[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips September 30, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;
- Subject: Clips September 30, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Mon, 30 Sep 2002 12:54:50 -0400
Clips September 30, 2002
ARTICLES
Internet Draws the Prying Eyes of the Voyeur
Reluctant snoops: For Internet services, war against terror [Privacy]
Agency Probes D.C. Wireless Network
Navy launches e-records effort
NASA funds interactive institute
As Digital Radio Stumbles, New Products Fill the Gap
Agencies' privacy policies found lacking [Privacy]
INS implements foreign student tracking regulations [Privacy]
Prospect of Iraq conflict raises new cyberattack fears [Security]
Group to examine security-flaw reporting policies [Security]
Online payment service PayPal hit by scam
We've all got mail: IDC predicts 60 billion e-mails a day by 2006 [Trends]
China refuses electronic trash it says came from the USA [Recycling]
Delay sought for Internet radio broadcaster payments
Internet Draws the Prying Eyes of the Voyeur
State Prosecutors Trying to Delete Spam
What's New on the Open Source Front?
Govt. to unveil top 20 vulnerabilites
Hazmat Haulers Keep on Truckin' [Security]
*******************************
Washington Post
Internet Draws the Prying Eyes of the Voyeur
By KATHLEEN KELLEHER
September 30 2002
Word to women: If you are in the state of Washington, wear pants. Two
Washington men who were convicted of violating the state's voyeurism
statute for secretly taking pictures up the skirts of women and little
girls successfully challenged the law earlier this month. The use of what
has been called "upskirt cams" and "upskirt voyeur photography" is
"reprehensible" and "disgusting," the state Supreme Court ascertained, but
secretly taking photos up women's skirts in public places is not criminal.
The state's "voyeurism statute, as written, does not prohibit upskirt
photography in a public place," Justice Bobbe Bridge, one of four women on
the state Supreme Court, wrote in a unanimous opinion. The language of the
law fails to explicitly protect people from being photographed in public
places, the justices noted, where people don't have a reasonable
expectation of privacy.
Apparently, an expectation of privacy for the interior of one's skirt--worn
explicitly to conceal one's private parts--is not reasonable.
(After police caught a man taking upskirt videotapes at Disneyland and
could not charge him with doing anything illegal, California legislators
passed a law in 2000 that made it illegal to take surreptitious photographs
or videotapes of a "person's private parts" or undergarments.)
Time was when a peeping Tom's only means for peeping was a drilled hole in
the wall of a girls' bathroom, but the technology of fish-eye cameras the
size of a pea and the wide world of the Internet have greatly expanded a
voyeur's opportunities.
Voyeuristic behavior exists on a continuum in our society from a person
passing a window and noticing someone undressing, to viewing scantily clad
actors parade on television, to the hard-core, compulsive voyeurs for whom
surreptitiously looking up someone's skirt, down a blouse or at snapshots
of undergarments becomes the primary sexual experience, said Al Cooper,
director of San Jose Marital and Sexuality Centre, a mental-health
treatment facility in Santa Clara.
Voyeuristic Web sites are the fastest-growing areas of Internet sexuality,
said Cooper, editor of the newly released "Sex and the Internet: A
Guidebook for Clinicians" (Brunner-Routledge), one of the first
professional books of its kind with contributions from leading clinicians,
scholars and academics.
The two general categories of Internet voyeurism, said Cooper, are
photographic shots of unsuspecting women in compromising positions such as
the upskirt, downblouse and bathroom shots, and live streaming videotape of
such things as couples having sex and women performing their own activity.
The voyeur who cannot control the impulse to gaze at sexual images of an
unsuspecting person for the purpose of sexual gratification has what
psychologists and psychiatrists call a paraphilia, "a condition in which a
person's sexual arousal and gratification depend on fantasizing about and
engaging in sexual behavior that is atypical and extreme," Cooper said.
For a voyeur whose behavior qualifies as a paraphilia, the Internet is the
equivalent of a drug to an addict. "The Internet, in part, is creating this
problem," said Fred Berlin, an associate professor of psychiatry at Johns
Hopkins Medical School, who added that some people stumble upon the sexual
images when they go online and discover the images are arousing.
No one knows how many people develop cases of pathological voyeurism, but
25% of Internet users engage in online sexual activity, Cooper said. Of
that 25%, somewhere between 8% and 15% develop compulsive sexual behavior
problems that significantly disrupt their lives, he said. Voyeurism is a
learned behavior, almost completely a male penchant, and it sometimes
starts innocently enough in adolescence.
"It is a normal adolescent prank to peep in a girl's window or bathroom,"
observed forensic psychologist Clark Clipson, an evaluator of sex offenders
for the state of California based in San Diego. "It is a sexual outlet that
is safe when all the other avenues are not available. The repeated
association of sexual gratification with peeping can turn it into a sexual
fixation. Part of the arousal for the voyeur lies in the power and control
over the victim who doesn't know she is being watched."
Though voyeurism bears an element of hostility, said Clipson, rarely do
voyeurs go on to commit hands-on sexual offenses. "These guys generally
don't want to be caught or seen," he said. "They would be horrified if
their victims found out. The idea of actually going on to rape someone is
so completely foreign to them." There are some voyeurs who use the images
purely for sexual gratification. For others, the sexual behavior is an
indirect outlet for repressed aggression.
Like any compulsive sexual behavior, said Jennifer Schneider, an addiction
medicine physician in practice in Tucson, voyeurism involves the
objectification of a person or an anatomical part. Nothing demonstrates
that better than the black band obscuring the identity of many of the women
featured on the voyeuristic upskirt, downblouse and undergarment-peeping
Web sites. Voyeurism distances the voyeur from intimacy.
"Voyeurs have to learn how to have real intimacy," said Schneider.
"Obviously, when you are focusing on upskirt or downblouse you are focusing
on the anatomy, not the person." Schneider, who co-authored "Cybersex
Exposed: Simple Fantasy or Obsession?" (Hazeldon, 2001) with Robert Weiss,
a Los Angeles sex addiction therapist, said that though voyeurs insist
their penchant for looking does no harm, evidence suggests otherwise. In an
anonymous online survey of 100 "cybersex addicts" and 100 partners of users
of online sex sites, including voyeuristic ones, Schneider and Weiss asked
how participants thought the online activity affected their sex lives.
Two-thirds of participants said that because of the online activity they
had no sex life or a lousy one.
"Online users said that they found the sex life with their partner boring
or that after looking at images ... they were physically unable or
uninterested in sex with their partner," said Schneider, who added that
stress often drives voyeurs to engage in the behavior. "The partners said
that they were asked to do things they did not feel comfortable doing,
things the online user learned on the Internet. They also said they felt
they could never compete sexually with what's available on the Internet."
For the hard-core voyeur, the path back to real intimacy is not unlike the
path for other addicts, said Berlin, who wrote a chapter titled
"Paraphilias and the Internet" for the book "The Internet and Sex." People
who are compulsive voyeurs "have to recognize that the behavior has to
stop," said Berlin, who added that there are ways to curb the addiction.
Some people take drugs that suppress their sex drive, some block their
computer and some give their wives the code. "They have to be in a
supportive environment where they can speak openly about it when
experiencing a craving. Things can be done from a mental health
perspective. But the public doesn't know about them. When is the last time
you heard an advertisement about where to go if you are struggling with
difficult sexual cravings?"
*************************
Seattle Times
Reluctant snoops: For Internet services, war against terror means flood of
subpoenas
By Sarah Lai Stirland
Special to The Seattle Times
Internet service providers are often called gatekeepers, the companies that
open up the online world to a computer user. It is this very role, however,
that has placed them in an uncomfortable position in a post-Sept. 11 world.
As law-enforcement authorities ratchet up efforts to track and combat
terrorist and other criminal activity online, ISPs are walking a
treacherous tightrope between complying with international privacy laws and
meeting investigators' mounting requests for information.
Those requests have increased in numbers, breadth and intensity, say
representatives of some of the world's largest ISPs. They are part of a
trend toward making ISPs the proxy policemen of cyberspace, a role the ISPs
are trying hard to avoid because it would mean expensive, burdensome
responsibilities.
Primarily, those responsibilities would include saving information relevant
to criminal investigations and buying equipment that is wiretap-ready.
Service providers also would have to either invest in beefed-up legal
compliance departments or face more risks of litigation from inadvertent
privacy violations.
"What we've seen after Sept. 11 at least in the U.S. is about a fivefold
increase in the number of subpoenas requested of service providers and,
frankly ... just requests for information," noted Al Gidari, a partner at
the Seattle-based law firm of Perkins Coie. "Entities want legal process
because when they comply with it, they get immunity for complying with that
legal process, should a third party sue them for a privacy violation."
Surge in surveillance
There aren't any hard statistics on the number of subpoenas, court orders,
search warrants and informal requests issued in the past year. But
panelists at a recent conference on privacy and security in Seattle
reported a surge since last October when Congress enacted the elaborately
named USA PATRIOT Act Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism Act of
2001, also known simply as the Patriot Act.
"We certainly had higher volume," said Christopher Bubb, an assistant
general counsel in America Online's compliance and investigations unit. "It
was like someone just told the local cops about these statutes, so there
was a wave of local police officers going: 'Well, I didn't know about
this this is a neat tool! I've got to try it out!' It sort of woke them up."
"Obviously, the Patriot Act changed how we deal with requests that come
in," said Elizabeth Banker, an associate general counsel at Yahoo! "For me,
it's less about volume and it's more about how much work goes into each and
every request."
The typical government subpoena, she said, went from requesting just
user-account information to asking for details about the subscriber's
Internet use and billing and credit-card history. "You're adding two fairly
involved requests to every subpoena that comes in through the door," she said.
Requests expanded, observers noted, because the Patriot Act lowered many of
the legal standards investigators must meet and broadened the kinds of
information law enforcement can demand from ISPs. The act granted the new
search powers by amending the Electronic Communications Privacy Act, the
main law that governs how investigators can gain access to electronically
stored ISP subscriber information.
Now, companies must comply with subpoenas even if they have strong privacy
policies. The act also allows law officers access to subscriber data
without subpoenas if they "reasonably believe that (it's) an emergency
involving immediate danger of death or serious physical injury" to someone.
When it comes to requests for information, the act calls on companies to
voluntarily offer information if authorities say the situation is an
emergency.
Civil liberty concerns
Critics contend the act gives the authorities too much power and lacks the
checks and balances that traditionally guard civil liberties. No
accountability, they say, is required for many of the new surveillance
activities.
For companies, the act also makes it more expensive and time consuming to
resist surveillance requests, according to the Electronic Privacy
Information Center in Washington, D.C.
"From a carrier's point of view, the Patriot Act was a great thing in
making things a little less controversial," said Perkins Coie's Gidari.
"From a privacy point of view, there's a lot of concern and outrage."
Although the new rules don't say exactly how fast a company must cough up
information, Banker said post-Sept. 11 requests have become more urgent and
time-sensitive.
She said companies are being expected "to keep churning things out," to
accept after-hours requests, to deal with law enforcement around the clock,
seven days a week, and to respond quickly to broadly worded requests.
Banker didn't provide details on how Yahoo! has coped, and a company
spokesperson declined to discuss staffing levels. But Banker did indicate
in a talk at the Seattle security conference that Yahoo! has had to build
some technical solutions.
She also said Yahoo! has started to charge law-enforcement agencies for
requests as a way to get them to narrow the focus of their inquiries. The
practice is widespread in the telephone industry, she noted, but not with
ISPs.
"They want to be perceived as good citizens and are afraid that actually
charging for government requests for information isn't consistent with
that," Banker said. "It's also an administrative hassle. You have to come
up with some way of determining what the cost of every request you comply
with is, and issue and track invoices and payments, and then decide what to
do with the government agencies that don't pay."
At the security conference, another call for more precision in
law-enforcement requests came from Microsoft's Hemanshu Nigam, the
company's head of criminal compliance, security and law-enforcement
affairs. Even with complex privacy requirements, police agencies can get
the information they want so long as they follow the law, Nigam said. He
said Microsoft had started to train staff to deal with the requests.
Nigam, former global Internet enforcement director of the Motion Picture
Association, was hired by Microsoft in July to manage the software giant's
role in online criminal investigations. In January, Microsoft hired Scott
Charney, one of the nation's top computer forensics experts, as the
company's chief security strategist.
How long to keep data?
In the United States, ISPs aren't required to preserve any customer
information unless requested to do so by law enforcement. If a request is
made, they must keep information on the targeted customer for 90 days.
Authorities can extend the request for 90 more days.
In the U.S., corporate lawyers say this system works relatively well. But a
European Union directive in May advised member countries to require
telecommunications providers to retain all customer information
indefinitely to allow law enforcement to comb through the records in future
investigations. That directive has many groups up in arms. So far, only
Spain has acted, adopting a one-year data retention requirement.
"We have suggested, not entirely facetiously, that the European Union think
about giving us Belgium for storage to comply with the one-year data
retention requirements, and we'll take Holland for the cooling necessary
for the storage," joked AOL's Bubb. He noted that AOL's e-mail traffic
generates between 8 and 9 terabytes or 8 trillion to 9 trillion bytes of
information a day.
Stewart Baker, a Washington, D.C., lawyer and a founding member of the U.S.
Internet Service Provider Association, said he's working with European
counterparts to harmonize U.S. and European rules. The hope is that
European countries will adopt rules similar to those in the U.S.
Baker says federal officials also have sought to have ISPs take on more
responsibilities, including selling their customers security solutions and
coordinating network operations centers so they can warn each other of
malicious code.
"ISPs believe in many respects that they are like telephone companies," he
said, "and they can't be held responsible for the content of communications
any more than they can for the things people say to each other when making
phone calls."
************************
Associated Press
Agency Probes D.C. Wireless Network
Sun Sep 29, 1:37 PM ET
By D. IAN HOPPER, AP Technology Writer
WASHINGTON (AP) - Secret Service agents are putting a high-tech twist on
the idea of a cop walking the beat. Using a laptop computer and an antenna
fashioned from a Pringles potato chip can, they are looking for security
holes in wireless networks in the nation's capital.
The agency best known for protecting the president and chasing down
counterfeiters has started addressing what it calls one of the most
overlooked threats to computer networks.
"Everybody wants wireless, it's real convenient," Special Agent Wayne
Peterson said. "Security has always been an afterthought."
The effort is part of a new government plan to build relationships with
businesses so that they will feel more comfortable reporting hacking
attempts to authorities. Recent anti-terrorism legislation gave the FBI (
news - web sites) and Secret Service joint jurisdiction over electronic
crimes.
Wireless networks are cheap; a small one can start at less than $200. They
make it easy for workers to wander around with their laptop or handheld
computers and for visiting employees with their own computers to get on to
the local office network.
These networks are becoming common in airports, universities, coffee
houses, businesses, homes and even some public squares. But they are sold
with no security measures, and protecting a wireless network from hackers
takes more knowledge than what network installation guides typically offer.
Because of security concerns, the White House recently proposed banning
some wireless networks in federal agencies. Faced with industry protests,
the administration dropped the idea when it released a draft version of its
cybersecurity plan this month.
That has led some independent security researchers to drive or even use a
private plane to fly through cities to map networks. Those maps, which are
usually posted on the Internet, show where a person can get a free Internet
connection on a private network.
The Secret Service ( news - web sites) wants to let businesses know that
their Internet connections and private networks might be at risk. Companies
informed about security holes can reconfigure their networks to make them
more secure.
Peterson's tools are a laptop, a wireless network card and one of three
antennae mounted on his car. One is a small metal antenna; the second is a
large, white, 2-foot-tall tube; the third is a homemade antenna made out of
a Pringles can. They boost the reception of his wireless network card,
allowing the agent to point them in different directions to get the best
signal.
A Pringles can is ideal because of its shape a long tube that lets someone
to point it at specific buildings and its aluminum inner lining. It acts
like a satellite dish, collecting signals and bouncing them to the
receiver, which is then wired into a laptop.
Peterson recently drove down a major Washington street and found over 20
wireless networks, many of which had no security at all. Peterson said his
probes are part of good police work, like a patrolman driving through a
neighborhood.
"I feel it is part of crime prevention to knock on the door," Peterson said.
The act of "wardriving," a term taken from older "wardialing" programs that
called random telephone numbers looking for unlisted modems, has become so
prevalent that enthusiasts are using chalk marks on streets and sidewalks
to point out networks in public places.
Peterson said there has not been any reported "warchalking" in the
Washington area yet, but if one was found agents would alert the network
owner.
Chris McFarland, head of the Secret Service's Electronic Crimes Task Force,
said his agents have begun evaluating computer security along with other
concerns when they scout out a place where the president or other protected
dignitary will go.
McFarland said, for example, that agents have had extensive discussions
with officials at George Washington Hospital about improving its wireless
network security.
While the agents plan to offer their expertise to anyone who asks, they are
focusing on places most important to their mission of protecting public
officials. The hospital is several blocks from the White House and treated
Vice President Dick Cheney ( news - web sites) during his heart problems.
Agents also checked out computer systems at the Salt Lake City Olympics,
last year's Super Bowl and the World Bank ( news - web sites) in advance of
weekend protests.
"People can wreak havoc with these systems very easily," McFarland said.
"It's almost like triage."
*******************
Federal Computer Week
Navy launches e-records effort
BY Christopher J. Dorobek
Sept. 30, 2002
The Navy last week kicked off what is expected to become the government's
largest enterprisewide records management system when it began installing
software on Navy Marine Corps Intranet computers.
The Navy is loading software on about 100 PCs in the Navy Department's
Office of the Chief Information Officer. That tool eventually will help the
service manage records and documents across nearly 400,000 desktop PCs at
nearly 300 shore-based sites, officials said. Last year, the Navy and EDS
selected Australia-based Tower Software's TRIM as NMCI's records management
standard.
"This will be the largest electronic records management customer ever,"
said Charley Barth, team leader for records and document management in the
Navy Department's CIO office.
The initiative will help the Navy standardize its records management
practices, he said, adding that some Navy sites retain almost no records.
"The Department of the Navy does not want to be the next '60 Minutes' story."
A records management system that encompasses the entire organization could
be the cornerstone for network-centric operations, Navy officials said. By
providing a standard application and creating a single repository in which
data can be stored, the information will be accessible to everybody. The
records management system could also share information with other systems.
"We've never had a good tool for sharing information," Barth said. "We've
never shown people the true value of this data."
Others agree. "Now there are vast amounts of information out there," said
Capt. Chris Christopher, NMCI's deputy director of plans, policy and
oversight. "How do you get to that?"
The system will eventually maintain all of the Navy's records, both
electronic and paper, officials said, and will theoretically give Navy
staffers access to data no matter where they are.
As part of the effort, officials plan to integrate the records management,
data management and workflow processes, said Steve Vetter, director of
strategic planning for EDS, the lead vendor for NMCI, the Navy's $6.9
billion effort to create a single network across its shore-based sites.
Navy officials are considering using the TRIM software as the standard for
managing those three processes, Vetter said. They are so dependent on one
another that the overall effort will fail if they are not considered together.
Navy officials will conduct a pilot project to assess how TRIM might work
as a document management and workflow system. And another project will
determine if TRIM can be used for managing correspondence.
"If TRIM is going to be installed under NMCI and used for records
management purposes, it is not a pilot," Barth said. "If it is going to be
installed for document management, correspondence management or nonrecords
management purposes, it may very well be a pilot."
Although other agencies have deployed enterprisewide records management
systems the Federal Deposit Insurance Corp., for example nothing this
large has been attempted, said J. Timothy Sprehe, a records management
expert and president of Sprehe Information Management Associates. FDIC's
system, which also uses Tower's TRIM software, is "much, much tinier" in
scale, he said.
The Navy and EDS face a difficult task, Sprehe said, largely because of the
scale of the effort they are attempting. "I cannot imagine how many
different document management systems Navy installations must have," and
officials will have to integrate TRIM with all of those systems.
The NMCI contract includes a provision requiring EDS to provide desktop
records management software to all users. The NMCI contract allows commands
to buy implementation services, but it does not provide funds or standards
for that implementation.
"At the installation, base level?those folks have to find their own money
to do their own integration," Sprehe said. "In order to put this into
implementation, they will have to do that themselves."
Another challenge will be educating users. Navy officials hope to make the
system transparent to users, but it has always been difficult to convince
them of the importance of records management, Sprehe said. "That's a tough
sell."
***
For the record
The Navy's goals for its records management system include:
* Creating one system for maintaining all Navy records, including paper ones.
* Meeting the records management requirements set by the Defense Department
and the National Archives and Records Administration.
* Standardizing on a single application and eliminating legacy applications
for records and document management.
* Creating a system for managing correspondence and documents.
* Making data widely available that was previously stored in stand-alone
systems.
* Improving internal and external access to Navy records under the Freedom
of Information Act.
* Reducing storage and service fees.
****************************
Federal Computer Week
NASA funds interactive institute
BY Megan Lisagor
Sept. 30, 2002
NASA has awarded a contract potentially worth $379 million to a recently
formed nonprofit corporation to create an institute to conduct cutting-edge
research, develop new technologies and provide educational opportunities.
The National Institute of Aerospace is expected to be fully operational in
January. It is a joint venture between NASA's Langley Research Center in
Hampton, Va., and the newly formed National Institute of Aerospace
Associates (NIAA), which is composed of state universities and a nonprofit
organization.
The education aspect could help NASA strengthen its workforce as it faces
an impending retirement wave and a shortage of students pursuing degrees in
science, mathematics and engineering.
The institute will offer master's degrees and doctorates at local sites and
via distance learning. It also plans to link the main campuses of
partnering universities to labs at Langley, building a virtual research
space, according to Charles Harris, director of the National Institute of
Aerospace's management office.
"It's going to be very innovative and highly interactive," Harris said.
"This is a new way of doing business for Langley. This is going to foster
much greater involvement by academia to fulfill NASA's mission. The
emphasis here is on collaboration."
The National Institute of Aerospace will be housed at Langley to facilitate
agency collaboration. Langley's partners, under the umbrella organization
NIAA, include the American Institute of Aeronautics and Astronautics
Foundation; the Virginia Polytechnic Institute and State University; the
University of Virginia; the University of Maryland, College Park; North
Carolina State University, Raleigh; North Carolina Agricultural and
Technical State University, Greensboro; and the Georgia Institute of
Technology, Atlanta.
The procurement covers a five-year base period and has three five-year
options for extension. A five-year cooperative agreement also has been reached.
***************************
New York Times
As Digital Radio Stumbles, New Products Fill the Gap
By BARNABY J. FEDER
Sensing an opportunity in the radio industry's slowness to adopt digital
broadcasting, a number of chip makers and radio manufacturers have
introduced products that use software in receivers to sharply improve the
quality and reach of broadcasts transmitted in the analog format.
The latest contributor to the trend, Motorola, plans tonight in Tokyo to
announce the most powerful set of microchips yet for such receivers, which
convert standard analog AM and FM broadcast signals into a digital format.
So far, the radio broadcasting industry in this country has not agreed upon
uniform digital technical standards, which has left over-the-air digital
radio service to subscription-fee satellite services.
Analog radio signals use electronic waves analogous to sound waves. Digital
signals use electronic pulses that can be translated into the precise 1's
and 0's of computer code.
When radio signals are in digital form, they can be filtered, cleaned up
and manipulated by software. The result is better sound fidelity and the
opportunity to add features like deeper bass tones. Software-driven
receivers can compensate for the complex interference patterns caused when
signals are bouncing off of buildings or hills, and they can tune into
channels more accurately.
Some software can also reconstruct extremely weak signals, allowing
listeners to travel farther from their favorite radio stations without
losing touch. Motorola's design, which can combine information from more
than one antenna, taking advantage of the trend to putting more than one
antenna on a car, is said to be a major improvement.
"It's going to give measurably better performance, especially in the AM
band," said Will Strauss, president of Forward Concepts, a market research
firm in Tempe, Ariz.
Motorola plans to release details about the new chip sets, which are based
on the Symphony line of audio processors it introduced in 2000, during its
Tokyo presentation. Motorola said that the first products incorporating the
new Symphony chip sets would be radios going on sale late next year as
replacements for standard car radios. Motorola also said that it expected
some car manufacturers to begin supplying Symphony-equipped radios in new
cars in 2004.
Motorola said its new chips would allow the elimination of so many
components in receivers that radios going on sale next year should cost the
same or less than today's premium analog systems.
One of the first adopters is expected to be Hyundai Autonet, which sells
after-market radios and original equipment for both Hyundai and Kia.
Motorola's announcement comes just one week after Blaupunkt, a German radio
maker that is part of Robert Bosch, announced the availability of
Digiceiver, an analog-to-digital conversion product that is based on
another Motorola chip and offers some of the same benefits to listeners.
Earlier this year, Philips Semiconductors, a unit of Royal Philips
Electronics of the Netherlands, introduced a new line of digital signal
processors aimed at extending Philips's position as the leading supplier of
microchips to the car entertainment market a market that is one of the few
segments of automotive electronics where Motorola is not the leading chip
supplier.
The various chip sets differ by how early in the receiving process they
convert the signals to digital form and by their processing power and their
software capabilities. The reliance on software should make it possible for
users to download updated features as new services become available and for
independent software programmers and radio manufacturers to install
software to make their own products distinct.
A number of other chip makers are also investing heavily in new
signal-processing technology for the radio market, including Texas
Instruments and ST Microelectronics.
Allied Business Intelligence, a market research firm, has projected that
the number of digital radio receivers in the United States alone will jump
from 650,000 units this year to 33 million in 2007.
Such projections, though, assume that the industry and the Federal
Communications Commission will eventually agree on a standard for
terrestrial digital broadcasting. Aside from a small number of stations
restricted to daytime AM broadcasts, digital radio in the United States is
currently confined to the satellite-based systems of XM and Sirius, both of
which cover the entire nation with 100-channel networks.
Advocates of digital broadcasting say that its benefits will extend far
beyond the improved sound quality and signal reach that Motorola and others
are chasing with today's radio software. Such broadcasts could also deliver
text messages to screens on the receivers, opening new pathways for
advertisers. Philips executives, for example, foresee radios that notify
shoppers of special sale items at stores in a mall as they pull into it.
Motorola said that Symphony chipsets could be easily adapted to receiving
today's digital satellite broadcasts and the terrestrial broadcasts in the
future. But some analysts wonder whether the analog-to-digital chipsets
will undercut efforts to complete the transition to digital broadcasting,
because products like Symphony give broadcasters the benefits of greater
reach with no investment on their part.
"Motorola could be suppressing the demand for true digital radio," said
Ryan Jones, an analyst at the Yankee Group. "The real key is how much they
confuse the market and dilute the definition of digital radio."
****************************
Government Executive
September 27, 2002
Agencies' privacy policies found lacking
By Maureen Sirhal, National Journal's Technology Daily
Preliminary findings from a forthcoming government study on the privacy
policies of federal Web sites are causing many leading analysts at the
General Accounting Office to recommend the creation of a common standard
for federal privacy notices.
In a presentation before a National Institute of Standards and Technology
advisory board meeting in Washington last week, Alan Stapleton, GAO's
assistant director of information technology, outlined the different
privacy projects the agency is spearheadingincluding an update on a 2000
study of federal agencies' privacy policies.
Three years after the White House Office of Management and Budget
instructed agencies to maintain clear and concise privacy policies, GAO is
finding that the policies "are not really clear and concise," Stapleton said.
The study is revealing that agencies often stray from the standards of
privacy policies and practices, he noted, even as OMB provides the agencies
sample language. Government entities often use an array of words and
definitions to describe common elements of privacy policy or rely on
differing formats for presenting the same information, he said.
Consequently, Stapleton said GAO may recommend that OMB urge agencies to
use a consistent privacy template to make their policies clear and concise.
One potential solution would be a "layered notice," where a single Web page
would list the elements of the OMB privacy template and also offer a link
to supplemental information. The details would describe exceptions to the
standard policy or link to areas of the agency's site that collect personal
information, Stapleton said.
GAO analysts believe the creation of a privacy template could help ease the
burden for Web users and citizens, who often have to read complex privacy
notices. "We want to learn everything for the public and private sector
that we can learn," Stapleton said, but the template needs to be linked to
how federal agencies can use it.
Members of the NIST advisory board cautioned that potential privacy
recommendations also should address the security of the data and include a
policy for disclosing how information is encrypted. They also urged
Stapleton to gather input from privacy groups such as the Electronic
Privacy Information Center.
GAO is still conducting a comprehensive survey of the privacy practices of
25 agency Web sites at the request of Sen. Joseph Lieberman, D-Conn., and
Rep. Steve Horn, R-Calif., Stapleton said. The survey will cover nearly all
departments and a host of independent agencies such as the Federal
Emergency Management Agency, National Science Foundation and Securities and
Exchange Commission.
While GAO has collected most of the responses to the questions, Stapleton
said, "we are going to issue a report early next year. We want to analyze
more of the results."
***************************
Government Executive
INS implements foreign student tracking regulations
From National Journal's Technology Daily
The Immigration and Naturalization Service has implemented regulations
requiring any higher education institutions wishing to enroll non-U.S.
citizens to apply for listing those students in the Student and Exchange
Visitor Information Systems (SEVIS).
SEVIS is an Internet-based system linked to the State Department that
enables the government to track foreign students in the United States.
Under the INS rules, any school that has not applied to SEVIS by Jan. 30,
2003, will not be allowed to accept foreign students. Schools must
electronically complete the application and pay a certification fee of $580.
To date 2,163 schools are in various stages of adopting SEVIS, while 483
schools are awaiting approval to use the system.
*****************************
Computerworld
Prospect of Iraq conflict raises new cyberattack fears
By DAN VERTON
SEPTEMBER 27, 2002
If history is a guide, any Bush administration plan to remove Saddam
Hussein from power in Iraq would likely set off a firestorm of hacker
activity targeting U.S. networks and infrastructure. And those attacks
could be greater in number and affect a broader cross-section of U.S.
businesses than anything seen before, according to intelligence experts.
Surges in cyberattack activity have typically accompanied major
international crises during the last several years, including the
Arab-Israeli conflict, the war in Kosovo and the collision of a U.S. spy
plane with a Chinese fighter jet over the South China Sea last year (see
story).
However, any significant expansion of the U.S.-led war against terrorism,
including an invasion of Iraq, could unleash an unprecedented wave of
hacker activity, intelligence and security experts said.
Eric Shaw, a former psychological profiler at the CIA, said he will be
watching for increases in activity from specific threat groups.
"Islamic hacking groups have been uniting over the India-Pakistan and
Israeli-Palestine [conflicts] and they are traditionally Iraq supporters
and anti-U.S. and anti-Israel," said Shaw, who now works as a cybersecurity
consultant at Stroz Associates LLC in New York.
A second group includes a mixture of U.S. and European-based antiwar
hackers, said Shaw. "Think about [groups] of young, liberal, elite,
Western-educated youth [coming out] against the war. It would be a lot
smaller than the Vietnam generation but could still be potent," he said.
Moreover, a ground war in Iraq could spur other governments in the region
to launch sophisticated state-sponsored information warfare campaigns.
That's the conclusion of a study published two weeks after the Sept. 11
attacks by the Institute for Security Technology Studies at Dartmouth College.
Ruth David, former director of science and technology at the CIA and now
CEO of Analytic Services Inc. in Arlington, Va., said an orchestrated
attack exploiting well-known vulnerabilities could be launched with little
regard for precise targeting, and could cause significant disruption and
financial loss to the "softest targets," the bulk of which are in the
private sector.
"Ironically, a serious attack of this type may engender even greater public
support for any military action under way and is unlikely to seriously
impede our ability to achieve military objectives," said David.
The Bush administration has formally stated that it is the policy of the
U.S. to respond to cyberattacks by any means appropriate, including
military action.
"Such an attack could significantly debilitate U.S. and allied information
networks," the Dartmouth study concluded. That report was written under the
guidance of Michael Vatis, a former director of the FBI's National
Infrastructure Protection Center.
The real change associated with such a widespread cyberconflict is the
likely expansion of the types of hacker targets, said John Pescatore, an
analyst at Stamford, Conn.-based Gartner Inc. In addition to government and
military networks, a U.S. invasion of Iraq would likely lead to the
targeting of news media organizations, said Pescatore.
"Given how media-savvy the Middle East has become, I'd expect to see the
large newspaper and television news sites targeted for both
propaganda-planting and denial-of-service attacks," he said.
A global cyberconflict is also likely to affect companies that are
considered American cultural icons, such as Microsoft Corp., American
Airlines Inc., McDonald's Corp. and other multinational companies known for
their U.S. roots, said Pescatore.
"Since Sept. 11, companies have had to re-examine the various types of
crises that can impact them, from bioterrorism to computer terrorism," said
Steve Wilson, president of The Wilson Group, a crisis management consulting
firm in Columbus, Ohio. "However, it's not just the typical hacker they
have to be concerned with now. They can just as easily be a terrorist
target as any government installation."
*************************
Computerworld
Group to examine security-flaw reporting policies
By Tom Krazit, IDG News Service
SEPTEMBER 27, 2002
A group of software vendors and security firms is teaming up to discuss
reporting strategies for security flaws, balancing the right of users to
know whether their software is flawed against the possibility that
publicizing vulnerabilities may encourage hackers.
The Organization for Internet Safety (OIS) will work to develop a system
that will set standards for the way security vulnerabilities are disclosed,
it said in a statement yesterday. In general, security companies and
independent security researchers who discover software bugs inform the
vendor of the discovery, and give it some time to develop a patch for the
flaw before releasing the information publically.
However, this is not always the case, and security vulnerabilities have
made their way into the public before the vendor had a chance to examine
the bug, or determine its importance.
An advisory board of network security managers will help the OIS realize
the needs and concerns of IT departments when reporting security
vulnerabilities, it said. Drafts of potential standards will be circulated
early next year, the organization said.
The initial companies behind the effort are @stake Inc., Bindview Corp.,
Caldera International Inc., Foundstone Inc., Guardent Inc., Internet
Security Systems Inc., Microsoft Corp., Network Associates Inc., Oracle
Corp., Silicon Graphics Inc. and Symantec Corp.
***************************
Computerworld
Online payment service PayPal hit by scam
By LINDA ROSENCRANCE
SEPTEMBER 27, 2002
During the past two weeks, online payment service PayPal Inc. has been
targeted by scam artists trying to get the personal information of its
users, including credit card data, user names and passwords.
On Sept. 16, an unsophisticated scam e-mail, slugged "PayPal Verification,"
was sent requesting users to log into their PayPal accounts "asap" to
confirm they were still active users of the service.
The e-mail said:
"We are now requesting the password to the e-mail address you signed up to
PayPal with. This is so our systems can confirm the confirmation e-mails
off PayPal stay in your account because there has been a rise in the amount
of fraudsters getting access to users e-mail addresses and deleting the
Paypal confirmations. This is to protect you and ourselves. PayPal will use
this information for fraud protection only."
The e-mail went on to say PayPal would use the information for fraud
protection only and was part of the Mountain View, Calif.-based company's
new annual process to screen out inactive accounts.
Recipients were then given a link that seemed to go to PayPal's secure
site, but was actually a fake.
Then on Sept. 25, another, more sophisticated e-mail, slugged "URGENT:
PayPal System Problems" arrived in some users' in-boxes.
That message, which arrived as an HTML e-mail set up to resemble PayPal's
Web site, said:
"Today we had some trouble with one of our computer systems. While the
trouble appears to be minor, we are not taking any chances. We decided to
take the troubled system offline and replace it with a new system.
Unfortunately this caused us to lose some member data. Please follow the
link below and log into your account to make sure your information is not
affected. Account balances have not been affected."
The hackers even offered unsuspecting users their next two transfers at no
charge.
The URL listed in the e-mail took users to an official-looking site that
asked for their personal data, including user name, password and credit
card information.
PayPal spokeswoman Julie Anderson said the company hasn't had a problem
with its site and said spoof sites are very commonplace. She said the scam
artists probably got hold of a database and sent messages to thousands of
people hoping to hit some PayPal account holders.
"[These scams] happen often, and they happen often to successful Web sites
like eBay, PayPal and other financial services sites," Anderson said.
"Fortunately, we know from experience that PayPal users are for the most
part savvy enough not to fall for them. But in the end, if they do, they
are certainly not liable for any losses."
A "whois" search on the URL used in the scam shows that it was registered
on Sept. 10 by Confinity Inc., in Palo Alto, Calif. However, Confinity,
which originally developed the technology used by PayPal, no longer exists,
and the telephone number listed has been disconnected.
As soon as PayPal learned of the scam, Anderson said, it contacted the
Internet service provider and asked it to take down the spoof sites. That
has been done.
Anderson said PayPal also notified the appropriate law enforcement
agencies, including the FBI. However, she said, PayPal didn't move to
notify its 18 million users of the problem.
Russ Cooper, a security consultant at TruSecure Corp. in Herndon, Va., said
PayPal should take steps to alert its users to the scam. He said he was
appalled that the company relied on users to determine that the e-mails
they got were bogus.
Charles Kolodgy, an analyst at IDC in Framingham, Mass., agreed, saying
most people respond to e-mails without thinking about their veracity. He
said vendors handling sensitive data should consider using technology that
would allow users to determine whether an e-mail has been sent by that
vendor and not a scammer.
Such technology, he said, could include a signature key that would be
confirmed by a trusted site, special cookie files or a unique password that
could be accessed only by the user and the vendor.
Although PayPal has a security center on its site -- complete with tips for
users, including a warning that they never share their PayPal password with
anyone -- the company should think about putting that information, as well
as a message about this scam, in a more visible position on its home page,
Kolodgy said.
**************************
Computerworld
We've all got mail: IDC predicts 60 billion e-mails a day by 2006
By Gretel Johnston, IDG News Service
SEPTEMBER 27, 2002
As if the strain that spam and e-mail alerts are putting on in-boxes
weren't enough already, expect even more in the coming years as the overall
number of e-mail messages doubles from 31 billion a day now to 60 billion a
day by 2006, market researcher IDC predicts.
Not surprisingly, the increase won't be messages from friends and loved
ones. Of the 31 billion e-mail messages that now move across the Internet
and private networks daily, about two-thirds are person-to-person
communications; the rest is made up of spam, notifications and alerts for
information such as stock prices and sports scores. By 2006, a little over
half of the 60 billion messages sent daily will be person-to-person, said
Mark Levitt, vice president of IDC's collaborative computing program.
To ensure that e-mail remains a valuable business tool, e-mail software
vendors and users will have to find ways to quickly access the most
important and timely e-mail messages, said Levitt, who co-wrote a recently
published IDC study on e-mail usage with Robert Mahowald, research manager
in IDC's collaborative computing program.
As a result of the e-mail onslaught, users will demand message filtering
technology, IDC concludes in the report, titled "Worldwide E-mail Usage
Forecast, 2002-2006: Know What's Coming Your Way." The report examines how
e-mail has been and will be used for business and personal purposes. It
looks at e-mail usage in North America and worldwide markets, and it breaks
down users by type and primary access methods and sent e-mails by purpose
and type.
The study aims to help develop an understanding of how e-mail will evolve
in light of other newer communication tools, such as instant messaging,
Levitt said. It examines what type of communication is appropriate in a
particular situation, and it takes into account that there's often a human
factor when new technologies encroach on old ones.
The research also indicates that Web browsers will remain the primary
access method for all e-mail worldwide through 2006. This is significant,
Levitt said, because employees who use an e-mail client such as Microsoft
Corp.'s Outlook for business e-mail may be using a Web browser to access
their private e-mail. As their comfort and familiarity with browser-based
e-mail access grows, it could result in demands that their employers switch
to that method, Levitt said.
IDC, based in Framingham, Mass., is a division of International Data Group,
parent company of IDG News Service.
**************************
USA Today
China refuses electronic trash it says came from the USA
BEIJING (AP) Bristling at being used as a dump for scrap electronics,
China has moved to send back more than 400 tons of computers and office
equipment that it said arrived from the United States and went unclaimed
for more than two weeks.
Customs officers in Wenzhou, in eastern China's Zhejiang province, sent the
22 containers, each 40 feet long, away on a ship this week and said they
want to make sure the shipment was returned to where it came from, the
official Xinhua News Agency reported.
"As the address and telephone number on the shipping bills are fake, we
believe this is most likely a deliberate move to transfer electronic
garbage," said one officer, quoted by Xinhua.
The containers, dubbed "electronic products," arrived in Wenzhou on Sept.
11 from the United States, Xinhua said.
When nobody claimed them, customs officers opened the containers and found
scrap computer monitors, keyboards, copiers and color TV sets, Xinhua said.
It said such items were both harmful and, under Chinese law, banned from
entering the country.
***************************
USA Today
Delay sought for Internet radio broadcaster payments
WASHINGTON (AP) Small Internet radio stations should get an extra six
months before being forced to pay royalties to the musicians whose songs
they are playing, the chairman of the House Judiciary Committee says.
Rep. James Sensenbrenner, R-Wis., introduced legislation late Thursday that
would delay until April 20 fees set by the U.S. Copyright Office on
Webcasters this summer.
The copyright office decided in June that Webcasters have to pay 70 cents
per song heard by 1,000 listeners starting October 20.
While the recording industry wanted more, many Webcasters say that the rate
is too high and will put them out of business.
Traditional radio broadcasters are exempt from paying the new royalties,
which would go to compensate artists and music labels for using their
songs. Over-the-air radio stations use a rate based on a percentage of
revenue to pay performers and record labels.
Internet radio either simulcasts of traditional over-the-air radio or
Internet-only stations streamed through the Internet to computers is
becoming more popular at offices and homes as people get high-speed
computer connections. It is expected to move more into the mainstream as
wireless devices proliferate, allowing listeners to tune in while walking
or driving.
******************************
Los Angeles Times
Internet Draws the Prying Eyes of the Voyeur
By KATHLEEN KELLEHER
September 30 2002
Word to women: If you are in the state of Washington, wear pants. Two
Washington men who were convicted of violating the state's voyeurism
statute for secretly taking pictures up the skirts of women and little
girls successfully challenged the law earlier this month. The use of what
has been called "upskirt cams" and "upskirt voyeur photography" is
"reprehensible" and "disgusting," the state Supreme Court ascertained, but
secretly taking photos up women's skirts in public places is not criminal.
The state's "voyeurism statute, as written, does not prohibit upskirt
photography in a public place," Justice Bobbe Bridge, one of four women on
the state Supreme Court, wrote in a unanimous opinion. The language of the
law fails to explicitly protect people from being photographed in public
places, the justices noted, where people don't have a reasonable
expectation of privacy.
Apparently, an expectation of privacy for the interior of one's skirt--worn
explicitly to conceal one's private parts--is not reasonable.
(After police caught a man taking upskirt videotapes at Disneyland and
could not charge him with doing anything illegal, California legislators
passed a law in 2000 that made it illegal to take surreptitious photographs
or videotapes of a "person's private parts" or undergarments.)
Time was when a peeping Tom's only means for peeping was a drilled hole in
the wall of a girls' bathroom, but the technology of fish-eye cameras the
size of a pea and the wide world of the Internet have greatly expanded a
voyeur's opportunities.
Voyeuristic behavior exists on a continuum in our society from a person
passing a window and noticing someone undressing, to viewing scantily clad
actors parade on television, to the hard-core, compulsive voyeurs for whom
surreptitiously looking up someone's skirt, down a blouse or at snapshots
of undergarments becomes the primary sexual experience, said Al Cooper,
director of San Jose Marital and Sexuality Centre, a mental-health
treatment facility in Santa Clara.
Voyeuristic Web sites are the fastest-growing areas of Internet sexuality,
said Cooper, editor of the newly released "Sex and the Internet: A
Guidebook for Clinicians" (Brunner-Routledge), one of the first
professional books of its kind with contributions from leading clinicians,
scholars and academics.
The two general categories of Internet voyeurism, said Cooper, are
photographic shots of unsuspecting women in compromising positions such as
the upskirt, downblouse and bathroom shots, and live streaming videotape of
such things as couples having sex and women performing their own activity.
The voyeur who cannot control the impulse to gaze at sexual images of an
unsuspecting person for the purpose of sexual gratification has what
psychologists and psychiatrists call a paraphilia, "a condition in which a
person's sexual arousal and gratification depend on fantasizing about and
engaging in sexual behavior that is atypical and extreme," Cooper said.
For a voyeur whose behavior qualifies as a paraphilia, the Internet is the
equivalent of a drug to an addict. "The Internet, in part, is creating this
problem," said Fred Berlin, an associate professor of psychiatry at Johns
Hopkins Medical School, who added that some people stumble upon the sexual
images when they go online and discover the images are arousing.
No one knows how many people develop cases of pathological voyeurism, but
25% of Internet users engage in online sexual activity, Cooper said. Of
that 25%, somewhere between 8% and 15% develop compulsive sexual behavior
problems that significantly disrupt their lives, he said. Voyeurism is a
learned behavior, almost completely a male penchant, and it sometimes
starts innocently enough in adolescence.
"It is a normal adolescent prank to peep in a girl's window or bathroom,"
observed forensic psychologist Clark Clipson, an evaluator of sex offenders
for the state of California based in San Diego. "It is a sexual outlet that
is safe when all the other avenues are not available. The repeated
association of sexual gratification with peeping can turn it into a sexual
fixation. Part of the arousal for the voyeur lies in the power and control
over the victim who doesn't know she is being watched."
Though voyeurism bears an element of hostility, said Clipson, rarely do
voyeurs go on to commit hands-on sexual offenses. "These guys generally
don't want to be caught or seen," he said. "They would be horrified if
their victims found out. The idea of actually going on to rape someone is
so completely foreign to them." There are some voyeurs who use the images
purely for sexual gratification. For others, the sexual behavior is an
indirect outlet for repressed aggression.
Like any compulsive sexual behavior, said Jennifer Schneider, an addiction
medicine physician in practice in Tucson, voyeurism involves the
objectification of a person or an anatomical part. Nothing demonstrates
that better than the black band obscuring the identity of many of the women
featured on the voyeuristic upskirt, downblouse and undergarment-peeping
Web sites. Voyeurism distances the voyeur from intimacy.
"Voyeurs have to learn how to have real intimacy," said Schneider.
"Obviously, when you are focusing on upskirt or downblouse you are focusing
on the anatomy, not the person." Schneider, who co-authored "Cybersex
Exposed: Simple Fantasy or Obsession?" (Hazeldon, 2001) with Robert Weiss,
a Los Angeles sex addiction therapist, said that though voyeurs insist
their penchant for looking does no harm, evidence suggests otherwise. In an
anonymous online survey of 100 "cybersex addicts" and 100 partners of users
of online sex sites, including voyeuristic ones, Schneider and Weiss asked
how participants thought the online activity affected their sex lives.
Two-thirds of participants said that because of the online activity they
had no sex life or a lousy one.
"Online users said that they found the sex life with their partner boring
or that after looking at images ... they were physically unable or
uninterested in sex with their partner," said Schneider, who added that
stress often drives voyeurs to engage in the behavior. "The partners said
that they were asked to do things they did not feel comfortable doing,
things the online user learned on the Internet. They also said they felt
they could never compete sexually with what's available on the Internet."
For the hard-core voyeur, the path back to real intimacy is not unlike the
path for other addicts, said Berlin, who wrote a chapter titled
"Paraphilias and the Internet" for the book "The Internet and Sex." People
who are compulsive voyeurs "have to recognize that the behavior has to
stop," said Berlin, who added that there are ways to curb the addiction.
Some people take drugs that suppress their sex drive, some block their
computer and some give their wives the code. "They have to be in a
supportive environment where they can speak openly about it when
experiencing a craving. Things can be done from a mental health
perspective. But the public doesn't know about them. When is the last time
you heard an advertisement about where to go if you are struggling with
difficult sexual cravings?"
*****************************
Los Angeles Times
State Prosecutors Trying to Delete Spam
Internet: The attorney general's office hopes to use a 1998 law to save
residents from annoying e-mail solicitations.
By JEAN GUCCIONE
September 28 2002
State prosecutors are taking their first swing at curtailing the daily
barrage of unwanted e-mails received by California residents.
They have sued a Los Angeles-area company, PW Marketing LLC, which
allegedly has sent millions of junk advertisements via the Internet in
recent months. The company and its operators could be fined at least $2
million if the state wins, according to prosecutors.
Other companies and individuals involved in the practice commonly known as
"spamming" are also under investigation, state officials said.
But Paul Willis, who prosecutors said is one of the operators of the
company, boasted Friday that officials could not hurt him.
"They can shut me down. I don't care," he said.
"The worst thing they can do is get a civil judgment against me," he said.
"I'm not dumb enough to keep any assets in my name," he said. "Neither is
Claudia," he added, referring to Claudia Griffin, who is named in the suit
as the company's co-operator. The two live in Canyon Country, according to
court papers.
Individuals have used the state's 1998 anti-spamming law to sue--sometimes
in small-claims court--to stop unwanted commercial solicitations. Friday's
civil lawsuit against PW Marketing, however, is the first attempt by Atty.
Gen. Bill Lockyer's office to enforce the law.
Under California law, unsolicited commercial e-mails must be designated on
the subject line with an "ADV" for advertisement or "ADV:ADLT" for adult
advertisement. They also must contain a toll-free telephone number or valid
e-mail address for consumers who want to stop all future e-mails from that
company, and firms must honor consumers' requests to have their e-mail
address removed from their lists.
Each violation carries a civil penalty of up to $2,500.
As part of the statewide enforcement efforts, consumers are being asked to
forward illegal e-mails to the state attorney general's office for possible
prosecution. To help in their efforts, state prosecutors have created a
form on their Web site, ag.ca.gov/spam/, for filing spamming complaints
with the office.
"Spamming is the scourge of the Information Age. It burdens the Internet
system, costs individuals and businesses an estimated $8 million a year and
is extremely annoying to those who find their e-mails clogged with
electronic junk mail," Lockyer said in announcing the suit. "In filing this
action, we are sounding a warning that we will track down and prosecute
those who send illegal spam."
According to the attorney general's lawsuit, PW Marketing solicited
consumers to buy an online book called "Guide to the Professional Bulk
Email Business" for $39 that would provide readers with information on
"stealthing capabilities ... anonymous servers ... [and] anti-spam sites to
see what the other side is up to."
Prosecutors allege the defendants violated the state's spam law, used a
false address in advertising, failed to disclose required information and
engaged in untrue or deceptive advertising and unfair business practices.
Willis denied "most of the allegations," saying he hired another company to
send out the e-mails for him. He said he closed down his company three
months ago and that he and Griffin are getting out of that business.
The case was filed in Santa Clara County Superior Court because residents
of that county alerted authorities to the alleged violations.
While state prosecutors are aware of many potential violators, Deputy Atty.
Gen. Ian K. Sweedler said a case must first be built. "I had to find
evidence that [the e-mails] were actually received by residents in
California," he said. "I can't file a complaint just based on suspicion."
The challenge in prosecuting such cases is twofold. First, the
evidence--e-mails most people delete without a second thought--must be
collected from dozens of consumers, establishing clear violations of the
law, Sweedler said. The second stumbling block is locating the perpetrators
and tying them to the evidence.
Most spammers use forged routing information to make it appear as though
they are sending e-mails from outside of the country when, in fact, they
originate elsewhere, Sweedler said. They also tap into Internet service
providers without authorization, making it more difficult to track them, he
said.
In this case, Sweedler said he got a break because PW Marketing took orders
from customers using a Canyon Country fax number. He declined to say how
many alleged violations he has gathered against that company, but said the
latest is dated Sept. 8.
In January, the 1st District Court of Appeal in San Francisco upheld the
constitutionality of the spam law, saying it did not burden interstate
commerce.
In that case, attorney Ira P. Rothken of San Rafael represented the
defendant, Friendfinders Inc., which was sued by Mark Ferguson for
allegedly sending him unsolicited e-mails that were deceptive and misleading.
Rothken said the law does not ban unsolicited e-mails but rather requires
senders to format the e-mails. The allegations against PW Marketing, he
said, "are much more serious than sending spam" because they include
deceptive business practices.
With the help of activists involved in anti-spamming efforts, Sweedler
said, his office has received 100 to 200 forwarded e-mails daily from
consumers, for a total of about 6,000 to date.
The office is seeking examples of spam received by California residents and
delivered via servers in California that give an indication that the
company is operating in California, such as a local phone number or address.
***************************
News Factor
What's New on the Open Source Front?
The early days of the open source movement saw the introduction of such
widely used products as Sendmail, Apache, Perl and Linux. Since that time,
many new programs either have been developed as open source or have been
released into the open source community by software vendors, and still more
projects are in the works. But the direction of the open source movement is
far from clear. [The Complete story, see:
http://www.newsfactor.com/perl/story/19532.html#story-start]
*******************************
Info World
Govt. to unveil top 20 vulnerabilites
By Paul Roberts
September 30, 2002 7:22 am PT
THE FOCUS WILL be on fixes this Wednesday when the U.S. General Services
Administration (GSA) unveils its list of the top 20 Internet security
vulnerabilities to a gathering of government chief information officers and
IT professionals. The meeting, which is to be held Wednesday at the offices
of the GSA in Washington, is expected to be attended by around 350 people,
most from within the ranks of the government IT community. [For complete
story, see:
http://www.infoworld.com/articles/hn/xml/02/09/30/020930hngsa.xml?s=IDGNS]
*************************
Wired News
Hazmat Haulers Keep on Truckin'
By Louise Knapp
A security system designed to protect trucks carrying hazardous material
from would-be hijackers is gearing up to enter the fast lane.
The in-dash system, which looks like a car stereo, comes with typical
security features like voice authentication, GPS tracking and automatic
alarm relay, but its circuitry harbors a few totally new capabilities as well.
One is the system's ability to create a virtual fence. Basically, when a
truck veers from its route or tries to enter an area it shouldn't, the
engine automatically shuts down.
"If, for example, the federal government decided it doesn't want any trucks
carrying hazardous material coming into Washington, it can put a virtual
fence around it," said Bob Schumacher, business line executive of wireless
products at Delphi Corp., where the system was developed.
"We download the GPS coordinates of this virtual fence into the truck's
computer, and then if the truck enters this area a message is sent to the
vehicle and the throttle is cut back to idle."
Delphi's system, called TruckSecure, seems to make sense in these times of
heightened security, but truckers aren't convinced they need this extra
protection.
"We've been operating without it for 50 years without any problem," said
Tom Buckner, director of Ibis Tek, a company that manufactures security
vehicles.
Robert Hackley, manager of e-business at Seneca Tank, a manufacturer and
supplier of petroleum tanks, agrees. "We've never had a terrorist attack on
a fuel truck, so it's hard to quantify the risk," Hackley said.
Hackley did say, however, that if a terrorist hijacking on a truck did
occur, that might change his mind. "I'm sure if there was one, there would
be a huge rush for these things," Hackley said.
But Schumacher contends that the threat is immediate.
"There are 350,000 trucks on the road carrying hazardous material every
day," he said. "A terrorist could easily attach an incendiary device to one
of these trucks and burn down a building."
Schumacher said it's not just a theory that terrorists target fuel trucks.
He cited the April 11, 2002, attack on a synagogue on Djerba Island,
Tunisia, that killed 21 people, including 14 German tourists. The attack,
an apparent suicide bombing in which a truck laden with explosives blew up
right outside the building, was allegedly carried out by members of an al
Qaida splinter group.
TruckSecure operates on a hierarchical security system. "One level of
security doesn't work, as no one thing is perfect. You need multiple
barriers like you see at the airport," Schumacher said.
The first step is driver authentication. To start the truck, the driver has
to say the password into the system's microphone or type it into the
system's keyboard.
The second is a vehicle location monitor. The truck can be remotely tracked
from the service station to ensure it is on its scheduled route. "We call
up the cell phone embedded in the vehicle and ask for GPS coordinates,"
Schumacher said.
The third level of security is the virtual fence.
The fourth is alert escalation. "It's an automatic signal that could be
sent to law enforcement to say, 'Hey this truck has been hijacked. It has
departed from its route and is heading toward a tower or a synagogue or the
White House,'" Schumacher said.
The fifth level is mitigation. At this point the truck has been hijacked,
is off its intended route and an alert has been issued.
"But you know it is going to take some time for people to get there. In
this situation you can wirelessly send a signal to stop the truck,"
Schumacher said.
Not surprisingly, some have concerns about all the gadgetry incorporated in
the system.
"I could see problems with this," Hackley said. "The system could fail,
ending up with trucks cutting out on the freeway and brakes failing. This
could be disastrous."
Schumacher said that such problems are always remotely possible, but he
also cited his company's 20 years of experience installing computers in
vehicles.
"Even if something were to go wrong, then the driver can reset (the system)
using his password or, at worst, the service center could do so,"
Schumacher said.
Tony Chrestman, senior vice president of Ruan Transportation, a company
that transports corrosive material, said the system promises more benefits
than downsides.
"It's a professional driver piloting these trucks," Chrestman said. "The
engine might stall out, but this is always a risk, and the driver is
trained to take the necessary emergency measures."
Chrestman said he would like to see TruckSecure installed on all trucks
carrying hazardous material.
Mike Russell, spokesman for the American Trucking Associations, agreed --
with one proviso: "If it's not cost-prohibitive then the industry would
look into it."
The system will cost more than $1,000 per truck.
Schumacher said that with the backing of government and industry Delphi
could have the system ready in a year.
****************************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx