missives broke these flimsy 
boundaries, and entered the realm of the downright scary. "Fucking 
butt-ugly gook [Tera Patrick]; shoot one dead today!" was the title of one 
message, dated April 5, referring to a popular starlet.

A day earlier, Sullivan e-mailed Rodger Jenkins, an adult movie 
screenwriter who contributes to LukeFord.com under the name "Martin 
Brimmer" -- that "cyberstalking is an equal opportunity crime but porn 
stars are more likely to be harassed (by me in particular)."

Sullivan then went on to describe the various ways he could locate personal 
information about an actress.

"I can see exactly where she lives," he wrote. "Convenient, since she's not 
answering my repeated threatening e-mails and I've been thinking about 
paying her a visit."

On April 9, Tony Olson, a security official at Road Runner, the high-speed 
ISP, sent Sullivan a warning that the company had received complaints of 
harassing e-mail from his account.

That same day, the FBI came calling.

"They went through my hard drive and looked at all my e-mails and one of 
them said, 'This is more comical than threatening,'" Sullivan told Jenkins. 
"They said that they don't need this aggravation and for me to watch what I 
do and tone it down and hopefully I won't have to hear from them again."
Sullivan did not respond to multiple invitations to comment on this story.

E-mails from "zodiac_killer" and "pornhater2002" began appearing in the 
inboxes of the adult community around the same time. Several of these 
messages were addressed to Sullivan. In turn, many of Sullivan's e-mails 
were now addressed to "zodiac_killer" or "pornhater2002."

"Filthy Smelly Gooks Tera Patrick, Wanker Wang" was the title of one 
message from "pornhater2002." A message from "pornhater" on May 16 was 
particularly toxic. The message was signed, "Sir Sylvester Sullivan." 
Although the e-mails seem to implicate Sullivan, there is no evidence that 
he is behind them.

For Dave Cummings, this was too much. Cummings -- a purported 25-year 
veteran of the Army who earned a bronze star in Vietnam -- contacted the 
FBI field office in his hometown of San Diego.

The FBI is taking the matter seriously, Cummings said. There's now an 
"active investigation" underway, with Cummings serving as liaison to the 
lewd community. Through him, the e-mails that shocked the most unflappable 
of industries are being sent to the San Diego office of the FBI.

The FBI won't publicly comment on the case. But one agent involved said, 
"We're at square one with this thing. There are a whole lot of other people 
we're going to have to get involved."
****************************
Computerworld
DrinkOrDie member gets 33 months in prison

A 24-year-old member of DrinkOrDie, one of the oldest international piracy 
groups on the Internet, has been sentenced to 33 months in federal prison 
for conspiring to violate criminal copyright laws.
Christopher Tresco of Allston, Mass., pleaded guilty in May in U.S. 
District Court for the Eastern District of Virginia of using his employer's 
computers to distribute copyrighted material, including movies, software, 
games and music, according to a U.S. Department of Justice statement 
(download PDF).

Tresco faced up to five years in prison and $250,000 in fines. He is 
scheduled to surrender Nov. 1 to begin serving his sentence.

"Chris made an error in judgment in getting involved in this activity and 
he has acknowledged to the court that he violated the law," said Tresco's 
Boston-based attorney, Gary Crossen. "He hopes others will learn from him 
the lesson to avoid computer crimes and respect federal copyright laws."

Tresco is one of 40 people worldwide targeted by Operation Buccaneer, a 
14-month undercover investigation into copyright violations by the U.S. 
Customs Service (see story). One of Tresco's co-conspirators pleaded guilty 
to conspiracy charges earlier this year (see story) and was sentenced to 46 
months in prison.

Operation Buccaneer also netted members of other online piracy groups, 
including RiSC, RAZOR1911, RiSCISO, and POPZ. To date, 13 people have 
pleaded guilty to charges in connection with Operation Buccaneer; 10 have 
already been sentenced. Federal prosecutors said DrinkOrDie consisted of 
approximately 65 members from more than a dozen countries including 
England, Australia, Sweden, Norway and Finland.

Federal prosecutors said Tresco, known by his screen name "BigRar," took 
advantage of his job as systems administrator for the Economics Department 
at MIT to install and operate a number of DrinkOrDie file storage/transfer 
sites on the MIT system. This included DrinkOrDie's "drop site," a computer 
connected full time to the Internet that served as the workstation and 
initial distribution point for all the group's release work of copyrighted 
material, according to prosecutors. The group would defeat security 
features, then distribute the counterfeit titles around the world.

In addition, Justice officials said, Tresco installed and operated a number 
of the group's FTP "leach" sites containing tens of thousands of software, 
game, movie and movie titles for copying and downloading by DrinkOrDie 
members.
*************************
Mercury News
Entrepreneur files suit over junk faxes

When Silicon Valley entrepreneur and philanthropist Steve Kirsch gets a pet 
peeve, beware.

Tired of his fax machine whirring at 3 a.m. with unsolicited faxes, Kirsch 
plans today to file two suits against Fax.com, the country's largest 
fax-broadcasting company.

Kirsch, who rarely does anything on a small scale, is seeking an 
astronomical $500 billion in statutory damages -- an unprecedented amount 
that may garner media attention but likely would never be awarded.

``This is not a publicity stunt; our goal is to shut Fax.com down and make 
any advertiser thinking of sending an unsolicited fax think twice,'' Kirsch 
said.

He had to be talked down to that damage amount, confided an adviser.

Kirsch is seeking class-action status for a federal suit and a separate 
California one, saying that ``Fax.com has fax numbers for every machine in 
the U.S.''

Fax.com did not return calls for comment but has questioned the 
constitutionality of junk-fax bans.

Kirsch's suits come two weeks after the Federal Communications Commission 
proposed a $5.38 million fine against Fax.com, based in Orange County. That 
fine has also prompted renewed interest in toughening California law 
banning junk faxes, and California Attorney General Bill Lockyer has 
subpoenaed Fax.com records as part of an investigation.

Kirsch acknowledged that junk e-mail has become a bigger headache than junk 
faxes, but said the laws governing faxes are stronger.

Spammers, however, could be next, he warned.

``I have the resources, time and money,'' he said. But even the 
multitasking Kirsch will have his hands full today.

He's holding his press conference at El Camino Hospital in Mountain View to 
highlight how a medical center could be threatened by nuisance faxes, as 
happened in a Washington state case.

El Camino happens to be where Kirsch's wife, who went into labor Wednesday, 
is due to give birth to their third daughter.
**************************
Associated Press
States Struggle With Online Records
Wed Aug 21, 3:15 PM ET
By D. IAN HOPPER, AP Technology Writer

WASHINGTON (AP) - States have made significant progress in putting their 
court records online, allowing the public to examine criminal cases, 
lawsuits and divorces. However, all are struggling to develop privacy 
standards that keep pace with the technology, says a report released 
Wednesday.



The Washington-based Center for Democracy and Technology said states are 
trying to figure out how to balance the right to access public records with 
the risks of putting a battered wife's address on the Internet or posting 
uncorroborated child abuse allegations for all to see.

"It is clear that those concerns are out there and each state is trying to 
take a stab at addressing them," CDT policy analyst Ari Schwartz said.

Some states, like Florida, have gone so far as to consider placing a 
moratorium on online court records until they develop a policy. Florida has 
one of the nation's most explicit open records provisions, a constitutional 
guarantee for access to public records.

"There's also, by the way, a constitutional right of privacy right next to 
it. So we're not sure what the two of them mean together," said Steve 
Henley, who handles such matters for Florida's Supreme Court.

According to the report, every state in the nation puts their court records 
online and open to the public to some degree. But each state differs in its 
approach.

Montana's Web sites have a free, searchable database of Montana Supreme 
Court opinions and orders. Some courts in Alaska have listings of closed 
civil cases, probate cases (involving wills and estates) and divorce cases.

California's state court gives access to civil, probate and family law 
cases for a yearly fee, while county courts offer their own records online 
under varying rules.

All of these court records can have unintended consequences. Some courts 
delete obviously sensitive data like social security ( news - web sites) 
numbers, but one could also find bank account numbers as well as a person's 
name and address, information that could help an identity thief.

There's also information that is almost never sealed by definition, but 
could still be sensitive or embarrassing, like accusations of battling 
spouses in a divorce case or the names of biological parents in an adoption.

Victim's rights advocates have called for taking spousal abuse and family 
law cases off-line to respect the privacy of a battered wife or abused 
child. The wife's address, frequently found within court documents, could 
help a stalker.

"That could have life-threatening ramifications," said Martha Steketee of 
the National Center for State Courts.

Steketee's group, a nonprofit organization designed to help states devise 
judicial policy, is behind one of a handful of state and federal efforts to 
address the online records problem and write guidelines. The center is 
finalizing its recommendations, and plans to release a report in October.

Meanwhile, states are left to work out the problems on their own, Steketee 
said.

"Courts are at wide and varying extremes with this," Steketee said. "There 
are some courts that have tried putting up huge amounts of information, and 
some have stopped putting out any information electronically."

Most states are in Florida's position. Henley, the Florida official, had a 
simple answer. "Without a statewide policy, we essentially have 67 
policies," he said.

Privacy advocates and state officials don't expect the issue to be resolved 
overnight, but they hope that greater awareness of the problems will bring 
some standards.

"Even judges and lawyers in the system don't realize the extent and the 
nature of the personal information contained in court filings," Henley 
said. "Everything that goes on in society to some extent ends up in court."

___

On the Net:

Center for Democracy and Technology: http://www.cdt.org

National Center for State Courts: http://www.courtaccess.org

Florida State Courts: http://www.flcourts.org/
****************************
Associated Press
Appalachia Technology Faces Hurdles
Thu Aug 22, 2:13 AM ET
By GAVIN McCORMICK, AP Business Writer

CHARLESTON, W.Va. (AP) - The Appalachian region must leap several sizable 
hurdles for its technology economy to run at the same pace as the rest of 
the nation, concludes a university study to be released Thursday.



Across a largely rural area spreading 200,000 square miles across 13 
states, the technology sector is small and grew only about two-thirds as 
fast as the region's overall economy between 1989 and 1998, says a report 
by the University of North Carolina Office of Economic Development.

Shortages of entrepreneurs, scientists, university education and public and 
private sector research continue to hamper the region's ability to develop 
a technology-centered economy, the authors say.

The report was prepared for the Appalachian Regional Commission, a 
federally funded agency created in 1965 to help the region's development.

ARC boundaries spread beyond Appalachia's hilly core to encompass 406 
counties in 13 states ranging from New York to Mississippi.

Appalachian urban areas have a significantly lower number of scientists, 
engineers and technicians than the United States as a whole, the report says.

The number of federal research grants, which often go to university or 
government laboratories, is concentrated in just a few areas such as 
Huntsville, Ala., Blacksburg, Va., Pittsburgh and State College, Pa., and 
Ithaca, N.Y.

Also, the region's four-year colleges and universities grant 
proportionately fewer degrees in industrial engineering than do 
universities nationwide. And its two-year schools grant substantially fewer 
computer science degrees than does the rest of the nation.

While many state-funded programs are trying to develop the area's high-tech 
economy, the report says, few are focused on the two areas projected to 
grow fastest in the next decade: information technology and biotechnology.

The report identifies for the region 100 technology "clusters," or areas 
with concentrations of high-tech employment and research. Yet more than 
half of those clusters are in cities such as Atlanta, Cincinnati and 
Washington, D.C., which lie on the region's periphery.

"That means the ARC region's high-tech prospects are heavily dependent on 
spillover effects from neighboring cities," the report concludes. 
"Unfortunately, those spillovers are neither certain nor necessarily 
positive."

___

On the Net:

Appalachian Regional Commission: http://www.arc.gov
******************************
Federal Computer Week
Rumsfeld outlines risks, rewards

The Defense Department's focus on network-centric operations carries the 
responsibility that those systems are secure and available if the United 
States is going to fight effectively, Defense Secretary Donald Rumsfeld 
said in his annual report to Congress and President Bush.

"U.S. forces must leverage information technology and innovative 
network-centric concepts of operation to develop increasingly capable joint 
forces," Rumsfeld said in the document, issued Aug. 16. He said that the 
war in Afghanistan has demonstrated the military's ability to use a variety 
of network combat elements from all of the services.

"This joint action only hints at the potential opportunities that can be 
exploited through new ways to connect seamlessly our air, sea and ground 
forces," he wrote. "IT holds vast potential for maximizing the 
effectiveness of American men and women in uniform."

But those information systems must be protected from attack and new 
capabilities for effective information operations must be developed, 
Rumsfeld wrote.

"The emergence of advanced information networks holds promise for vast 
improvements in joint U.S. capabilities, and it also provides the tools for 
non-kinetic attacks by U.S. forces," he said. Potential adversaries could 
exploit vulnerabilities if they are left unchecked, he warned.

"In a networked environment, information assurance is critical," Rumsfeld 
said. "Information systems must be protected from attack, and new 
capabilities for effective information operations must be developed."

The United States must also carry that information assurance effort to 
space because of the service's dependence on space-based technologies that 
enable network-centric operations through use of satellite communications.

"No nation relies more on space for its national security than the United 
States," he said. "Yet elements of the U.S. space architecture  ground 
stations, launch assets and satellites in orbit  are threatened by 
capabilities that are increasingly available."

The report also stresses the importance of Rumsfeld's "transformation" effort.

"Transformation is fundamentally about redefining war on our terms by 
harnessing an ongoing revolution in military affairs," he said. That 
transformation has conceptual, cultural and technological dimensions.

"Fundamental changes in the conceptualization of war as well as in 
organizational culture and behavior are required to bring it about," he said.

The annual report also stresses DOD's efforts to streamline its business 
operations by improving its financial management and its ability to buy new 
technology.

"Transforming DOD's outdated support structure is a key step in achieving a 
more capable fighting force," Rumsfeld said.
***************************
Government Computer News
Data security hinges on money, not technology, feds say
By William Jackson

Government customers can foster information assurance by demanding it from 
vendors, said officials charged with overseeing the safety of the nation's 
critical infrastructure.

"Money talks," said Richard H.L. Marshall, principle deputy director of the 
Critical Infrastructure Assurance Office. "Put your money where your mouth 
is, and you're going to have good behavior. Make vendors be responsible for 
creating good products."

Customer demands have begun to have an impact, said Howard A. Schmidt, vice 
chairman of the President's Critical Infrastructure Protection Board. A 
number of software and hardware providers, such as Microsoft Corp. and Sun 
Microsystems Inc., have decided that "security will trump feature sets" in 
future products, he said.

Marshall and Schmidt were among a panel of federal and corporate experts 
discussing responsibility and accountability in information assurance today 
at the Sector5 cybersecurity conference in Washington.

The panelists, who also included Ronald Dick, director of the National 
Infrastructure Protection Center, and Secret Service agent Bob Weaver, who 
heads the New York Electronic Crimes Taskforce, agreed that security 
conditions should focus on prevention rather than response.

"It's all pre-incident," Weaver said. "That's where your efforts should be."

But getting the money to adequately secure systems has always been a 
problem. Today's discussion had a sense of déjà vu about it, Schmidt said. 
Although problems have long been known, "we're all saying the same thing 
two or three years later," he said.
**************************
Washington Post
Civil Liberties Groups Want Patriot Act Info

The American Civil Liberties Union (ACLU) today asked that the Justice 
Department reveal how its agents are using the expanded surveillance powers 
granted to law enforcers under the USA Patriot Act. Joined by the 
Electronic Privacy Information Center and the American Booksellers 
Foundation, the ACLU filed a Freedom of Information Act request seeking 
information on how federal law enforcers are using Patriot Act to track 
suspected criminals and terrorists. Introduced shortly after the Sept. 11 
terrorist attacks and passed late last year, the law broadens federal phone 
and electronic surveillance authority; makes it easier for government 
officials to obtain phone, Internet and business records; and loosens 
evidentiary requirements for obtaining wiretaps in terrorism cases.
-- David McGuire (08/21/02)
***************************
USA Today
Network to support Washington area emergency workers

WASHINGTON (AP)  Police, fire and other emergency personnel in the 
Washington area will soon be able to use a wireless network to communicate 
and share databases when responding to everything from traffic accidents to 
terrorist attacks.


The network, which participants call the first of its kind, is called the 
Capital Wireless Integrated Network, or CapWIN. IBM will build the $20 
million system, funded by Congress, over the next two years.

"For us old warhorses, this is like a dream come true when it comes to 
communicating in emergencies," said Chief Charles Samarra of the 
Alexandria, Va., police.

The network will cover police, fire, ambulance and transportation officials 
in Washington and its Maryland and Virginia suburbs, as well as federal 
agencies such as the FBI and the Capitol Police.

It will allow authorities with different jurisdictions to communicate in 
electronic "chat rooms" on laptop computers, handheld computers and cell 
phones. Authorities currently have no means of reliable communication 
outside of their own jurisdictions, Samarra said.

Two years ago, after an incident on a bridge connecting Virginia and 
Maryland, federal officials and authorities from both states came to the 
scene.

"We found ourselves all on the bridge and unable to communicate adequately 
with each other," Samarra said. "We had to end up sending notes by 
runners." Traffic was backed up for five hours due to the incident.

The system will make data sharing easier. Currently, a Virginia police 
officer who pulls over a District of Columbia driver can instantly find out 
whether the driver is wanted on a national or Virginia warrant. Searches in 
other jurisdictions take far longer.

"Because of the time involved, most officers are just not going to do it," 
Samarra said.

The new network will give almost instant access to crime databases. 
Maryland police officers have used a test version to recover stolen vehicles.

An interstate task force would be able to establish its own chat room on 
the network, letting members stay in touch during ongoing investigations.

IBM officials said the network will be designed to handle 10,000 users, and 
complies with the FBI's standards for wireless computer security. The 
network runs on existing gadgets, IBM said, so local agencies won't need to 
buy new hardware.

Several recent reports have highlighted communications problems in New York 
as emergency personnel converged at the World Trade Center on Sept. 11. A 
report released earlier this week by New York officials said the city's 
police communications system was incompatible with the network used by 
firefighters, and radio problems left many commanders and firefighters 
unable to communicate with each other.

"If New York could have had CapWIN, a lot of the things I read about in the 
paper would not have been issues," Samarra said.
***************************
Mercury News
Privacy bill watered down
By Ann E. Marimow

SACRAMENTO - Landmark legislation to give consumers more control over their 
personal financial information cleared a major hurdle Wednesday, but not 
without being diluted over the objections of consumer advocates.

Proponents, however, vowed to strengthen the bill to clamp down on 
companies that share and sell information on their consumers' finances when 
the measure moves today to another Assembly committee considered friendlier 
toward privacy legislation.

When the bill's sponsors let their guard down Wednesday, banking committee 
Chairman Lou Papan, D-Millbrae, pushed through an amendment that would make 
it easier for some companies to share customers' private data without their 
permission. When the sponsors discovered what had happened, they reacted 
with disbelief.

The move came just two days after the sponsor, Sen. Jackie Speier, D-San 
Mateo, announced a ``breakthrough compromise'' with Assemblyman Joe Nation, 
D-San Rafael, that made the measure more palatable to key moderate 
Democrats, including Assemblywoman Rebecca Cohn, D-Campbell.

``It's a horrible amendment,'' said Rosemary Shahan of the Consumer 
Federation of California, referring to the change made in the banking 
committee. ``But the potential to protect privacy lives on.''

Speier said the further weakening of the bill Wednesday stripped the 
legislation of its power to allow customers to keep private information 
such as bank account balances and credit histories.

``This takes away choice for consumers,'' Speier said. ``And it's precisely 
what the insurance industry wants.''

The amendment's sponsor, Assemblyman Phil Wyman, R-Tehachapi, disagreed.

``Your bill doesn't help consumers,'' he said. ``It goes beyond federal law 
and hurts the economy of California.''

The watering down of the measure, SB 773, and the political wrangling at 
the hearing Wednesday was another obstacle in Speier's 2-year-old push to 
enact what would be some of the toughest privacy restrictions in the nation 
on how banks and other companies can use a customer's financial information.

Speier's bill was defeated last year, despite many hours she spent 
negotiating with the governor's office and business leaders. She blamed the 
governor and some moderate Democrats for caving to pressure from business, 
an accusation her opponents denied.

This year, Gov. Gray Davis backed another bill sponsored by Nation that was 
opposed by both business and consumer advocates.

Under the compromise announced this week, banks and insurance companies 
would have to ask permission to trade or sell customers' information with 
non-financial third parties like telemarketers.

But they would not have to ask to share this information with company 
affiliates and some outside financial companies. Consumers, however, could 
fill out a form to prevent it.

The amendment approved Wednesday would take away that option for consumers 
when financial companies want to share this information with affiliate 
companies engaged in similar businesses.

Despite their apparent victory, representatives for the financial industry 
said they will have to work hard to keep the amendment in when the bill 
goes to the Judiciary Committee today. Even as amended, they said the 
measure would be a burden on businesses.

``We're not encouraged that the amendment will stay in the bill,'' said 
Diane Colborn of the Personal Insurance Federation of California.

Early in the five-hour hearing, Speier asked that the vote taken on the 
amendment be put on hold to try to round up sufficient opposition.

Speier and Nation were later shocked to learn that Papan instead declared 
the vote final without letting them know.

``They were in the room, they just weren't paying attention,'' Papan said.

The sponsors tried unsuccessfully to reverse the outcome, arguing that the 
decision to declare the vote final happened after they had left the room.

``Don't argue with me. I cleared the vote!'' said Papan in the gruff style 
that has made him a feared figure throughout his career. Papan retires at 
the end of this year.
*************************
Nando Times
Law professor fights Web link ban

SAN FRANCISCO (August 21, 2002 6:56 p.m. EDT) - A U.S. law professor is 
defying a growing number of companies that want to ban the practice of 
"linking" - where a Web site points to another page on the Internet.

Courts around the world have been grappling with entities trying to 
restrict the practice.

Last month, a Dutch court held that a site that links to news stories from 
other media was barred from the practice, due to copyright constraints.

Courts in Scotland and the U.S. have also grappled with the ban, usually 
deciding to bar someone from linking to copyrighted material.

But that bar rankles Internet aficionados, who claim linking is a basic 
function of the world wide web.

"It's a silly ban, really," said David Sorkin, a professor of law at the 
John Marshall Law School in Chicago. "Someone has to point that out."

Sorkin has now erected a web site, www.dontlink.com, which flouts 
anti-linking policies by linking to companies that seek to ban the 
practice. These include The American Cancer Society, the Chicago Tribune 
and National Public Radio.

Sorkin said he has yet to receive a formal complaint from the companies on 
his site.

"Maybe once they see I'm a law professor, they'll have second thoughts 
about fighting me," he said.
*****************************
Information Week
Profiteering On Homeland Defense

Since Sept. 11, vendors of a cornucopia of protective gear have beseeched 
Americans and their government to buy in the name of 'homeland security.'
By Jim Krane, AP Technology Writer

NEW YORK--Since the days when Samuel Colt made a fortune peddling his 
Peacemaker revolvers to frightened frontiersmen and a budding U.S. Army, 
astute entrepreneurs have profited by selling goods to Americans worried 
about security. Full story, see: 
http://www.informationweek.com/story/IWK20020821S0001
*****************************
Wired News
New Salvo in Piracy, Privacy War
By Brad King

The music industry's trade association is asking a federal district court 
to force an Internet service provider to turn over private information for 
a subscriber, heating up the legal war between technology and entertainment 
companies.

The Recording Industry Association of America wants Verizon Internet 
Services to turn over information on one of its subscribers, who the RIAA 
suspects of offering a large collection of MP3s for download.

Wednesday's legal filing with the Federal District Court for the District 
of Columbia came after Verizon refused to comply with a July 24 subpoena 
issued by the same court, saying the legal merits of the order were wrong. 
A spokesman said the company would continue to fight the matter.

"Under any circumstances, we are concerned with the privacy of our 
subscribers and with the copyrights of the entertainment industry," said 
Eric Rabe, Verizon's vice president of media relations. "But this isn't an 
area that we should be rushing into. We'll comply with proper legal orders, 
but we want to make sure we are not overreactive."

Verizon finds itself on a slippery slope. ISPs promise users to protect 
their identities, but entertainment companies are increasingly putting 
pressure on Congress and the Justice Department to crack down on people 
illegally sharing songs and movies.

At issue in the Verizon case is how much protection ISPs have from 
prosecution under the Digital Millennium Copyright Act, the controversial 
law meant to thwart digital piracy.

While the DMCA lets copyright holders stop anyone from distributing 
software that removes security locks from content, it doesn't allow them to 
challenge the company that provides the gateway to the Internet.

Legislators gave service providers "safe harbor" protection, which means 
ISPs can't be held liable for what their subscribers get up to online.

There is a catch, however. The protection disappears if the ISP finds out 
that a subscriber is illegally sharing files. The RIAA claims that 
Verizon's protection should have been dissolved after it informed the ISP 
of the infringement by this individual. The court agreed, and ordered 
Verizon to turn over the subscriber's name.

It's a chilling prospect that an ISP could be forced to turn over private 
information on its customers, but the recording industry said this action 
is limited to one subscriber who is engaged in massive piracy.

"The subpoena seeks limited information relating to a computer connected to 
the Verizon network that is a hub for significant music piracy," said court 
papers filed in July.
************************
USA Today
Broadband companies increase move toward rate plans
Michelle Kessler USA TODAY

SAN FRANCISCO -- The days of one-price-fits-all for high-speed Internet 
access are ending.

No. 3 broadband Internet provider SBC Communications Wednesday became the 
latest to say it would charge a range of prices for consumers, as it 
already does for big businesses.

SBC currently charges all consumer broadband users $50 a month. Starting 
this fall, the company will offer six rate plans. Prices haven't been set. 
No range was given.

Rivals Covad Communications and AT&T Broadband also announced tiered 
service plans this summer. ''By the start of next year, I expect every 
major broadband carrier to go this route,'' says ARS analyst Mark Kersey.

More choices will mean lower prices for many consumers, especially average 
Internet users, analysts say. But heavy users, such as avid gamers, will 
likely have to pay more. And, over time, tiered pricing could make it 
easier for carriers to raise rates, because multiple plans make small 
increases less noticeable.

''I don't think you'll see (price increases) in the next six months, but 
(they're possible) within a year or two,'' Kersey says.

In most cases, the tiered plans offer unlimited Web surfing at different 
speeds. The slower the speed, the lower the cost.

For example: Covad's cheapest digital subscriber line service costs $40 a 
month -- after a $22 four-month trial period -- and is about five times 
faster than regular dial-up. Its most expensive DSL service costs $89 and 
is about 25 times faster than dial-up. Broadband services such as DSL are 
gaining favor because they're fast, don't tie up phone lines and are always on.

Carriers hope more choices will lure customers to the market. Fewer than 
17% of U.S. households have high-speed access.

But carriers might end up undermining themselves, says Forrester Research 
analyst Charles Golvin.

Many small businesses, for example, often pay hundreds of dollars a month 
for special business-class high-speed lines. Now, they could get similar 
service for less than $90.

Some residential customers might also end up paying less for a lesser 
service -- if given the choice, Golvin says. That's one reason not every 
carrier has switched. For example, No. 1 broadband provider Road Runner, 
owned by Time Warner Cable, offers only one residential plan for $45 a month.

Still, analysts say they expect tiered pricing to become the norm, despite 
challenges. ''The problem is they're coming out with this during a 
recession,'' says Giga Information Group analyst Lisa Pierce. ''I have 
modest expectations until the economy recovers.''
***************************
Sydney Morning Herald
Cracking the hackers' code
By Suelette Dreyfus
August 20 2002
Next





If your organisation suffered a computer crime in the past few years and 
reported it to AusCERT, it was probably an attack from outside your walls. 
Nearly 90 per cent of Australian organisations that reported an incident 
were attacked externally, according to the 2002 Australian Computer Crime 
and Security Survey. This is the first time the threat of being attacked 
from outside surpassed the likelihood of an assault from inside.

It might be increasingly difficult to keep out external hackers but there 
are signs IT managers are finding it easier to win support within companies 
for improving security. Management consulting firm McKinsey & Co recently 
studied security best practices at Fortune 500 companies. About 30 of these 
companies, including AOL Time Warner, Merrill Lynch, Microsoft and Visa 
International, had appointed a chief security officer or other senior 
executive to oversee information security. In some cases, this executive 
had the power to stop the launch of new products or systems, and answered 
only to the chief executive.

The recent AusCERT study stated that 70 per cent of Australian 
organisations surveyed had increased spending on information security in 
the past year.

All of this is good news for IT managers. Most attempted attacks come via 
script kiddies, according to Neal Wise, senior security consultant for 
eSec, a Melbourne-based security technology company. Keeping software up to 
date should provide a good first-line defence but he also recommends 
putting pressure on vendors to release security patches in a timely 
fashion. "You can vote with your wallet," he says.

Yet Grant Bayley, organiser of Sydney's 2600 group, a gathering of security 
enthusiasts, says that while the number of hackers has increased, the 
percentage of highly skilled hackers has stayed the same, suggesting their 
total numbers are up as well. "These are the people who are really good at 
writing exploits - original and very obscure exploits. And people don't 
write exploits just to have them sit there and look pretty."

More sophisticated hackers may be more difficult to defend against, in part 
because their motivations may be complex. A small subset of these hackers 
obsess about a problem day after day, ignoring the rest of their lives. If 
you are running a network or a system, understanding what drives people to 
break in will help you to defend your organisation.

Meeting "Higgs", formerly one of the most skilled illegal hackers of the 
Australian computer underground, can be a high-stress experience; Higgs 
fidgets with other people's things until they break.

He doesn't mean to break them, he just pulls and prods at them incessantly 
while he bounces his knee up and down and talks. When the item cracks or 
snaps, he looks utterly surprised, as though he had no idea the item was in 
his hand. He sheepishly slips the broken pieces into his pocket, adding to 
his sins by running off with the evidence.

He sometimes has one-way conversations with people, meaning he talks and 
they try to get a word in edgewise. He is always right, and he is only 
interested in "the truth", no matter how bare and brutal. This inflexible, 
seemingly arrogant attitude frequently gets him into trouble, in part 
because he is usually right. Or because when he's wrong, he's so wildly off 
the mark, it's funny. He's also anti-social, partly due to shyness, but 
also because most people bore him. He says they don't feed him information 
fast enough. "I can't do that chit-chat stuff," he says.

Like a number of other technically elite hackers, Higgs shows 
characteristics similar to those shown by people with Asperger syndrome. 
This neurobiological disorder, which may resemble mild autism, has often 
been misdiagnosed in the past. The condition only made it into the 
Diagnostic and Statistical Manual of Mental Disorders in 1994.

Like elite-end hackers, many "aspies" are exceptionally skilled in a 
specialised area. A 2001 University of Cambridge study into the syndrome 
showed a higher incidence of AS/High-Functioning Autism, which seem to be 
related, among scientists and mathematicians. Tests of 840 students showed 
"that mathematicians scored higher than engineers, physical and computer 
sciences, who scored higher than medicine and biology". The condition is 
also more common among males and may have a genetic component.

There does not appear to be any in-depth research linking illegal hacking 
and Asperger syndrome. However, one of the world's leading AS experts, 
Australian clinical psychologist Tony Attwood, believes some hackers may 
share characteristics with "Aspies", as they refer to themselves.

"The link between AS and computers is well known. Computers were designed 
by - and for - people with AS," Attwood, based in Queensland, says. "Those 
with AS seem to know the language of computers better than social or 
conventional languages. It is quite plausible that people with AS may 
pursue an interest in cracking."

Historically, AS has been linked to at least one area that has become a key 
part of computer security: cryptography.

"The team that cracked the Enigma code appeared to include several 
individuals who showed characteristics of Asperger's," Attwood says. This 
included the father of modern computing, Alan Turing.

"It's the sheer challenge rather than any (criminal intent). It's the 
pursuit of knowledge and truth - with different priorities and perceptions 
¤ They see it as an intellectual challenge and a prize, (and) they look at 
the success of what they have done rather than the consequences of the 
lives of people they have affected."

Aspies typically have an almost obsessional approach to solving problems 
and are often oblivious to their peers' view that a given problem is 
"unsolvable". Both are often prerequisites to becoming an elite-end hacker.

What effect might hacking have on an Aspie?

"Hacking is giving them an intellectual orgasm. And they are addicted to 
the intellectual orgasm," Attwood says.

This doesn't mean all illegal hackers have AS, or that these hackers should 
escape criminal conviction. However, the linking of AS and hacking could 
have an impact on conviction or sentencing in future.

Previously, what experts termed an extreme addiction to hacking played a 
key role in a landmark British hacking case. Based on the descriptions of 
the hacker's behaviour, the apparent addiction could well have been a 
manifestation of AS. In a jury trial, the legal defence team of the British 
hacker "Wandii" showed the hacker was obsessed with computers and the 
intellectual challenge of beating them. The jury acquitted him of criminal 
charges in just 90 minutes, apparently because it decided he lacked mens 
rea, or awareness of criminal wrongdoing.

"You would not use AS to say a person is of unsound mind, because such 
people are very logical (if) eccentric," Attwood says.

"But (a diagnosis) could alter sentencing in two ways. First, in 
(assessing) the degree of criminal intent. And, second, in deterrence. They 
may need treatment for a compulsion, which may be irresistible, rather than 
a prison sentence or a psychiatric institution."

In the US, convicted hackers have been banned from using computers for long 
periods as part of their sentences. Attwood says this approach is likely to 
be inappropriate for Aspies. Denying them use of computers is very 
different than for most people.

"What we might look at instead is controlled access in a constructive way 
for convicted offenders," he says.

"Res" is a skilled Australian Black Hat hacker. Extremely private, street 
smart, he holds back, watching you, taking your measure. He slips in a 
little cynical humour now and again, showing he's cool but not cold. But 
he's a contrast to the stereotypical Hollywood geek hacker because he has a 
life.

"I haven't spent a Friday or Saturday night at home since I was 17," Res says.

While not showing any visible signs of AS, he's clearly capable of 
obsessional behaviour. "I am obsessive: I collect things. I like having 
everything, I never delete anything. I am a radical person. I'm all or 
nothing."

He says he doesn't read books but that's not quite true. He buys technical 
textbooks. Other than specialist mailing lists and the newspaper, the only 
other thing he reads is the Slashdot website.

The Cambridge study suggests a "continuum" of disability, "with AS as the 
bridge between autism and normality". Res may represent a point on the 
spectrum between AS and obsessive - a place other top hackers might also 
occupy.

Hacker group 2600's Grant Bayley estimates that, based on his experience, 
"You probably wouldn't find more than two AS symptoms in any one hacker but 
you would find more symptoms in 50 to 70 per cent of hackers in the mid to 
upper-skill level."

Higgs recognises he has some AS traits and he believes having AS could 
definitely contribute to hackers rising in the ranks of the elite underground.

"It is not that AS gets you to the top of the pile but it can help. Because 
there are some things that are broken, you are forced to use other parts of 
the brain instead. The ability to blinker everything else and not get 
distracted helps."

He views the AS-affected hacker mind as being like the Internet: "That 
hacker's mind sees group dynamics as damage and routes around it."

However, after interacting with a number of top hackers around the globe 
over several years, he argues there are other contributing factors.

"For these people to get where they have, Asperger's isn't enough. They 
have something else. Clearly (convicted American hacker Kevin) Mitnick's 
talent doesn't just come from AS; there is something else there. Like his 
social engineering talent - you just wouldn't associate that with AS," he says.

"The 'f***-you' attitude is also a requirement. Every one (of the top 
hackers) has had the 'f***-you' ingredient ¤ You cannot defy authority and 
break the law thousands of times a year without the 'f***-you' ingredient."

Suelette Dreyfus is the author of Underground and an honorary fellow at the 
University of Melbourne's department of information systems.

How to deter the obsessive attacker

What is the best way to defend your network against illegal hackers who 
show Asperger syndrome-like characteristics?

A former highly skilled and obsessive hacker, "Higgs" suggests breaking the 
patterns of usual defensive behaviour.

Trip wires in packaged software might be anticipated by a pattern-based 
hacker. "Set up trip wires that are unique," he says.

Also, use your logs in different ways for tell-tale signs of a hacker's 
trespass.

"Backdoor the 'ls' command (in UNIX), which gives you a list of files. 
Record its arguments and when it is used. A (pattern-based) hacker might 
not think to look for logs of that.

"Backdoor the SSH (secure shell) client to record who is using it and when. 
Keep secret log files in unusual locations."
***************************
Sunspot.net (Chicago Tribune)
Online tutors making grade
Free, fee-based programs -- including those by Baltimore-based Sylvan -- 
help struggling pupils

CHICAGO -- Hearing that your child might flunk is not good news. But that's 
what teachers at Chicago's Stephen K. Hayt School told Susanne Todd last 
spring. It didn't take her long to decide that a tutor was needed.

But Todd, an e-commerce analyst, tends to work late and her 14-year-old 
son, Nick, is too young to drive, making transportation a difficult issue. 
Having a stranger tutor Nick brought another set of concerns.

So Todd turned to eSylvan, the online tutoring wing of Baltimore-based 
Sylvan Learning Centers. She had taken technology certification courses at 
Sylvan years ago and felt a Web-based program would fit her and Nick's 
schedules.

"We didn't want to see him fail and redo the 8th grade," she said. "It's 
very helpful for me because I work long hours, and if I had to drive him 
around, he wouldn't make it on time."

Parents across the country are increasingly looking to the Web as a 
just-in-time learning tool. They point to the convenience, thoroughness and 
safety of Web-based programs -- which typically conduct background and 
credential checks on staffers -- as big drawing points for online learning. 
They're also getting savvier by equipping their homes and kids with the 
latest tech gear to boost grades and improve the quality of their school work.

Nick was reluctant to try the Web-based program. "I didn't think it would 
work at all," he said. But "my teacher said if I didn't buckle down and get 
the grade up, she would hold me back. I didn't want that."

After six weeks of the 18-week tutoring program, Nick bumped his reading 
grade up from a failing D- to a C+, enough to pass. He credits one-on-one 
time with Holly Cook, a state-certified English teacher in Williamsville, 
N.Y., for boosting his grade and reading comprehension.

Nick never met Cook in the real world. Instead, he heard her instructions 
via eSylvan's headset. A digital sketchpad and pen allowed Cook to 
underline concepts as Nick completed the lessons.

"I'm the type of person who would like to see how to do it; I can't 
understand when you tell me," he said.

Sam Booker, 15, is another student who found help online. Four years of 
science is an entrance requirement at most colleges, yet Sam brought home 
C's and D's in those courses. As a consequence, the junior at Evanston 
Township High School said he was "forced" into summer school chemistry by 
his parents. To write a report on argon, a noble gas, Sam's dad, Ellis, 
steered him to WebElements.com, a help site for chemistry questions.

"It's much faster than going through the tedious process of finding stuff 
in a book and reading through the whole thing," said Sam, who earned an A 
in chemistry. "The Internet is briefer and more condensed."

Ellis Booker set up a wireless network to make it easier for his sons to 
share the home's broadband connection. He also installed Microsoft Windows 
XP and set up individual accounts for his sons and himself.

"It's a great thing because I don't have to worry about [my little brother] 
George poking around in my stuff," Sam said.

But online tutoring programs, like eSylvan, and home-based wireless 
networks aren't for every child and every parent's pocketbook. ESylvan cost 
$1,400 for 18 weeks. And not all parents have the knowledge or money to buy 
and set up a wireless network for their kids. The wireless router and 
laptop card costs about $350 for an 802.11b network, plus about $50 per 
month for broadband.

Still, Web-based learning is catching on. A growing number of paid programs 
exist, and numerous school districts offer free Web-based learning and 
tutoring programs.

The Barrington Public Library District and Lake Zurich's Ela Area Public 
Library began offering online homework assistance through Tutor.com last 
year. Parents can subscribe to the service for $99 per month or develop a 
customized package with a tutor through the Web site. Personal tutoring 
costs about $25 to $30 per hour.

On the state level, Illinois' technology initiatives are on par with the 
rest of the country's. About 25 states have online high school courses, and 
another five have programs in the works.

Illinois offers 76 Web courses through Illinois Virtual High School, 
including an Advanced Placement Exam Review and calculus. Courses are 
generally free to students. Participating schools reimburse the state $300 
per course. The state has spent $2.5 million on the Web-based program.

But most technology programs are conducted on a district level and depend 
upon the enthusiasm of tech devotees and parents to get off the ground.

At Westinghouse Career Academy in Chicago, students used online college 
prep courses from educational services firm Kaplan to study for the SAT and 
ACT. The program starts with a subject matter assessment then steers the 
student through tutorials in subjects for which their skills are weak. The 
program is free for students after participating schools pay an access fee 
for the courses. Students can log on from home or school at any hour.

St. Ignatius, a private high school in Chicago, plans to offer an AP-level 
studio art course this fall. Students can use the school's digital art 
studio and iMac computers during the yearlong course to create portfolios 
of digital film and graphic arts.

Niles North and West High Schools, for example, will offer Web-based 
tutorials through the Atomic Learning Library (www.atomiclearning.com). 
Using a personal ID and password, students can log on and view short 
training films on popular applications, like Apple iMovie, Macromedia Flash 
and Microsoft Excel and PowerPoint.

The site also offers step-by-step instructions on creating a newsletter or 
storytelling using digital photojournalism techniques. Parents can use the 
training site too.

"It's very difficult to squeeze everything into the school day," said Guy 
Ballard, director of technology at Niles Township High School District 219. 
"This provides our students with the resources to learn on their own, which 
saves us time and energy to concentrate on the curriculum. The students can 
be their own teachers."

Though the AP Exam Review is Illinois Virtual High School's most popular 
course, attracting more than 3,000 students, courses in computer networking 
and repair certification draw large enrollments.

"This is a digital generation that's very hands-on with computer 
technology," said Brad Woodruff, e-learning supervisor at the Illinois 
Department of Education. "Part of the key to e-learning is getting the 
parent's generation involved in teaching technology."

Sam Booker agrees. The difference between acing chemistry this summer and 
barely passing biology last year had less to do with Web sites and 
broadband, he said, than being motivated to succeed and getting help from 
his dad.

"It doesn't matter what kind of Internet connection you have. You have to 
want to apply it," he said. "I learned it the hard way."

Study programs target younger pupils

Most Web-based educational programs are aimed at high school students, who 
possess the mental stamina to sit through online tutorials and interactive 
study guides. But there's still plenty of computer and Web-based programs 
for younger students.

At Chicago's Region 6, about 200 5th- through 8th-grade students at Shoop 
and Curtis Elementary Schools used Kaplan Inc.'s online program 
(www.achieva.com) to improve their study skills. The program focuses on 
study techniques, like taking notes, developing essays and keeping a 
calendar, as opposed to learning math or reading. The students attended the 
computer lab twice a week with English teachers.

"If you just tutor the student in social studies, then they're just about 
social studies, but if you teach study skills they can apply that to any 
study area," said Lee Brown, a Region 6 education officer. "Parents work 
hard with the kids, but many aren't familiar with technology and techniques 
to improve study skills."

The Start-To-Finish Books CD-ROM series is another learning tool for 
younger students who are struggling with reading. The computerized books 
from Don Johnston Inc. (www.donjohnston.com) highlight the text as the 
narrator goes through the story. The series includes about 60 titles.

But Alexis Sarovich, a Chicago-based learning specialist, cautions that 
online tutorials and coursework aren't right for every child. Some children 
don't have the focus necessary for computer-based learning, yet any child 
stands to benefit from parental involvement in educational activities and 
homework.

"When parents work with their children, it builds them up and gives them 
confidence to succeed, and it's something that a computer cannot do," 
Sarovich said.

A classroom of one's own

Whether a student needs help with ABCs or SATs, a range of online help is 
available.

PRODUCT: eSylvan, www.esylvan.com

SERVICES: Personalized programs in math (grades 3-8) and reading (grades 4-9).

COST: $135 for skills assessment, $150 for starter kit, and $37-$40 an hour 
for tutoring.

PRODUCT: Tutor.com, www.tutor.com

SERVICES: Online tutoring in more than 200 subjects for students in 
kindergarten through college.

COST: $99.99 a month for unlimited live homework help, or personalized 
packages at $20-$30 an hour.

PRODUCT: Kaplan, www.kaplan.com

SERVICES: Online preparation for standardized tests, including GRE, ACT and 
SAT (I and II).

COST: Packages range from $29 to $349, depending on number of courses and 
whether help via e-mail is included.
*************************
Earthweb.com
Filtering Spam with Blocklists
By Nathan Segal

For business professionals, spam is a huge problem that causes clogged 
in-boxes and wastes many hours of productive time to sort through it. Once 
you have an email address, it's only a matter of time before you start 
getting unwanted email.

Even with email blocking software, it might be necessary to close the 
account and start again if the problem becomes too severe, but then you 
have to update everyone in your address book. And even then, it won't be 
long before your new address winds up on a spammers list. So what do you do?

To stem the tide, many companies resort to blocklists, or blacklists as 
they are sometimes called, for filtering spam. Some of these companies such 
as Brightmail or SpamCop are commercial software companies.

Others, such as MAPS (Mail Abuse Prevention System a.k.a. The Realtime 
Blackhole List) are designed to create intentional network outages (a.k.a. 
blackholes) to limit the transport of unwanted mass e-mails. Spamhaus, a 
European resource, lists IP addresses of spammers and uses their Register 
of Known Spam Operations (ROKSO), which they believe are behind 90% of 
American and European spam.

"The whole concept of blacklists is essentially giving out IP addresses or 
top-level domains that are known or in most cases suspected sources of 
spam," says Linda Munyan, marketing communications manager for Brightmail. 
"These can be permission-based marketing groups or open relays that are 
being used by spammers. Often you hear these days about companies or ISPs 
who are blocking anything coming in from certain countries, such as Russia, 
China or Korea.

"Top-level domain refers to blocking from a certain country as opposed to 
IP addresses which are pointing to a certain machine. As an example, 
anything that comes in with a .ru in the 'From' portion of the header 
information is not accepted because there's so much spam coming from that 
country (Russia)," she says.

When filtering spam, an issue is 'false positives,' something filtered as 
spam, when in fact it is legitimate mail. In the case of Brightmail, their 
rate of false positives is one in 100,000. But in some cases, spam has 
become such a huge problem that service providers resort to drastic 
measures, taking the risk of blocking legitimate mail from getting through 
to their end users.

Decoy Accounts And Attack Algorithms

"With Brightmail, we install filtering software at our customer sites," 
says Munyan. "Our solution is comprised of three components. The first part 
is called the Probe Network, a network of decoy email accounts that we've 
put out across the Internet. Each customer that we bring on board is 
required to provide us with a certain percentage of statistical 
representation of their total email box universe. These are brand new 
accounts that have never been used.

"At Brightmail, our business intelligence team creates names for those new, 
unused accounts and they seed them across the Internet, into places such as 
Usenet groups where spammers are known to harvest email addresses," Munyan 
says. "Our Probe Network has a statistical reach of 100 million email boxes 
and that's what we use as our net (sometimes known as a spam trap or honey 
pot). The Probe Network attracts an incredible amount of spam and our 
business intelligence team constantly monitors the probes, refining them 
and making sure that they're productive.

"Then we have a pretty sophisticated set of algorithms which groups this 
spam into attacks. A spam attack is any group of messages that are similar 
in nature. Many spammers try to randomize their messages so that filtering 
software techniques such as ours are thwarted. But our grouping algorithms 
strip out all that randomizing stuff, (numbers, spaces, dashes, dots, the 
university diploma, etc.) to its core essence and groups it into a spam 
attack. From there, we can write rules against it," she says.

"The third component is called bloc. That's the Brightmail statistics and 
operations center, where we have a group of people who work 24/7 and who 
service a QA function, making sure that the rules are working properly, 
that we haven't caught anything that's legitimate mail and that the rules 
are delivered out to our customers in a timely manner.

"The original focus of Brightmail was with very large ISPs, such as 
Earthlink, AT&T and Worldnet," Munyan says. "We've just recently started 
moving into enterprises, companies like Cypress Semiconductor, Cisco, 
Motorola, and that's where our focus is today. For ISPs, the fee for using 
the software would be $1-$2/user/year. For enterprises, the fee would be 
$5-$15/user/year (comparable to AV pricing). As an example, the fee for an 
enterprise with 1,000 employees would be around $15,000."

"Both pricing structures are dependent upon the number of end-users 
(employees in the case of enterprises or subscribers in the case of ISPs). 
Obviously, ISPs are larger than enterprises, so their average pricing 
structure will be overall lower."

How to Avoid Getting Blacklisted

To create legitimate mailing lists, the double opt-in approach is now 
considered to be the best way to go as opposed to a single opt-in, where 
you click once or something is already filled in for you and then you're 
considered to have opted into a mailing list.

With double opt-in, you have to actively take the first step of clicking a 
box saying that you want to be a part of a list. Next, you have to respond 
positively back to an email message that says: 'You indicated that you 
wanted to join this user group, newsletter, etc. If so, please reply back 
to this message.' This is the second piece of the double opt-in approach.

To solve the problem of being blacklisted, MAPS is trying to drive 
businesses toward the double opt-in approach so that they don't get 
blacklisted. But sometimes, people do get blacklisted for a variety of 
reasons. An example is if the packet size of their bulk email is too large 
and it's caught by some of MAPS customer base, etc.

To get off a blocklist, you have to contact the service in question. 
According to information on the MAPS Web site: "Your first step in getting 
off of the MAPS RBL is to contact us, by phone if necessary (650-779-7080) 
or by e-mail if possible. Tell us the IP address you think is being 
affected since we can't do anything that could affect your domain name, and 
tell us what you're doing or would like our help to start doing to become 
less friendly to spammers. The moment you demonstrate favorable intentions 
toward stopping spam from using your resources, we will as a good faith 
gesture take you off of the MAPS RBL."

Another interesting wrinkle is being falsely accused of spamming. According 
to SpamCop: "False spam reports are not tolerated. Users who file false 
reports will be banned from the SpamCop service and/or fined. If you would 
like to take action against a user who has erroneously accused you of 
spamming, please forward the entire SpamCop report, including full headers 
and the entire spam and proof that the user in question did subscribe for 
your list.

"If you would like to pursue action with the user's Internet provider, 
SpamCop reports include all the information you need, including the IP 
address and datestamp of the complainant. You can even feed a SpamCop 
report to SpamCop to determine the originating point."

The big question though, is how a fine of the above nature would be 
enforced. That information was not found on the SpamCop website, despite a 
thorough search.
******************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx