[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 23, 2002

Clips September 20, 2002

ARTICLES

Other Mideast countries added to visitor policy
Commerce Dept. Plays Matchmaker at Homeland Security Expo
Boston Airport to Install Scanners
British Police Arrest Alleged Hacker
WorldCom Ordered to Block Porn Sites
Fed Up With Spam
Energy agency says Web info poses threat
Start date uncertain for student tracking
U.S. extends support for ICANN, but wants changes [ICANN]
Online 'miracle' water seller taken to court [AUS]
Hollywood vs. the Internet
Online Privacy Bill Stalls In Senate

***********************
U.S. to fingerprint more Arabs
Other Mideast countries added to visitor policy
September 19, 2002
BY TAMARA AUDI
FREE PRESS STAFF WRITER

The Justice Department plans to fingerprint and track thousands more visitors when they arrive in the United States from a growing list of Middle Eastern countries, federal officials and an immigrant-rights group said Wednesday.

The program, which began last week targeting visitors from five countries the State Department says sponsor terrorism, will expand Oct. 1 to include at least 10 more Arab or Muslim countries. The program will expand incrementally to include all Muslim and Arab countries before it goes worldwide, said Jeanne Butterfield, executive director of the American Immigration Lawyers Association in Washington.

Two federal officials confirmed the plan, but said they could only discuss it on the condition that they remain anonymous because they are not authorized to talk about this program to reporters.

The expansion is to begin Oct. 1 with visitors from countries including Lebanon, Pakistan, Yemen and Saudi Arabia. The names of the other countries to be added were unavailable. The visitors will be fingerprinted and screened against terrorism and criminal databases, the federal officials said. The government began fingerprinting visitors from Iran, Iraq, Libya, Sudan and Syria on Sept. 11.

Visitors whose countries are in the program will be required on arrival to register with the U.S. government, leave contact information during their stay, and notify the government when they leave the country.

The expansion of the exit-entry program -- passed by Congress as a post-Sept. 11 security measure -- would impact thousands of regular visitors to the metro Detroit area, which has one of the largest Arab-American populations in the country.

In 2000, there were 173,000 visitors to the United States from Iran, Lebanon, Pakistan and Saudi Arabia, according to U.S. Immigration and Naturalization Service statistics. Visitor data wasn't immediately available Wednesday for Iraq, Libya, Sudan and Yemen.

By 2005, visitors from all foreign countries -- about 33.6 million people yearly -- will be required to register and be fingerprinted, U.S. Attorney General John Ashcroft has said. Even now, the system allows INS agents to fingerprint any visitor from any country who meets certain criteria, Jorge Martinez, a Justice Department spokesman, said Tuesday. He wouldn't say what those criteria are.

"It's not just people who are Arab," said Martinez. "The system is not based on race or religion."

Martinez said that because of security concerns, he could not comment on how or when other countries would be added to the list.

But other federal officials said the initiative focuses on the Middle East.

"Basically, it's your predominantly Middle Eastern countries associated with one religion," one federal official said, speaking on the condition of anonymity. "The time lines look like they're being pushed up for some countries faster than others."

The pending initial expansion to only Middle Eastern countries has raised the ire of civil rights groups that say that the government is once again unfairly targeting Arabs.

"Nothing is so surprising to our community any more," said Imad Hamad, director of the American-Arab Anti-Discrimination Committee, based in Dearborn. "Fingerprinting, photos . . . these days, people are just waiting to hear what is next. It's definitely ringing the bells of the past by having this community once again feel that it is still the prime suspect, and that the burden of the horrible attacks is still on our shoulders."

Others said the program's expansion is a logical first step toward monitoring visitors and improving national security.

"The government has an obligation to taxpayers to deploy its resources in the most efficient way. Certainly, starting with those countries that have the greatest security threat is the beginning," said Dan Stein, executive director for the Federation for American Immigration Reform, an anti-immigration lobbying group.

Stein, however, questioned the ability of an already-strapped INS to handle the expansion with its limited resources. "The historical pattern has been that INS will accumulate information they can't use until they just end the program," he said.

When the program was launched on Sept. 11, only visitors from Iran, Iraq, Libya, Sudan and Syria -- nations the State Department identified as sponsoring terrorism -- were required to participate.

INS officials in Detroit said Wednesday they could not comment on the program.

But others said that so far, the impact has been minimal, likely because the metro area gets so few visitors from those particular Mideast countries. But as more countries with direct ties to Michigan are added to the list, that could change.

"As they expand the program, it has the potential to impact the operation of the tunnel," said Neal Belitsky, director of operations for the Detroit-Windsor Tunnel. "We need to make sure there's adequate parking, pedestrian walkways, space and information to handle whoever needs to participate."

The number of participants could be high. Rainbow Travel and Tours, based in Dearborn, sells about 10,000 airplane tickets a year to and from Lebanon.

Naila Shouman, a travel agent for Rainbow, said she thinks the fingerprinting will not stop travel from the Mideast to the United States.

"As far as I can see, they're going to travel whether or not they're going to be fingerprinted," Shouman said. "They have to see their families."

Contact TAMARA AUDI at 313-222-6582 or audi@xxxxxxxxxxxxxx
*****************************
Washington Post
Commerce Dept. Plays Matchmaker at Homeland Security Expo
IT Expo Sought To Match IT Firms With Agency Procurment Officers
By Michael P. Bruno
Friday, September 20, 2002; 10:24 AM

Attendees and exhibitors at the first-ever Homeland Security Technology Expo and Conference sweated through two days at the un-air conditioned D.C. Armory this week to take part in the U.S. Department of Commerce's effort to bring together technology procurement officers from throughout the government and companies hawking goods for homeland security.

More than 200 companies exhibited at the expo, including at least 80 from Maryland, Virginia and the District. The numbers prompted Commerce Secretary Don Evans to declare the event a "smashing success." But numerous private-sector participants quietly complained about low attendance, the dearth of government procurement officials in attendance and the sweaty venue.

"Attendance was somewhat disappointing," said Paul Davies of Toronto-based MSR Inc., which makes software for customs and international trade.

"We wish there were more people from government, they need to see the technology and see the possibilities," said John Burwell of California-based SGI, a computer graphics company.

Procurement officers -- the government officials who shop for goods and services -- were harder to find than a cool breeze in the Armory, where the 65,000-square-foot main hall is ventilated by only two-dozen 48-inch exhaust fans and whatever doors are propped open. The low turnout by government officials surprised even some of the government workers who did make it to the expo.

"I would have thought we would have a lot more government people," said Capt. Mike Jackson of the D.C. National Guard. Jackson, a branch manager for the Guard's department of information management, said he had authority to strike deals with contractors.

"There were not as many as I thought," said Capt. Aeneas Gooding of the U.S. Air Force's Force Protection Battle Lab in Texas. Gooding said he was a "security guy" who scopes out expos and other events for promising technologies and products.

Expo organizers said more than 4,000 participants attended Wednesday and even more were expected Thursday, which was the busier day due to visits by Secretary Evans and Homeland Security Director Tom Ridge. An official attendance tally for Thursday was not immediately available, though the Armory seemed slightly busier than the day before.

Ridge, in a mid-day speech Thursday, praised the companies participating in the expo and urged them to "grab hold" of their part of the homeland security business market.

"Companies like the ones at this exposition will provide the know-how," Ridge said.

Despite the low attendance, Davies, Burwell, Jackson, Gooding and more than a dozen other participants interviewed by washingtonpost.com said the expo was worth attending, if for nothing more than making contacts with other companies and checking out the competition.

"At a minimum you get some exposure for your name. We've gotten a lot of mileage out of talking with other vendors," said John Sleggs, director of defense and intelligence programs for Herndon, Va.-based NetSec, a network security firm.

Attendees did get to see some some of the latest homeland security offerings, including a portable decontamination trailer from Kohler Mobile Plumbing Systems, a Wisconsin firm that makes portable facilities for use in hazardous materials applications. Crowds also gathered around a sports utility vehicle outfitted for first responders by BAE Sytems, a British company with U.S. operations headquartered in Rockville, Md.
******************************
New York Times
Boston Airport to Install Scanners

WASHINGTON, Sept. 22 Logan International Airport in Boston will announce on Monday that it is installing scanners that can check the authenticity of hundreds of kinds of driver's licenses and passports, check the bearer's name against government "watch lists," and generate lists, with photos, of whose document was checked and when.

The system, which airport officials said would fulfill many of the functions of a national identification card but which they hoped would not raise the civil liberties questions that such a card would carry, will initially be used only on airport workers. The Massachusetts Port Authority, which runs Logan, plans to issue new security badges to the approximately 10,000 people who work there, and wants to assure itself that the driver's licenses and other identification documents that those people present are valid.

But Thomas J. Kinton, Jr., the port authority's aviation director, said that he would like to see the system used on everyone entering the airport.

"The next logical choice for this technology is at the head of the sterile concourses at our nation's airports, prior to proceeding through the security checkpoint, where they now ask to see your boarding pass and ID," Mr. Kinton said. "You are going to very quickly determine whether the person is who they say they are, or whether they have purchased on the market, which we all know are available, a document that is falsified."

In a test this summer, the system evaluated the passports of 225,000 departing passengers at the international terminal, he said, and picked up several forgeries.

Under the current system, security experts say, no one who is checking ID's can be expected to know whether a license is valid. "Somebody pulls out a driver's license from Colorado, and I see a picture, I see that it says, `Colorado Division of Motor Vehicles,' or whatever, it says, and I say, `Have a nice day,' " Mr. Kinton said. The 50 states and various other agencies have issued more than 150 different licenses.

The new system was built by Imaging Automation, of Bedford, N.H. It is already in use at border crossings and airports in Hungary, Finland and Sweden, and Britain has ordered the system for use in consulates to determine if people applying for visas are presenting valid documents, said the company's chief executive, William H. Thalheimer.

Like the British government, the port authority is concerned with the security of "breeder documents," counterfeit ID's that a traveler can use to persuade a government entity to issue another document that is valid.

But the Imaging Automation equipment still raises problems, said Barry Steinhart, the director of the American Civil Liberties Union's program on technology and liberty. The first question, Mr. Steinhart said, was whether the system actually works, or is instilling a false sense of security among security personnel. Logan is testing face recognition technology, but has declined the civil liberties union's request for data on how well it works, Mr. Steinhart said.

"I certainly would want to see the evidence that it works, subjected to peer review," he said. "We need to be very careful of war on terrorism profiteers in this climate, who are selling technologies that don't in fact make us safer," he said. He added that he had no information suggesting the Logan equipment was in that category.

Another question is what would happen to the information after it is gathered, he said. A scanner at a boarding gate could generate an electronic passenger manifest, complete with stored images of the photographs on the license or passport, the moment the cabin door was closed.

"Whether it works or not, it is a symptom of the emerging surveillance society," he said.

But he conceded that "we are awash in phony documents." Some would not be picked up by this system, he said, because they are produced by proper issuers, but under false pretenses.

The Imaging Automation system works several ways, Mr. Thalheimer said. It can read bar codes, magnetic stripes or other machine formats and compare those with the information printed on the document in ordinary letters. Stored in its data base are the characteristics of hundreds of kinds of ID's, including what antitampering features are incorporated into the documents and the lamination, he said. For example, a document might have an image embedded in the plastic covering, or a seal printed on it; a person not familiar with the document would not notice a counterfeit that did not have the feature, he said.

It also looks to see if the document has expired.

The Massachusetts Port Authority would like the new Transportation Security Administration to pay for installing the system through the whole airport. That would cost $1.6 million to $2 million, Mr. Thalheimer said. The cost per passenger would be quite small; Mr. Kinton said that there were about 24.5 million passenger boardings last year.

A spokesman for the Transportation Security Administration, Robert Johnson, said, "We don't require anything like what this is purporting to accomplish, not at this time, anyway."

But Mr. Johnson added, "We're always on the lookout for new technology that can help us provide the kind of security the American public expects."
****************************
Associated Press
British Police Arrest Alleged Hacker
Fri Sep 20,10:13 AM ET

LONDON (AP) - Police have arrested a 21-year-old man suspected of writing a virus that attacks Linux ( news - web sites) computer systems, Scotland Yard said Friday.

The suspected computer hacker was arrested Tuesday at his home in southwest London on suspicion of writing the T0rn virus that masquerades as legitimate software to enter computer systems.

Police seized computer equipment, which is being analyzed by officers from Scotland Yard's computer crime unit, a spokesman for the force said.

He said the unit had been investigating T0rn since Nov. 2001 after it received information received information from the FBI ( news - web sites).

The man, who was not identified because he has not been charged, was arrested under the Computer Misuse Act of 1990 and was released on bail.

Graham Cluley, senior technology consultant at corporate security company Sophos, said T0rn provided hackers with the equivalent of a set of "skeleton keys which let you into everybody's house."

"It creates a back door and once that has been opened hackers can get in and steal information," he said.

Scotland Yard described T0rn as a "Trojan horse hacking tool."

It simplifies the process of hacking the open-source Linux servers. It was used by a Chinese hacking gang known as the "Honker Union" to create the virus known as Lion which circulated in mid-2001.
************************
Associated Press
WorldCom Ordered to Block Porn Sites
Fri Sep 20, 4:53 PM ET
By GEORGE STRAWLEY, Associated Press Writer

HARRISBURG, Pa. (AP) - A judge's order requiring WorldCom to block five child-pornography Web sites is the first use of a Pennsylvania law that raises concerns about turning Internet service providers into government censors.



The sites in question were not hosted by WorldCom but were accessible using WorldCom and other ISPs. According to an affidavit filed by an investigator, the sites showed nude males and females, believed to be under age 18, in sexual poses.

Montgomery County Senior Judge Lawrence A. Brown in Norristown on Wednesday ordered WorldCom to prevent its subscribers from accessing those sites.

The ruling was the first under a new state law that requires ISPs to disable access to child-pornography sites.

No other state has such a law, although at least three Arkansas, South Dakota and South Carolina require ISPs or computer technicians to report any child pornography they discover, according to the National Conference of State Legislatures.

Though child pornography is illegal, critics worry that forcing ISPs to do the blocking sets a bad precedent.

Jonathan Zittrain, co-director of Harvard Law School's Berkman Center for Internet and Society, said a copyright infringement victim might someday demand that an ISP block access to a site containing the copyright material.

"The technology that may develop to be responsive to this request is going to be a Swiss army knife capable of being deployed in a lot of other areas," Zittrain said.

Just last month, the U.S. recording industry filed a federal lawsuit seeking to compel four ISPs to block a Chinese Web site accused of distributing pirated music.

Critics complained that the industry was trying to force Internet carriers into functioning as the copyright police instead of going after the site directly.

The lawsuit was later dropped, after the site mysteriously stopped working.

Sean Connolly, a spokesman for Pennsylvania Attorney General Mike Fisher, said his office has worked cooperatively with ISPs to block access to about 200 sites since the law went into effect in April.

WorldCom was the first company to refuse initially.

WorldCom officials had indicated in a letter to Fisher's office that they would block access only after receiving the court order. Nevertheless, company spokeswoman Sudie Nolan pledged cooperation with authorities investigating child pornography.

The ruling won't remove the sites from the Internet or block access via other service providers.

And although the ruling only affects Pennsylvania, WorldCom will have to block those sites from all of its subscribers, due to technological limitations.

Connolly said his office has received no objections to the law on free-speech grounds.

"We believe this is a good law that protects children from sexual exploitation and we will defend it in court against any challenges," he said.
**************************
San Francisco Chronicle
New state law prohibits unsolicited junk faxes
Spam sent as text messages also outlawed

Sacramento -- Gov. Gray Davis signed legislation Thursday to outlaw unsolicited junk faxes in California, admitting that a state law he signed just last year was inadequate to stop the flood of unwanted ads for cruise vacations, local restaurants and other businesses.

Davis also signed a bill banning unsolicited ads sent to cell phones and pagers that receive text messages, putting brakes on the newest electronic advertising scheme that some fear could overwhelm cell phones with "spam" the way it buries Internet e-mail.

Unlike with e-mail spam, however, consumers end up paying to read unsolicited ads sent to fax machines, cell phone and pagers, since many people pay per-message fees,and fax owners must buy paper, toner and phone lines.

"These days," Davis said, "telemarketers and advertisers intrude on every part of our lives. . . . The message is: do not call, do not fax, do not page. Leave us alone."

The junk-fax legislation Davis signed Thursday essentially repeals a 2001 California law and replaces it with a tougher federal law that for a decade has banned unwanted advertising to fax machines and allowed up to $1,500 fines for each violation.

The current state law, which now ends Dec. 31, allows companies to include a toll-free number where a customer can stop future faxes. But those numbers often don't work, or companies only send one blast fax and disappear.

Davis' signature is a huge blow to Orange County-based Fax.com, which sends out hundreds of thousands of faxes from a database of 16 million fax numbers. Hundreds of businesses and nonprofit groups use their service to send spam faxes.

Now, without the weaker state law, federal regulations allow unsolicited faxes only to people who have an "existing business relationship" with the customer. Your mortgage company, for example, could send an unsolicited fax without penalty, but a deli that you've never patronized could not.

"Let there now be no doubt about it -- junk faxes are illegal. Period. End of story," said Assemblywoman Christine Kehoe, D-San Diego, co-author of the bill with state Sen. Debra Bowen, D-Marina del Rey.

The Federal Communications Commission recently proposed a $5.38 million fine against Fax.com, claiming the company "engaged in a pattern of deception to conceal its involvement in sending the prohibited faxes."

Fax.com President Kevin Katz said that a U.S. District judge in Missouri last month had ordered the FCC not to pursue the $5.38 million fine and ruled the federal junk fax law was an unconstitutional violation of free speech. The ruling has been appealed, but Katz said consumers now could be left without any protections.

"Fax.com stopped sending faxes to anybody who called our 800 number," Katz said. "But others did not, and when the new law goes into effect, California consumers will have no recourse against them."

The measure banning unsolicited text messages to cell phones and pagers emerged after Assemblyman Tim Leslie, R-Tahoe City, read about the case of Rodney Joffe, who had been interrupted during a performance of "Riverdance" by a text message advertising new mortgage rates.

Joffe filed a lawsuit against the mortgage company. Wireless companies also started to worry about the new phenomenon. They're trying to create a cell- phone culture where text messaging is cool -- and comes with its own funky language -- much like in Europe and Japan, where cell phone technology is more advanced.

E-mail Robert Salladay at rsalladay@xxxxxxxxxxxxxxxx
****************************
Chronicle of Higher Education
Fed Up With Spam
Irate students and professors want colleges to crack down, but doing so is difficult
By FLORENCE OLSEN

A rising chorus of complaints about unsolicited commercial e-mail many college officials that they need to do more to fend off spam. Colleges are trying a variety of methods to fight spam, with mixed success. Some institutions use strategies for minimizing spam but know of few ways of eliminating it.

Spammers have taken over "a very nice function of the Internet and made it pretty much a frightful experience," says Thomas A. Gaylord, chief information officer at the University of Akron's main campus. He knows students and faculty members who are apprehensive about opening their campus e-mail because of the offensive spam they may find there.

"It's just not what we want," Mr. Gaylord says, emphatically.

Many computing officials say that spam is a bigger problem for colleges than for corporations because college networks are more open to the public than are most corporate networks. "It's the mission of colleges to share information," says Hossein Shahrokhi, director of information technology at the University of Houston's downtown campus. Colleges openly publish e-mail addresses on departmental Web pages and in Web-based campus directories.

"It's not that we are open because we just can't be disciplined," adds Mr. Shahrokhi. That openness, however, has compounded a situation that is increasingly annoying for computing officials and e-mail users alike.

Colleges also are less inclined than are many businesses to block incoming e-mail suspected of being spam. Some college officials say that concerns about violating the principles of academic freedom, privacy, and the First Amendment make them reluctant to block e-mail messages based on their content or to "blacklist" the Web sites of known spammers.

Spam is difficult to limit for both colleges and corporations, because spammers are constantly changing their techniques. A few students blame officials on their own campuses for allowing spam on the campus-mail network, but many students and faculty members have become resigned to spam as a fact of life.

Some colleges, however, are teaching people how they can reduce spam. Others are experimenting with a variety of technical means to block spam, some of which may make it less convenient for faculty members and students to communicate with each other through e-mail.

Wasted Time and Money

For many colleges, spam is a bigger problem now than it was just a year ago, and the increase in pornographic spam has been alarming, campus officials say. About one in every five e-mail messages that arrives at the University of Akron's mail gateway is spam, which is three times last year's amount.

Mr. Gaylord says the spam problem at Akron is beginning to reduce everyone's efficiency. People are spending more time deleting spam or adding filters to their e-mail for blocking spam, he says.

Colleges also are spending money to counteract spam that they otherwise would not spend -- money for more disk space, for additional network bandwidth, and for more technical-staff time. At Akron last year, about $15,000 -- 25 percent of a full-time mail administrator's salary -- was spent on dealing with spam, Mr. Gaylord says. Less than a year ago, the size of a typical spam file was 3 kilobytes, but now it is 20 kilobytes. According to Mr. Gaylord, coping with spam last year cost the university roughly $75,000 -- and that's not counting the hours that faculty members and students spent deleting unwanted messages and configuring their mail accounts to filter out spam automatically.

Private liberal-arts institutions are having similar problems. Spam "eats up a tremendous amount of our support staff's time, and it's hugely frustrating to users," says David D. Gregory, chief information-technology officer at Colgate University. "It's even more frustrating to us. Instead of focusing on integrating technology into teaching and learning, we're busy dealing with those kinds of things."

Spam Strategies

Companies that send unsolicited e-mail use software programs to collect e-mail addresses from Web pages. Some also use so-called "dictionary attacks" that send spam to millions of randomly generated e-mail addresses. By chance, some of those addresses are valid.

Spammers have also devised many techniques to elude the blocking technologies that some colleges are using. One such technique involves using software robots that set up free e-mail accounts with names like "samantha8251879," and that add a unique number to each message so that filters fail to recognize it as spam. The companies are also working hard to get students and faculty members to read the messages. Deceptive subject lines have become common.

Colleges may have to wait 5 or 10 years for more organized rules and policies governing spam, says Mr. Shahrokhi, the information-technology director at Houston. "The laws," he says, "are trying to catch up."

Despite users' outrage, anti-spam laws in 26 states have so far proved difficult and expensive to enforce. In some states, the laws are being challenged in the courts on constitutional grounds as violations of free speech.

Douglas Wood, general counsel for the Association of National Advertisers, which represents the interests of 300 large businesses, is opposed to such laws. "We're never going to have the tax dollars and public money to staff a prosecutor's office to go after all the people doing this," Mr. Wood says. Rather, the technology of filtering and the Internet economy should be allowed time to mature, he says.

Problems With Blocking

Many campus-computing officials say they are uncomfortable using some of the techniques that corporations use for stopping spammers, such as blocking e-mail from known spam sites. Darrow Neves, chief technology officer at Middlesex Community College, in Massachusetts, says he would never consider such a measure without first seeking faculty approval.

Computing officials at the Pima County Community College District, in Arizona, say they have done nothing about spam so far, other than to discuss the problem among themselves and prepare a report for the chancellor that describes some of the options for dealing with it. But Ann Strine, associate vice chancellor for information technology, says it may be time to discuss the topic with faculty members, and then to act.

After being struck with sharp increases in spam, some colleges have taken steps to make sure they aren't contributing to the problem. For example, many colleges now prohibit the use of servers that function as e-mail open relays, which accept mail from sources outside the college and relay that mail to other outside destinations. Such servers, officials say, are easy to hijack and use for distributing spam.

"There used to be a good reason for open relays, but there isn't anymore," says Daniel V. Klein, a Pittsburgh-based consultant and software developer who is a former senior member of the technical staff of the Software Engineering Institute at Carnegie Mellon University. The relays were helpful in the early days of the Internet, when many Internet connections depended on telephone circuits.

Because almost all Internet servers are now hard-wired to the Internet 24 hours a day, Mr. Klein says that about the only people who need open relays are those who are trying to avoid persecution or prosecution. In China and elsewhere, dissidents use e-mail open relays to communicate without revealing where their messages originated. And spammers use those same open relays to hide their true locations.

Before Colgate University decided to clamp down on the use of e-mail open relays, someone outside the college discovered a Unix server in one of the departments and used it to distribute spam, says Mr. Gregory, the chief technology officer. The spammers try to find holes in a college's network security, he says, "where they can go in and use a server on our campus to relay this vast amount of e-mail, and it looks to somebody [else] as though it came from Colgate." Sometimes researchers in a department may not even be aware that a server's open-relay function is turned on.

Most college officials say they are trying to do a better job of educating users about spam and what they can do to minimize it.

"I tell people, "Just delete,'" says Deborah M. Keene, associate dean of the library and technology at George Mason University's School of Law.

"We tell people to be careful" -- and to use a bogus e-mail address, if asked for one, when they download anything from a Web site, says Greg Cornell, a Unix-system administrator at Walla Walla College. At a user's request, the college will also set up a second e-mail address for anyone who wants one address to use for professional mail and one for commercial mail.

Officials of the Indiana University System have created a set of Web-based documents that users are directed to when they send a complaint to the "help" desk about unsolicited commercial e-mail. The documents define spam and give hints on how to minimize it, says Merri Beth Lavagnino, the university's deputy information-technology policy officer.

For example, students may not realize that posting to Usenet newsgroups and subscribing to unmoderated discussion lists make them vulnerable to spammers who look in those places for e-mail addresses. Or that responding to spam by asking to be taken off the list of a disreputable advertiser will most likely have the opposite effect: The student's name will end up on more spam lists rather than fewer.

This fall, Indiana officials are beginning an aggressive educational campaign on all the university's campuses to teach students how to cope with spam. "If they have been replying religiously to every spam they've ever gotten, to ask to be taken off, they've really built up more of a problem," than if they had just deleted the spam, Ms. Lavagnino says.

Anti-Spam Technology

Other institutions have tried technology designed to control spam. Many colleges use e-mail programs like Eudora, Microsoft Outlook, Netscape Messenger, or Pegasus Mail that let users set their own software filters to block spam. Some of those institutions have begun offering seminars several times each semester to explain how to use the filters, because when such filters aren't used properly, they may also block e-mail that users want to receive.

Some colleges have gone a step further by using a limited number of filters on their mail servers to block sexually explicit spam, such as ads for pornographic Web sites, from reaching users' inboxes.

In June, after receiving a complaint from a staff member who handles the president's e-mail, Virginia Commonwealth set up a spam filter to block e-mail containing "the F word," says Mark D. Willis, executive director of administrative information technology at Virginia Commonwealth University.

"The danger with filters is that they overfilter," Mr. Willis says. "You may think you're blocking only certain types of e-mail, but you may be blocking legitimate mail."

A number of computing officials say they have set up spam filters in Microsoft Exchange Server, a server-based e-mail program, with good results.

Others say they have had success with Unix-server-based content filters like SpamAssassin, free software that flags certain messages as spam based on known practices of spammers.

SpamAssassin "is usually correct," says Mr. Cornell, at Walla Walla. If users wish to, he says, they can delete the spam quickly without even looking at it.

Protecting E-Mail Addresses

Some colleges are also trying to make it harder for spammers to collect the e-mail addresses of students and faculty and staff members.

Often, the spammers use automated scripts to search static Web pages for character patterns that resemble e-mail addresses and capture thousands of addresses. But whatever steps colleges take will almost surely make it more difficult for students and professors to communicate easily with one another and with the public.

At the Pentagon's insistence, the U.S. Air Force Academy and other military academies removed all personal e-mail addresses and other personnel information from the Web after September 11, 2001.

Air Force academy officials say they have not had a serious problem with spam during the past year.

"We did get an exception [at the academy] for at least listing the biographical information for the faculty, but we don't include their e-mail addresses," says Larry W. Bryant, director of academic computing at the academy.

At Indiana, e-mail administrators are experimenting with a variety of ways of displaying e-mail addresses on the Web so that automatic programs created for collecting e-mail addresses do not recognize them. Most of the options would eliminate the convenience of clicking on an e-mail address that appears on a Web page and sending a message, says Ms. Lavagnino, the technology-policy officer. "Some [departments] may decide that they would rather have spam than to have the user type the e-mail address," she says.

Indiana officials say they sort spam complaints into two categories. One kind -- the complaints about weight-loss ads and the like -- officials ignore because of the overwhelming volume of such messages. The other kind -- calls about spam that a student feels is threatening or appears to involve a scam -- they investigate.

But Indiana is planning to make a big effort to control the flow of spam this year. "We process one billion e-mail messages a year, so it is likely to be a complex and expensive project," says Ms. Lavagnino. Details have yet not been worked out, she says.

The purpose is to offer faculty and staff members and students a choice of having filtered or nonfiltered e-mail service. Such a service would have to be flexible enough, Ms. Lavagnino says, so that individual users could opt in or opt out on their own.

Some college officials worry that spam, if not controlled, could begin to turn staff members away from using e-mail. "I hope we don't reach the day where people don't want to use their e-mail because they're getting so much spam," says Ms. Keene, the associate dean at George Mason University's School of Law. But most officials agree that abandoning e-mail is unlikely. "We've seen what we can do with e-mail, and it's hard to give it up," Ms. Lavagnino says.

On the other hand, Akron's Mr. Gaylord observes that instant-messaging programs have taken hold on many campuses, and one of their appealing characteristics is that they are spam-free.

Many campus officials and technology consultants are resigned to predicting that the spam problem will get worse, because it costs spammers almost nothing to market their products or services using Internet e-mail programs. In the meantime, colleges are handling the spam problem as well as can be expected, Ms. Keene says. "People are coping, but they're very annoyed."


--------------------------------------------------------------------------------
7 APPROACHES TO FIGHTING SPAM

Following are strategies for minimizing spam that are in place or (where noted) under consideration at colleges, along with some of the institutions using or considering these approaches.

1. Shutting down e-mail open relays on campus servers to prevent spammers from hijacking the machines. Open relays accept mail, including spam, from sources outside the college and relay that mail to other destinations outside the college (Middlesex Community College, University of Maryland at College Park, Virginia Commonwealth University).

2. Directing students with spam complaints to a campus Web site with answers to frequently asked questions and articles about how to avoid spam (University of Akron's main campus, Indiana University System).

3. Offering seminars each semester on how to use the anti-spam filters that are built into some desktop e-mail programs (University of Akron).

4. Setting limited blocking filters on the campus-mail gateway to eliminate the most obnoxious spam (Colgate University, George Mason University, University of Akron, Virginia Commonwealth University, Walla Walla College).

5. Closing down individual campus e-mail accounts, if requested, to put an end to spam attacks (George Mason University).

6. Installing a firewall to block spammers from searching campus servers for e-mail open relays from which to distribute spam (under consideration at Colgate University).

7. Offering an alternative "filtered" mail service, in addition to regular campus e-mail, for faculty and staff members and students who want to avoid spam (under consideration at Indiana University System).
**************************
Associated Press
Report: Demand Low for Broadband
Mon Sep 23, 8:58 AM ET
By D. IAN HOPPER, AP Technology Writer

WASHINGTON (AP) - Almost all U.S. families live in areas where a high-speed Internet connection is available, but many see no compelling reason to pay extra for it, the government reports.



A Commerce Department ( news - web sites) study, compiled from a variety of analyst surveys, cites a need for more music, movies and games on the Internet in order to make broadband connections more popular.

"New applications and services that consumers want and businesses need will provide the tipping point for broadband demand and usage," says the report from the department's Office of Technology Policy.

Only 10 percent of U.S. households subscribe to high-speed access, lower than the rate in Taiwan, South Korea ( news - web sites), Hong Kong or Canada. About half of American families have some type of Internet access at home.

Several technology lobbying groups have endorsed different approaches to a national broadband strategy to encourage further use of technology that would allow even faster connections than current high-speed home networks.

The report partially agrees with that assertion. "Today's broadband will be tomorrow's traffic jam," it says, but as a whole it stresses a need to increase demand rather than to build more and faster networks.

The report credits the defunct file-trading service Napster ( news - web sites) for promoting the purchase of high-speed access as well as PCs, CD-ROM writers and large hard drives. But since Napster fell under legal action from the music industry, nothing similar has taken its place.

New file-trading networks tend to be hard to use and still are threatened by lawsuits, while the music industry's legal online delivery services have been criticized as too expensive and restrictive. There remains no legal way to find most popular movies online.

Industry has the responsibility to devise copyright protection technology, according to the administration report. That runs counter to some congressional efforts, backed by media companies like Disney and News Corp. and opposed by electronics makers, to have government approve a copyright technology that would be used in all electronic devices.

Another potential broadband explosion lies in online game playing. Internet multiplayer games are responsible for much of the increase in broadband use in Asia, the report said, and newer game-playing consoles such as Microsoft's XBox ( news - web sites) and Sony's Playstation2 ( news - web sites) either have or will soon be able use such networks.

The report cites a 2002 poll by Winston Group indicating that telecommuting would make broadband attractive as well. According to the poll, a third of Americans would forgo a pay raise to be able to work from home.

The high relative cost of fast access is also a hurdle. Most people pay about $50 per month for high-speed connections, whereas slower dial-up connections are only $20 a month. In an August 2002 Yankee Group survey, more than 70 percent of dial-up users cited cost as the main reason they aren't upgrading to faster access.
*****************************
Federal Computer Week
Energy agency says Web info poses threat

Citing the threat of terrorism, the Federal Energy Regulatory Commission (FERC) is proposing new rules to limit the public's access to information about power plants, pipelines and other components of the energy infrastructure.

Only those with "a need to know" will have access to the information, and they might be required to sign an agreement that prohibits them from revealing what they have learned.

The agency proposes appointing a special information coordinator who would determine whether an individual seeking information has a need to know it.

The proposed rules would greatly limit access to information that was freely available on FERC's Web site until mid-October 2001, and public interest organizations are greeting the rules with alarm.

The restrictions would be "unprecedented," said Sean Moulton, a senior policy analyst at OMB Watch, a public interest organization.

"What FERC is proposing to do is to shut communities out of the information loop," said Tyson Slocom, research director for Public Citizen's Energy Project.

Under the new rules, the public could be denied important safety information about the energy infrastructure, such as the location of pipelines and power plants, Moulton and Slocom said. And the information restrictions would apply to energy projects that are merely in the proposal stage as well as facilities that already exist.

According to FERC, which oversees energy production and sales, greater secrecy is necessary because energy installations make attractive targets for terrorists.

"Americans have had to face the harsh realities of terrorism on their soil," according to the agency's 50-page document spelling out the proposed rules. "This has forced the nation to reassess its vulnerability to terrorist threats. Government agencies as well as private companies have had to reconsider the extent to which they make information freely available to others."

FERC spokeswoman Celeste Miller said the new rules would restrict public access to "a very small percentage of the information" that used to be publicly available. A month after the terrorist attacks last year, FERC officials blocked access to "tens of thousands of documents" on hydropower plants, gas pipelines, electric transmission lines and other elements identified as critical to the energy infrastructure.

Much of the information has since been returned to FERC's Web site and to public reference rooms, Miller said.

FERC officials say they want to protect the nation's energy infrastructure by limiting access to information that might be used to plan an attack on the nation's pipelines, transmission lines or power plants.

But the kind of information FERC hopes to hide from terrorists is also the kind of information individuals and communities need to know for safety reasons, Moulton said. "If these facilities are vulnerable or pose some sort of threat, the public has a right to know about that. How can the location of a gas main be kept from the public?"

The rules "are not going to do anything to make the infrastructure safe from terrorism," Slocom said. "All they will do is forbid citizens to have information about what's going on in their communities."

FERC will accept public comments on its proposed rules until Oct. 13. Then the agency will review the comments and issue a final rule, Miller said.

Unless the final rule is substantially less restrictive than the proposed rule, "we will challenge this in court at the first opportunity," Slocom said.

***

Gone but not forgotten

Agencies may remove information from their Web sites, but that doesn't mean the data disappears from the Internet.

Purged pages can continue to exist in search engine caches, in Web archives and on the computers of those who may have copied them.

For example, Transportation Security Administration specifications for a passenger- checking computer system resurfaced in August even though the agency removed the information from its Web site between March and June. The document was retrieved from a search engine cache in mid-July.

Some of the documents that federal agencies deleted after last year's terrorist attacks may still be available in the Internet Archive, a nonprofit site created in 1996 to preserve versions of Web sites at certain points in time.

Through the Internet Archive, it is possible to search old government sites for documents that have since been removed from the Internet.

Not everything will be there, however. Agencies such as the Federal Energy Regulatory Commission have taken steps to have sensitive material stricken from the Internet Archive.
***************************
Federal Computer Week
Start date uncertain for student tracking

The $38 million computer system being built to keep track of foreign students will be operational Jan. 30, 2003, as required by law, the Immigration and Naturalization Service told a House subcommittee Sept. 18.

Not likely, the INS' parent agency, the Justice Department, told the House Judiciary Committee's Immigration and Claims Subcommittee.

The Student and Exchange Visitor Information System, or SEVIS, may be "technically operational" by Jan. 30, but key elements of the system are so far from ready now that they cannot be in place by the deadline, said Glenn Fine, Justice's inspector general.

For example, INS must recertify schools that are allowed to enroll foreign students. To date, only 736 schools have been approved to use the SEVIS system. Another 1,200 are in the process, but as many as 70,000 schools have to be recertified.

Schools with hundreds or even thousands of foreign students want to be able to transfer existing electronic files to SEVIS, but the required batch-processing system won't be ready for testing until mid-October.

What's more, there is no training program to teach school personnel or INS employees how to operate SEVIS.

And the schools already using the system are discovering glitches. Duke University found that the electronic application for foreign students does not accept "Ph.D." when it asks what degrees students are studying for. And when the university learned that a foreign applicant had provided fraudulent information, SEVIS would not let Duke officials withdraw the false documents, said Catheryn Cotton, director of Duke's International Office.

But Janis Sposato, a chief in INS' immigration services division, said she remains "confident that we will meet the congressionally mandated deadline for full implementation" of SEVIS.

She said that schools will be required to use the system for all foreign students they admit after Jan. 30. By the next academic semester, all foreign students are expected to be enrolled in SEVIS, she said.

School officials doubt that that is possible. "The INS has made progress much more rapidly than we thought possible, but much remains to be done in a shrinking period of time," said Terry Hartle, senior vice president of government and public affairs at the American Council on Education.

INS has set up a help desk to assist schools trying to operate SEVIS, but schools report "very uneven success in getting answers from the INS help desk," Hartle said. And INS has ignored repeated pleas to hold regional training sessions for school employees who will have to use SEVIS, he said.

The system is considered an important part of the effort to improve homeland security by keeping better track of foreign students. Several of the hijackers in last September's terrorist attacks came to the United States and studied at flying schools.

And in an embarrassing episode last March, INS issued two of the hijackers student visas six months after they died in the attacks they carried out.

Fine said SEVIS could become an important tool in detecting foreign student fraud.

Analyzing data collected by SEVIS could highlight schools with high "no-show" rates or high dropout rates, which could indicate alien-smuggling operations, he said.

In the past, some schools have served as an easy entryway for foreigners to the United States by enrolling hundreds more foreign students than they have room for.

The system is also intended to make up-to-date foreign student records instantly available to authorities at ports of entry, consular posts, INS service centers and law enforcement agencies.

***

A work in progress

How the Student and Exchange Visitor Information System (SEVIS) is supposed to work:

1. A foreign student applies for admission to a U.S. school.

2. The school accepts the student, fills out an I-20 form indicating the student's eligibility to study in the United States and enters the information into SEVIS.

3. The student applies for a student visa through a U.S. consulate or embassy in his or her home country. The consulate or embassy checks SEVIS to verify the student's eligibility.

4. The student arrives in the United States. Immigration officials verify his or her student status by checking SEVIS.

5. The student's arrival at school is recorded in SEVIS.

The student must report any address changes, course study changes, employment, transfers and other status changes to school officials, who update SEVIS.

School officials must notify the Immigration and Naturalization Service if the student fails to report changes or meet other conditions of the student visa.
******************************
Federal Computer Week
Air Force seeks to lighten the load
BY Dan Caterinicchia
Sept. 23, 2002

Special operations troops deployed in Afghanistan have had to wage war in some of the most challenging environments imaginable, and their information technology tools have for the most part performed admirably.

But something must be done to lighten troops' battlefield loads, which can exceed 140 pounds, with more than 73 percent of that weight coming from equipment, according to Air Force officials who have had to carry those packs.

"It's absolutely unacceptable that we have to walk with that much weight with the technology we have today," said Air Force Reserve Tech. Sgt. James Hotaling, a combat controller in the 720th Special Tactics Group in the Air Force's Special Operations Command. Hotaling carried a 143.3-pound pack during Operation Anaconda, in which more than a dozen American troops were killed or injured in battle.

Speaking Sept. 16 at the Air Force Association's 2002 National Convention in Washington, D.C., Hotaling discussed his participation in direct action and strategic reconnaissance missions during Operation Enduring Freedom, when he served as communications specialist for U.S. and coalition forces.

Some missions required scaling ridges thousands of feet high, others were conducted in the desert, and still others were in snow. The packs carried into all of those locations were made heavier by outdated, inefficient technology, he said.

"The batteries we use [for the portable radios] are lithium and weigh 2 pounds each," Hotaling said. "It takes two [batteries] to power the radio we're using, and that only lasts a day. For a 12-day mission, that's 24 batteries [weighing 48 pounds], and that's crazy."

Col. Craig Rith, commander of the 720th Special Tactics Group, said the Air Force is partnering with industry to lighten the loads troops must carry. He also said the Air Force research laboratories have played a key role in integrating off-the-shelf technologies in the first of a three-part effort aimed at shortening the time needed to strike an enemy target.

Frank Hoke, a program manager in the Air Force Research Laboratory's Information Directorate in Rome, N.Y., said that the labs have co-developed technologies, such as a credit card-sized radio and a plastic battery, that could help lighten troops' loads, but once the labs prove something can be done, it's up to the service or vendors to finance and produce the tools.

The second step will be producing and using "better, lighter versions" of the tools, and the third stage calls for going even lighter and providing "click, click technology," in which the images and intelligence captured by combat controllers on the ground are automatically sent to the closest aircraft and the weapons systems they are carrying, Rith said.
*****************************
Computerworld
U.S. extends support for ICANN, but wants changes
By PATRICK THIBODEAU
SEPTEMBER 20, 2002

WASHINGTON -- The Bush administration wants the Internet Corporation for Assigned Names and Numbers (ICANN) to work faster in reviewing the security of the root server system and said that the private group, charged with managing the Domain Name System for the Internet, has made little progress in achieving that goal.
That was one of a number of recommendations included in an agreement released today extending U.S. support for ICANN by one year -- its fourth extension since ICANN's creation in 1998.

The extension, however, was accompanied by strong criticism of ICANN's operation. Nancy Victory, assistant secretary of Commerce for communications and information, said she is "frankly disappointed" with ICANN's progress in accomplishing the tasks outlined in the earlier agreements.

Even so, Victory said ICANN's efforts at reform offer "substantial justification for affording ICANN a limited amount of additional time to achieve" the task outlined in the latest memorandum of understanding.

And in a nod to ICANN's critics, Victory acknowledged that ICANN should serve as a technical coordinating body and not Internet policy-maker. "ICANN should not be the government of the Internet," said Victory.

The U.S. agreement outlines the "challenges" facing the organization. It cites the need for ICANN to implement a process to resolve disputes, something called for in the group's bylaws. And it seeks improvements in public participation as well as in the way new top-level domains are selected.

U.S. officials, in announcing the agreement, said that the next year will "be a critical period for ICANN" and that its efforts will be closely monitored by the Commerce Department. The agreement requires quarterly progress reports.

Although critical of ICANN progress in meeting certain goals, the Bush administration credited efforts of ICANN President Stuart Lynn to reform the organization's structure and processes.

ICANN officials were pleased with the extension, and Mary Hewitt, the organization's spokeswoman, said the agreement is "telling us that we need to be less mired in process and more goal-oriented."

Alternatives to ICANN's stewardship are not obvious, experts in this area have said, but could involve resumption of government control of the Domain Name System.
***************************
News.com
Lending spammers a helping hand


By Stefanie Olsen
Staff Writer, CNET News.com
September 23, 2002, 4:00 AM PT


Have you helped a spammer today?
According to operators of spam-filtering lists, an alarming number of people are unwittingly helping junk mailers shuttle spam, or unsolicited bulk e-mail. Those unassuming victims are running software meant to allow multiple connections over a LAN (local area network) to the Internet through a single line, or what's known as proxy servers.

Many proxy servers are installed insecurely, and spammers have discovered tricks to tap into them to send junk mail with little trace--an occurrence relatively unseen a year ago, experts say.


The problem has grown so quickly that some blocklist owners estimate that between 30 percent and 80 percent of the spam attacks today are caused by open proxies.

"Anybody on the planet can use (open proxies) to connect to mail servers if only you know how to talk to them," said Margie Arbon, director of operations for MAPS RealTime Blackhole List, a spam-filtering service that identifies IP (Internet Protocol) addresses that are the sources of spam. "The amount of spam going through them is scary," Arbon said.

This is only the latest modus operandi for spammers on a relentless mission to hurl get-rich-quick schemes and salacious e-mail at people with little cost, despite measures by ISPs (Internet service providers) and e-mail subscribers to push back. But with every spam blockade or filter erected, junk mailers dig new trenches to deliver billions of commercial messages to people every year. So far, they are winning the war. Some filtering companies expect spam will soon comprise the majority of message traffic on the Web.

The newest exploit is quickly edging out spammers' standard tactic--stealing resources and bandwidth from insecure mail servers, or "open relays." Many such servers are set up overseas and are regularly tapped by spammers in the United States to funnel messages back into the country. While this practice is still widely in use, open relays are taking a backseat to open proxies, which are known to give junk mailers more anonymity.

Some owners of blocklists--which research spam complaints and list the IP addresses of suspected spammers--blame software developers of the various proxy servers for leaving them open on installation by default. They also say that consumers need to be more aware of how the systems work to make their machines secure.

Still others hold ISPs responsible.

"The proxy problem could be mostly eliminated by Internet service providers simply scanning their own networks for open proxies," said Steve Linford, president of the blocklist The Spamhaus Project. "If ISPs were proactive in securing their own networks from the well-known spammer exploits such as open relays and proxies, the spam problem wouldn't be what it is today."

Joe Jared, who runs the blocklist Relays.osirusoft.com and owns OsiruSoft Research & Engineering, said that just about every ISP, including America Online, has open proxies on their network. He held up Road Runner as an example of an ISP that regularly checks its customer base for the issue.

AOL spokesman Nicholas Graham said that the company is taking steps to address vulnerabilities on the systems of its customers.

"We recognize that open proxies are a new challenge in the industry when it comes to fighting spam, and AOL is committed to addressing it. We're taking an aggressive role in blocking the use of open proxies," Graham said.

Graham added that the issue is "most relevant to other online providers, not AOL."

The unseen enemy
Inundated by junk mail, many companies, including AOL, have turned to blocklists such as MAPs, which research spam complaints and list the IP addresses of suspected spammers. Companies who subscribe to the blocklists then have the option of restricting access to those IP addresses.

But such blocklists find their hands tied when it comes to discovering the origin of spam on open proxies.

Proxy servers are servers that act as an intermediary between a PC user and the Internet. The server will receive a request from a user for a Web page and if it passes filtering requirements, the proxy server will either try to pull up a cached page--for faster delivery--or send out the request with one of its own IP addresses, cloaking the identity of the user.

Open proxies allow someone to connect to a Web server on the Web port, such as Port 80, without filtering requirements. From there the person can connect to a random mail server to send e-mail. The daisy chain leaves a relatively untraceable connection so spam-fighters have little recourse to block those mailers.

Malicious hackers used to tap vulnerabilities in proxy servers to stage denial-of-service attacks or hacks into Internet Relay Chat (IRC), for example. But now spammers have caught on to their benefits of anonymity.

"The problem with open proxies, is that they are completely anonymous and spammers can chain multiple proxies together, so there's no hope of anyone ever tracing any spam back to them," said Linford, who warned of the open proxy problem last year on his Spamhaus site.

Rogue mailers develop programs to scan the networks for vulnerable proxy servers. Many such servers are found on the PCs of regular consumers, who may have installed an operating system or software that includes a proxy server open by default. Blocklist executives say those people may be unaware that they are running the servers and if their ISP doesn't scan for vulnerabilities the problem can go unchecked.

"You may think that you are just running a Web server and not realize you're running a Web proxy," Arbon said. She advised that PC users check their operating system and software to ensure that "your computer doesn't talk on any port it shouldn't."

Linford said that for the last year many software developers, who create programs for spammers to send bulk e-mail anonymously, have focused on creating "proxy spamware" for use with open proxies because of high demand. Spam "supermarkets" such as Data-miners.net specialize in scanning the Internet on the hunt for open proxies to sell instructions for using them to junk mailers everywhere, he said.

Previously, spammers' chief mode of shuttling commercial mail was to steal resources from insecure mail servers overseas. Most U.S. and European mail servers are configured to route only those messages addressed specifically to customers, as ISPs fear that security risks and other problems could result from relaying messages for any third party. So spammers have taken to using insecure servers in other parts of the world--particularly in Asia.

Companies such as AOL have worked to shore up problems with open relays and block those subscribers using vulnerable mail servers. Blocklist owners also said that updates in mail server software have helped to improve the problem. Still, they say, there's an uphill battle with this newest ploy.

"The cause of (spam) is social; there will always be people who want something for nothing," Arbon said. "What it does is make it harder to stop when you have the anonymity of the actual sender."
****************************
Sydney Morning Herald
Online 'miracle' water seller taken to court
September 23 2002

A businessman who sold "unique water" on the Internet promising it would help cure cancer and even AIDS is being sued in the Federal Court by the competition watchdog.

The Australian Competition and Consumer Commission (ACCC) also alleges that Internet trader Michael Desveaux tried to intimidate or harass one of its officers after his website was investigated.

Mr Desveaux's site is one of 77 Australian sites identified as suspicious in a global sweep of rogue traders making health claims on the Internet, and one of five facing legal action.

The unique water or "magic water" is fresh spring water concentrated with magnesium bicarbonate.

The water was one of 13 products listed on Mr Desveaux's site with claims they could assist in treating and/or curing cancer, AIDS, herpes, multiple sclerosis and other immune diseases, the ACCC said.

"The ACCC alleges that Mr Desveaux engaged in misleading and deceptive conduct and made false or misleading representations ... because the consumption of those products would not produce any of the beneficial effects claimed," the commission said in a statement.

In the Federal Court in Canberra, the ACCC will seek refunds for consumers duped by the products and orders stopping their future sale, and protection for an ACCC officer who was allegedly harassed by Mr Desveaux.

The court action comes amid a three-day conference of corporate cops under the banner of the International Marketing Supervision Network whose president is ACCC commissioner Sitesh Bhojani.

"Those businesses that are trying to use the Internet as a medium to commit fraud on societies will not be tolerated by the IMSN," Mr Bhojani said.

"With that in mind it's not just an Australian message, we will certainly be going after these people who are trying to rip off consumers on the Internet."

American colleague Moselle Thompson said Australia was not immune from global Internet scams.

"Don't think that because you're down under it means you're underground; wherever you are in the world we will prosecute you and will do it together," he said.

"What we're saying is that we're not going to let geography or international law conflicts ...serve as a barrier to go after people who are harming others in a variety of jurisdictions."

The Desveaux case will go to court for an interlocutory hearing on Wednesday.
**************************
Sydney Morning Herald
Hollywood vs. the Internet
By Mike Godwin
September 21 2002

If you have a fast computer and a fast Internet connection, you make Hollywood nervous. Movie and TV studios are worried not because of what you're doing now, but because of what you might do in the near future: grab digital content with your computer and rebroadcast it online.

Which is why the studios, along with other content providers, have begun a campaign to stop you from ever being able to do such a thing. As music software designer Selene Makarios puts it, this effort represents "little less than an attempt to outlaw general-purpose computers".

At some date in the near future, perhaps as early as 2010, people may no longer be able to do the kinds of things they routinely do with their digital tools today. They may no longer be able, for example, to move music or video files easily from one of their computers to another. Their music collections, reduced to MP3s, may be movable to a limited extent, unless their hardware doesn't allow it. The digital videos they shot in 1999 may be unplayable on their desktop and laptop computers.

Programmers trying to come up with, say, the next great version of the Linux operating system may find their development efforts put them at risk of civil and criminal penalties. Indeed, their sons and daughters in grade school computer classes may face similar risks if the broadest of the changes now being proposed becomes law. The proposals include banning software, hardware, and any other digital-transmission technology that does not incorporate copyright protection.

Whether this scenario comes to pass depends mainly on the outcome of an emerging struggle between the content industries and the information technology industries. The Content Faction includes copyright holders such as movie and TV studios, record companies and book publishers. The Tech Faction includes computer makers, software companies and manufacturers of related devices such as CD burners, MP3 players, and Internet routers. In this war over the future shape of digital technology, it's computer users who may suffer the collateral damage.

Digital television will be the first battleground. Unlike DVD movies, which are encrypted on the disk and decrypted every time they're played, digital broadcast television has to be unencrypted to comply with the Federal Communications Commission broadcasting regulation.

The lack of encryption, coupled with digital TV's high quality, poses a problem for copyright holders. If a home viewer can find a way to copy the content of a digital broadcast, he or she can reproduce it digitally over the Internet (or elsewhere), and everybody can get that high-quality digital content for free. This possibility worries the movie and TV studios, which repackage old television shows for sale to individuals as DVDs or videotapes and sell cable channels and broadcast stations the right to air reruns. Who is going to buy DVDs or tapes of TV shows or movies they can get free, online through peer-to-peer file sharing? And if everybody is trading high-quality digital copies of Buffy the Vampire Slayer or Law & Order over the Internet, who's going to watch the reruns on cable TV? What advertisers are going to sponsor those shows?

The Content Faction has a plan to prevent this situation from developing - a plan Hollywood's copyright holders hope will work for music and every other kind of content. The first part of the plan involves incorporating a "watermark" into digital TV signals. Invisible to viewers, the watermark would contain information telling home entertainment systems whether to allow copying and, if so, how much. But the watermark won't work without home entertainment equipment that is designed to understand the information and limit copying accordingly. Such a system has not been developed yet, but in theory it could apply to all digital media.

There are some problems with this scheme. If Princeton computer scientist Edward Felten is right, a watermark that's invisible to the audience yet easily detected by machines will be relatively easy to remove. If you can't see it, you won't miss it when it's gone. Which is why the components of new home entertainment systems probably would have to be designed not to play unwatermarked content. Otherwise, all you've done is develop an incentive for both inquisitive hackers and copyright pirates to find a way to strip out the watermarks. But if the new entertainment systems won't play content without watermarks, they won't work with old digital videos or MP3s.

The implications of a watermark system extend beyond the standard components of today's home entertainment systems: VCRs, CD and DVD players, TV and radio receivers, amplifiers and speakers. What tech industry pundits call convergence means that one other component is increasingly likely to be part of home entertainment setups: the personal computer. Emery Simon, special counsel to the Business Software Alliance (an anti-piracy trade group) says, "That's the multi-purpose device that has them terrified, that will result in leaking [copyrighted content] all over the world."

This prospect is what Disney CEO Michael Eisner had in mind when, in a 2000 speech to Congress, he warned of "the perilous irony of the digital age". Eisner's view of the problem is shared by many in the movie industry: "Just as computers make it possible to create remarkably pristine images, they also make it possible to make remarkably pristine copies."

Because computers are potentially very efficient copying machines, and because the Internet is potentially a very efficient distribution mechanism, the Content Faction has set out to restructure the digital world. It wants to change not just the Internet but every computer and digital tool, online or off, that might be used to make unauthorised copies. It wants all such technologies to incorporate "digital rights management" (DRM) - features that prevent copyright infringement.

The companies whose bailiwick is computers, digital technology, and the Internet tend to take a different view. Of course, Tech Faction members, which includes Microsoft, IBM, Hewlett-Packard, Cisco Systems, and Adobe, also value copyright. And many of them want to see a world in which copyrighted works are protected. But their approach differs.

In taped remarks at a December business technology conference in Washington, D.C., Intel CEO Craig Barrett spoke out against a bill proposed by Senator Ernest "Fritz" Hollings that would mandate a national copyright protection standard. The Content Faction says it needs such a standard to survive.

A few companies are so big and diverse that they don't fall easily into either faction. AOL Time Warner, which controls movie studios and other content producers under its umbrella, tends to favour efforts that lock down cyberspace, but AOL itself, along with some of the company's cable subsidiaries, tends to resist any effort to mandate universal DRM.

However, a technical/legal scheme that perfects control of digital content also creates new revenue opportunities: The music companies, for example, could rent or license music to us in a protected format rather than sell copies outright.

The Hollings legislation, dubbed the Security Systems Standards and Certification Act, is designed to help content companies turn the potential peril of digital technology into profits. In the drafts available last spring, the bill would make it a civil offence for anyone to develop a new computer or operating system (or any other digital tool that makes copies) that does not incorporate a federally approved security standard preventing unlicensed copying. The bill would set up a scheme under which private companies met and approved the security standard. It would require that the standard be adopted within 18 months; if that deadline passed without agreement on a standard, the government would step in and impose one. In at least one version, the bill would also make it a felony to remove the watermark from copyrighted content or to connect a computer that sidesteps DRM technology to the Internet.

The Hollings bill applies to any digital technology, not just TV. It's clear why the bill's supporters want its scope to be so broad: If the watermark scheme works for digital TV, creating a system for labelling copyrighted works and for designing consumer electronics to prevent unlicensed copying, it should be possible to make it work for the rest of the digital world, including the Internet.

According to Capitol Hill sources, the Hollings bill is designed to promote consumer adoption of broadband services (such as cable modems and DSL), which has been slower than predicted. If Hollywood could be assured that its content would be protected on the broadband Internet, the theory goes, it would offer more compelling online content, which would inspire greater consumer demand for high-speed service.

This theory, which assumes that what people really want from the Internet is more TV and movies, is questionable, but it has a lot of currency in Washington. And as the debate over broadband deregulation shows, Congress wants to find a way to take credit for a quicker rollout of faster Internet service.

It was the Hollings bill that brought the war between the Content Faction and the Tech Faction out into the open. And in the near term it's the Hollings bill that is likely to be the flash point for the debate about copyright protection standards. A congressional hearing on Hollings' proposal was held in late February, but no bill has been formally introduced.

One way to understand the conflict between the Content Faction and the Tech Faction is to look at how they describe their customers. For the content industries, they're consumers. By contrast, the information technology companies talk about users.

If you see people as consumers, you control access to what you offer, and you do everything you can to prevent theft, for the same reason supermarkets have cameras at the door and bookstores have electronic theft detectors. Allowing people to take stuff free is inconsistent with your business model.

But if you see people as users, you want to give them more features and power at cheaper prices. The impulse to empower users was at the heart of the microcomputer revolution: Steve Jobs and Steve Wozniak wanted to put computing power into ordinary people's hands, and that's why they founded Apple Computer. If this is your approach, it's hard to adjust to the idea of building in limitations.

In a basic sense, moving bits around from hard drives to RAM to screen and back again, with 100 per cent accuracy in copying, is simply what computers do. To the Tech Faction, building DRM into computers, limiting how they perform their basic functions, means turning them into special-purpose appliances, something like a toaster. This approach is anathema to the user-empowerment philosophy that drove the PC revolution.

The Tech Faction believes people should be able to do whatever they want with their digital tools, except to the extent that copyrighted works are walled off by DRM. The Content Faction believes the digital world isn't safe unless every tool also functions as a copyright policeman.

At the heart of this argument are two questions: whether computer users can continue to enjoy the capabilities computers have had since their invention, and whether the content companies can survive in a world where users have those capabilities. What's been missing from the debate so far has been the users themselves, although some public interest groups are gearing up to tackle the issue. Users may well take the approach I would take: "If computers and software start shipping in a hamstrung form, mandated by government, I'll quit buying new equipment. Why trade in last year's feature-rich laptop for a new one that, while faster, has fewer capabilities."

The Content Faction may be right that what people really want is compelling content over broadband. It may even be the case that, if they were asked, most people would be willing to trade the open, robust, relatively simple tools they now have for a more constrained digital world in which they have more content choices. But for now, nobody's asking ordinary people what they want.
****************************
Earth Web
Online Privacy Bill Stalls In Senate
By Sharon Gaudin

Bad timing seems to be derailing Senate debate over a controversial online privacy bill that would force companies to allow their online customers to access personal information kept in corporate databases.

The Online Personal Privacy Act, sponsored by Ernest "Fritz" Hollings (D-S.C.), chairman of the Senate Commerce Committee, has been waiting for Senate floor debate all summer after receiving approval from Hollings' panel this past May. An aid in Hollings' office says even though the bill -- S. 2201 -- is on the Senate calendar, there's a great deal of doubt that it will ever actually be voted on this year. The Senate is busy wrestling with 13 appropriation bills, coming elections and work on homeland security issues.

If the online privacy bill isn't voted on this term, it would have to be reintroduced and the long process would start all over.

"I am a little disappointed it's stalling in the Senate," says Ray Everett-Church, chief privacy officer for the ePrivacy Group, an online privacy consulting firm. "The bill itself leaves a bit to be desired...but the legislation has focused debate on some of these really tricky issues. The fact it isn't likely to pass is fine. The good thing has been the debate about access, online practices and data gathering."

And those very issues have stirred up heated debate.

The online privacy bill would set a national standard for all online transactions. It's a move Hollings says will promote consumer confidence in buying online, bolster spending and give some much-needed support to the lagging high-tech industry.

But some in the e-commerce arena worry that the passage of the bill would mean expensive overhauls of e-commerce systems and databases, and create security nightmares by letting customers into the system to check -- and change -- their personal information.

The bill calls for:


Rules governing consumers' ability to opt-in, or specifically OK, the collection of "sensitive personal data," such as race, income level and sexual preference;
Rules giving consumers the opt-out option for the collection "non-sensitive" information, such as name, address and purchase history;
A national standard, preempting state laws or the ability of states to pass their own online privacy rules;
Individuals gain the right to sue over privacy breaches, opening the door to class-action lawsuits;
"Reasonable access" or the right for consumers to view and change personal data, and
Enforcement by the Federal Trade Commission (FTC) and state Attorneys General.
On the positive side, consumers would be able to see what information is being stored about them. Hollings and his privacy backers say the bill would help people feel more secure in trusting online companies with their personal information.

A recent study by Forrester Research Inc. reports that online businesses lost $15 billion last year due to consumer privacy concerns. More trust, Hollings says, would mean more spending.

One the opposite side, giving users that kind of access to a corporate network leaves a giant hole in security efforts. And the bill could pull IT workers off other projects and have them spending months rebuilding their e-commerce infrastructure and creating a pathway for consumers to view and change their personal information without compromising security.

"This could place some pretty heavy burdens on businesses," says Everett-Church. "The access requirements have always been a problem area. The trick has been if you're giving people access to read what you have in your database about them, how do you authenticate who is accessing that data? Can it be spoofed or faked? You don't want to give easy access to people if there's any potential that the access is a greater threat to privacy."

"It's not a perfect law so I'm not necessarily upset that it looks like it's failing," says Kelly Thompson, an independent privacy and antispam consultant with her firm, EmailAdvisors.com. "I'm hopeful for the next bill [to come along], but I'll reserve judgment until I see the actual text of it. Sometimes what knowledgeable people recommend is different from what comes out the other end in political issues."
****************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx