[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 26, 2002

Clips August 26, 2002

ARTICLES

Cybersecurity should be kept in civilian hands
OMB Puts A Freeze On Tech Spending
Army CTO pushes 'federation of sites'
Army picks EMC for storage
Integration office may not happen
Local officials need homeland help
UCITA still haunts IT
FEC Decision Could Jump-Start SMS Political Ads
Hyperlink patent claim thrown out of court
FBI accused of hacking Russian computers in sting
Motorola unveils communications system for firefighters
The Great Firewall of China
People sell their faces for digital delivery
Computer tracking system to be tested in schools [Australia}
Web sites, ISPs lopping pop-up ads

****************************
Boston Globe
8/18/2002
Cybersecurity should be kept in civilian hands

In the wake of Sept. 11, we're all agreed on the need to protect critical infrastructure - telecommunications, electric power, transportation, banking, and finance. We also know much of that infrastructure depends on the Internet, so cybersecurity will be a critical concern of the proposed Department of Homeland Security. The only question: How best to achieve it?

The administration's plan has the FBI's National Infrastructure Protection Center, the Commerce Department's Critical Infrastructure Protection Office, and the GSA's Federal Computer Incident Response Center all moving over to the new Department of Homeland Security. That's appropriate. But the plan also includes moving the Commerce Department's Computer Security Division (part of the National Institute of Standards and Technology) to Homeland Security. That move would be a big mistake.

The Computer Security Division's job is to develop security standards and technology for the protection of sensitive information in government and the private sector. The problem with moving this division into Homeland Security is that the civilian side of the world doesn't work the same way as the classified side.

A case in point: Computer security outside the national security community has been a Commerce Department responsibility since 1967, but in the 1980s, a challenge to that authority arose. The National Security Agency, which provides information security for classified government information, felt it had more expertise. So the NSA pressed banks to adopt its systems, the workings of which were classified, over the publicly released Data Encryption Standard. But banking standards are international. There was no way other countries would accept information security standards they couldn't verify.

The NSA's efforts set the banks' standards efforts back 16 months.

The 1980s and '90s saw many battles over the Computer Security Division's cryptography standards, with national security and law enforcement arrayed on one side, industry and the public on the other. In a study titled ''Cryptography's Role in Securing the Information Society,'' the National Research Council found the result was a delay in the deployment of secure systems - exactly the opposite of what is needed now.

These days the Computer Security Division has learned how to develop computer security standards in an open environment, thus smoothing the path to widespread international use. It is well suited by tradition, reputation, and structure to do this.

Its recent successes include approval of the algorithm Rijndael, designed by two Belgian cryptographers, as the new Advanced Encryption Standard (AES). This Federal Information Processing Standard was the culmination of a four-year effort by the Computer Security Division. The result is an algorithm that is well accepted internationally and likely to be rapidly adopted.

The bottom line is this: We haven't got the 16 months that banking lost when NSA tried to involve itself in issues properly belonging to the civilian world.

As recently reported in the national press, Al Qaeda has been exploring cyberattacks. The Department of Homeland Security needs to have the resources to prevent them. It may, for example, need additional cybersecurity expertise for determining appropriate standards for systems controlling critical infrastructure components, much like the Treasury Department's standards for electronic funds transfer, which mandate the use of the Data Encryption Standard, the predecessor to AES. But the Computer Security Division is effectively doing its job improving computer security for public systems. Moving it to a department controlled by law enforcement and national security would diminish its effectiveness.

It would, in short, leave us less secure in cyberspace, not more.

Sun Microsystems' Whitfield Diffie, chief security officer, and Susan Landau, senior staff engineer, are co-authors of ''Privacy on the Line: the Politics of Wiretapping and Encryption'' (MIT Press, 1998). Diffie is the coinventor of public-key cryptography.
****************************
Washington Post
OMB Puts A Freeze On Tech Spending
$1 Billion in Plans Land In Limbo
By Renae Merle

The Office of Management and Budget has ordered seven of the 22 agencies slated to make up the proposed Department of Homeland Security to temporarily halt spending on more than $1 billion in information technology projects while it looks for savings and compatible technology.

The recent order has sent jitters through the community of government contractors expecting a flood of new spending in response to the war on terrorism -- not a delay in projects.

"Our concerns are the length of time it is going to take" to determine which projects will be consolidated or canceled, said Dan Heinemeier, president of the Government Electronics and Information Technology Association in Arlington. "Companies put resources on the line when they bid for proposals."

The OMB said ongoing projects won't be affected, but new contracts will have to be approved by the Homeland Security Investment Review Group.

So far, the OMB suspects it can find about $300 million in savings among the agencies it has targeted with this order. More will be examined later; the OMB looked only at agencies that had proposed IT contracts worth more than $500,000.

"This is a temporary cease on spending" to ensure money is not wasted on projects that will have a six-month shelf life if the agencies are combined, said Mark Forman, the OMB's associate director for information technology and e-government. "That includes looking at redundancies and interoperability requirements."

The seven agencies had planned to spend $235 million to upgrade 21 financial management systems, according to OMB records. That can be consolidated into three or four programs, potentially saving $65 million to $85 million in the next two years, agency officials said.

"What's clear is that there are a lot of redundant investments," Forman said.

The OMB order shows that the expected flood of government IT spending -- which many people had hoped would offset losses in the private sector -- isn't guaranteed or without hurdles.

"Overall, it will be a zero-sum game," said Jim Kane, president of market research firm Federal Sources Inc. in McLean. "There are going to be some winners and losers among the contractors."

There's an escape mechanism for agencies that need it. Four emergency applications have already been filed and approved, including two by the new Transportation Security Administration.

The agency was ready to award Unisys Corp. a $1 billion contract last month to develop its IT infrastructure, as well as to provide computers and cell phones for employees at airports across the country. That plan was delayed for about a week before it was approved by the Investment Review Group, company officials said.

"I think we all had a little bit of concern about that," said Greg Baroni, Unisys's public sector president. But "we all came together to make sure we met OMB's expectations."

The freeze came as the Coast Guard was about to sign a new contract to license Microsoft Corp. software. At the behest of the committee, it negotiated on behalf of itself and the six other agencies and was able to make a deal that will save at least $6.1 million over the next five years, Forman said.

Some contractors are already starting to feel the pinch. For more than six months, Reston-based DynCorp has been developing a project for the Federal Highway Administration to lease desktop computers, new software and other equipment to the agency.

But the OMB freeze put the program in peril. The agency was forced to redirect the funds for the program to "mission-critical systems" within the Department of Transportation, DynCorp officials said.

"They said, 'Sorry, guys, there is no money for this,' " said Joe Cunningham, president of DynCorp Systems & Solutions LLC.

The freeze has also caused some angst on Wall Street, where contractors have been experiencing newfound popularity. "It's something we are keeping an eye on," said Bill Loomis, an analyst with financial services company Legg Mason Inc. "Just about every company has some exposure to those agencies."

But hope is not lost for IT companies desiring a piece of the federal pie. Congress is expected to approve a 16 percent increase in technology spending for next year.

"Everyone agrees that the government is doing the smart thing," said Chris Penny, industry analyst for investment banking firm Friedman, Billings, Ramsey Group Inc. "While the tap has been turned off for a while, there is a flood right behind it."
**************************
Federal Computer Week
Army CTO pushes 'federation of sites'

The Army's chief technology officer said he would love to see the Army Knowledge Online portal and the Navy training and Marine Corps procurement portals develop into a "federation of sites."

However, Col. Robert Coxe Jr., the Army's retiring CTO and the driving force behind AKO, said that it would take some time. "It's tough enough to get the Army to play internally with Army, but we need to start talking and I think we'll be ready for the next level."

Already they share one thing in common. The Navy and Marine Corps both recently selected Appian Corp. as the software provider for their respective enterprise portal projects, and the company is also behind the AKO.

Coxe said he is pleased with the work the vendor has done. Late last year Appian had the AKO portal up and running in about three months "and it all worked."

"They are as dedicated as we've been," Coxe said, adding that some employees had to be sent home in the early days of AKO after putting in more than 24 consecutive hours of work.

AKO provides Army news, distance-learning opportunities, e-mail accounts, a search engine, chat capabilities and an enterprise collaboration center for service personnel around the world.

Appian's portal work with the Marine Corps is focused on procurement, while the Navy site will be used largely for training.

The AKO portal has more than one million active accounts and usage is growing everyday, said Marc Wilson, AKO project manager at Appian. One day last month, there were 90,000 total AKO sessions, which was a record at the time, but on Aug. 20, there were 130,000, Wilson said. There are about 70,000 different users touching the system on a daily basis, and 40 percent of active force is visiting AKO at least monthly, he said.

"That's not only numbers, but [a testament to] the depth of the tool," Wilson said.

The next application planned for inclusion on AKO is a group capability that would go beyond simply e-mail to include instant messaging and other tools. Coxe said the Army wants to provide its organizations that ability to not only create personalized groups, but also to horizontally link them. He added that the only additional cost involved with that feature would be storage, which can be obtained relatively cheaply today.

Wilson said users will also be able to apply security and filtering in the groups, "and the groups within the groups all dynamically on-the-fly by the people who need it or need to send it." The feature should be available by the end of this year, he said.
***********************
Federal Computer Week
Army picks EMC for storage

The Army National Guard is in the midst of enabling more than 50 of its data centers to centrally manage and control data across different vendors' storage systems using software from EMC Corp., according to the Guard official leading the effort.

Lawrence Borkowski, the Army National Guard's chief of automation and plans, said the organization is "fast-forwarding" its commitment to streamline administrative operations.

The Guard is implementing storage-area networks (SANs) in more than 50 data centers domestically in four U.S. territories, and has purchased more than 200 terabytes of networked storage systems, software and services from EMC to do it, Borkowski said. SANs enable multiple servers to share communal pools of storage.

Borkowski added that EMC's technology is helping "mobilize Guard forces more quickly and efficiently because our critical information will be more available and better protected than ever before."

The SANs, based on EMC Symmetrix Enterprise Storage systems, will be used for personnel records management, finance, logistics, contracts, e-mail and other applications.

The systems also will provide storage for Hewlett-Packard Co., Dell Computer Corp. and other servers.

The contract was awarded in the second quarter of this year and shipping began in May. The EMC technology has been installed in about 40 percent of the data centers, with three-to-four more sites being done every week, according to an EMC spokesperson.

The Guard purchased the EMC technology through Northrop Grumman Information Technology, the prime contractor on the project, but would not disclose financial details of the work, according to a spokesperson.
*************************
Federal Computer Week
Integration office may not happen

The proposed Information Integration Office, an important information technology initiative in the Bush administration's homeland security effort, may never exist, according to Steve Cooper, senior director for information integration and chief information officer for the Office of Homeland Security.

The office, which would design and help roll out an information architecture that will enable agencies to share information across their technology silos, is supposed to be created at the Critical Infrastructure Assurance Office. The office's role would include everything from helping to identify the appropriate technology standards to enforcing their use governmentwide, administration officials said in February.

But the way things are looking in Congress, that may not happen, Cooper said Aug. 19 at the Government Symposium on Information Sharing and Homeland Security in Philadelphia.

Earlier this year, Congress removed the funding request from the fiscal 2002 supplemental funding bill submitted by the White House, so the administration placed the office and the funding request in the fiscal 2003 budget released in February. But now Congress is getting ready to cut the administration's request for the second time, Cooper said. The reason? "Because they don't think it can be done," he said.
***********************
Federal Computer Week
Local officials need homeland help

First responders do have an important role to play in the national homeland security mission, but they cannot do it without help from the federal government, officials said Aug. 21.

Because of their limited resources and limited reach, most local police departments will have to rely on others to fill in technical, personnel and experience gaps, officials said at the Government Symposium on Information Sharing and Homeland Security in Philadelphia.

Providing timely intelligence information that local officials can use to prepare for or respond to incidents is the most obvious way the federal government can help, said Jose Cordero, chief of the Newton, Mass., Police Department. "We need to have intelligence information that can have meaningful application in our community," he said.

There also needs to be some national resource that will provide local officials with real-time access to expert advice during incidents, Cordero said. And this resource must be available to every local official, not just those in areas with the most money or the best technology, he said.

The federal government should also help by setting broad technology standards, said William Casey, deputy chief of police in Boston.

In some cases, such as determining the communications spectrum standards for emergency communications, only the federal government can legally set the standards. And for most technologies, only the federal government can set broad standards that will be accepted by all so "even if we're not all on the same page, we are at least in the same book," Casey said.

The federal government can also help out by vetting the numerous technology solutions that industry is offering in the homeland security space, he said. State and local agencies simply do not have the resources to test new products to figure out where the middle ground is between cutting edge technology and products that would truly do what first responders need, he said.

"We don't know where [that balance] is, and we can't test all this equipment," Casey said.
***************************
Computerworld
UCITA still haunts IT

WASHINGTON -- It's been called a time bomb, code capable of disabling software, and some users fear its use could become pervasive if the controversial software law UCITA succeeds.
The Uniform Computer Information Transaction Act (UCITA), due for a renewed push for state-by-state adoption next year, lets vendors include code to trigger a shutdown if, for instance, a user's license has expired.

It's a type of code that poses operational and security issues for IT, said Ken Tyminski, chief security officer at Prudential Financial in Newark, N.J. A time bomb, or a software restraint, is a potential bug that can be triggered without warning, sending business systems crashing. Or it can be activated maliciously and give hackers a back door to your network.

"That, to me, is very, very dangerous for the [insurance] industry and companies at large," Tyminski said. In response, Prudential is ensuring that its vendor contracts prevent any use of these systems.

This type of code "can cripple the business, and it can do it in a method where there has been absolutely no due process, there has been no chance at remediation, no chance at explanation," he said.

Corporate Fears

The mere existence of restraint software or time bombs also raises security issues. Robert O'Connor, director of network integration services at Pennsylvania State University in University Park, warns, for instance, that a disgruntled former vendor employee could trigger such a system. "I don't trust anything like that," he said.

This concern about software restraints in a section of UCITA called "electronic regulation of performance" underscores the ongoing fears that users have about this complex software licensing law.

UCITA's authors, the National Conference of Commissioners on Uniform State Laws, tried to appease opponents by removing a "self-help" provision that would allow a vendor to remotely disable software in a contract dispute. But that change simply shifted attention to other parts of the law.

For example, the Institute of Electrical and Electronics Engineers Inc. in New York claims that UCITA's provisions give vendors the right to build in back doors, creating a potentially dramatic shift in software licensing.

"The industry is pushing very hard to turn it into a mainframe licensing model, where you will pay for your software on a year basis," said Alan Plastow, president of the International Association of IT Asset Managers in Akron, Ohio. "That requires the use of automatic restraints or it requires the use of a metering process."

But users aren't jumping on board. Also, Microsoft Corp. has said it has no plans to use embedded self-help features.

The use of software restraints won't help vendors win contracts with large enterprises, said Steve McHale, an analyst at IDC in Framingham, Mass. But such techniques could be attractive to vendors of pricey programs, such as engineering software systems.

Critics also assail UCITA because it protects vendors from liability. The Center for National Software Studies, formed earlier this year, is examining the problems with software quality and is working on a set of recommendations. UCITA's liability-limiting provision gives vendors little incentive to worry about the consequences of mistakes, said Alan Salisbury, who heads the Camp Springs, Md.-based center.
***************************
Washington Post
FEC Decision Could Jump-Start SMS Political Ads
By Brian Krebs

A decision by federal election regulators to exempt text-based wireless ads from campaign disclosure rules has critics warning that consumers could find their mobile phones subject to a flood of political spam as campaign 2002 kicks into high gear.

The Federal Election Commission (FEC) today approved a New Jersey technology firm's petition to waive disclosure rules for political ads delivered via SMS -- or "short messaging service." SMS is featured on a wide range of wireless devices, from digital mobile phones to Blackberries to two-way pagers.

Target Wireless of Fort Lee, N.J., joined by advertising industry groups and a Republican campaign committee, argued that current campaign disclosure rules would require political advertisers to use up too much of the limited amount of text -- 160 characters total -- available for individual SMS messages.

Disclosure exemptions have long been in place for advertising media that are limited to small numbers of text characters, such as bumper stickers, buttons, pens and pencils, skywriting, balloons and water towers.

But Commissioner Danny Lee McDonald, the lone "no" vote in the FEC's 4-1 decision in favor of the SMS petition, said comparing cell phones to bumper stickers and water towers was something of a stretch, since wireless devices are a far more personal and private medium for most consumers.

"If you take a bumper sticker or button, those are things that are initiated by citizens (who wear them)," McDonald said. "With cell phones, the flow is the other way."

At least one campaign disclosure advocate expressed concerns that an exemption assumes that all political messages delivered over SMS will be positive.

"It's hard enough with the ads already out there to figure out who's really paying for what, and if you drop (the disclosure requirement), I see mischief all over the place," said David Farber, a professor of computer science and public policy at the University of Pennsylvania.

"If we are wrong in our judgment and it's horribly abused, we can revisit this," said FEC Vice Chairman Karl J. Sandstrom, seeking to downplay concerns about the SMS waiver. The idea that a government regulation "should trump the medium to get out message, means that the government requirement trumps the message," said Sandstrom, who was sitting in for FEC Chairman David M. Mason

The advisory opinion adopted by the FEC today essentially exempts political ads from containing basic "paid for by" notices that otherwise would take up much of the space available in a single SMS message. Commissioners discussed whether political advertisers should be urged or required to include a phone number or Web site address at the end of the SMS message telling recipients where they can go to learn more about the ad's sponsor, but the commission did not act formally on that proposal.

The question remains whether there's a viable market for delivering campaign ads via SMS in the U.S.

SMS is hugely popular in other parts of the world but has been slow to catch on in the states. According to the Boston-based consulting firm Yankee Group, there were roughly 131 million cell phone subscribers in the United States by the end of 2001. And while a third of those users had SMS-enabled phones, only about 4.3 million actually used the service.

By contrast, nearly all of the 293 million wireless users in Europe had two-way SMS capable devices by the end of last year, and roughly 175 million regularly used the service, Yankee analysts found.

Target Wireless President Craig Krueger declined to name any potential clients for his company's service, but said he has already received inquiries from potential 2004 presidential candidates. His petition was supported by the Republican National Senatorial Committee, the Cellular Telecommunications and Internet Association, the American Association of Advertising Agencies and the Association of National Advertisers.

Krueger hopes to match content providers with advertisers, in effect selling paid political advertising on mainstream SMS content like news, financial data and sports scores. Kreuger said also his company hopes to begin selling political ads for delivery to customers who have "opted-in," or asked to receive the content and targeted ads.

Phil Noble, founder of PoliticsOnline.com and a leading cheerleader for e-politics, said candidates' interest in SMS is likely to grow in the 2002 campaign season, albeit on a small scale.

"All politics is about front-runners and underdogs," Noble said. "Front-runners ask, 'What did we do last time, and can we do it again?' Underdogs look for what is new and different and try to find an edge."

New Media Communications, the company that built the Bush 2000 general election Web site and used SMS in two state Senate races in 2000, has plans to run get-out-the-vote campaigns over SMS in the days leading up to this year's election, according to company CEO Mike Connell.

"Campaigns go through considerable time and expense to win hearts and minds of people, and once you've gone through all that you've still got to make sure they turn out on Election Day," Connell said.

Other campaign pros aren't ready to jump on the SMS bandwagon.

Ben Green, co-founder of Crossroad Strategies and former director of Internet operations for the Gore 2000 president campaign, said he would advise clients against using the technology in this year's election.

"Campaigns are typically on a tight budget and have to spend their dollars wisely," Green said. "The fact is that the political Internet industry landscape is littered with the wreckage of companies that think they've found the killer ap, only to fall flat on their faces."
*****************************
USA Today
Hyperlink patent claim thrown out of court

WHITE PLAINS, N.Y. (AP) A federal judge has thrown out a lawsuit that could have made the World Wide Web a pay-as-you-click toll road. U.S. District Judge Colleen McMahon rejected BT Group's claim that it owns the patent on hyperlinks those single-clicks that make the Web what it is.

Filed earlier this year, the suit accused an Internet service provider, Prodigy Communications, of infringing on BT's patent on hyperlinks.

McMahon rejected BT's claim that each Web server on the Internet is a central computer and thus the Internet falls within the patent's scope.

"The Internet is a network of computers intertwined with each other in order to allow users around the world to exchange information," she wrote. "The whole purpose of the Internet is for the sources of information to be in many places rather than centralized."

Her 27-page decision, filed Thursday in federal court in White Plains, N.Y., concluded that "no jury could find that Prodigy infringes on the patent."

The suit had been viewed as a test case that could have opened the door for BT to challenge other Internet service providers and demand licensing fees that might add to members' costs.

At a hearing in February, McMahon warned that it would be difficult to prove that a patent filed in 1976 more than a decade before the World Wide Web was created somehow applies to modern computers.

BT attorney Albert Breneisen, insisted at the time that the "basic structure of linking is covered by the patent." Before BT's technology, he said, a computer user had to know and enter the complete address of another page.

The lawsuit has been viewed with chagrin by many in the information technology field.

Some computer historians trace the idea of hypertext back to Vannevar Bush, a Massachusetts Institute of Technology professor, in the 1930s. They also note that Doug Engelbart, who invented the computer mouse, worked on an early hypertext system in the late 1960s.
****************************
USA Today
FBI accused of hacking Russian computers in sting

SAN FRANCISCO (Reuters) In a criminal case in which the borderless Internet has collided head-on with global law, a Seattle lawyer is set to charge that U.S. officials illegally hacked into computers of two Russians to get evidence to prosecute the pair on computer crimes.


Seattle defense attorney John Lundin told Reuters that he will use the same argument Russia's state security service FSB has used that the FBI acted criminally in its attempt to nab his client Vasiliy Gorshkov in an appeal he expects to file after Gorshkov is sentenced Sept. 13 in federal court in Seattle.

"It seems the (Russian) case is intended more to make a point, which is that an expansion of law enforcement techniques would have inevitable ramifications on international relations," said Barry Hurewitz, a lawyer at the law firm of Hale and Dorr, a Washington, D.C.-based expert in Internet law.

The FSB lodged its criminal complaint against the FBI over evidence gathered in days after the Nov. 2000 arrests of Gorshkov and of Alexey Ivanov, whom Gorshkov was convicted of helping steal consumer credit card numbers. Ivanov is still waiting to be tried on numerous charges in several states.

The case was the first FBI undercover plan to successfully entice people accused of high-tech crimes to come to the U.S. It was the first to use, in the FBI's words, "extra-territorial seizure of digital evidence," which led to another precedent: it is thought to be the first time a U.S. agency has been formally accused of hacking into a foreign computer network.

The Russians complain that the FBI didn't have authorization to break into a computer system in Russia and download files. The FBI counters, and a U.S. judge agreed, that Russian law does not apply to the agents' actions.

Cyber sting

The FBI lured the men, both of Chelyabinsk, Russia, to Seattle under the pretext of interviewing them for jobs at a company called "Invita," which was actually an FBI front.

FBI agents asked them to demonstrate their ability to scan a computer network for security flaws and gave them permission to do so on a network designed for that purpose, Lundin said.

Ivanov was arrested on criminal charges and Gorshkov was arrested as a material witness, Lundin said. The FBI and the U.S. Department of Justice declined to comment on the ongoing case.

Ivanov has been indicted in Connecticut, New Jersey and California on charges of stealing credit card numbers and other sensitive information from at least 40 companies including banks, Internet service providers, and online payment company, PayPal, and its customers.

Officials also have accused Ivanov of trying to extort money and manipulating eBay's online auctions.

Gorshkov was later accused of conspiring with Ivanov in illegal computer intrusions and permitting Ivanov to use his computers in Russia for some of the activities, Lundin said.

Gorshkov maintained he was not involved and did not know of Ivanov's activities, but he was convicted on 20 counts of computer crimes, fraud and conspiracy in Oct. 2001.

Keystrokes logged

To make its case, the FBI accessed the men's computers in Russia by installing keystroke logger programs on the computers the men used in Seattle to record keystrokes and passwords.

The evidence included a database with 56,000 credit cards on the men's computers in Russia, the FBI has alleged.

Lundin said he will argue in his appeal that the FBI's downloading of the data from Russia constituted an illegal search because agents had not obtained a search warrant before then, an argument the lower court judge rejected. Agents got a search warrant after they had downloaded the data.

"One of the issues decided by the court, I think wrongly, was that since the intrusion was in Russia there was no need for a search warrant," said Lundin. But, "the data was transferred to a computer in the U.S., so the search happens in the U.S., I would argue."

RIA news agency of Russia quoted FSB officials in the Chelyabinsk bureau as saying the FBI's procedures coupled with the U.S. court's decision could set a dangerous precedent.

"If the American side deems legal evidence obtained in this way, that would mean in the future U.S. government agencies could use similar means to collect information in Russia and other countries," RIA reported in a Russian-language statement last week. "Then nobody could guarantee that the American side would not penetrate private and government computers."

This month, the three FBI agents received Director's Awards for Excellence for their work in the sting operation. Gorshkov sits in a federal detention center in Seattle facing up to 30 years in prison. Ivanov is being held in Connecticut.
***************************
USA Today
Motorola unveils communications system for firefighters
SCHAUMBURG, Ill. (AP) Motorola is introducing a new mobile communications system designed specially for firefighters, intended to make it easier for commanders to account for personnel at emergency scenes.

Motorola said the system will provide better radio coverage on the scene and in buildings when it becomes available next year, with future features to include rescue tracking capability and a self-contained breathing apparatus.

The Fireground Communications System was announced Friday in conjunction with the start of the Fire-Rescue International Conference in Kansas City, where it is being demonstrated.

Each system radio automatically reports the user's radio ID, which can be configured to display name, position and assignment on a mobile command terminal.

A firefighter in trouble can push an emergency button that activates an alarm on the mobile command terminal. The commander also can transmit a signal to all radios alerting users to the presence of immediate danger.

Motorola Vice President Mike Worthington, general manager of its Global Safety and Security Solutions division, called it a significant step forward for firefighter safety.

Motorola is the biggest U.S. manufacturer of cell phones and other wireless devices.
****************************
Los Angeles Times
The Great Firewall of China
By XIAO QIANG and SOPHIE BEACH
August 25 2002

Xiao Qiang, a 2001 MacArthur Fellow, is executive director of Human Rights in China, a monitoring and advocacy organization based in New York and Hong Kong. Sophie Beach is Asia research associate at

NEW YORK -- Last month, the Chinese government announced that some 45.8 million of its citizens had access to the Internet. Three years ago, only 2 million Chinese people were online. At this rate, half of China's nearly 1.3 billion people will be online in five years.

For supporters of a free and open exchange of ideas, this sounds like progress. But while the rapid development of the Internet in China is indeed impressive, we must not ignore a less cheerful corollary development: The country's leaders are also escalating efforts to strengthen the "Great Firewall," which controls what information China's Internet users can view and distribute.

Since 1995, more than 60 laws have been enacted governing Internet activities in China. More than 30,000 state security employees are currently conducting surveillance of Web sites, chat rooms and private e-mail messages--including those sent from home computers. Thousands of Internet cafes have been closed in recent months, and those remaining have been forced to install "Internet Police 110" software, which filters out more than 500,000 banned sites with pornographic or so-called subversive content. Dozens of people have been arrested for their online activities; in 2001, eight people were arrested on subversion charges for publishing or distributing information online.

This month, a court in Tianshui City, Gansu province, sentenced former police officer Li Dawei to 11 years in prison for downloading and printing 500 "reactionary" articles from the Internet, which could include a broad range of information that the government simply finds politically unacceptable.

The newest section of the Great Firewall is a set of regulations enacted Aug. 1 requiring Web publishers to censor their own sites or risk being shut down. Having realized that censoring the millions of Web sites now online is a behemoth task, the government has compelled private Internet service providers, Web publishers and Internet cafe owners to do the job for them.

Such restrictive regulations clearly trample the Internet's spirit of free expression and democracy. They are also destroying the buds of free expression in China by directly threatening tens of thousands of individual Web sites publishing increasingly independent and diverse viewpoints. In response, Chinese Internet users have launched new protests against state censorship of the Web. At the fore of this movement is the widely circulated Declaration of Internet Citizens' Rights, which demands free expression and freedom of information and association on the Internet.

The declaration's authors challenge the constitutionality of the new regulations and defend their rights to publish online by quoting the United Nations' Universal Declaration of Human Rights and the International Covenant for Civil and Political Rights. The Internet declaration then states: "A modern society is an open society. As the Chinese people again face a historic transition into a modern society ... any measure that closes China only harms China's emergence into the international community and Chinese society's peace and progress.... Defending Internet freedom is an urgent matter." Initiated by 18 prominent writers, lawyers and private Web masters, the declaration immediately gained the support of more than 600 Web publishers, Internet users and other Chinese "netizens."

Among the 18 initiators of the declaration is Wan Yanhai, Web site publisher of the AIDS Action Project, a Beijing-based education and activism group whose offices authorities closed in June. With reporting on AIDS officially censored in the state media, Wan's Web site, now on a server outside China, is the only independent source of information about the impending HIV/AIDS crisis. (A U.N. report has predicted that 10 million people in China will be infected with HIV by 2010.) On Aug. 1, Wan initiated a rare act of civil disobedience in China by circulating an online appeal to all independent Web publishers, asking them to join him in protesting the new regulations by turning themselves into authorities for operating "illegal" Web sites. Since then, Wan has continued to push the boundaries of free expression by using Internet chat rooms, online forums and e-mail groups to boldly advocate for his cause. Overseas organizations have helped amplify domestic voices like Wan's by providing distribution channels, content that is forbidden domestically and technological means to evade the firewall. While Chinese citizens are fighting against Internet censorship, the reaction from some leading international high-tech corporations has been shameful.

Since March, more than 300 businesses, government offices, universities and other organizations have signed the Public Pledge on Self-Discipline for China's Internet Industry, drafted by the government-approved Internet Society of China. Signatories agree to refrain from "producing, posting or disseminating harmful information that may jeopardize state security and disrupt social stability." Yahoo, an Internet pioneer that designed one of the Net's most popular search engines, was among the first foreign companies to sign the pledge, and a visit to the Yahoo China site demonstrates the company's compliance. Its search engine has effectively filtered out the vast majority of sites containing terms usually considered subversive by the Chinese government--including "human rights," "Falun Gong" and "Tiananmen 1989."

This self-censorship is shocking, especially since Yahoo is currently defending itself on freedom-of-expression grounds in a legal battle with the French government over the right of French users to access online auctions of Nazi memorabilia.

The growing Internet rights movement is at the forefront of using Internet technology to open Chinese society. International corporations can and should facilitate this goal by refusing to abide by domestic Internet regulations that violate China's international obligations, including those that come with World Trade Organization membership. As a first step, corporations should refuse to sign the self-discipline pledge and instead support the Internet citizens' rights declaration. The 45.8 million Internet users are also Chinese citizens, and this is what they want and deserve.
*************************
Mercury News
People sell their faces for digital delivery
NO-NAME MODELS PAID FLAT FEE TO APPEAR ON STOCK-PHOTO DISK
By Marcia Biederman
New York Times

First there was the Internet Guy. Then there was the Banner Lady. And now comes AA030587.

Superheroes? No, supermodels, at least in terms of visibility. You will not find these people strutting the runways in Milan or mentioned in gossip columns. But chances are you have seen their photos, heading Web pages or plastered on posters, hawking diarrhea remedies or jazzing up a PowerPoint presentation.

These people are working in a business known as royalty-free stock photography. For a flat fee, perhaps less than what Kate Moss pays for a lipstick, they have sold the rights for their images to be downloaded from the Internet or packaged in CDs, almost without restriction. While the photographer generally earns royalties from the sales, the models do not.

Stock photographs, or off-the-shelf pictures of people and things, have been around far longer than personal computers, but the digital delivery of images has increased their popularity. So did the advent in the early 1990s of royalty-free collections, which offer photos without asking how they will be used, a simpler and generally less expensive arrangement than traditional licensing agreements.

No-name cover girls and boys may come cheaply, but using their images, which can be purchased by anyone, is not without its perils.

Meet Julia, as an advertising copywriter nicknamed her for her vague resemblance to Julia Roberts. She is a dark-haired young woman with a dazzling smile who spent half this year on the New York subways on posters promoting Monroe College, which has campuses in the Bronx and in New Rochelle, N.Y.

``Lord knows where she's from, but she seems like a New Yorker,'' said Kevin Alter, formerly a senior copywriter for KPC Christopher Thomas of Melville, N.Y., the ad agency that created the college ad and chose the nickname. ``She looks frazzled and a little tough.''

In June, an identical photo arrived in many New York mailboxes, this time in a brochure from Time Warner Cable of New York City that was illustrated with 20 photos of people presented as offbeat New Yorkers. The smiling woman is shown with the caption ``Her deal: wears gloves on the subway year 'round.''

In fact, Julia is a clerk at a Seattle baby photography studio, or at least she was two years ago, said officials at Getty Images in Seattle, which offers three portraits of her on its Vivid Faces CD, part of its royalty-free PhotoDisc collection. The company says that a photographer working in a neighboring studio spotted her, found her striking and asked her to pose.

The company knows the smiling woman not by her name -- which she signed on a model release but the company declined to disclose -- but rather by the image number, AA030587, also sold at its Web site as an individual download.

``It's very, very expensive to hire a photographer,'' said David Goldberg, vice president for marketing at Time Warner Cable of New York, explaining why his company had found its ``typical New Yorkers'' on a $399 disk produced in Seattle.

In 2000, the Banner Lady reigned. Clenching her teeth or screaming, this young woman was all over the Web in the advertising strips known as banners. She promised a fix for every problem, from a bad cough to bad credit.

Marc Ryan, an analyst who follows Internet advertising for Nielsen/NetRatings, speculated that certain stock photo images become ubiquitous because advertisers use the same search terms to find them in Getty Images' PhotoDisc collection. Indeed, searching for ``stress'' and ``woman'' will still turn up an image of the Banner Lady.
**************************
Sydney Morning Herald
Computer tracking system to be tested in schools

An innovative computer tracking system will be tested in NSW public schools in an effort to reduce theft.

The Education Department will test the new software package at high risk schools in Sydney and regional areas, The Sun-Herald reported.

PC PhoneHome software, developed in the US, tracks stolen computers through the Internet.

Every time a user logs on to the Internet, a central monitoring system can identify it as a stolen computer and log the unique internet protocol address being used.

Police can use this information to trace the machine via the phone line and retrieve it.

About 100 school computers will be involved in the initial trial.

The software is available to individual users and the $99 cost includes three years' monitoring.
******************************
DUX Computer Digest
Web sites, ISPs lopping pop-up ads
JOHN HEINZL
Friday, August 23, 2002

Faced with a groundswell of consumer complaints, some Web sites and Internet service providers are curtailing those annoying pop-up ads that pitch everything from wireless spy cameras to on-line casinos.

A few sites have banned them almost entirely, much to the relief of frustrated Web users. Women's portal iVillage.com, for instance, plans to remove virtually all pop-ups from its family of Web sites by the end of September, a move that could spur others to do the same, analysts say.

The move followed a survey showing 92.5 per cent of iVillage.com visitors consider pop-ups "the most frustrating feature of the Web," the company says. Its research also found that, while pop-ups can generate considerable brand awareness, they can also harm the advertiser's image.

"There has been a sea change in attitudes about on-line advertising and pop-ups in particular. It's definitely changing for the worse," says Rudy Grahn, senior analyst with Jupiter Research in New York. "It's the sheer quantity of pop-ups that is causing the . . . aversion to them."

The number of pop-ups has skyrocketed in recent months as even major companies such as American Airlines and Amazon.com use them. An estimated 4.8 billion of the ads appeared on U.S. computer screens in July, up from 1.4 billion in January, according to Internet research firm Nielsen/NetRatings.

As consumer frustration grows, many Web sites are capping the number of pop-ups that appear during a single session. Internet service providers are also helping customers eliminate the pesky ads.

Bell Sympatico plans to make ad-blocking software available to dial-up and high-speed customers "in a matter of days," spokesman Andrew Cole says. Customers who purchase an anti-virus or firewall security service will get the ad-blocking feature at no extra charge.

Atlanta-based ISP EarthLink, meanwhile, this week announced it will offer free pop-up blocking software to its 4.8 million customers. The software will also zap "pop-unders," which appear after the browser closes.

For Web sites that use pop-up windows as a part of their own business, such as financial institutions, customers can specify Web addresses where pop-ups will not be disabled.

What bothers people most about pop-ups is "the hassle and irritation of having to get through them . . . it's the intrusive, invasive nature of pop-up ads," says Rob Kaiser, vice-president of narrowband marketing for EarthLink.

Although outright bans are uncommon, many Web sites now impose limits on the frequency of pop-ups. The on-line version of The New York Times, for instance, allows a maximum of one pop-up and one pop-under for each user session.

The site, http://www.nytimes.com, is trying to strike a balance "between a good user experience and offering a valuable advertising opportunity for our clients," says Christine Mohan, spokeswoman for New York Times Digital.

At Bell Globemedia Interactive, pop-ups are not permitted on the home pages of any of its sites, which include globeandmail.com and globeinvestor.com. Pop-ups are allowed on inside pages, but each user will see a particular ad only twice for the duration of a campaign.

"Typically, we would not have more than a few pop-up campaigns running at any one time," says Gary Fearnall, vice-president of sales for Bell Globemedia Interactive. Pop-unders are banned, he adds.

One of the keys to making pop-ups more palatable is to run them in a relevant environment, adds Mr. Fearnall, who is also president of the Internet Advertising Bureau of Canada. "Pop-ups in the right context can work."

For instance, when the sports-oriented site TSN.ca ran a Nike pop-up campaign, the ads did not generate a single complaint, he says. The same was true of pop-up ads for Subaru on the car site globemegawheels.com.

Consumer irritation usually arises when there is no link between the site's content and the product or service being advertised, he says.

Web sites are experimenting with more engaging forms of on-line advertising, such as animated images that dance across the computer screen and TV-like ads with motion and sound.

Although such ads also interrupt Web surfing, they are perceived as more entertaining than a rectangle that suddenly appears on the screen promoting cut-rate flights to Las Vegas.

iVillage.com, for its part, is using an ad format called the "interquizzal" -- a branded window that appears while users are waiting for the results of an on-line quiz or other interactive feature.

The window closes and the ad disappears once the results are tabulated.

Users are presumably more receptive to interquizzals because they have to wait for the results anyway. iVillage.com says it will continue to use pop-ups, but only for research purposes and in-house subscription pitches.

Mr. Grahn of Jupiter Research says he wouldn't be surprised to see other Web sites follow iVillage.com and ban pop-ups. Premium Web sites that are concerned about protecting their brand image will be the first to eliminate them, he predicts.

As much as consumers despise them, however, pop-ups are not going away, analysts say. That's because, like telemarketing calls at dinner time, they work. And there are plenty of advertisers who are willing to annoy a large proportion of the population to reach the tiny percentage of people interested in an ad.

"Pop-ups . . . are such a cheap vehicle to generate sales that there is probably always going to be a temptation to use them," Mr. Grahn says.
jheinzl@xxxxxxxxxxxxxxx
*******************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx