[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips August 29, 2002

Clips August 29, 2002

ARTICLES

Colombia Turns to Citizen Spies as Newest Weapon of War
Disciplined doctors' names listed on Web
IT efforts focused on homeland
VA toughens security after PC disposal blunders
Air Force: Control center jobs are too critical to outsource
Air Force brass touts comm integration
Weber will take over at SSG
Lawmakers, agencies study smart cards
RIAA Web site hack allows music file downloads
Campaign Reform Sponsors Oppose Internet Exemption
Poll: Many IT execs expect cyber attack
Cartoon Turtle Enlisted for Web Safety Campaign
Saudi Censorship of Web Ranges Far Beyond Tenets of Islam, Study Finds
Sabotage in a Few Clicks
Private Tech Companies Hope To Join U.S. Security Effort
Windows flaw threatens PC services


****************************
Washington Post
Colombia Turns to Citizen Spies as Newest Weapon of War
By Scott Wilson

VALLEDUPAR, Colombia -- He is 30 years old and single, an entrepreneur with a small lottery business that takes him along the lawless roads of northeastern Colombia. He is also a volunteer spy for the government, a pair of eyes enlisted against the guerrilla and paramilitary forces that have turned this region into one of the country's most desperate.

To carry out a pledge to wage a wider war against Colombia's guerrillas, President Alvaro Uribe is counting on such volunteers to assist the understaffed, cash-starved intelligence services. But the guerrillas have already labeled the civilian spies a "network of snitches," which is to say that those whose anonymity is compromised can expect to be punished by death.

This informant, identified by a number assigned him by his National Police handlers, said he does not carry a gun. His personal cell phone is his only equipment, and a reward for any information that proves useful to authorities is the only compensation he can expect.

"I joined because of the crisis that we are living through," he said during a recent interview, arranged by a National Police official here in capital of Cesar province, 400 miles northeast of Bogota. "I'm trying to do a little for my country."

Unveiled here by Uribe the day after his inauguration, Colombia's emerging informant network is a key component of the new president's "democratic security" initiative, which in a civil war with many players seeks more specifically than ever to enlist civilians on the government's side. The program, now extending into neighboring provinces, also points to the break Uribe has made with the previous government's strategy for achieving peace in a country that has been at war with itself for 38 years.

Uribe's predecessor, Andres Pastrana, looked primarily outside Colombia for help in seeking a political settlement to the war, which mainly matches a powerful Marxist guerrilla group known as the Revolutionary Armed Forces of Colombia (FARC) against the U.S.-backed military and a privately funded paramilitary army that fights alongside government forces. Pastrana's efforts brought foreign ambassadors to the peace table as advisers for the first time and encouraged a $1.3 billion aid package from the United States, mostly to improve the army.

But Uribe has shifted priorities. While reaching out to the United Nations for help restarting the moribund peace process, the new president has emphasized that Colombians themselves must work actively to end a war that has long fed off the sympathies of civilians in the countryside and the passivity of those in the city.

The FARC, a mostly rural movement that numbers 18,000 armed members, relies on civilians for intelligence, supplies and recruits in its bid to replace the government with a Marxist-inspired system. The guerrilla tactics, including frequent use of civilian clothing for disguise, have helped make civilians frequent targets of the United Self-Defense Forces of Colombia, or AUC, the rival 15,000-member paramilitary force.

Most of the 3,500 people who died last year as a direct result of the war were classified as civilians. But this year began with several examples of unarmed civilians standing up to guerrilla attacks, and Uribe has sought to harness that frustration and fear in the countryside.

The informant network, 3,000 volunteers in Colombia's three northeastern provinces, is part of a security strategy that includes arming 15,000 peasant recruits as rural auxiliaries to the army. How those soldiers will be trained, monitored and protected, as well as how the civilian informants' identities will be kept secret, are questions that have preoccupied human rights advocates here.

Thousands of eyes have been on the lookout in Cesar province for years -- just not on the government's behalf. Cesar, with a million inhabitants, is wildly beautiful: parched plains run north to the snowy Sierra Nevada where guerrillas have long made camps among jungles, waterfalls and Indian reserves.

Crossed by roads that run to Caribbean ports and the porous frontier with Venezuela, the province has experienced a dramatic intensification of war in the past few years. In every category of violence -- kidnappings, killings and forced displacement -- Cesar trails only Antioquia, a more populous northwestern province.

Most of the kidnappings were carried out by the FARC. But the AUC paramilitary forces have made the greatest territorial strides. Financed in part by ranchers, who last year reported 25,000 head of cattle stolen and 1,000 slaughtered as result of refusing guerrilla extortion demands, the paramilitary group exerts influence over the flatlands and in many of Valledupar's poor neighborhoods.

Along one stretch of road between Valledupar and La Paz, for example, the paramilitary forces have prohibited the sale of black-market gasoline, accomplishing something the authorities have been unable to do on other parts of the same highway.

Now, though, 757 informants have signed up as roadside spies to help the official military respond faster. They report to Capt. Angel Rojas of the National Police, a branch of Colombia's armed forces that works in tandem with the army. About 15 calls a day come into the small, unmarked office where Rojas works.

The goal is a network of 5,000 volunteers in Cesar, although Rojas said the vetting process will likely slow down to ensure no paramilitary or guerrilla member joins. He said tips will be evaluated regularly to determine whether they are slanted against a particular group, a primary concern in this region where the paramilitary force enjoys a close working relationship with the military and support from ranchers and merchants.

The only protection offered the volunteers is anonymity. But in a country where the FARC has been known to obtain personal bank account information, which was then used at guerrilla roadblocks to determine kidnap victims, confidentiality is a precarious notion.

Each informant's name, address and profession are stored on a police computer hard drive. Only two police officers have regular access to the computer.

"They are all along these roads -- restaurant workers, gas station attendants, farmers with land along the road," said Col. Orlando Paez, the National Police chief for Cesar province. "And they will be safe because we manage the information."

Paez said the informants are paid only for tips that lead to arrests or other tangible police successes. Their training includes how to describe a person, how to identify members of the irregular armies and how to classify weapons, so the responding troops know what to expect, he said.

Although the police attribute the long list of volunteers to a growing civic spirit, the motivations of those signing up vary. The 30-year-old lottery owner, for example, was himself recently kidnapped by an armed group. He was held for several days, and on his release signed up as an informant.

After the informant network's first two weeks of operation, traffic rose 43 percent along Cesar's roads from the previous month, authorities reported to Uribe when he made a return visit here last week. Informant tips resulted in the seizure of cars and other equipment used by paramilitary forces, and the capture of two rings of highway bandits; about $800 was paid in rewards.

"For the great majority of people, this conflict has always been the government's problem," said Hernan Araujo, manager of Cesar's ranchers' association and the nephew of the former culture minister, Consuelo Araujo, who was kidnapped and killed here last year by the FARC. "And that is not the case."

But away from Cesar's principal roads, the plan plays out differently. In Valledupar's poorest neighborhoods, where guerrilla and paramilitary networks vie for influence, killings have more than tripled over the last year and show no signs of declining, local human rights officials say.

Abdala Mazziri, the city's human rights ombudsman, flipped through an inch-thick stack of papers on his desk one day last week. Each form contained one paragraph with a name, date, location and determination that the victim "died violently for ideological and political reasons as part of the internal conflict."

"I signed 10 yesterday and I'll sign 12 tomorrow," Mazziri said. "This hasn't come down at all [since the civilian network started]. It's the exact same level."

Because the guerrillas still control many of the towns in the Sierra Nevada foothills a few hours north of Valledupar, the police do not have any informants in large parts of the province. Those towns are the next step in the process, and a visit revealed how ambivalent many residents feel about the idea.

In Pueblo Bello, 25 miles west of Valledupar, a guerrilla attack three years ago killed two police officers and a woman. The government immediately pulled out all remaining police, but now plans to build a new police station across from the ruins of the old one by the end of the year. Forty officers are scheduled to take up permanent posts soon after.

Luis Delgado, 59, the owner of a small grocery called the Rooster, is one of many residents who oppose the new police station. He is afraid that its planned location, across the street from his store in the town center, will imperil the entire civilian population in the event of a guerrilla attack.

"They should be somewhere else," Delgado said, adding that plans for a civilian informant network "might work, in theory, but no one would participate in a town like this. It's too risky."
************************
Atlanta-Journal Constitution
Disciplined doctors' names listed on Web
By DAVID WAHLBERG

A consumer advocacy group posted a list of Georgia doctors disciplined for incompetence, sexual misconduct and other offenses on the Internet on Wednesday, months before similar information will go up on the state medical board's Web site.

The list of 725 Georgia physicians penalized for various wrongdoings since 1992 is available from Public Citizen, based in Washington, which also criticized Georgia's medical board for not including the same information on its Web site, as a few states now do.

The list, at www.questionabledoctors.org, includes 557 doctors punished by Georgia -- including 63 for substance abuse, 47 for drug prescription problems, 46 for substandard care and 12 for sexual abuse or misconduct. Federal agencies handled the 168 other cases.

In some cases, but not all, details of the offense and disciplinary action are included on the Web site. Doctors' licenses were revoked or surrendered 101 times and suspended 140 times during the decade. Probation was ordered 333 times.

The records came from Georgia's Composite State Board of Medical Examiners, the Medicare/Medicaid programs, the Drug Enforcement Administration and the Food and Drug Administration. Public Citizen now lists doctors from 16 states and plans to add more states this year.

In posting the information, Public Citizen gave the Georgia medical board's Web site a "D" grade for content and a "C" for user-friendliness. Thirty-nine states were ranked higher. When Public Citizen graded state Web sites two years ago, Georgia got an "F."

"All too often, state medical boards are more concerned about protecting the reputations of doctors than doing their job, which is to protect unsuspecting patients from doctors who may be incompetent or negligent," said Dr. Sidney Wolfe, director of Public Citizen's Health Research Group.

The Georgia medical board's site (www.medicalboard.state.ga.us) does say whether a doctor has had any public orders issued by the state, and consumers can write or e-mail the medical board to get details of the orders. This is also the case for the eight other medical professions the board oversees and the 40 professions licensed by the secretary of state's office.

Some details of disciplinary actions since 2001 are now available on the medical board's Web site, and the Patient Right to Know Act passed by the state Legislature last year authorized $350,000 to upgrade the site with more information. By next spring, it should include felony convictions, regulatory board actions, hospital privilege restrictions and medical malpractice judgments and settlements. Education profiles of Georgia's 25,000 physicians also will be included.

"I agree that Georgia needs more information available online," said Karen Mason, executive director of the medical board. "We are working toward a more comprehensive database."

Georgia improved on its Public Citizen ranking of how often it issues serious penalties against doctors, moving up from 23rd in the nation in 1997 to 10th last year.

David Cook, executive director of the Medical Association of Georgia, said the physician information is useful but can be misleading.

Hospital privileges are sometimes restricted when doctors are training to perform new procedures or when they are close to retirement and admit fewer patients, Cook said. In addition, malpractice settlements may mean doctors are in a high-risk specialty in which more lawsuits are filed, not that they are dangerous.

"When you disclose this information, it has to be in context," Cook said.

Dr. Milton Fried of Atlanta said it's unfair he's listed on the Public Citizen database. He was reprimanded by the state medical board in 1996 and fined $500 for not giving a patient a medical record.

Fried said in an interview that a woman who was getting divorced came to his practice complaining of chronic fatigue syndrome and fibromyalgia. She wanted lab tests that might prove those diagnoses in court but she said she couldn't pay for them up front, Fried said.

He said he performed the tests, gave her the results and requested monthly payments, he said. She paid in part but didn't return for treatment. After several months, she requested additional copies of the results for her lawyer. Fried refused because she hadn't paid in full and, he said, she didn't need the reports for medical purposes.

"It's a good idea to tell the public about the bad apples," Fried said. "But this is outrageous. All I did is not send a record to a lawyer for a patient who wasn't going to use it for medical care. . . . But when somebody looks at that [Web] site, they think I did something horrible."
*********************
Federal Computer Week
IT efforts focused on homeland

More than 80 percent of state and local government officials said one of their major technology initiatives for next year would be homeland security, according to a Gartner Inc. analyst. But he cautioned many don't know what that emphasis will entail.

"That's a huge percentage," said Rishi Sood, research director at Gartner, which recently completed a national survey. "That percentage obviously is biased by the fact that [Sept. 11] just occurred and our focus on homeland security. But if you look under the cover of that data point, state and local government organizations don't really understand what they need to do with respect to homeland security today...and they don't have the funding to deploy those."

Sood spoke about upcoming technology trends and drivers, including homeland security, in the state and local government market at the Innovative Government Forum, sponsored by Hansen Information Technologies, in Sacramento, Calif.

In that survey of states, cities and counties, 55 percent of the chief information officers and other technology and business officials said they would spend funds on an e-government initiative.

"One of the reasons we're seeing that there is obviously the impact of homeland security, but also e-government is starting to look and act differently," said Sood, adding that e-government is shifting toward government-to-business transactions or government-to-government transactions.

The survey also found 45 percent said such initiatives will be agency-specific and 20 percent said they would strategically outsource some initiatives, such as seat management, networking and telecommunications infrastructure.

However, Sood focused a good part of his talk on the impact of homeland security over the next several years and initially dealing with first responders, bioterrorism and national infrastructure protection. Affected state and local agencies would include transportation, public works, health, police, fire and emergency medical personnel, he said.

Officials also will look at national frameworks, standards and common architecture tools and use a variety of technologies including wireless services, geographic information systems and data integration, he said, adding that physical and cyber security would underlie everything that is done.

The homeland security challenge, he said, is similar to what the national highway and transportation system faced in the 1940s when it was building interstate highways "so we could drive from New York to California."

"We see the technology as the glue to the objectives of homeland security," Sood said.

Citing the same Gartner survey, he said 80 percent of the respondents also expected federal matching grants to be "kicked down" to state and local governments to fund the homeland technology projects; 45 percent expected that block grants would be doled out; 35 percent said jurisdictions would pay for them; 25 percent said agencies would fund them; and 5 percent said agencies would share funding.

Homeland security will be part of what Sood called "transformative services" part of the continuing evolution of digital government.

"Transformation is really talking about more things than just the online component. It's talking about jurisdictions getting together and building a singular application so that they can share information across the enterprise," he said.

But state and local governments are facing challenges as they try to press forward with technology projects, including Sept. 11-related priorities, budget revenue shortfalls, an information technology skills shortage and the turnover of as many as 23 governors. "Given that the fact that it's a political year, dollars spent on children are always better vote getting procedures than dollars spent on technology," he said.

Despite the problems, Sood said that state and local IT spending, about $45 billion, combined with the federal IT spending, about $50 billion, is the second largest market segment in the United States, second only to financial services, which represents $150 billion.

"It's a very important statement," he said. "It's a particularly important statement today. The government from a vendor perspective and I'm going to say this with a straight face is a sexy industry. It really is the market to be into today. And vendors are very eager to work with you."
****************************
Federal Computer Week
VA toughens security after PC disposal blunders

The Department of Veterans Affairs is tightening its policy on the disposal of old computers following disclosures that 139 computers containing sensitive personal information about veterans, including their medical records, were given away.

Although the VA has had security rules since 1997 on purging sensitive data before disposing of old computers, the policy was breached by the Indianapolis VA Medical Center. The facility failed to erase personal information before giving away the computers to educational institutions, the state of Indiana or private individuals.

The computers' hard drives contained a wealth of personal data, including information about a veteran with AIDS and others with mental health problems. Some computers also contained the numbers of 44 government credit cards, according to memos on the incident obtained by Federal Computer Week.

Three of the computers wound up at a local thrift store in Indianapolis, where a local TV reporter bought them in May. Those computers contained data on seven veterans; the total number of veterans whose personal data was on the computer hard drives has not been determined. All but 15 of the computers have been recovered.

John Gauss, the VA's chief information officer, said the agency decided to buy an enterprise license for Ontrack Data International Inc.'s DataEraser software as a result of the Indianapolis incident.

"We also examined our overall cybersecurity process and decided we were going to strengthen it through the development of a qualification and certification program for ISOs," or information security officers, Gauss said.

Bruce Brody, the VA's cybersecurity chief, said the Indianapolis incident helped speed efforts to tighten security within the VA.

Although the VA's new policy has not been formalized, the Office of Cyber Security plans to establish a program by Oct. 1, 2003, to train and certify all 600 ISOs within the department. Nevertheless, information security officials already know about the new policy, Gauss said.

In a letter to Rep. Steve Buyer (R-Ind.), VA Secretary Anthony Principi said the Indianapolis incident is an "unacceptable violation of VA security policy.... I share your concern over the confidentiality, integrity and availability of the sensitive veteran data [with] which our department is entrusted."

He spelled out a new policy that will include random audits and inspections by the Office of Cyber Security to make sure policies are being followed.

"The purpose is not to go find people and bust them, [but to] find when people make mistakes and talk directly to them," Gauss said.

***

VA on guard

The Department of Veterans Affairs has taken several steps to prevent future privacy breaches, such as what recently occurred when the agency donated computers to outside organizations without removing sensitive data from the hard drives.

VA officials:

* Bought an enterprise license for Ontrack Data International Inc.'s DataEraser, which overwrites data on a hard drive so that it cannot be recovered.

* Plan to buy electromagnetic wands for deleting information by demagnetizing hard drives.

* Are developing a program for certifying information security officers.
*************************
Government Computer News
Air Force: Control center jobs are too critical to outsource
By Thomas R. Temin

The Air Force is unlikely to outsource many of the blue-suit, or uniformed, positions in communications and network operations because of how critical they are to warfighting, officials said at the Air Force Information Technology Conference.

Col. John Maluda, deputy director for command, control, communications, computer, intelligence, surveillance and reconnaissance integration, drew an analogy to the Navy's strategy through its Navy-Marine Corps Intranet project, saying the Navy is outsourcing garrison and base networks and communications but not the aboard command and control networks.

"We are an air and space expeditionary force," he said. With few exceptions, "not one network control center has been outsourced." Combat and military commands, he said, will remain with uniformed personnel.

Where outsourcing of critical components has been done, the results are mixed, said Col. David Schreck, deputy director of communications and information at the Air Force Space Command. He told the conference that several years following A-76 competitions and a blue-suit reduction of 65 percent, savings are up to a third less than promised by vendors.

Now that many of the Space Command's contracts are coming up for recompetition, "we'll raise the issue of where we need to do another [most efficient organization] analysis," Schreck said. He added, "Getting more blue-suiters back may be next to impossible," but he held out hope for at least restoring some civilian Air Force positions.
***************************
Government Computer News
Air Force brass touts comm integration
By Thomas R. Temin

The future of communications in the Air Force is what one colonel dubbed "weaponizing the network"turning the communications infrastructure into an integral link in what brass have started calling the kill chain.

That's the message the major command communications directors delivered to enlisted and officer-level attendees at the Air Force Information Technology Conference, led by Col. John Maluda, deputy director for command, control, communications, computer, intelligence, surveillance and reconnaissance integration. Maluda, who has been selected for his first star, is moving to Washington to work in the newly created XI, or integration, command, headed by Lt. Gen. Lesley Kenney.

XI, initiated by Air Force chief of staff Gen. John Jumper, in April replaced XC, the communications command. That has made many uniformed communications workers nervousand they said so to a panel of the directors assembled at AFITC.

The directors, all but two of whom are uniformed, tried to assure the rank-and-file that their comm futures are brighter because of XI.

"But the cheese has moved," Maluda said. Communications specialists, he said, must open their apertures by attending to the needs of the operational commands who carry out the kill chainthat is, the process that starts with identifying enemy targets and goes through assessing the damage inflicted on them. Top officials, Maluda said, want to reduce the cycle time of the kill chain by more closely integrating the many tasks that make it happen, including data movement. That integration is the mission of XI, he said.

"Think and know the minds of operators," advised Col. William Lord, director of communications and information at the Air Force Combat Command during the panel question-and-answer session.

Col. David Kovach, commander of the Air Force Communications agency, told the comm workers to become familiar with warfighters' tools, such as target folders, weapons selection processes, battle orders and the 24-hour combat cycle known as the battle rhythm.

"You need to know these things so you can become part of the discussion as a relevant member of the warfighting tribe," Kovach said. Still, he added, communications people "have the best chance of getting integration right."
***************************
Government Computer News
Weber will take over at SSG
By Thomas R. Temin

The Air Force Standard Systems Group gets a new boss starting Monday, when Frank E. Weber takes over from Robert Frye, who is retiring.

Weber joins SSG following a decade at the Transportation Command at Scott Air Force Base, Ill. A member of the Senior Executive Service, Weber has held many positions in his 27-year federal career, including several management stints at the Army. He is currently Transcom's deputy director for logistics and operations.

Unlike other military software organizations, SSG still has many uniformed coders. Weber said he will work toward maintaining the right balance between Air Force and contractor workers. At Transcom, he said, contractor coders outnumbered uniformed coders.

"But this is a different kind of organization, so it's comparing apples and oranges. The core competency of SSG is software development," Weber said.

From his days at Transcom, Weber said, he is most proud of the working relationships the command established with commercial air transport companies and of the operational successes during military conflicts. He said that without an IT background, going to SSG, a pure IT agency, is "daunting but exciting."

Weber quipped, "I've got a learning curve, but maybe the staff has a bigger one."
**************************
Government Executive
Lawmakers, agencies study smart cards
By Karen D. Schwartz
letters@xxxxxxxxxxx

Since Sept. 11, the debate about whether all American citizens should carry smart cards has reached a fever pitch.


Although many experts don't believe the idea will bear fruit in the foreseeable future due to concerns about privacy and interoperability, another plan, proposed by Reps. Jim Moran, D-Va., and Tom Davis, R-Va., may have a better chance. The 2002 Driver's License Modernization Act proposes that drivers' licenses include smart card data to help prevent identity theft through the use of such biometrics as fingerprint identification.


The idea has merit, says Lolie Kull, program manager for access control smart card implementation in the State Department's Office of Domestic Operations, Bureau of Diplomatic Security.


"It would allow different driver's license bureaus throughout the country to share data and [let the cards] be used universally to help prevent some of the issues from Sept. 11," she says. The State Department is in the process of issuing smart cards for building access, and plans to include computer access at some point as well.


While that idea wends its way through the legislative process, another ideaissuing smart cards to all federal employeesalso has supporters. The project would put interoperable smart cards into the hands of all federal workers and contractors, much as the Department of Defense already is doing by issuing its Common Access Card to 4 million users.


Although the project would be difficult to get off the ground due to funding issues and ongoing interoperability concerns, experts say it's a good idea and may eventually come to fruition.


David Temoshock, director of identity policy in GSA's Office of Governmentwide Policy, predicts that a comprehensive smart card-based federal ID card may become a reality within several years.


"We have a contract vehicle in place (GSA's Smart Access Common Identification contract) and the technology is ready," he says. "We can reasonably expect a large number of agencies to join in the acquisition and deployment processes."
**************************
Computerworld
RIAA Web site hack allows music file downloads

The Recording Industry Association of America Inc.'s (RIAA) Web site apparently was hacked today, forcing the music industry backer into a most unnatural act -- providing free music for download.
The RIAA has led the fight against the trading of copyrighted music on the Internet. Now hackers have attacked back at the organization by altering its home page, changing some content on the site and making music available for download. Users flocked to the Web this morning to display screenshots of the RIAA's altered site and to list the songs they were able to download.

"There is a problem with our site that we are fixing," said an RIAA spokeswoman who declined to be named. "It should be back up shortly." The RIAA declined to provide any details about when the "problem" with its site began or to confirm that it was hacked.

The changes made to the RIAA site appeared to be retaliation for a lawsuit filed by the organization earlier this month against a Chinese music download site. The RIAA dropped its suit against the site last week after it was taken off-line (see story). The RIAA Web site has also been hit in recent weeks by denial-of-service attacks, in which computers controlled by hackers bombarded the site with requests, making it unavailable to most users (see story).

A message on the apparently hacked RIAA Web site said, "The RIAA wishes to apologize for the heavy-handed manner in which the popular chinese [sic] site Listen4Ever was closed down, and would like to present the following items for free download as a token of its goodwill." The altered RIAA home page included a link to that message.

The message went on to say, "Of course the list is relatively small, but please be patient -- we expect to offer over 300 next week. We also intend to offer pre-released movies in the coming months."

Some users were apparently able to download songs from the RIAA site for several hours early today until it became unreachable due either to heavy traffic or to the RIAA taking the site down.

Other links on the hacked home page led to messages such as, "Piracy can be beneficial to the music industry."

The RIAA has filed lawsuits against several music trading sites during the past two years, most notably Napster Inc., and has garnered considerable scorn from music fans who used Napster and similar sites.
*************************
Washington Post
Campaign Reform Sponsors Oppose Internet Exemption
By Brian Krebs

The authors of a new campaign finance reform law are at odds with federal election regulators over a proposal to exempt Internet-based political advertisements from the law.

Sens. John McCain (R-Ariz.), Russ Feingold (D-Wis.) and other lawmakers who crafted the statute contend that Internet-based political communications should follow the same rules that soon will govern most forms of political advertising.

While the lawmakers said they agreed that some Web-based communications - such as private e-mail or conventional Web sites should not be subject to the law, "the commission should leave open the possibility of including communications that are, or may be in the future, the functional equivalent of radio and television broadcasts," such as interactive television services like Microsoft's WebTV

The Federal Election Commission yesterday began public hearings on its interpretation of the McCain-Feingold campaign reform law, including how the statute should apply to online political advertisements.

The FEC has proposed that the law should regulate political messages delivered via broadcast, cable and satellite services, but not Internet ads and Web broadcasts. Online political ads simultaneously broadcast through television or radio would be regulated under the proposed FEC rules.

Some political watchdog groups worry that by exempting most forms of online communications from disclosure laws, the FEC may be creating a safe haven for such ads.

"The flat exemption for the Internet proposed in the regulation is too broad-brush a treatment of this issue, which requires a more particularized approach," said attorney Donald Simon, in written comments submitted to the FEC on behalf of Common Cause and Democracy 21.

But other groups, including the majority of those invited to speak at this week's FEC hearings, are applauding the commission for its proposal to exempt Internet-based political ads.

Subjecting emerging interactive technologies to the restrictions could produce confusing results if, for example, a broadcast created with an organization's funds were posted on a Web site by a well-meaning individual not associated with the organization, according to the Sierra Club and the Alliance for Justice, an association of civil rights, environmental, mental-health, consumer, women's and other advocacy groups.

"Because WebTV is, for most purposes, simply another method for accessing the Internet, we believe that the commission should exclude it" from regulation, the groups said.

FEC Commissioner Bradley Smith bristled at the notion of expanding the law to include Internet-based ads.

"The statute makes no mention of that," he said at Wednesday's hearing.

Robert Alt, a campaign finance expert at the Claremont Institute, said that expanding the law to include Web-based political ads could unlawfully restrict speech and raise "serious constitutional concerns."

"It would be going beyond the authority of the commission to issue a regulation which would include the Internet," Alt told the panel.

Constitutional questions aside, FEC Vice Chairman Karl J. Sandstrom said the commission might have only limited authority to punish individuals or groups who violate reporting requirements.

"I would personally like someone to enlighten us if they believe there is such authority," Sandstrom said. "It would be nice to have it. Maybe we need a technical amendment to provide it to us, but I don't see [that] the commission has any authority to punish anyone for a violation of these provisions."

Whether the FEC will ultimately heed the advice of the law's authors is anyone's guess. FEC watchers say tensions have been high between Congress and the FEC ever since President Bush signed the McCain-Feingold bill into law this year.

The commission "is going to pay zero attention to what Congress has to say about this now," said one person familiar with the process.

But former FEC Chairman Trevor Potter said lawmakers are merely trying to help the commission steer clear of roadblocks with the law as new technologies emerge.

Potter served on the commission from 1991 to 1995, in the days before the FEC was forced to begin interpreting how 30-year-old election laws should apply to the Internet and other new technologies.

Since then, he has represented clients like AOL Time Warner before the FEC, and has been a vocal opponent of proposed FEC regulations that would affect political communications online. Most recently, he was general counsel for McCain's 2000 presidential campaign, which raised a record $6 million in online contributions.

"What McCain and others are saying is leave yourself an open door in the event that it turns out that Internet technology turns into something different than what people and campaigns are using it for now," Potter said. "Members are just giving them good advice as to how to avoid problems in the future, and from coming back to Congress for new legislation to cover it."

Recently, the FEC has shown a willingness to spare new technologies from campaign disclosure laws. Last week, the FEC approved a request to exempt text-based wireless ads from the disclosure requirements.

In a hearing earlier this year on the use of the Internet for campaign-related activity, the FEC considered whether private Web sites that contain candidate information, commentary or hyperlinks to candidate Web sites should be regulated. The commission later backed away from that idea.

The McCain-Feingold law, which takes effect immediately after this year's elections on Nov. 6, bars political parties from using so-called "soft money" to pay for ads that attack or support candidates for federal office. The law also bars corporations and many groups from airing ads that identify federal candidates within 60 days of a general election or within 30 days of a primary.
*****************************
USA Today
Poll: Many IT execs expect cyber attack

WASHINGTON (Reuters) Nearly half of corporate security officers expect terrorists to launch a major strike through computer networks in the next 12 months, a poll released Thursday showed.

A total of 49% of 1,009 subscribers to CSO Magazine said they feared a major cyber attack in the coming year by a group like al Qaeda, blamed for the Sept. 11 terrorist attacks that killed more than 3,000 people in the United States.

The poll was carried out between July 19 and Aug. 1 by Framingham, Mass.-based CSO, whose first edition will appear next month.

Respondents were mainly from the United States and Canada, and some may have links to intelligence and law enforcement officials, said Lew McCreary, editor in chief of the magazine, whose initials stand for Chief Security Officer.

"In other words, their anxieties may come with a bit more substance attached" than generalized fears of a new attack, he said in reply to a query from Reuters. "But I'd have to say it's a prediction based mainly on the threat being plausible rather than known through firm intelligence."

Respondents to the CSO survey were almost evenly split on whether the U.S. government and U.S. businesses were better prepared to respond to cyber attacks today than on Sept. 11.

But 95% of respondents said technology vendors needed to boost security aspects of their products. Only 7% said a group like al Qaeda would never launch a major cyber attack.

To help protect cyberspace, President Bush will roll out a blueprint next month calling on people from personal computer users to U.S. rocket scientists to do their share, including installing anti-virus software, White House officials said Wednesday.

The goal is to prevent such things as "denial-of-service" attacks in which hijacked computing power could be collected and used to attack electricity grids, telecommunications and other critical infrastructure.

"The average American doesn't necessarily recognize that he or she has a responsibility to protect their bit of cyberspace by using anti-virus software, firewalls, et cetera," said Tiffany Olson, deputy chief of staff of the President's Critical Infrastructure Protection Board.

The board was set up last October to coordinate the development of a national strategy to shore up the networks on which advanced industrial societies like the United States depend. It is chaired by Richard Clarke, special adviser to the president for cyber security.

Clarke has been working on the president's strategy with as many as 25 executive branch agencies, including the Secret Service, the FBI-led National Infrastructure Protection Center and the Commerce Department.

The heads of many of those agencies or their deputies will present Bush's new multilevel strategy to secure cyberspace on Sept. 18 at Stanford University in California, Olson added in a telephone interview.

The strategy includes recommendations to personal computer users and small businesses; big enterprises; and federal, state and local governments, plus industrial groups, she said. It will also address national initiatives and "overarching" concerns, plus global aspects of cybersecurity, Olson said.
**************************
New York Times
Cartoon Turtle Enlisted for Web Safety Campaign
By REUTERS

PALO ALTO, Calif. (Reuters) - When U.S. officials wanted to keep kids from littering, they enlisted a cartoon owl named ``Woodsy,'' and to help prevent forest fires, they recruited a bear by the name of ``Smokey.''

These days the concern is Internet safety and security, and the U.S. Federal Trade Commission is turning to a new messenger -- a savvy little turtle named ``Dewie'' with a hardened shell that won't get crushed on the Information Superhighway.

The FTC is keeping details about Dewie under wraps until an official unveiling in September, a spokesman for the federal agency said late Tuesday.

But the Net being the Net, and Washington wags being, well, Washington wags, it's hard to keep anything about the Web secret for very for long.

Last week at a high-tech summit of government officials and business leaders in Aspen, Colorado, Commissioner Orson Swindle let a few specifics slip about the smart-thinking critter.

Dewie will be green, of course, but his shell will be gold. A picture of him speeding through a communications pipeline in a race car below the slogan ``Safe at Any Speed'' can be found at http://www.ftc.gov/infosecurity.

``I hate to compare him to the Ninja Turtles,'' Swindle said, referring to the once wildly popular ``Teenage Mutant Ninja Turtles'' kids cartoon, ``he's a friendly turtle.''

Dewie's mission will be teaching kids to take precautions when they are on the computer, traveling the Internet's many avenues to information.

``The idea is to get (kids) thinking about it -- just like we get them to look both ways before crossing the street,'' Swindle said.

The FTC effort will likely resonate with generations of Americans who -- when struck with the urge to toss a candy wrapper out a car window -- still recall Woodsy's plea to ``Give a hoot, don't pollute.''

Officials said the Dewie campaign is part of the federal government's broad effort to promote a ``culture of security'' and the view that every person who uses computers and networks, such as the Internet, has a role in keeping cyberspace safe.
**************************
New York Times
Saudi Censorship of Web Ranges Far Beyond Tenets of Islam, Study Finds
By JENNIFER LEE

THE Saudi government is censoring public Internet access to a degree that goes significantly but haphazardly beyond its stated central goal of blocking sexually explicit content that violates the values of Islam, according to a recent study by Harvard Law School researchers.

The study's detailed list of blocked sites offers a glimpse into the areas that the Saudi government has deemed most troubling. Among them are sites related to pornography, women's rights, gays and lesbians, non-Islamic religions and criticism of political restrictions. Many humor and entertainment sites have also been blocked.

The report, by the law school's Berkman Center for Internet and Society, was completed with the cooperation of the Saudi government. It is the first in a series by the center on Internet filtering by governments around the world.

"When the cost of the censoring is just flipping a switch, it's a lot easier to enforce," said Jonathan Zittrain, a director of the Berkman Center and an author of the report. "That makes it more appealing to a number of regimes."

Saudi Arabia, with China, is widely considered to have one of the most restrictive Internet-access policies. Before granting the public access to the Internet in 1999, the Saudi government spent two years building a controlled infrastructure so that all Internet traffic would pass through government-controlled servers.

The Internet Service Unit, which controls Saudi Arabia's Web access, says that blocking pornography is its main focus, accounting for 95 percent of the pages it blocks. But its Web site says Web pages subject to blocking include those "related to drugs, bombs, alcohol, gambling and pages insulting the Islamic religion or the Saudi laws" a policy that is largely an extension of the country's censorship regulations for the news media and entertainment.

The government does not provide a public list of offending sites. But the Internet Service Unit gave Harvard researchers access to the computer servers for several days in May. They requested 64,557 distinct Web pages and found 2,038 blocked.

Saudi citizens with a bit of knowledge about the Internet have found some ways to get around the government firewall. Some dial up to Internet service providers in other countries. Others get around the firewall at no extra cost by using intermediary computers on the Internet, known as proxies, to disguise the source of the traffic.

The Harvard report tries to piece together the criteria under which Web sites are censored. "Ordinarily, when censors declare something to be bad, they have to file it," said Benjamin Edelman, the other author of the report. "Here the software allows blacklists to be secret."

The Saudi government uses software called SmartFilter, created by Secure Computing in San Jose, Calif., to block most of the pornographic, gambling and drug-related sites. But the SmartFilter software is also customized with blacklists provided by Saudi security agencies, the Saudi Internet administrators said. Among the pages selected by security agencies are some that are critical of Saudi Arabia's political situation, like the Web sites of Amnesty International and the Saudi Institute, another human rights watchdog group.

The Saudi government, which does not allow women to drive, has also restricted access to information about women's advances elsewhere. The "Women in American History" section of Encyclopaedia Britannica Online (www.women.eb.com), which summarizes the women's rights movement from 1600 to the present, is blocked. IVillage (ivillage.com), a popular American advice and support site for women, is also blacklisted.

"Clearly there are sensitivities about women's rights," Professor Zittrain said.

The report also ticks off a broad range of blocked religion-oriented sites, from Christian to Jewish to Buddhist to Hindu ones. Yet even sites that are not overtly political or sexual in nature are filtered, like the magazine site rollingstone.com; Warner Brothers Records, at wbr.com; and www .ifrance.com, a French-language entertainment and information site.

The Harvard report is available at cyber .law.harvard.edu/filtering/saudiarabia.
************************
Los Angeles Times
Sabotage in a Few Clicks
In what may be a case of corporate computer hacking, Canal Plus alleges a rival firm broke its secret code, then gave it to counterfeiters.
By DAVID STREITFELD

In the popular imagination, a computer hacker is on the fringes of society--either a brilliant but misguided teenager or a solitary, disaffected adult. He's more interested in showing off his skills than benefiting from them. He values havoc over money.

Canal Plus Technologies, a leading maker of the smart cards that control satellite television signals in people's homes, went searching three years ago for just such a troublemaker.

Millions of Europeans were buying counterfeit Canal Plus smart cards on the black market and inserting them in their set-top boxes, instantly getting free access to premium channels that carry soccer games and adult movies. In Italy, there were as many as three freeloaders for every legitimate customer.

Canal Plus, a division of French entertainment conglomerate Vivendi Universal, learned that the code controlling the cards had been posted on a Canadian Web site specializing in the secrets of digital technology. Using the code as a blueprint, it was relatively simple for counterfeiters to make cards.

But who had actually cracked the code that Canal Plus had spent $35 million developing in total secrecy? The firm's investigation ultimately led not to some maladjusted youth or embittered ex-employee but to an entire company.

Not just any company, either. Behind the hack, Canal Plus says, it was shocked to find NDS Group, a competing smart-card developer largely owned by Rupert Murdoch's global entertainment conglomerate, News Corp.

According to a lawsuit Canal Plus filed in U.S. District Court in San Francisco in March, NDS sought to dominate the smart-card market by driving a wedge between Canal Plus and its customers. Canal Plus claims a billion dollars in damages.

NDS, which was co-founded in Israel and run for several years by a fugitive from U.S. law enforcement, has denied the charges, calling the suit "an attempt by an inept competitor to shift the blame for its incompetence."

The hacking has altered the global media industry. The counterfeit cards may have played a role in the downfall of Vivendi former Chief Executive Jean-Marie Messier. They also brought about the near-ruination of Vivendi's prized Italian satellite system, propelling it to the auction block in early June. News Corp. promptly struck a deal to buy it.

The case marks the biggest and most sensational accusation yet of corporate cybercrime, a shadowy, unsavory and increasingly popular activity, experts say.

Corporations and organizations looking for an edge find hacking irresistible and all too easy.

"It's possible to wreak havoc on a competitor today in a way that it wasn't before," said high-tech consultant Sean Badding. "It's only a few clicks of the mouse from legal to illegal."

A long-running Silicon Valley case illustrates how "a few clicks" can undermine and even potentially destroy a company.

Seven years ago, Cadence Design Systems, a maker of design software for integrated circuits, sued Avant Corp., claiming it had stolen its programs. A subsequent criminal case, brought by a determined San Jose prosecutor, led to verdicts last year against seven current and former Avant employees, including the chief executive and three founders. Five received jail sentences.

For years, however, Avant was on the offensive, asserting that Cadence was merely a lame competitor. It was an argument that proved surprisingly effective. "We had a lot of pressure from people in the electronics industry saying, 'Get over it, crybaby,' " said Cadence general counsel Smith McKeithen.

Fears of being labeled a loser lead a lot of companies to hush up about sabotage. And even when they're willing to go public, the prosecution record is "disappointing," said Bill Boni, coauthor of a forthcoming report from the American Society for Industrial Security on "trends in proprietary information loss."

"From information theft to manipulating and destabilizing competitors, espionage and sabotage are getting worse," said Boni, chief information security officer at Motorola Inc. "But catching the culprits is hard. If the FBI didn't catch [former agent and admitted spy] Robert Hanssen stealing counterintelligence documents, how do you think corporations are going to find someone digitally plundering their crown jewels?"

At its most basic, corporate espionage is a search for competitive information. At Princeton University, the director of admissions recently was caught hacking into a Yale University Web site that let prospective students know whether they had been admitted.

In 1999, Internet bookseller Alibris paid $250,000 to resolve federal charges that it had unlawfully intercepted thousands of e-mail messages to its customers from online bookseller Amazon.com. Many of Alibris' customers were booksellers themselves; knowing what they were buying from Amazon could provide Alibris a better understanding of the market.

Although companies can put some rudimentary defenses in place, for the most part they are helpless against the type of hacking in these cases. As for corporate sabotage, which is what Canal Plus is alleging, there's literally no defense.

"A lot of people look at computer security and say, 'Give me the answer. Tell me what will make these problems go away,' " said consultant Bruce Schneier. "And I say, 'Nothing.' "

Lauren Weinstein, co-founder of People for Internet Responsibility, an advocacy group, said it is a mistake to look for a technological solution to sabotage.

"It seems to me to be purely an ethical question," he said. "We're going to have to rely on the better part of human nature."

Noting that newspapers are overflowing with stories about corporate executives who lied and looted, Weinstein acknowledged, "Unfortunately, that's not always a lot to count on."

A Colorful History

A smart card, about the size of a credit card, has an embedded chip with a central processing unit and memory cells. Basically, it is a tiny portable computer. That makes it perfect for controlling access to digital television, which is beamed encrypted from satellites.

The smart card slips into the set-top box that converts the digital signal, unscrambling it and acting as a sort of gatekeeper for the programming content. A smart card, for instance, will record what pay-per-view program a subscriber watches and transmit that information over a phone line to the billing office.

About 80 million TVs worldwide use smart-card technology. A third of the cards come from NDS Group, a company with a colorful history.

"NDS is all about the business of keeping secrets," said Neil Chenoweth, author of a biography of Rupert Murdoch that will be published this fall. "For most of its history it has existed in a legal and tax sense somewhere between Hong Kong, London, Jerusalem and Grand Cayman. But what happens if the secret side of an organization gets out of control?"

News Corp. funded the Israeli start-up in 1988 with vague hopes of profiting from its encryption technology. When Murdoch realized that his new British satellite television service would be endlessly pirated without adequate safeguards, NDS, then called News Datacom, proved its worth almost immediately.

NDS was run by a young English-born entrepreneur named Michael Clinger, a onetime bank credit analyst in New York who became chief executive of a small medical laser company. The Securities and Exchange Commission brought fraud charges against that firm, which Clinger settled in 1986. He then decided to emigrate to Israel. In 1990, a U.S. grand jury indicted Clinger on 51 counts of fraud, conspiracy and insider trading, all relating to the laser company.

Whether Murdoch knew that one of his crucial divisions was being run by an international fugitive remains unclear. Even after relations between Clinger and News Corp. soured, Chenoweth writes in his book, "It wasn't in News Corp.'s interest for Clinger to be arrested." An NDS spokeswoman declined to discuss the issue, calling it "ancient history."

In 1992, Murdoch bought out Clinger's interest in NDS and got rid of him. Or thought he did. Clinger still secretly controlled the manufacturing company that made the smart cards for NDS, which gave him a direct pipeline into his former company.

Matters spiraled out of control, according to several news accounts, when Clinger's ex-wife, a former swimsuit model, got involved with NDS' former chief financial officer. Apparently for revenge, Clinger turned him in for alleged evasion of personal income taxes. Apparently for revenge, the chief financial officer told News Corp. officials that Clinger hadn't gone away as they thought.

News Corp. sued Clinger for fraud in 1996, saying he was inflating the costs of each card he sold to NDS. Clinger fought back by telling the Israeli tax authorities that they should check NDS' books. Seventy-five inspectors raided the NDS offices. Eventually, News Corp. paid $3 million to the Israeli tax authorities, saying it wanted to "terminate the uncertainties and the exaggerated rumors" that the case had been spawning.

In an NDS safe, the tax inspectors found something not so simply dealt with: numerous tapes of conversations between Clinger and his lawyers long after he had left NDS. News Corp. denied that it had done any wiretapping of its former executive and asserted that the tapes had been planted by Clinger to frame NDS.

The fraud case, argued in an English court, went badly for Clinger, ending in 1998 with a judgment that he was "a skillful liar" who owed News Corp. and NDS nearly $50 million--a judgment that has not been paid.

By the late 1990s, as the world moved toward digital entertainment, investors figured that a company selling encryption devices would be a big winner. Late in 1999, News Corp. sold 20% of NDS to the public. Within a few months, the value of the company exceeded $5 billion. Among NDS' big clients were News Corp.'s British Sky Broadcasting Group and DirecTV, a leading U.S. satellite TV operator.

As NDS' stock was peaking, Vivendi was having massive problems with piracy. The smart cards made by its Canal Plus division powered 12 million set-top boxes, mostly for European television systems owned by its parent.

In Italy, for instance, Canal Plus technology was used by Telepiu, a digital system controlled by Vivendi. News Corp. controlled the competing platform, Stream.

As the companies fought for a commanding lead, their losses mounted. The biggest financial drain for Telepiu was freeloaders. When a new subscriber was buying a satellite dish and set-top box, the vendor would often sweeten the deal by telling the subscriber whom to call for a cheap counterfeit card.

Telepiu canceled its contracts with a quarter of its vendors, but that did little to stem the tide of piracy.

Frustrated, Canal Plus began to track the problem to its source. There were so many counterfeit cards, not only in Italy but elsewhere, that the company was facing claims from its clients for compensation. Competitors were pointing out that Canal Plus couldn't guarantee the integrity of its system, an alarming charge to make against a security company. Full-scale disaster loomed.

Canal Plus' investigation ultimately yielded a date, March 26, 1999, and a Canadian Web site, DR7.com. It was then and there, Canal Plus says, that its secret code was revealed for the world's counterfeiters to see and exploit.

But someone had to crack the code in the first place. Canal Plus maintains that this would have been very difficult. In the first three years it sold the cards, it says, they were never successfully hacked on a widespread basis.

Further investigation, Canal Plus says in its suit, led to Haifa, Israel, and the NDS lab. There, Canal Plus alleges, NDS engineers spent part of 1997 and all of 1998 in a $5-million effort to crack the cards and extract the software code, using such techniques as microprobing, laser cutting and focused ion-beam manipulation.

Allegations that the Haifa lab had extracted the code came from Oliver Kommerling, a consultant whose company, Advanced Digital Security Research, was partly owned by NDS.

"These efforts and the results were put into a written document and circulated among some NDS employees," Kommerling stated in a court declaration, adding that he also had a copy of it.

Canal Plus even believed it had found an NDS employee who posted the code on the Internet.

The director of security for Canal Plus Technologies, Gilles Kaehlin, said in a court filing that he had met with Christopher Tarnovsky, an NDS employee at its U.S. headquarters in Newport Beach whom he identified as "a well-known 'pirate' within the hacker community." Using a "nonverbal method of communication," Tarnovsky admitted sending the code to the DR7 Web site, Kaehlin alleged.

Why Tarnovsky should so readily incriminate himself is unclear, but Kaehlin added that the hacker indicated he might switch sides.

"He promised me that he would tell the truth to the court if he were called to testify but that he would not be the 'whistle-blower' on NDS' illegal activities, because he ... feared too much for his life and that of his family," Kaehlin said in the declaration.

In its lawsuit, Canal Plus accuses NDS of unfair competition, flouting copyright, racketeering and violating the Digital Millennium Copyright Act, which criminalizes the cracking of encryption devices in order to circumvent them.

The case was filed as the satellite TV companies, if not winning against hackers, at least seemed to be fighting them to a draw. But the Canal Plus suit undermined any notion of progress against pirates.

"If you have one of the largest media companies in the world actively working against the copyright holders, the digital future doesn't have a prayer," said Chenoweth, the Murdoch biographer. "This suit is really about the future shape of the media industry."

NDS not only denied any involvement in the hack, it offered to the court some theories about what really happened. Canal Plus cards were hacked long before any code was posted to DR7.com, NDS said. They were vulnerable because they were junk, it added.

Here is what really transpired, NDS says: Four months before the suit was filed, Canal Plus approached NDS about a merger. At the same time, it privately accused NDS of compromising Canal Plus' smart cards.

The accusation, NDS says, was an extortion attempt: Canal Plus would go public with the charge unless NDS paid an "outrageous" acquisition price. Now that the merger negotiations had fallen apart, Canal Plus was merely doing what it threatened. NDS was the victim here, not the villain.

Almost as an aside, NDS wondered on what grounds it was being sued. Why, it asked, does "United States law govern the actions of engineers in Israel employed by an English company to reverse-engineer the [code] in a smart card created by and for a French company"? It asked the judge to drop the case.

Court Skirmishes

NDS might have said the Canal Plus suit was without merit, but its stockholders fled. On March 12, the day the suit was filed, NDS shares plunged 25%. It closed Wednesday at $9.87, up 57 cents, on Nasdaq.

In early court skirmishes, Canal Plus maintained that the case was so "clear-cut and shocking" that it warranted the unusual legal step of expedited discovery.

Then, at the beginning of the summer, Vivendi, Canal Plus' debt-laden parent, began to fall apart. To raise money, it had to shed assets. First on the block was its Italian pay-TV division, Telepiu.

If the need for a sale wasn't a surprise, the prospective buyer was one that Canal Plus executives must have found galling: their hated foe, News Corp.

One condition was attached to the purchase: Drop the suit.

After Vivendi CEO Messier was forced out on July 1, the company also sought a buyer for Canal Plus Technologies. At one point, NDS Chief Executive Abraham Peled told a British newspaper that he was interested. "It's all a question of the right price," he said.

The ending might almost have been foretold from the beginning. First pirates had destroyed Canal Plus and Telepiu. Now News Corp. had a chance to pick up the pieces on the cheap. When the deals were done, it would have no satellite competition in Italy and only one remaining smart-card rival, the Swiss Kudelski Group.

If Vivendi had fewer counterfeiters, one observer said, Messier might have avoided seeing the dismemberment of his company, the loss of his job and the triumph of Murdoch.

"When you make a [revenue] forecast and it's not reached because you have a piracy rate of 35% instead of 10%, it means you're not reliable," said Davide Rossi, secretary general of the European Assn. for the Protection of Encrypted Works and Services, a trade group that both Canal Plus and NDS belong to. "Your partners may not be willing to support your other provisions."

The Telepiu sale has not gone through. Neither has any deal been announced for Canal Plus. As a result, the lawsuit has come back to life. On Aug. 15, U.S. District Judge Vaughn Walker slightly narrowed the case but declined to either move it or drop it, as NDS wanted.

Despite Canal Plus' assertions about how "no person or company is above the law," legal experts and industry sources close to the case say its interest is more tactical than ethical. When the suit's utility as a bargaining chip is over, they expect it to disappear.

Meanwhile, Kommerling, the consultant whose company is partly owned by NDS, has paid a price for coming forward with allegations against NDS.

Within hours after NDS saw his critical declaration, Kommerling was locked out of his offices, which adjoin the NDS headquarters in an outer London suburb. He is suing NDS for wrongful interference, but at the moment has little recourse except to walk away from his own company.

"I don't regret it," said Kommerling. "Given the circumstances, it was the only way to go. When I have spent all of my money in legal costs, I'll still have my integrity and skills and that's the important thing."

Asked about Kommerling, NDS declined to comment.
***************************
News Factor
Private Tech Companies Hope To Join U.S. Security Effort

Thousands of private companies are hoping to help the government -- and make money -- in the multibillion-dollar race for security as the government turns to technology to reduce the odds of attack and better manage homeland security. What hasn't been sorted out yet is how much Washington intends to spend, which technologies are worth supporting first and how much the private sector and local governments will pay to protect themselves if they don't get federal help.
http://www.newsfactor.com/perl/story/19230.html
**************************
News.com
Windows flaw threatens PC services
By Robert Lemos

Microsoft said Wednesday that a critical flaw in most versions of the company's Windows operating system could allow malicious attackers to corrupt the digital certificates that PCs use to connect to network services.
The vulnerability can be exploited via a special-coded ActiveX--a scripting language created by Microsoft to make interactivity to Web sites and applications easier--inserted into hypertext markup language (HTML), the lingua franca of the Web. To fall victim to attack, a PC user would have to browse a Web site, or open an HTML e-mail, specifically set up to take advantage of the vulnerability.

The flaw "could enable a Web page, through an extremely complex process, to invoke the (ActiveX) control in a way that would delete certificates on a user's system," Microsoft warned in an advisory released late Wednesday.


Such digital certificates are used to hold encryption keys used in e-mail, the encrypted files system (ESS) that is shipped with certain versions of Windows, and in the Secure Sockets Layer communications protocol used by many e-commerce Web sites. ESS is shipped in Windows 2000 and in Windows XP Professional. Though the flaw doesn't allow a malicious vandal to steal the certificates, it does allow the attacker to corrupt the data, rendering it useless to the PC's owner.

Depending on the certificates corrupted, the act would prevent the victim from encrypting and decrypting e-mail, encrypting files and complicating the use of secure Web sites, Microsoft advised. The flaw occurs in the Certificate Enrollment ActiveX Control.

Microsoft suggests that all users of Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000 and Windows XP patch their systems immediately.

The latest advisory brings the number of such warnings by the software giant to 48 for the year.
***************************
MSNBC
Car rentals with GPS systems
By Shellee Smith
NBC NEWS

Aug. 28 If you're planning to rent a car this Labor Day weekend, there is something you should know. The same technology that rental car companies use to locate stolen vehicles, could be used to track your every move. And that could cost you much more than you bargained for.
WHEN GENELLE and Art Rohe rented a car for a trip from Arizona to Texas last November, they expected to pay about $200. They didn't notice that the fine print called for much higher fees if they left state, but when they returned the rental car to Tucson, the bill was more than $2,000.
"I just went, 'huh,'" says Genelle Rohe. "I didn't know what else to say. I was just numb."
So what happened?
"She said, 'Our tracking records show you had this car in Texas, at a Motel 6,'" says Rohe.
That's right. Budget Rent-a-Car in Tucson, an independent dealer separate from the well-known national company, had a record of their entire trip.
Using GPS, the global positioning system of satellites, Budget can pinpoint the location of every vehicle equipped with a receiver and charge customers extra when they leave Arizona without permission a provision that few customers notice in the contract, and at a price that shocked the Rohes.
"Who would reasonably expect to return a vehicle on time, undamaged, and be presented with a bill for [up to] $7,000?" says Lynne Trenery, an attorney representing the Rohes.
Three dozen former customers are suing the Tucson Budget, charging invasion of privacy and fraud. Genelle Rohe says that no one ever told her that there was a GPS system on board.
NBC News decided to see what Budget in Tucson is telling its customers. When we mentioned driving to California, we did receive a warning.
"If you go into Nevada," said the agent, "You'll be charged a dollar a mile because it wasn't on the contract."
The National Budget Corporation says it only uses GPS to recover missing vehicles, and does not endorse Tucson's policies. The Tucson franchise declined an interview.
Privacy advocates acknowledge the use of GPS technology in rental cars is legal, but the issue for consumers is disclosure.
"They should tell the customer up front, if you drive from Buffalo to Toronto, we're going to know it and you're going to be subject to this penalty," says Stephen Keating of the Privacy Foundation.
New York tried to ban the practice after a Connecticut rental firm used it to track drivers for speeding, but the legislation failed.
Now, when the Rohes rent a car, they ask if there is GPS on board. They learned the hard way that if Big Brother is watching, it could cost you.
************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx