[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 30, 2002

Clips September 30, 2002

ARTICLES

Internet Draws the Prying Eyes of the Voyeur
Reluctant snoops: For Internet services, war against terror [Privacy]
Agency Probes D.C. Wireless Network
Navy launches e-records effort
NASA funds interactive institute
As Digital Radio Stumbles, New Products Fill the Gap
Agencies' privacy policies found lacking [Privacy]
INS implements foreign student tracking regulations [Privacy]
Prospect of Iraq conflict raises new cyberattack fears [Security]
Group to examine security-flaw reporting policies [Security]
Online payment service PayPal hit by scam
We've all got mail: IDC predicts 60 billion e-mails a day by 2006 [Trends]
China refuses electronic trash it says came from the USA [Recycling]
Delay sought for Internet radio broadcaster payments
Internet Draws the Prying Eyes of the Voyeur
State Prosecutors Trying to Delete Spam
What's New on the Open Source Front?
Govt. to unveil top 20 vulnerabilites
Hazmat Haulers Keep on Truckin' [Security]


*******************************
Washington Post
Internet Draws the Prying Eyes of the Voyeur
By KATHLEEN KELLEHER
September 30 2002

Word to women: If you are in the state of Washington, wear pants. Two Washington men who were convicted of violating the state's voyeurism statute for secretly taking pictures up the skirts of women and little girls successfully challenged the law earlier this month. The use of what has been called "upskirt cams" and "upskirt voyeur photography" is "reprehensible" and "disgusting," the state Supreme Court ascertained, but secretly taking photos up women's skirts in public places is not criminal.

The state's "voyeurism statute, as written, does not prohibit upskirt photography in a public place," Justice Bobbe Bridge, one of four women on the state Supreme Court, wrote in a unanimous opinion. The language of the law fails to explicitly protect people from being photographed in public places, the justices noted, where people don't have a reasonable expectation of privacy.

Apparently, an expectation of privacy for the interior of one's skirt--worn explicitly to conceal one's private parts--is not reasonable.

(After police caught a man taking upskirt videotapes at Disneyland and could not charge him with doing anything illegal, California legislators passed a law in 2000 that made it illegal to take surreptitious photographs or videotapes of a "person's private parts" or undergarments.)

Time was when a peeping Tom's only means for peeping was a drilled hole in the wall of a girls' bathroom, but the technology of fish-eye cameras the size of a pea and the wide world of the Internet have greatly expanded a voyeur's opportunities.

Voyeuristic behavior exists on a continuum in our society from a person passing a window and noticing someone undressing, to viewing scantily clad actors parade on television, to the hard-core, compulsive voyeurs for whom surreptitiously looking up someone's skirt, down a blouse or at snapshots of undergarments becomes the primary sexual experience, said Al Cooper, director of San Jose Marital and Sexuality Centre, a mental-health treatment facility in Santa Clara.

Voyeuristic Web sites are the fastest-growing areas of Internet sexuality, said Cooper, editor of the newly released "Sex and the Internet: A Guidebook for Clinicians" (Brunner-Routledge), one of the first professional books of its kind with contributions from leading clinicians, scholars and academics.

The two general categories of Internet voyeurism, said Cooper, are photographic shots of unsuspecting women in compromising positions such as the upskirt, downblouse and bathroom shots, and live streaming videotape of such things as couples having sex and women performing their own activity.

The voyeur who cannot control the impulse to gaze at sexual images of an unsuspecting person for the purpose of sexual gratification has what psychologists and psychiatrists call a paraphilia, "a condition in which a person's sexual arousal and gratification depend on fantasizing about and engaging in sexual behavior that is atypical and extreme," Cooper said.

For a voyeur whose behavior qualifies as a paraphilia, the Internet is the equivalent of a drug to an addict. "The Internet, in part, is creating this problem," said Fred Berlin, an associate professor of psychiatry at Johns Hopkins Medical School, who added that some people stumble upon the sexual images when they go online and discover the images are arousing.

No one knows how many people develop cases of pathological voyeurism, but 25% of Internet users engage in online sexual activity, Cooper said. Of that 25%, somewhere between 8% and 15% develop compulsive sexual behavior problems that significantly disrupt their lives, he said. Voyeurism is a learned behavior, almost completely a male penchant, and it sometimes starts innocently enough in adolescence.

"It is a normal adolescent prank to peep in a girl's window or bathroom," observed forensic psychologist Clark Clipson, an evaluator of sex offenders for the state of California based in San Diego. "It is a sexual outlet that is safe when all the other avenues are not available. The repeated association of sexual gratification with peeping can turn it into a sexual fixation. Part of the arousal for the voyeur lies in the power and control over the victim who doesn't know she is being watched."

Though voyeurism bears an element of hostility, said Clipson, rarely do voyeurs go on to commit hands-on sexual offenses. "These guys generally don't want to be caught or seen," he said. "They would be horrified if their victims found out. The idea of actually going on to rape someone is so completely foreign to them." There are some voyeurs who use the images purely for sexual gratification. For others, the sexual behavior is an indirect outlet for repressed aggression.

Like any compulsive sexual behavior, said Jennifer Schneider, an addiction medicine physician in practice in Tucson, voyeurism involves the objectification of a person or an anatomical part. Nothing demonstrates that better than the black band obscuring the identity of many of the women featured on the voyeuristic upskirt, downblouse and undergarment-peeping Web sites. Voyeurism distances the voyeur from intimacy.

"Voyeurs have to learn how to have real intimacy," said Schneider. "Obviously, when you are focusing on upskirt or downblouse you are focusing on the anatomy, not the person." Schneider, who co-authored "Cybersex Exposed: Simple Fantasy or Obsession?" (Hazeldon, 2001) with Robert Weiss, a Los Angeles sex addiction therapist, said that though voyeurs insist their penchant for looking does no harm, evidence suggests otherwise. In an anonymous online survey of 100 "cybersex addicts" and 100 partners of users of online sex sites, including voyeuristic ones, Schneider and Weiss asked how participants thought the online activity affected their sex lives. Two-thirds of participants said that because of the online activity they had no sex life or a lousy one.

"Online users said that they found the sex life with their partner boring or that after looking at images ... they were physically unable or uninterested in sex with their partner," said Schneider, who added that stress often drives voyeurs to engage in the behavior. "The partners said that they were asked to do things they did not feel comfortable doing, things the online user learned on the Internet. They also said they felt they could never compete sexually with what's available on the Internet."

For the hard-core voyeur, the path back to real intimacy is not unlike the path for other addicts, said Berlin, who wrote a chapter titled "Paraphilias and the Internet" for the book "The Internet and Sex." People who are compulsive voyeurs "have to recognize that the behavior has to stop," said Berlin, who added that there are ways to curb the addiction. Some people take drugs that suppress their sex drive, some block their computer and some give their wives the code. "They have to be in a supportive environment where they can speak openly about it when experiencing a craving. Things can be done from a mental health perspective. But the public doesn't know about them. When is the last time you heard an advertisement about where to go if you are struggling with difficult sexual cravings?"
*************************
Seattle Times
Reluctant snoops: For Internet services, war against terror means flood of subpoenas
By Sarah Lai Stirland
Special to The Seattle Times

Internet service providers are often called gatekeepers, the companies that open up the online world to a computer user. It is this very role, however, that has placed them in an uncomfortable position in a post-Sept. 11 world.
As law-enforcement authorities ratchet up efforts to track and combat terrorist and other criminal activity online, ISPs are walking a treacherous tightrope between complying with international privacy laws and meeting investigators' mounting requests for information.

Those requests have increased in numbers, breadth and intensity, say representatives of some of the world's largest ISPs. They are part of a trend toward making ISPs the proxy policemen of cyberspace, a role the ISPs are trying hard to avoid because it would mean expensive, burdensome responsibilities.

Primarily, those responsibilities would include saving information relevant to criminal investigations and buying equipment that is wiretap-ready. Service providers also would have to either invest in beefed-up legal compliance departments or face more risks of litigation from inadvertent privacy violations.

"What we've seen after Sept. 11 at least in the U.S. is about a fivefold increase in the number of subpoenas requested of service providers and, frankly ... just requests for information," noted Al Gidari, a partner at the Seattle-based law firm of Perkins Coie. "Entities want legal process because when they comply with it, they get immunity for complying with that legal process, should a third party sue them for a privacy violation."

Surge in surveillance

There aren't any hard statistics on the number of subpoenas, court orders, search warrants and informal requests issued in the past year. But panelists at a recent conference on privacy and security in Seattle reported a surge since last October when Congress enacted the elaborately named USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, also known simply as the Patriot Act.

"We certainly had higher volume," said Christopher Bubb, an assistant general counsel in America Online's compliance and investigations unit. "It was like someone just told the local cops about these statutes, so there was a wave of local police officers going: 'Well, I didn't know about this this is a neat tool! I've got to try it out!' It sort of woke them up."

"Obviously, the Patriot Act changed how we deal with requests that come in," said Elizabeth Banker, an associate general counsel at Yahoo! "For me, it's less about volume and it's more about how much work goes into each and every request."

The typical government subpoena, she said, went from requesting just user-account information to asking for details about the subscriber's Internet use and billing and credit-card history. "You're adding two fairly involved requests to every subpoena that comes in through the door," she said.

Requests expanded, observers noted, because the Patriot Act lowered many of the legal standards investigators must meet and broadened the kinds of information law enforcement can demand from ISPs. The act granted the new search powers by amending the Electronic Communications Privacy Act, the main law that governs how investigators can gain access to electronically stored ISP subscriber information.

Now, companies must comply with subpoenas even if they have strong privacy policies. The act also allows law officers access to subscriber data without subpoenas if they "reasonably believe that (it's) an emergency involving immediate danger of death or serious physical injury" to someone.

When it comes to requests for information, the act calls on companies to voluntarily offer information if authorities say the situation is an emergency.

Civil liberty concerns

Critics contend the act gives the authorities too much power and lacks the checks and balances that traditionally guard civil liberties. No accountability, they say, is required for many of the new surveillance activities.

For companies, the act also makes it more expensive and time consuming to resist surveillance requests, according to the Electronic Privacy Information Center in Washington, D.C.

"From a carrier's point of view, the Patriot Act was a great thing in making things a little less controversial," said Perkins Coie's Gidari. "From a privacy point of view, there's a lot of concern and outrage."

Although the new rules don't say exactly how fast a company must cough up information, Banker said post-Sept. 11 requests have become more urgent and time-sensitive.

She said companies are being expected "to keep churning things out," to accept after-hours requests, to deal with law enforcement around the clock, seven days a week, and to respond quickly to broadly worded requests.

Banker didn't provide details on how Yahoo! has coped, and a company spokesperson declined to discuss staffing levels. But Banker did indicate in a talk at the Seattle security conference that Yahoo! has had to build some technical solutions.

She also said Yahoo! has started to charge law-enforcement agencies for requests as a way to get them to narrow the focus of their inquiries. The practice is widespread in the telephone industry, she noted, but not with ISPs.

"They want to be perceived as good citizens and are afraid that actually charging for government requests for information isn't consistent with that," Banker said. "It's also an administrative hassle. You have to come up with some way of determining what the cost of every request you comply with is, and issue and track invoices and payments, and then decide what to do with the government agencies that don't pay."

At the security conference, another call for more precision in law-enforcement requests came from Microsoft's Hemanshu Nigam, the company's head of criminal compliance, security and law-enforcement affairs. Even with complex privacy requirements, police agencies can get the information they want so long as they follow the law, Nigam said. He said Microsoft had started to train staff to deal with the requests.

Nigam, former global Internet enforcement director of the Motion Picture Association, was hired by Microsoft in July to manage the software giant's role in online criminal investigations. In January, Microsoft hired Scott Charney, one of the nation's top computer forensics experts, as the company's chief security strategist.

How long to keep data?

In the United States, ISPs aren't required to preserve any customer information unless requested to do so by law enforcement. If a request is made, they must keep information on the targeted customer for 90 days. Authorities can extend the request for 90 more days.

In the U.S., corporate lawyers say this system works relatively well. But a European Union directive in May advised member countries to require telecommunications providers to retain all customer information indefinitely to allow law enforcement to comb through the records in future investigations. That directive has many groups up in arms. So far, only Spain has acted, adopting a one-year data retention requirement.

"We have suggested, not entirely facetiously, that the European Union think about giving us Belgium for storage to comply with the one-year data retention requirements, and we'll take Holland for the cooling necessary for the storage," joked AOL's Bubb. He noted that AOL's e-mail traffic generates between 8 and 9 terabytes or 8 trillion to 9 trillion bytes of information a day.

Stewart Baker, a Washington, D.C., lawyer and a founding member of the U.S. Internet Service Provider Association, said he's working with European counterparts to harmonize U.S. and European rules. The hope is that European countries will adopt rules similar to those in the U.S.

Baker says federal officials also have sought to have ISPs take on more responsibilities, including selling their customers security solutions and coordinating network operations centers so they can warn each other of malicious code.

"ISPs believe in many respects that they are like telephone companies," he said, "and they can't be held responsible for the content of communications any more than they can for the things people say to each other when making phone calls."
************************
Associated Press
Agency Probes D.C. Wireless Network
Sun Sep 29, 1:37 PM ET
By D. IAN HOPPER, AP Technology Writer

WASHINGTON (AP) - Secret Service agents are putting a high-tech twist on the idea of a cop walking the beat. Using a laptop computer and an antenna fashioned from a Pringles potato chip can, they are looking for security holes in wireless networks in the nation's capital.

The agency best known for protecting the president and chasing down counterfeiters has started addressing what it calls one of the most overlooked threats to computer networks.

"Everybody wants wireless, it's real convenient," Special Agent Wayne Peterson said. "Security has always been an afterthought."

The effort is part of a new government plan to build relationships with businesses so that they will feel more comfortable reporting hacking attempts to authorities. Recent anti-terrorism legislation gave the FBI ( news - web sites) and Secret Service joint jurisdiction over electronic crimes.

Wireless networks are cheap; a small one can start at less than $200. They make it easy for workers to wander around with their laptop or handheld computers and for visiting employees with their own computers to get on to the local office network.

These networks are becoming common in airports, universities, coffee houses, businesses, homes and even some public squares. But they are sold with no security measures, and protecting a wireless network from hackers takes more knowledge than what network installation guides typically offer.

Because of security concerns, the White House recently proposed banning some wireless networks in federal agencies. Faced with industry protests, the administration dropped the idea when it released a draft version of its cybersecurity plan this month.

That has led some independent security researchers to drive or even use a private plane to fly through cities to map networks. Those maps, which are usually posted on the Internet, show where a person can get a free Internet connection on a private network.

The Secret Service ( news - web sites) wants to let businesses know that their Internet connections and private networks might be at risk. Companies informed about security holes can reconfigure their networks to make them more secure.

Peterson's tools are a laptop, a wireless network card and one of three antennae mounted on his car. One is a small metal antenna; the second is a large, white, 2-foot-tall tube; the third is a homemade antenna made out of a Pringles can. They boost the reception of his wireless network card, allowing the agent to point them in different directions to get the best signal.

A Pringles can is ideal because of its shape a long tube that lets someone to point it at specific buildings and its aluminum inner lining. It acts like a satellite dish, collecting signals and bouncing them to the receiver, which is then wired into a laptop.

Peterson recently drove down a major Washington street and found over 20 wireless networks, many of which had no security at all. Peterson said his probes are part of good police work, like a patrolman driving through a neighborhood.

"I feel it is part of crime prevention to knock on the door," Peterson said.

The act of "wardriving," a term taken from older "wardialing" programs that called random telephone numbers looking for unlisted modems, has become so prevalent that enthusiasts are using chalk marks on streets and sidewalks to point out networks in public places.

Peterson said there has not been any reported "warchalking" in the Washington area yet, but if one was found agents would alert the network owner.

Chris McFarland, head of the Secret Service's Electronic Crimes Task Force, said his agents have begun evaluating computer security along with other concerns when they scout out a place where the president or other protected dignitary will go.

McFarland said, for example, that agents have had extensive discussions with officials at George Washington Hospital about improving its wireless network security.

While the agents plan to offer their expertise to anyone who asks, they are focusing on places most important to their mission of protecting public officials. The hospital is several blocks from the White House and treated Vice President Dick Cheney ( news - web sites) during his heart problems.

Agents also checked out computer systems at the Salt Lake City Olympics, last year's Super Bowl and the World Bank ( news - web sites) in advance of weekend protests.

"People can wreak havoc with these systems very easily," McFarland said. "It's almost like triage."
*******************
Federal Computer Week
Navy launches e-records effort
BY Christopher J. Dorobek
Sept. 30, 2002

The Navy last week kicked off what is expected to become the government's largest enterprisewide records management system when it began installing software on Navy Marine Corps Intranet computers.

The Navy is loading software on about 100 PCs in the Navy Department's Office of the Chief Information Officer. That tool eventually will help the service manage records and documents across nearly 400,000 desktop PCs at nearly 300 shore-based sites, officials said. Last year, the Navy and EDS selected Australia-based Tower Software's TRIM as NMCI's records management standard.

"This will be the largest electronic records management customer ever," said Charley Barth, team leader for records and document management in the Navy Department's CIO office.

The initiative will help the Navy standardize its records management practices, he said, adding that some Navy sites retain almost no records. "The Department of the Navy does not want to be the next '60 Minutes' story."

A records management system that encompasses the entire organization could be the cornerstone for network-centric operations, Navy officials said. By providing a standard application and creating a single repository in which data can be stored, the information will be accessible to everybody. The records management system could also share information with other systems.

"We've never had a good tool for sharing information," Barth said. "We've never shown people the true value of this data."

Others agree. "Now there are vast amounts of information out there," said Capt. Chris Christopher, NMCI's deputy director of plans, policy and oversight. "How do you get to that?"

The system will eventually maintain all of the Navy's records, both electronic and paper, officials said, and will theoretically give Navy staffers access to data no matter where they are.

As part of the effort, officials plan to integrate the records management, data management and workflow processes, said Steve Vetter, director of strategic planning for EDS, the lead vendor for NMCI, the Navy's $6.9 billion effort to create a single network across its shore-based sites.

Navy officials are considering using the TRIM software as the standard for managing those three processes, Vetter said. They are so dependent on one another that the overall effort will fail if they are not considered together.

Navy officials will conduct a pilot project to assess how TRIM might work as a document management and workflow system. And another project will determine if TRIM can be used for managing correspondence.

"If TRIM is going to be installed under NMCI and used for records management purposes, it is not a pilot," Barth said. "If it is going to be installed for document management, correspondence management or nonrecords management purposes, it may very well be a pilot."

Although other agencies have deployed enterprisewide records management systems the Federal Deposit Insurance Corp., for example nothing this large has been attempted, said J. Timothy Sprehe, a records management expert and president of Sprehe Information Management Associates. FDIC's system, which also uses Tower's TRIM software, is "much, much tinier" in scale, he said.

The Navy and EDS face a difficult task, Sprehe said, largely because of the scale of the effort they are attempting. "I cannot imagine how many different document management systems Navy installations must have," and officials will have to integrate TRIM with all of those systems.

The NMCI contract includes a provision requiring EDS to provide desktop records management software to all users. The NMCI contract allows commands to buy implementation services, but it does not provide funds or standards for that implementation.

"At the installation, base level?those folks have to find their own money to do their own integration," Sprehe said. "In order to put this into implementation, they will have to do that themselves."

Another challenge will be educating users. Navy officials hope to make the system transparent to users, but it has always been difficult to convince them of the importance of records management, Sprehe said. "That's a tough sell."

***

For the record

The Navy's goals for its records management system include:

* Creating one system for maintaining all Navy records, including paper ones.

* Meeting the records management requirements set by the Defense Department and the National Archives and Records Administration.

* Standardizing on a single application and eliminating legacy applications for records and document management.

* Creating a system for managing correspondence and documents.

* Making data widely available that was previously stored in stand-alone systems.

* Improving internal and external access to Navy records under the Freedom of Information Act.

* Reducing storage and service fees.
****************************
Federal Computer Week
NASA funds interactive institute
BY Megan Lisagor
Sept. 30, 2002

NASA has awarded a contract potentially worth $379 million to a recently formed nonprofit corporation to create an institute to conduct cutting-edge research, develop new technologies and provide educational opportunities.

The National Institute of Aerospace is expected to be fully operational in January. It is a joint venture between NASA's Langley Research Center in Hampton, Va., and the newly formed National Institute of Aerospace Associates (NIAA), which is composed of state universities and a nonprofit organization.

The education aspect could help NASA strengthen its workforce as it faces an impending retirement wave and a shortage of students pursuing degrees in science, mathematics and engineering.

The institute will offer master's degrees and doctorates at local sites and via distance learning. It also plans to link the main campuses of partnering universities to labs at Langley, building a virtual research space, according to Charles Harris, director of the National Institute of Aerospace's management office.

"It's going to be very innovative and highly interactive," Harris said. "This is a new way of doing business for Langley. This is going to foster much greater involvement by academia to fulfill NASA's mission. The emphasis here is on collaboration."

The National Institute of Aerospace will be housed at Langley to facilitate agency collaboration. Langley's partners, under the umbrella organization NIAA, include the American Institute of Aeronautics and Astronautics Foundation; the Virginia Polytechnic Institute and State University; the University of Virginia; the University of Maryland, College Park; North Carolina State University, Raleigh; North Carolina Agricultural and Technical State University, Greensboro; and the Georgia Institute of Technology, Atlanta.

The procurement covers a five-year base period and has three five-year options for extension. A five-year cooperative agreement also has been reached.
***************************
New York Times
As Digital Radio Stumbles, New Products Fill the Gap
By BARNABY J. FEDER

Sensing an opportunity in the radio industry's slowness to adopt digital broadcasting, a number of chip makers and radio manufacturers have introduced products that use software in receivers to sharply improve the quality and reach of broadcasts transmitted in the analog format.

The latest contributor to the trend, Motorola, plans tonight in Tokyo to announce the most powerful set of microchips yet for such receivers, which convert standard analog AM and FM broadcast signals into a digital format. So far, the radio broadcasting industry in this country has not agreed upon uniform digital technical standards, which has left over-the-air digital radio service to subscription-fee satellite services.

Analog radio signals use electronic waves analogous to sound waves. Digital signals use electronic pulses that can be translated into the precise 1's and 0's of computer code.

When radio signals are in digital form, they can be filtered, cleaned up and manipulated by software. The result is better sound fidelity and the opportunity to add features like deeper bass tones. Software-driven receivers can compensate for the complex interference patterns caused when signals are bouncing off of buildings or hills, and they can tune into channels more accurately.

Some software can also reconstruct extremely weak signals, allowing listeners to travel farther from their favorite radio stations without losing touch. Motorola's design, which can combine information from more than one antenna, taking advantage of the trend to putting more than one antenna on a car, is said to be a major improvement.

"It's going to give measurably better performance, especially in the AM band," said Will Strauss, president of Forward Concepts, a market research firm in Tempe, Ariz.

Motorola plans to release details about the new chip sets, which are based on the Symphony line of audio processors it introduced in 2000, during its Tokyo presentation. Motorola said that the first products incorporating the new Symphony chip sets would be radios going on sale late next year as replacements for standard car radios. Motorola also said that it expected some car manufacturers to begin supplying Symphony-equipped radios in new cars in 2004.

Motorola said its new chips would allow the elimination of so many components in receivers that radios going on sale next year should cost the same or less than today's premium analog systems.

One of the first adopters is expected to be Hyundai Autonet, which sells after-market radios and original equipment for both Hyundai and Kia.

Motorola's announcement comes just one week after Blaupunkt, a German radio maker that is part of Robert Bosch, announced the availability of Digiceiver, an analog-to-digital conversion product that is based on another Motorola chip and offers some of the same benefits to listeners. Earlier this year, Philips Semiconductors, a unit of Royal Philips Electronics of the Netherlands, introduced a new line of digital signal processors aimed at extending Philips's position as the leading supplier of microchips to the car entertainment market a market that is one of the few segments of automotive electronics where Motorola is not the leading chip supplier.

The various chip sets differ by how early in the receiving process they convert the signals to digital form and by their processing power and their software capabilities. The reliance on software should make it possible for users to download updated features as new services become available and for independent software programmers and radio manufacturers to install software to make their own products distinct.

A number of other chip makers are also investing heavily in new signal-processing technology for the radio market, including Texas Instruments and ST Microelectronics.

Allied Business Intelligence, a market research firm, has projected that the number of digital radio receivers in the United States alone will jump from 650,000 units this year to 33 million in 2007.

Such projections, though, assume that the industry and the Federal Communications Commission will eventually agree on a standard for terrestrial digital broadcasting. Aside from a small number of stations restricted to daytime AM broadcasts, digital radio in the United States is currently confined to the satellite-based systems of XM and Sirius, both of which cover the entire nation with 100-channel networks.

Advocates of digital broadcasting say that its benefits will extend far beyond the improved sound quality and signal reach that Motorola and others are chasing with today's radio software. Such broadcasts could also deliver text messages to screens on the receivers, opening new pathways for advertisers. Philips executives, for example, foresee radios that notify shoppers of special sale items at stores in a mall as they pull into it.

Motorola said that Symphony chipsets could be easily adapted to receiving today's digital satellite broadcasts and the terrestrial broadcasts in the future. But some analysts wonder whether the analog-to-digital chipsets will undercut efforts to complete the transition to digital broadcasting, because products like Symphony give broadcasters the benefits of greater reach with no investment on their part.

"Motorola could be suppressing the demand for true digital radio," said Ryan Jones, an analyst at the Yankee Group. "The real key is how much they confuse the market and dilute the definition of digital radio."
****************************
Government Executive
September 27, 2002
Agencies' privacy policies found lacking
By Maureen Sirhal, National Journal's Technology Daily

Preliminary findings from a forthcoming government study on the privacy policies of federal Web sites are causing many leading analysts at the General Accounting Office to recommend the creation of a common standard for federal privacy notices.

In a presentation before a National Institute of Standards and Technology advisory board meeting in Washington last week, Alan Stapleton, GAO's assistant director of information technology, outlined the different privacy projects the agency is spearheadingincluding an update on a 2000 study of federal agencies' privacy policies.

Three years after the White House Office of Management and Budget instructed agencies to maintain clear and concise privacy policies, GAO is finding that the policies "are not really clear and concise," Stapleton said.

The study is revealing that agencies often stray from the standards of privacy policies and practices, he noted, even as OMB provides the agencies sample language. Government entities often use an array of words and definitions to describe common elements of privacy policy or rely on differing formats for presenting the same information, he said.

Consequently, Stapleton said GAO may recommend that OMB urge agencies to use a consistent privacy template to make their policies clear and concise.

One potential solution would be a "layered notice," where a single Web page would list the elements of the OMB privacy template and also offer a link to supplemental information. The details would describe exceptions to the standard policy or link to areas of the agency's site that collect personal information, Stapleton said.

GAO analysts believe the creation of a privacy template could help ease the burden for Web users and citizens, who often have to read complex privacy notices. "We want to learn everything for the public and private sector that we can learn," Stapleton said, but the template needs to be linked to how federal agencies can use it.

Members of the NIST advisory board cautioned that potential privacy recommendations also should address the security of the data and include a policy for disclosing how information is encrypted. They also urged Stapleton to gather input from privacy groups such as the Electronic Privacy Information Center.

GAO is still conducting a comprehensive survey of the privacy practices of 25 agency Web sites at the request of Sen. Joseph Lieberman, D-Conn., and Rep. Steve Horn, R-Calif., Stapleton said. The survey will cover nearly all departments and a host of independent agencies such as the Federal Emergency Management Agency, National Science Foundation and Securities and Exchange Commission.

While GAO has collected most of the responses to the questions, Stapleton said, "we are going to issue a report early next year. We want to analyze more of the results."
***************************
Government Executive
INS implements foreign student tracking regulations
From National Journal's Technology Daily

The Immigration and Naturalization Service has implemented regulations requiring any higher education institutions wishing to enroll non-U.S. citizens to apply for listing those students in the Student and Exchange Visitor Information Systems (SEVIS).

SEVIS is an Internet-based system linked to the State Department that enables the government to track foreign students in the United States.

Under the INS rules, any school that has not applied to SEVIS by Jan. 30, 2003, will not be allowed to accept foreign students. Schools must electronically complete the application and pay a certification fee of $580.

To date 2,163 schools are in various stages of adopting SEVIS, while 483 schools are awaiting approval to use the system.
*****************************
Computerworld
Prospect of Iraq conflict raises new cyberattack fears
By DAN VERTON
SEPTEMBER 27, 2002

If history is a guide, any Bush administration plan to remove Saddam Hussein from power in Iraq would likely set off a firestorm of hacker activity targeting U.S. networks and infrastructure. And those attacks could be greater in number and affect a broader cross-section of U.S. businesses than anything seen before, according to intelligence experts.
Surges in cyberattack activity have typically accompanied major international crises during the last several years, including the Arab-Israeli conflict, the war in Kosovo and the collision of a U.S. spy plane with a Chinese fighter jet over the South China Sea last year (see story).

However, any significant expansion of the U.S.-led war against terrorism, including an invasion of Iraq, could unleash an unprecedented wave of hacker activity, intelligence and security experts said.

Eric Shaw, a former psychological profiler at the CIA, said he will be watching for increases in activity from specific threat groups.

"Islamic hacking groups have been uniting over the India-Pakistan and Israeli-Palestine [conflicts] and they are traditionally Iraq supporters and anti-U.S. and anti-Israel," said Shaw, who now works as a cybersecurity consultant at Stroz Associates LLC in New York.

A second group includes a mixture of U.S. and European-based antiwar hackers, said Shaw. "Think about [groups] of young, liberal, elite, Western-educated youth [coming out] against the war. It would be a lot smaller than the Vietnam generation but could still be potent," he said.

Moreover, a ground war in Iraq could spur other governments in the region to launch sophisticated state-sponsored information warfare campaigns. That's the conclusion of a study published two weeks after the Sept. 11 attacks by the Institute for Security Technology Studies at Dartmouth College.

Ruth David, former director of science and technology at the CIA and now CEO of Analytic Services Inc. in Arlington, Va., said an orchestrated attack exploiting well-known vulnerabilities could be launched with little regard for precise targeting, and could cause significant disruption and financial loss to the "softest targets," the bulk of which are in the private sector.

"Ironically, a serious attack of this type may engender even greater public support for any military action under way and is unlikely to seriously impede our ability to achieve military objectives," said David.

The Bush administration has formally stated that it is the policy of the U.S. to respond to cyberattacks by any means appropriate, including military action.

"Such an attack could significantly debilitate U.S. and allied information networks," the Dartmouth study concluded. That report was written under the guidance of Michael Vatis, a former director of the FBI's National Infrastructure Protection Center.

The real change associated with such a widespread cyberconflict is the likely expansion of the types of hacker targets, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc. In addition to government and military networks, a U.S. invasion of Iraq would likely lead to the targeting of news media organizations, said Pescatore.

"Given how media-savvy the Middle East has become, I'd expect to see the large newspaper and television news sites targeted for both propaganda-planting and denial-of-service attacks," he said.

A global cyberconflict is also likely to affect companies that are considered American cultural icons, such as Microsoft Corp., American Airlines Inc., McDonald's Corp. and other multinational companies known for their U.S. roots, said Pescatore.

"Since Sept. 11, companies have had to re-examine the various types of crises that can impact them, from bioterrorism to computer terrorism," said Steve Wilson, president of The Wilson Group, a crisis management consulting firm in Columbus, Ohio. "However, it's not just the typical hacker they have to be concerned with now. They can just as easily be a terrorist target as any government installation."
*************************
Computerworld
Group to examine security-flaw reporting policies
By Tom Krazit, IDG News Service
SEPTEMBER 27, 2002

A group of software vendors and security firms is teaming up to discuss reporting strategies for security flaws, balancing the right of users to know whether their software is flawed against the possibility that publicizing vulnerabilities may encourage hackers.
The Organization for Internet Safety (OIS) will work to develop a system that will set standards for the way security vulnerabilities are disclosed, it said in a statement yesterday. In general, security companies and independent security researchers who discover software bugs inform the vendor of the discovery, and give it some time to develop a patch for the flaw before releasing the information publically.

However, this is not always the case, and security vulnerabilities have made their way into the public before the vendor had a chance to examine the bug, or determine its importance.

An advisory board of network security managers will help the OIS realize the needs and concerns of IT departments when reporting security vulnerabilities, it said. Drafts of potential standards will be circulated early next year, the organization said.

The initial companies behind the effort are @stake Inc., Bindview Corp., Caldera International Inc., Foundstone Inc., Guardent Inc., Internet Security Systems Inc., Microsoft Corp., Network Associates Inc., Oracle Corp., Silicon Graphics Inc. and Symantec Corp.
***************************
Computerworld
Online payment service PayPal hit by scam
By LINDA ROSENCRANCE
SEPTEMBER 27, 2002

During the past two weeks, online payment service PayPal Inc. has been targeted by scam artists trying to get the personal information of its users, including credit card data, user names and passwords.
On Sept. 16, an unsophisticated scam e-mail, slugged "PayPal Verification," was sent requesting users to log into their PayPal accounts "asap" to confirm they were still active users of the service.

The e-mail said:

"We are now requesting the password to the e-mail address you signed up to PayPal with. This is so our systems can confirm the confirmation e-mails off PayPal stay in your account because there has been a rise in the amount of fraudsters getting access to users e-mail addresses and deleting the Paypal confirmations. This is to protect you and ourselves. PayPal will use this information for fraud protection only."

The e-mail went on to say PayPal would use the information for fraud protection only and was part of the Mountain View, Calif.-based company's new annual process to screen out inactive accounts.

Recipients were then given a link that seemed to go to PayPal's secure site, but was actually a fake.

Then on Sept. 25, another, more sophisticated e-mail, slugged "URGENT: PayPal System Problems" arrived in some users' in-boxes.

That message, which arrived as an HTML e-mail set up to resemble PayPal's Web site, said:

"Today we had some trouble with one of our computer systems. While the trouble appears to be minor, we are not taking any chances. We decided to take the troubled system offline and replace it with a new system. Unfortunately this caused us to lose some member data. Please follow the link below and log into your account to make sure your information is not affected. Account balances have not been affected."

The hackers even offered unsuspecting users their next two transfers at no charge.

The URL listed in the e-mail took users to an official-looking site that asked for their personal data, including user name, password and credit card information.

PayPal spokeswoman Julie Anderson said the company hasn't had a problem with its site and said spoof sites are very commonplace. She said the scam artists probably got hold of a database and sent messages to thousands of people hoping to hit some PayPal account holders.

"[These scams] happen often, and they happen often to successful Web sites like eBay, PayPal and other financial services sites," Anderson said. "Fortunately, we know from experience that PayPal users are for the most part savvy enough not to fall for them. But in the end, if they do, they are certainly not liable for any losses."

A "whois" search on the URL used in the scam shows that it was registered on Sept. 10 by Confinity Inc., in Palo Alto, Calif. However, Confinity, which originally developed the technology used by PayPal, no longer exists, and the telephone number listed has been disconnected.

As soon as PayPal learned of the scam, Anderson said, it contacted the Internet service provider and asked it to take down the spoof sites. That has been done.

Anderson said PayPal also notified the appropriate law enforcement agencies, including the FBI. However, she said, PayPal didn't move to notify its 18 million users of the problem.

Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va., said PayPal should take steps to alert its users to the scam. He said he was appalled that the company relied on users to determine that the e-mails they got were bogus.

Charles Kolodgy, an analyst at IDC in Framingham, Mass., agreed, saying most people respond to e-mails without thinking about their veracity. He said vendors handling sensitive data should consider using technology that would allow users to determine whether an e-mail has been sent by that vendor and not a scammer.

Such technology, he said, could include a signature key that would be confirmed by a trusted site, special cookie files or a unique password that could be accessed only by the user and the vendor.

Although PayPal has a security center on its site -- complete with tips for users, including a warning that they never share their PayPal password with anyone -- the company should think about putting that information, as well as a message about this scam, in a more visible position on its home page, Kolodgy said.
**************************
Computerworld
We've all got mail: IDC predicts 60 billion e-mails a day by 2006
By Gretel Johnston, IDG News Service
SEPTEMBER 27, 2002

As if the strain that spam and e-mail alerts are putting on in-boxes weren't enough already, expect even more in the coming years as the overall number of e-mail messages doubles from 31 billion a day now to 60 billion a day by 2006, market researcher IDC predicts.
Not surprisingly, the increase won't be messages from friends and loved ones. Of the 31 billion e-mail messages that now move across the Internet and private networks daily, about two-thirds are person-to-person communications; the rest is made up of spam, notifications and alerts for information such as stock prices and sports scores. By 2006, a little over half of the 60 billion messages sent daily will be person-to-person, said Mark Levitt, vice president of IDC's collaborative computing program.

To ensure that e-mail remains a valuable business tool, e-mail software vendors and users will have to find ways to quickly access the most important and timely e-mail messages, said Levitt, who co-wrote a recently published IDC study on e-mail usage with Robert Mahowald, research manager in IDC's collaborative computing program.

As a result of the e-mail onslaught, users will demand message filtering technology, IDC concludes in the report, titled "Worldwide E-mail Usage Forecast, 2002-2006: Know What's Coming Your Way." The report examines how e-mail has been and will be used for business and personal purposes. It looks at e-mail usage in North America and worldwide markets, and it breaks down users by type and primary access methods and sent e-mails by purpose and type.

The study aims to help develop an understanding of how e-mail will evolve in light of other newer communication tools, such as instant messaging, Levitt said. It examines what type of communication is appropriate in a particular situation, and it takes into account that there's often a human factor when new technologies encroach on old ones.

The research also indicates that Web browsers will remain the primary access method for all e-mail worldwide through 2006. This is significant, Levitt said, because employees who use an e-mail client such as Microsoft Corp.'s Outlook for business e-mail may be using a Web browser to access their private e-mail. As their comfort and familiarity with browser-based e-mail access grows, it could result in demands that their employers switch to that method, Levitt said.

IDC, based in Framingham, Mass., is a division of International Data Group, parent company of IDG News Service.
**************************
USA Today
China refuses electronic trash it says came from the USA

BEIJING (AP) Bristling at being used as a dump for scrap electronics, China has moved to send back more than 400 tons of computers and office equipment that it said arrived from the United States and went unclaimed for more than two weeks.

Customs officers in Wenzhou, in eastern China's Zhejiang province, sent the 22 containers, each 40 feet long, away on a ship this week and said they want to make sure the shipment was returned to where it came from, the official Xinhua News Agency reported.

"As the address and telephone number on the shipping bills are fake, we believe this is most likely a deliberate move to transfer electronic garbage," said one officer, quoted by Xinhua.

The containers, dubbed "electronic products," arrived in Wenzhou on Sept. 11 from the United States, Xinhua said.

When nobody claimed them, customs officers opened the containers and found scrap computer monitors, keyboards, copiers and color TV sets, Xinhua said. It said such items were both harmful and, under Chinese law, banned from entering the country.
***************************
USA Today
Delay sought for Internet radio broadcaster payments

WASHINGTON (AP) Small Internet radio stations should get an extra six months before being forced to pay royalties to the musicians whose songs they are playing, the chairman of the House Judiciary Committee says.


Rep. James Sensenbrenner, R-Wis., introduced legislation late Thursday that would delay until April 20 fees set by the U.S. Copyright Office on Webcasters this summer.

The copyright office decided in June that Webcasters have to pay 70 cents per song heard by 1,000 listeners starting October 20.

While the recording industry wanted more, many Webcasters say that the rate is too high and will put them out of business.

Traditional radio broadcasters are exempt from paying the new royalties, which would go to compensate artists and music labels for using their songs. Over-the-air radio stations use a rate based on a percentage of revenue to pay performers and record labels.

Internet radio either simulcasts of traditional over-the-air radio or Internet-only stations streamed through the Internet to computers is becoming more popular at offices and homes as people get high-speed computer connections. It is expected to move more into the mainstream as wireless devices proliferate, allowing listeners to tune in while walking or driving.
******************************
Los Angeles Times
Internet Draws the Prying Eyes of the Voyeur
By KATHLEEN KELLEHER
September 30 2002

Word to women: If you are in the state of Washington, wear pants. Two Washington men who were convicted of violating the state's voyeurism statute for secretly taking pictures up the skirts of women and little girls successfully challenged the law earlier this month. The use of what has been called "upskirt cams" and "upskirt voyeur photography" is "reprehensible" and "disgusting," the state Supreme Court ascertained, but secretly taking photos up women's skirts in public places is not criminal.

The state's "voyeurism statute, as written, does not prohibit upskirt photography in a public place," Justice Bobbe Bridge, one of four women on the state Supreme Court, wrote in a unanimous opinion. The language of the law fails to explicitly protect people from being photographed in public places, the justices noted, where people don't have a reasonable expectation of privacy.

Apparently, an expectation of privacy for the interior of one's skirt--worn explicitly to conceal one's private parts--is not reasonable.

(After police caught a man taking upskirt videotapes at Disneyland and could not charge him with doing anything illegal, California legislators passed a law in 2000 that made it illegal to take surreptitious photographs or videotapes of a "person's private parts" or undergarments.)

Time was when a peeping Tom's only means for peeping was a drilled hole in the wall of a girls' bathroom, but the technology of fish-eye cameras the size of a pea and the wide world of the Internet have greatly expanded a voyeur's opportunities.

Voyeuristic behavior exists on a continuum in our society from a person passing a window and noticing someone undressing, to viewing scantily clad actors parade on television, to the hard-core, compulsive voyeurs for whom surreptitiously looking up someone's skirt, down a blouse or at snapshots of undergarments becomes the primary sexual experience, said Al Cooper, director of San Jose Marital and Sexuality Centre, a mental-health treatment facility in Santa Clara.

Voyeuristic Web sites are the fastest-growing areas of Internet sexuality, said Cooper, editor of the newly released "Sex and the Internet: A Guidebook for Clinicians" (Brunner-Routledge), one of the first professional books of its kind with contributions from leading clinicians, scholars and academics.

The two general categories of Internet voyeurism, said Cooper, are photographic shots of unsuspecting women in compromising positions such as the upskirt, downblouse and bathroom shots, and live streaming videotape of such things as couples having sex and women performing their own activity.

The voyeur who cannot control the impulse to gaze at sexual images of an unsuspecting person for the purpose of sexual gratification has what psychologists and psychiatrists call a paraphilia, "a condition in which a person's sexual arousal and gratification depend on fantasizing about and engaging in sexual behavior that is atypical and extreme," Cooper said.

For a voyeur whose behavior qualifies as a paraphilia, the Internet is the equivalent of a drug to an addict. "The Internet, in part, is creating this problem," said Fred Berlin, an associate professor of psychiatry at Johns Hopkins Medical School, who added that some people stumble upon the sexual images when they go online and discover the images are arousing.

No one knows how many people develop cases of pathological voyeurism, but 25% of Internet users engage in online sexual activity, Cooper said. Of that 25%, somewhere between 8% and 15% develop compulsive sexual behavior problems that significantly disrupt their lives, he said. Voyeurism is a learned behavior, almost completely a male penchant, and it sometimes starts innocently enough in adolescence.

"It is a normal adolescent prank to peep in a girl's window or bathroom," observed forensic psychologist Clark Clipson, an evaluator of sex offenders for the state of California based in San Diego. "It is a sexual outlet that is safe when all the other avenues are not available. The repeated association of sexual gratification with peeping can turn it into a sexual fixation. Part of the arousal for the voyeur lies in the power and control over the victim who doesn't know she is being watched."

Though voyeurism bears an element of hostility, said Clipson, rarely do voyeurs go on to commit hands-on sexual offenses. "These guys generally don't want to be caught or seen," he said. "They would be horrified if their victims found out. The idea of actually going on to rape someone is so completely foreign to them." There are some voyeurs who use the images purely for sexual gratification. For others, the sexual behavior is an indirect outlet for repressed aggression.

Like any compulsive sexual behavior, said Jennifer Schneider, an addiction medicine physician in practice in Tucson, voyeurism involves the objectification of a person or an anatomical part. Nothing demonstrates that better than the black band obscuring the identity of many of the women featured on the voyeuristic upskirt, downblouse and undergarment-peeping Web sites. Voyeurism distances the voyeur from intimacy.

"Voyeurs have to learn how to have real intimacy," said Schneider. "Obviously, when you are focusing on upskirt or downblouse you are focusing on the anatomy, not the person." Schneider, who co-authored "Cybersex Exposed: Simple Fantasy or Obsession?" (Hazeldon, 2001) with Robert Weiss, a Los Angeles sex addiction therapist, said that though voyeurs insist their penchant for looking does no harm, evidence suggests otherwise. In an anonymous online survey of 100 "cybersex addicts" and 100 partners of users of online sex sites, including voyeuristic ones, Schneider and Weiss asked how participants thought the online activity affected their sex lives. Two-thirds of participants said that because of the online activity they had no sex life or a lousy one.

"Online users said that they found the sex life with their partner boring or that after looking at images ... they were physically unable or uninterested in sex with their partner," said Schneider, who added that stress often drives voyeurs to engage in the behavior. "The partners said that they were asked to do things they did not feel comfortable doing, things the online user learned on the Internet. They also said they felt they could never compete sexually with what's available on the Internet."

For the hard-core voyeur, the path back to real intimacy is not unlike the path for other addicts, said Berlin, who wrote a chapter titled "Paraphilias and the Internet" for the book "The Internet and Sex." People who are compulsive voyeurs "have to recognize that the behavior has to stop," said Berlin, who added that there are ways to curb the addiction. Some people take drugs that suppress their sex drive, some block their computer and some give their wives the code. "They have to be in a supportive environment where they can speak openly about it when experiencing a craving. Things can be done from a mental health perspective. But the public doesn't know about them. When is the last time you heard an advertisement about where to go if you are struggling with difficult sexual cravings?"
*****************************
Los Angeles Times
State Prosecutors Trying to Delete Spam
Internet: The attorney general's office hopes to use a 1998 law to save residents from annoying e-mail solicitations.
By JEAN GUCCIONE
September 28 2002

State prosecutors are taking their first swing at curtailing the daily barrage of unwanted e-mails received by California residents.

They have sued a Los Angeles-area company, PW Marketing LLC, which allegedly has sent millions of junk advertisements via the Internet in recent months. The company and its operators could be fined at least $2 million if the state wins, according to prosecutors.

Other companies and individuals involved in the practice commonly known as "spamming" are also under investigation, state officials said.

But Paul Willis, who prosecutors said is one of the operators of the company, boasted Friday that officials could not hurt him.

"They can shut me down. I don't care," he said.

"The worst thing they can do is get a civil judgment against me," he said. "I'm not dumb enough to keep any assets in my name," he said. "Neither is Claudia," he added, referring to Claudia Griffin, who is named in the suit as the company's co-operator. The two live in Canyon Country, according to court papers.

Individuals have used the state's 1998 anti-spamming law to sue--sometimes in small-claims court--to stop unwanted commercial solicitations. Friday's civil lawsuit against PW Marketing, however, is the first attempt by Atty. Gen. Bill Lockyer's office to enforce the law.

Under California law, unsolicited commercial e-mails must be designated on the subject line with an "ADV" for advertisement or "ADV:ADLT" for adult advertisement. They also must contain a toll-free telephone number or valid e-mail address for consumers who want to stop all future e-mails from that company, and firms must honor consumers' requests to have their e-mail address removed from their lists.

Each violation carries a civil penalty of up to $2,500.

As part of the statewide enforcement efforts, consumers are being asked to forward illegal e-mails to the state attorney general's office for possible prosecution. To help in their efforts, state prosecutors have created a form on their Web site, ag.ca.gov/spam/, for filing spamming complaints with the office.

"Spamming is the scourge of the Information Age. It burdens the Internet system, costs individuals and businesses an estimated $8 million a year and is extremely annoying to those who find their e-mails clogged with electronic junk mail," Lockyer said in announcing the suit. "In filing this action, we are sounding a warning that we will track down and prosecute those who send illegal spam."

According to the attorney general's lawsuit, PW Marketing solicited consumers to buy an online book called "Guide to the Professional Bulk Email Business" for $39 that would provide readers with information on "stealthing capabilities ... anonymous servers ... [and] anti-spam sites to see what the other side is up to."

Prosecutors allege the defendants violated the state's spam law, used a false address in advertising, failed to disclose required information and engaged in untrue or deceptive advertising and unfair business practices.

Willis denied "most of the allegations," saying he hired another company to send out the e-mails for him. He said he closed down his company three months ago and that he and Griffin are getting out of that business.

The case was filed in Santa Clara County Superior Court because residents of that county alerted authorities to the alleged violations.

While state prosecutors are aware of many potential violators, Deputy Atty. Gen. Ian K. Sweedler said a case must first be built. "I had to find evidence that [the e-mails] were actually received by residents in California," he said. "I can't file a complaint just based on suspicion."

The challenge in prosecuting such cases is twofold. First, the evidence--e-mails most people delete without a second thought--must be collected from dozens of consumers, establishing clear violations of the law, Sweedler said. The second stumbling block is locating the perpetrators and tying them to the evidence.

Most spammers use forged routing information to make it appear as though they are sending e-mails from outside of the country when, in fact, they originate elsewhere, Sweedler said. They also tap into Internet service providers without authorization, making it more difficult to track them, he said.

In this case, Sweedler said he got a break because PW Marketing took orders from customers using a Canyon Country fax number. He declined to say how many alleged violations he has gathered against that company, but said the latest is dated Sept. 8.

In January, the 1st District Court of Appeal in San Francisco upheld the constitutionality of the spam law, saying it did not burden interstate commerce.

In that case, attorney Ira P. Rothken of San Rafael represented the defendant, Friendfinders Inc., which was sued by Mark Ferguson for allegedly sending him unsolicited e-mails that were deceptive and misleading.

Rothken said the law does not ban unsolicited e-mails but rather requires senders to format the e-mails. The allegations against PW Marketing, he said, "are much more serious than sending spam" because they include deceptive business practices.

With the help of activists involved in anti-spamming efforts, Sweedler said, his office has received 100 to 200 forwarded e-mails daily from consumers, for a total of about 6,000 to date.

The office is seeking examples of spam received by California residents and delivered via servers in California that give an indication that the company is operating in California, such as a local phone number or address.
***************************
News Factor
What's New on the Open Source Front?

The early days of the open source movement saw the introduction of such widely used products as Sendmail, Apache, Perl and Linux. Since that time, many new programs either have been developed as open source or have been released into the open source community by software vendors, and still more projects are in the works. But the direction of the open source movement is far from clear. [The Complete story, see: http://www.newsfactor.com/perl/story/19532.html#story-start]
*******************************
Info World
Govt. to unveil top 20 vulnerabilites
By Paul Roberts
September 30, 2002 7:22 am PT

THE FOCUS WILL be on fixes this Wednesday when the U.S. General Services Administration (GSA) unveils its list of the top 20 Internet security vulnerabilities to a gathering of government chief information officers and IT professionals. The meeting, which is to be held Wednesday at the offices of the GSA in Washington, is expected to be attended by around 350 people, most from within the ranks of the government IT community. [For complete story, see: http://www.infoworld.com/articles/hn/xml/02/09/30/020930hngsa.xml?s=IDGNS]
*************************
Wired News
Hazmat Haulers Keep on Truckin'
By Louise Knapp

A security system designed to protect trucks carrying hazardous material from would-be hijackers is gearing up to enter the fast lane.

The in-dash system, which looks like a car stereo, comes with typical security features like voice authentication, GPS tracking and automatic alarm relay, but its circuitry harbors a few totally new capabilities as well.

One is the system's ability to create a virtual fence. Basically, when a truck veers from its route or tries to enter an area it shouldn't, the engine automatically shuts down.

"If, for example, the federal government decided it doesn't want any trucks carrying hazardous material coming into Washington, it can put a virtual fence around it," said Bob Schumacher, business line executive of wireless products at Delphi Corp., where the system was developed.

"We download the GPS coordinates of this virtual fence into the truck's computer, and then if the truck enters this area a message is sent to the vehicle and the throttle is cut back to idle."

Delphi's system, called TruckSecure, seems to make sense in these times of heightened security, but truckers aren't convinced they need this extra protection.

"We've been operating without it for 50 years without any problem," said Tom Buckner, director of Ibis Tek, a company that manufactures security vehicles.

Robert Hackley, manager of e-business at Seneca Tank, a manufacturer and supplier of petroleum tanks, agrees. "We've never had a terrorist attack on a fuel truck, so it's hard to quantify the risk," Hackley said.

Hackley did say, however, that if a terrorist hijacking on a truck did occur, that might change his mind. "I'm sure if there was one, there would be a huge rush for these things," Hackley said.

But Schumacher contends that the threat is immediate.

"There are 350,000 trucks on the road carrying hazardous material every day," he said. "A terrorist could easily attach an incendiary device to one of these trucks and burn down a building."

Schumacher said it's not just a theory that terrorists target fuel trucks. He cited the April 11, 2002, attack on a synagogue on Djerba Island, Tunisia, that killed 21 people, including 14 German tourists. The attack, an apparent suicide bombing in which a truck laden with explosives blew up right outside the building, was allegedly carried out by members of an al Qaida splinter group.

TruckSecure operates on a hierarchical security system. "One level of security doesn't work, as no one thing is perfect. You need multiple barriers like you see at the airport," Schumacher said.

The first step is driver authentication. To start the truck, the driver has to say the password into the system's microphone or type it into the system's keyboard.

The second is a vehicle location monitor. The truck can be remotely tracked from the service station to ensure it is on its scheduled route. "We call up the cell phone embedded in the vehicle and ask for GPS coordinates," Schumacher said.

The third level of security is the virtual fence.

The fourth is alert escalation. "It's an automatic signal that could be sent to law enforcement to say, 'Hey this truck has been hijacked. It has departed from its route and is heading toward a tower or a synagogue or the White House,'" Schumacher said.

The fifth level is mitigation. At this point the truck has been hijacked, is off its intended route and an alert has been issued.

"But you know it is going to take some time for people to get there. In this situation you can wirelessly send a signal to stop the truck," Schumacher said.

Not surprisingly, some have concerns about all the gadgetry incorporated in the system.

"I could see problems with this," Hackley said. "The system could fail, ending up with trucks cutting out on the freeway and brakes failing. This could be disastrous."

Schumacher said that such problems are always remotely possible, but he also cited his company's 20 years of experience installing computers in vehicles.

"Even if something were to go wrong, then the driver can reset (the system) using his password or, at worst, the service center could do so," Schumacher said.

Tony Chrestman, senior vice president of Ruan Transportation, a company that transports corrosive material, said the system promises more benefits than downsides.

"It's a professional driver piloting these trucks," Chrestman said. "The engine might stall out, but this is always a risk, and the driver is trained to take the necessary emergency measures."

Chrestman said he would like to see TruckSecure installed on all trucks carrying hazardous material.

Mike Russell, spokesman for the American Trucking Associations, agreed -- with one proviso: "If it's not cost-prohibitive then the industry would look into it."

The system will cost more than $1,000 per truck.

Schumacher said that with the backing of government and industry Delphi could have the system ready in a year.
****************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx