[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips November 1, 2002

Clips November 1, 2002

ARTICLES

12-Hour Rule Expires Today; Distance-Education Providers Had Long Sought Its Demise
U.S. should fund R&D for secure Internet protocols, Clarke says
Computer Programmer Fired In Pick Six Investigation
NYC tackles cell phone etiquette
The Pinch of Piracy Wakes China Up on Copyright Issue
China Beefs Up Biz With Dot-Cn
Software heals systems while they work
Blog to Court: Check Your Facts
Report sets e-gov measuring stick
'Sensitive' label strikes nerve [Gov. Info. Classification]
Agencies' port security efforts called 'insufficient'
FBI director says industry must do more to prevent cyberattacks
FBI chief: Lack of incident reporting slows cybercrime fight
New Wi-Fi security would do little for public 'hot spots'
ICANN ends Shanghai meetings by passing reforms
Web Oversight Group Changes Election [ICANN]
U.S. software-piracy rate rose slightly in 2001, study shows
Hacking Victims' ID to Stay Secret
Europe's cops can't collar cybercriminals
RIAA Scores Victory in Aimster Case [Piracy]
Will high-tech save or sink future elections?
Candidates use, misuse technology
European Commission favours broadband subsidies
English standards slip due to SMS usage
Huge tides of daily internet use wash over South Korea
Pressure Grows For IT Security Pros

************************
The Chronicle of Higher Education
12-Hour Rule Expires Today; Distance-Education Providers Had Long Sought Its Demise
By DAN CARNEVALE

The U.S. Department of Education is issuing a final regulation in today's Federal Register to kill a once-obscure financial-aid restriction that had become a source of repeated complaints. Distance-education providers have been calling loudly for the rule's demise for several years, arguing that it prevented them from developing innovative online programs.

The regulation, which affected many distance programs, required higher-education programs that did not operate in a standard semester, trimester, or quarter system to offer a minimum of 12 hours of course work a week if their students were to be eligible for federal financial aid. The rule is being replaced with a regulation that says institutions must offer at least one day of instruction a week to qualify for aid.

Although the meaning of "one day" has never been defined, the one-day rule has long been the requirement for college programs that operate in a traditional calendar format. The Education Department's action today simply extends the requirement to nonstandard programs.

The move, which comes after years of heated debates, was widely anticipated. (See an article from The Chronicle, September 6.) But few institutions have indicated that they will make changes with their newfound freedom.

Distance-education providers argued that the 12-hour rule needed to be abolished so they could offer courses that working adults, the primary customers for distance education, could take according to their own schedules. But critics argued that getting rid of the 12-hour rule would lead to a resurgence of the fraud and abuse that the regulation was intended to prevent.

"Most of the comments we received supported the proposed change that would eliminate the so-called '12-hour' rule," reads the department's notice in the Federal Register. "Most commenters were very supportive of the proposal to use a single standard for all educational programs by extending the current 'one-day' rule."

None of the people who said they disagreed with the proposed change suggested any other alternatives, the notice says.
********************************
Government Computer News
U.S. should fund R&D for secure Internet protocols, Clarke says
By William Jackson


Presidential cybersecurity advisor Richard Clarke today renewed his call for government funding to support R&D for more secure Internet protocols.

Clarke told reporters that security and reliability of the basic protocols underlying the Internet have not received enough attention because no one has a proprietary interest in them.

"We have begun to think about the tragedy of the commons," the economic theory that no one takes responsibility for property that is held in common, he said. "The commons of cyberspace are the protocols. The question is, what is the role of the U.S. government in regard to this?"

The draft National Strategy to Secure Cyberspace, released in September by the President's Critical Infrastructure Protection Board, headed by Clarke, says the role should be financial support. The strategy recommends funding in fiscal 2004 for research on security for intrusion detection, applications and protocols.

The challenges of creating secure versions of basic Internet components such as the Domain Name System, which came under attack in October, and the Border Gateway Protocol, have been discussed for years. "But nothing much has happened," Clarke said, because nobody is funding the work.

Clarke said he has been in talks with the security group of the Internet Engineering Task Force. Though wary of government control, IETF agrees that federal money would help the task of developing secure protocols and creating testbeds to test them.

Although funding would depend on Congress, which has yet to pass most of the 2003 budget, Clarke was optimistic that money would be available.

"We're probably talking about a few million a year to support IETF," he said.

Clarke met with representatives of the European Commission in Brussels this week. He said the commission expects to form a European Network Security Agency next year to deal with similar matters.
****************************
Washington Post
Computer Programmer Fired In Pick Six Investigation
By Greg Sandoval and John Scheinman
Friday, November 1, 2002; Page D01

ALBANY, N.Y., Oct. 31 -- A software programmer at Autotote, the company responsible for the computer systems that collected and processed wagers for Saturday's Breeders' Cup thoroughbred racing championships, manipulated software to trigger a winning $3 million payoff for a Baltimore man, company executives said today.

The company has fired the employee and turned over his name, as well as all information uncovered during an internal investigation, to New York State Police and the New York State Racing and Wagering Board, said A. Lorne Weil, chairman and chief executive of New York-based Scientific Games Corp., the parent company of Autotote.

Weil did not disclose whether the unidentified employee had been arrested.

He also declined to say whether the winner of Saturday's Ultra Pick Six bet, Derrick Davis, 29, of Baltimore, had been implicated in the alleged fraud.

"The good news, if there is any, is our detection system worked the way it should have," Weil said in a conference call in which he declined to take questions from reporters. "No money was paid or changed hands."

The bet placed by Davis{ndash}on a telephone keypad through his recently opened account with the Catskill Region Off-Track Betting Corp. in New York, and not to a live operator -- raised immediate suspicion after the races at Arlington Park outside of Chicago. Davis isolated single horses on his Pick Six ticket in the first four races -- including long shots that went off at odds of 26 to 1 and 13 to 1 -- then bet all the horses in the final two legs.

Further, Davis played the wager in a $12 denomination, which enabled him to collect a payout of $428,392 six times, plus consolation wagers for picking five of six races. He was the only bettor to hit the Pick Six.

The consolation payoff for hitting five of six races was $4,606.20. Each of the 72 other holders of those tickets, which have not been paid out, should now collect an additional $35,699.

Attempts by The Post to reach Davis were unsuccessful today. He was quoted, however, in Thursday's New York Post as saying he was innocent of any wrongdoing: "If they got proof that I did something wrong, then show it to me. If not, give me my money."

Weil did not divulge any known relationship between Davis and the software programmer, who took advantage of a glitch in the way wager information is transmitted.

The programmer "had a password into the system and the ability to do what he did. He could have altered the ticket internally," Weil said.

While Davis placed his winning wager around 2 p.m. Saturday, well before the start of the first leg of the Pick Six, the Breeders' Cup Mile, the individual data was not transferred from the Catskill OTB to the host network at Arlington Park until after the fifth leg of the Pick Six races.

In any other bet type, the data is immediately sent to the host site. The vast amount of data associated with the Pick Six, however, cannot be moved from all the satellite account-wagering locations at the same time without causing disruptions to the Autotote computer system, Weil said.

"Our people were equally certain that this bet was entered well before the stop betting" deadline, said Weil, whose company has handled $150 billion in wagers over the past 10 years. "I considered it absolutely impossible -- as did our technical people" to hack into the system.

Asked whether other frauds could have been perpetrated on the Autotote system, a Scientific Games Corp. spokesman said, "We have no reason to believe there are any other situations that require investigation."

Whether it could happen again is another question. On Saturday, Santa Anita in Arcadia, Calif., will offer a $1 million Pick Six wager handled by Autotote. The vulnerability in the system still exists, Weil acknowledged, but he said that his company will be watching future races closely until a fix can be found.

"The question is how to prevent this from happening again," Weil said.

The Jockey Club, a Kentucky-based industry organization, plans to organize a task force to seek a way to transmit Pick Six wagering data to the host site without delay.

The details of Davis's bet touched off a wave of skepticism among bettors.

The New York State Racing and Wagering Board received a flood of calls from people who wanted to share their theories on how fraud might have been committed, said Stacy Clifford, spokeswoman for the board.

The Catskill OTB received complaints as well.

"Hi . . . Can I still make a wager on the Breeders' Cup Pick Six with your company?" read one post on the company's Internet message board.

Don Groth, president of the Catskill OTB, initially said that Davis made his bet legally and should be paid. Today, however, he said he was "shaken by the news."

"I deeply regret this," Groth said. "I am grateful to Autotote for removing a human weakness from the parimutuel system."

Asked what the finding of fraud means for Davis, his customer, Groth said, "It is unlikely he will be getting paid."

National Thoroughbred Racing Association President Tim Smith and Breeders' Cup President D.G. Van Clief Jr., who initiated the request for a probe by the New York State Wagering Board, could not be reached to comment.

Trading of Scientific Games Corp. stock was temporarily suspended yesterday.

Groth said he maintains confidence in the company, but is concerned about the ability of people to penetrate what is supposed to be an airtight system.

"We're open for business," Groth said. "We continue to have faith in the company. The only thing I can imagine is that such a thing [could happen] in many places and it may not be a single incident."

Scheinman reported from Washington.
*************************
USA Today
NYC tackles cell phone etiquette
By Charisse Jones, USA TODAY

NEW YORK New York City is lobbing the latest volley in the war on cell phones and could be first in the nation to penalize anyone chatting during a movie, concert or Broadway show.

With 135 million people using cell phones across the country, the device has been celebrated, denigrated and increasingly regulated. Up to now, the concern primarily was whether cell phones are a dangerous distraction while driving. But New York City's proposed law shifts the debate over cell phones beyond the realm of public safety and into the arena of social etiquette.

The City Council could consider the measure next month. Councilman Philip Reed is optimistic it will pass, though a few council members have expressed concerns. The bill would impose a $50 fine on anyone who dials up or fails to turn off the phone's ringer during an indoor performance, be it at a library, art gallery or concert hall.

Eleven local jurisdictions in the nation currently penalize or restrict the use of cell phones while driving. Brooklyn, Ohio, the first city to pass such a law, has issued 809 tickets since September 1999. Last November New York became the first state to prohibit motorists from holding cell phones while driving, and New Jersey may soon become the second. The governor is trying to enact such a ban by January. The state has already restricted the use of cell phones by school bus drivers and those with provisional driver's licenses, and the broader ban has bipartisan support, says a spokesman for the governor.

While many a moviegoer has suffered the annoyance of a ringing cell phone, some believe legislating cell phone etiquette goes too far.

"It is highly annoying when a cell phone goes off," says Kevin Brewer, a 31-year-old actor who had just switched off his cell phone while standing in the lobby of a Times Square movie theater. "That shouldn't happen. But as far as a law with a fine, that's a little harsh. It's just common respect to turn it off, or on to vibrate."

Travis Larson, spokesman for the Cellular Telecommunications and Internet Association, called the proposal "a blunt instrument trying to fix a fairly small problem."

"We can't outlaw rude people," Larson says. "We can only hope to educate them. cell phones already come with a large number of tools to make them less invasive in public spaces."

However, there's also a burgeoning effort to stop the growing number of local laws and ordinances that restrict cell phone use while driving.

Six states have overridden such laws or prohibited local jurisdictions from enacting them. This year, Florida and Mississippi passed laws banning local restrictions. Oklahoma and Oregon have also imposed such prohibitions. In 2000, a Pennsylvania county court overturned one township's ban on using a hand-held cell phone while driving, saying only the state could set driving regulations.

And in March 2001, the Massachusetts attorney general said the Boston suburb of Brookline could not enforce its restriction because state laws allows the use of a cell phone as long as one hand remains on the steering wheel.

Legislators argue that there should be continuity throughout their state instead of a patchwork of local restrictions. But some also say more information is needed about how much danger is posed by driving and talking on a cell phone.

It is "very important to find out just where the use of cell phones stands as a distraction," says Florida state Sen. Jim Sebesta. "Is it a serious problem or is it not? And at this point, it's anyone's guess."

Because cell phones enable people to quickly report emergencies, for instance, it is difficult to get consensus on whether to regulate them, experts say. Particularly in the wake of last year's terrorist attacks, when cell phones were a lifeline between victims and their loved ones. This year, 31 states considered passing restrictions on the use of cell phones while driving, says Matt Sundeen of the National Conference of State Legislatures. So far, none has passed.

"What you've got with cell phones, which you didn't have with seatbelts or drunk driving or similar traffic safety topics, is there's a lot of utility to having a cell phone," Sundeen says. "It's not like it's just a useless tool out there annoying a lot of people. ... And that's why you don't see a lot of these cell phone bills passing."

Yet a tug of war continues. Even as Amtrak provides "quiet cars" where no cell phones are allowed, companies are working on technology that would allow cell phones to be used on commercial flights without interfering with an airliner's electronics. And while talk of cell phones as a public nuisance is a vastly different discussion than whether they are a potential danger on the road, Sundeen says concerns about both are fueling such measures.


Councilman Reed says he introduced his proposal after hearing from people whose evenings were marred by loquacious cell phone users. He says police would not have to spend all their time ticketing talkers. Rather the law would give theater patrons leverage to deal with those who are less considerate.

"People feel empowered to at least speak up if there's a law that says you can't do this," Reed says. "It's probably the most popular thing that I've ever introduced."
**************************
New York Times
November 1, 2002
The Pinch of Piracy Wakes China Up on Copyright Issue
By JOSEPH KAHN

SHENZHEN, China, Oct. 30 When the members of the preview audience showed up at China's fanciest new movie theater here this week, they were treated to much more than just the first look at Zhang Yimou's big-budget martial-arts film, "Hero."

Viewers had identity card numbers inscribed on their tickets. They were videotaped as they entered the theater's foyer. They handed over all cellphones, watches, lighters, car keys, necklaces and pens and put them in storage. Before taking their seats, they passed through a metal detector. Then they got a welcoming address.

"We are showing this preview for your enjoyment tonight," announced Jiang Wei, an executive with the film's Chinese distribution company. "I plead with you to support our industry. Please do not make illegal copies of this film."

Anyone in China who makes movies, writes books, develops software or sings songs for a living knows that popularity is barely half the challenge; such people must also fight intellectual piracy.

In a country where more than 90 percent of the movies, music and software are illegal copies sold for a fraction of the original price, Chinese artists have begun to join big foreign interests like Microsoft and AOL Time Warner to protest China's seemingly limitless capacity to make cheap knockoffs.

The local effort is not going to solve the problem right away. The United States trade representative's office grouped China with Paraguay and Ukraine this spring as among the worst copyright violators in the world.

Still, the tone has changed. Throughout the 1990's, intellectual property was mainly seen as a trade dispute pitting the wealthy West against the developing East. It's now also a domestic struggle, with local stars complaining that they get little fortune from their own fame.

"After the release, we often have only three days before the pirate copies hit the market," said Mr. Jiang of New Pictures distributors, which handles Mr. Zhang's movie releases in China. "The industry can't survive that."

The belt-and-suspenders security procedures during the limited release of "Hero" at New South Country Cinema here, just across the border from Hong Kong, were aimed at protecting what China's film industry hopes will be the biggest martial arts sensation since "Crouching Tiger, Hidden Dragon." The movie, with an all-star cast led by Jet Li, cost $30 million, making it China's most expensive film production to date. Beijing will submit it to the Oscars as a candidate for best foreign-language film. Miramax, a division of Disney, has bought the international rights.

Security guards heightened the drama at the theater. They ordered people to leave behind jewelry and pens to protect against "needlepoint" digital camcorders, though varying descriptions of how such devices worked sounded more like something Q made for 007 in a James Bond movie than a common pirate's tool. Uniformed policemen roamed the aisles during the film. A few sat in front of the screen and watched the audience with what appeared to be night-vision binoculars.

The intense scrutiny prompted a few complaints, but also some sympathy.

"Zhang Yimou is not about to go hungry," said Zhu Dazhong, a 48-year-old Shenzhen retailer who saw the preview. "But if he makes a good movie, people should pay a little money to see it. The quality of the pirate copies stinks anyway."

China's creative industry has been hit hard by the failure to enforce copyright laws. Artists and their lawyers say piracy has worsened since China joined the World Trade Organization late last year and pledged to meet international standards for protecting intellectual property.

"The Touch," an action-adventure film, was a recent casualty. At the release of the film in Shanghai in August, Michelle Yeoh, who produced and starred in it, boasted about how bodyguards protected the original film reels. When the show moved from theater to theater, Ms. Yeoh said at the premiere, the reels were to travel separately so pirates who got their hands on one reel could not copy the whole film.

Nonetheless, DVD copies were available on the black market four days after the nationwide release that month, and ticket sales slid fast.

A popular folk music group, Yi Ren Zhi Zao, or Made by Yi, had an even shorter run with its latest CD. A pirated disc made from a tape released early hit the market before the authentic version was in stores.

There are now 41 pirated versions of the album, said Zhou Yaping, who runs the group's production company, based in Beijing. He said many were sold openly in top department stores. The legal CD has a 1.2 percent market share, he said.

"Our hard work and money were stolen and sold cheap," Mr. Zhou said.

Foreigners have hardly been spared. Microsoft's latest operating system, Windows XP, was selling for 32 yuan, less than $4, in the back alleys of Beijing's technology district before Microsoft formally released the $180 legal version for the China market earlier this year.

What is presented as the fifth installment of the Harry Potter series, "Harry Potter and the Leopard Walk Up to Dragon," has already reached Chinese bookstores. Though the cover attributes the book to J. K. Rowling, the British author, her publisher says the official version its title and subject matter will be different will not be available until next year. The Chinese edition is an inventive fake.

Altogether, the International Intellectual Property Alliance estimates that Chinese piracy costs foreign companies about $2 billion a year, or roughly a quarter of the total global losses attributed to copyright violations.

But while Chinese copyright holders probably do not lose as much money, local outrage generates more publicity than foreign pressure. A flurry of domestic lawsuits has attracted regular attention.

The country's two leading Internet portals, Sohu.com and Sina.com, sued each other, each accusing the other of stealing content. Mr. Zhou, of Yi Ren Zhi Zao, sued Chinese factories for manufacturing the illegal CD's. He won damages of 300,000 yuan, about $36,300, in a Beijing court.

Even the Buddhist monks of the famed Shaolin Temple have joined the fight. The temple pioneered Shaolin boxing, which evolved into kung fu. It has sought to trademark its name and has flung lawsuits against companies that use Shaolin as a brand, including one maker of canned pork.

Whether the lawsuits and publicity will slow the piracy remains to be seen.

The government has sought to demonstrate that it is finally taking the matter seriously. In August, the state-run China Daily tallied the exact number of pirated video and audio discs, 43.45 million, that had been destroyed in a crackdown so far this year.

But at a huge electronics bazaar in Shenzhen, not far from the movie theater that showed Zhang Yimou's premiere, vendors offered a cornucopia of China's latest releases for about a dollar each. "Together," the latest Chen Kaige film, which hit local movie houses in late September, was for sale in the top-quality DVD-9 format.

Legitimate DVD movies cost at least five times that much, and few were on sale at the bazaar. First-run movie tickets in China go for 30 to 50 yuan, about $4 to $6, depending on the show and the quality of the cinema.

"Hero" was not available on the black market yet. But Mr. Jiang, of the distribution company, said that despite the extensive security, he was still nervous.

"I won't be at ease until Nov. 4 or 5," he said. "If they managed to pirate it, it will be out by then for sure."
******************************
Wired News
China Beefs Up Biz With Dot-Cn
11:38 AM Oct. 31, 2002 PST

SHANGHAI, China -- Expanding its online presence, China will begin letting overseas websites use addresses with its "dot-cn" national suffix starting in December, a foreign company picked to sign up subscribers said Thursday.

The step gives foreign companies a new avenue to court China's fast-growing population of Internet users, adding to the communist government's campaign to exploit the Internet commercially.

China owns the dot-cn suffix under international rules governing the use of the Internet.

Until now, it allowed only Chinese entities or foreign companies with a substantial presence in China to use it. But in October, the government signed up an American company, NeuStar Registry, to offer it to foreigners.

"There is going to be a very high demand due to China's opening up" commercially, said Richard Tindal, NeuStar's vice president for sales and marketing. He was in Shanghai for a conference of the Internet Corporation for Assigned Names and Numbers, or ICANN, the body that oversees Internet addresses.

Opening up a country's domain name to foreigners is not uncommon. Some tiny countries offer domains such as dot-tv for worldwide sale as revenue generators.

A Chinese agency is to decide which addresses are appropriate and check the content of dot-cn sites, according to Tindal. Communist authorities are very sensitive about political content and bar Chinese Web surfers from seeing a wide range of foreign sites run by news organizations, human rights groups and Chinese dissidents.

Tindal wouldn't discuss fees for registering a dot-cn address.

In the seven years since it was first offered, dot-cn had attracted fewer than 130,000 subscribers, tiny for a nation of 1.3 billion people.

By comparison, Tindal said NeuStar signed up 400,000 subscribers for the United States' dot-us suffix in a couple of months. NeuStar also offers the global dot-biz domain name, one of seven newly created by ICANN in 2000.
***************************
CNET News.com
Software heals systems while they work
By Sandeep Junnarkar
Staff Writer, CNET News.com
October 31, 2002, 12:11 PM PT


Researchers at Pennsylvania State University said they have developed software that can repair a database that has been attacked, even as it continues to process transactions.
Scientists at the Cyber Security Group at Penn State's School of Information Sciences and Technology said the software can quarantine malicious commands sent to database management programs as it simultaneously repairs any damage done to the system.

The new software can be adapted for static repairs or for on-the-fly fixes that can unwind a chain of corrupted commands while the database continues to process transactions, researchers said.


"We simulated attackers' behaviors on a database and then monitored the response of the database," Dr. Peng Liu, a professor at Penn State and the team leader, said in a statement. "We can't prevent attackers from getting in, but with this technology, the database can heal itself on the fly."

The Cyber Security Group and the U.S. Air Force are testing a prototype of the software, which is not yet commercially available.

Several large database software makers are beginning to offer their own self-healing systems. But none is as advanced as the Penn State research project, which represents the next frontier in database management software, analysts said.

"There are various tools that can detect anomalies, but they simply generate a report or display that calls someone's attention to it," Carl Olofson, an analyst at IDC, said of current products on the market. "The interesting part of the (Penn State) research...is the ability to automatically respond to the attack."

Commercial software makers are also researching self-healing technologies. IBM, one of the earliest proponents of so-called autonomic computing--or the science of creating computing systems that can configure, tune and repair themselves--earlier this month announced it was opening a hub for research and product development in autonomic computing.

With the number of large, critically important databases continuing to increase, a concurrent increase in the number of attacks on them could also occur, said analysts. Nearly every major industry, from e-commerce to air traffic control to credit card billing, relies on massive database systems.

"Think about it: more complexity, more customers, more devices, greater promise in productivity. There aren't enough IT architects in the world, nor can we afford to pay the bills," said Sam Palmisano, IBM's chief executive, as he outlined Wednesday his vision of computing in the near future. "Fundamentally we have to invent and architect systems that function much like the human body--they self-adjust temperature, heart rate."

In July, IBM unveiled version 8 of its DB2 database server software, furthering the autonomic computing-like features it includes. But that technology still must rely ultimately on an IT administrator, who maintains it after receiving notification from the affected system by e-mail, pager or personal digital assistant.

Database market leader Oracle also offers self-managing tools as part of its Oracle 9i database server software. Those tools, among other features, allow a database to automatically recover in the event of some failures and to manage the performance of a system with little human interaction, according to Oracle.

Microsoft's SQL Server database can also perform automated administration of some features.

After the attack
In traditional databases, an intrusion can be easily detected, but the repercussions of the attack can lead to longer-term damage. Subsequent transactions and data updating can spread the damage, and finding the root of the problem is usually expensive and can lead to the loss of other legitimate data, researchers said.

The software developed at Penn State lets databases be adaptive, according to the researchers, in order to avoid data loss or other damage.

"The database can adapt its own behavior and reconfigure itself based on the attack," Liu said.

Liu's research was initially funded by the Air Force and the Defense Advanced Research Projects Agency (DARPA). Subsequent grants have come from the National Science Foundation, the Air Force, DARPA and the U.S. Department of Energy.
*****************************
Wired News
Blog to Court: Check Your Facts
02:00 AM Nov. 01, 2002 PST

When attorney Howard Bashman noticed a small error in the footnote of a 5th Circuit appellate court opinion, he quickly noted it on his weblog.

The next day, Judge Jerry Smith, who wrote the opinion and also happens to be a reader of Bashman's blog (PDF), fixed the error in an amended version. The judge e-mailed Bashman, personally thanking him for bringing the mistake to his attention.

"It's the first time that I've noticed a weblog credited for pointing out an error and causing a correction (in a court decision)," Bashman said. "This example is noteworthy because it's the first time that something like this has come to light."

In the initial ruling (PDF), the court struck down a San Antonio, Texas, ordinance prohibiting adult video stores from setting up shop within 1,000 feet of a residential area.

A former clerk for the 3rd Circuit, Bashman noticed that a ruling mentioned in a footnote was misidentified.

He pointed out the error, noting that "the references to the 3rd Circuit contained in footnote 17 of the opinion may be in error, because the opinion, in context, appears to be referring back to decisions from the 8th and 10th Circuits, and not the 3rd."

The next day, Bashman received an e-mail from Smith stating, "You were the first to spot the error in footnote 17. Thanks. I have fixed it."

While Bashman acknowledges that the judge probably would have amended the error no matter how it was brought to his attention, Bashman was still surprised by the judge's e-mail.

"In my opinion, Judge Smith is regarded as one of the top-notch federal appellate judges in the nation and it's an honor to have him reading my weblog," Bashman said.

Like many other courts, the 5th Circuit makes its opinions available instantly online.

However, the courts' websites don't always make it easy to get in touch with specific judges.

Bashman's blog gathers interesting appellate decisions from any court in the nation. His audience includes reporters, law clerks and employees of the Supreme Court and federal courts across the United States.

"I try to use whatever tiny power I might have to communicate with these folks," said Bashman, who is also an appellate attorney and a columnist for The Legal Intelligencer.

Bashman admits that he doesn't "go through opinions looking for errors."

While the error was trivial and didn't alter the outcome of the case, Judge Smith's prompt response to Bashman's blog underscores that weblogs have ushered in a new era of digital accountability.

"I will chalk this up as an example of this blog's having achieved tangible results in the form of an even more perfect 5th Circuit opinion," Bashman wrote in his blog.

Other weblogs, like Boing Boing, linked to Bashman's blog, applaud the significance of the judge's action.

"There's a sense, a myth, that weblogging is entirely navel-gazing, inward-focusing activity," said Cory Doctorow, a freelance journalist and blogger for Boing Boing. "Every time there's a place that blogs interact with the real world, it makes people in blogging feel like they're not doing inward-focused, irrelevant activity.

"The idea that there's a federal judge reading weblogs so he can understand cases makes a lot of people feel like weblogs are not a niche phenomenon."

Bashman, for one, is basking in the attention his blog has received.

"I'm pleased that others think it's significant," Bashman said. "It does show a new method of feedback, and more feedback is better than less.

"This shows that this is a new way of communicating feedback to judges and reporters who write in this area of the law."

Judge Smith declined to comment for this story.
*********************
Federal Computer Week
Report sets e-gov measuring stick
BY Diane Frank
Oct. 31, 2002

A consortium of performance organizations presented a baseline report Oct. 30 on agencies' e-government practices, and Office of Management and Budget officials agreed that it creates an important mark for measuring future progress.

The report, "Creating a Performance-Based Electronic Government," is the first of what will be an annual study, officials said. It highlights best practices that agencies have developed as they participate in the e-government initiatives led by the Bush administration and within their own agencies. It also outlines the areas agencies still need to improve, particularly the area of creating and using performance measurements.

"We found there were a lot of common problems and also common solutions," said Carl DeMaio, president of the Performance Institute, the lead organization within the consortium.

Each of the 10 common issues outlined in the report include recommendations for agencies and OMB. The second half of the report focuses entirely on detailed case studies from government agencies.

OMB also has seen improvement in agencies' movement toward e-government, and will likely use the report to help focus agencies during the fiscal 2003 implementation and fiscal 2004 budget development, said Mark Forman, OMB's associate director for information technology and e-government.

One positive step is that federal employees really want to improve their processes and "the change management issue is not as difficult as many people perceived it to be," Forman said.

But there is still a long way to go, Forman said. "I think that we aren't seeing still the results that we need to see, we aren't giving citizens e-government on their terms," he said.

Performance measures are a key way to make those results happen, by setting true transformational goals and defining how to attain those goals, he said.

Among the examples of best practices are the overall management practices used by the Labor Department on the GovBenefits.gov portal initiative and the concrete goals set by the Internal Revenue Service for its EZ Tax Filing initiative, DeMaio said.

The top recommendation for the coming year, however, is for agencies and OMB to make mission-based performance measurement a basic part of IT and e-government management, he said. But it must be done carefully and intelligently if measurements are expected to actually help, he said.

"Not everything that needs to get done needs to be measured," he said.
***************************
Federal Computer Week
'Sensitive' label strikes nerve
BY William Matthews
Oct. 31, 2002

Presidents from three prestigious government science academies have urged the Bush administration not to declare information "sensitive but unclassified" and withhold it from the public.

During the past year, dozens of federal agencies have adopted informal policies of suppressing information that they think could be helpful to terrorists planning attacks against the United States. And since summer, the Office of Management and Budget has been considering whether to adopt a formal policy for withholding sensitive information.

So far, thousands of documents have been purged from government Web sites and removed from library shelves.

But the presidents of the National Academy of Sciences, the National Academy of Engineering and the Institute of Medicine said such information withholding could "stifle scientific creativity" and weaken, rather than strengthen, national security.

In a statement in mid-October, the three called "sensitive but unclassified" a poorly defined category that would generate deep uncertainties about what can and can't be published.

The presidents -- Bruce Alberts of the National Academy of Sciences, William Wulf of the National Academy of Engineering and Harvey Fineberg of the Institute of Medicine -- agreed that access to some information must be restricted "to safeguard strategic secrets." But they said openness remains essential for scientific progress and to enhance the public's understanding of potential threats.

They urged the Bush administration to stick with a policy the Reagan administration set at the height of the Cold War in 1985 that generally bans restrictions on the conduct or publishing of federally funded research that has not been classified.

The National Academies had its own run-in recently with the Bush administration over publishing sensitive information.

The Agriculture Department "tried to suppress" a National Academies research report on the vulnerability of U.S. agriculture to bioterrorism, said National Academies spokesman Bill Kearney.

Researchers found that harmful foreign pests and pathogens are "widely available and pose a major threat to U.S. agriculture" and that the department has failed to plan a defense against a biological attack. USDA officials wanted the unclassified report withheld.

"Their objection was that by saying this we are endangering national security," Kearney said. Even after the National Academies removed details from the report, USDA officials continued to object, leading some at the National Academies to believe the agency really wanted to suppress the report's criticism, he said.

The National Academies published the report anyway. "We want scientists to be enlisted in fight against terrorism," Kearney said. "If secrecy wins the day, you won't get the full cooperation of scientists."

Some unclassified information clearly should not be available to the public, said Ari Schwartz, associate director of the Center for Democracy and Technology. Blueprints of federal buildings are an example. Some used to be available on government Web sites, and they should not be, he said.

But the National Academies' bioterrorism report shows "there is also a legitimate concern that agencies will use new categories of information to withhold information that should be made public," Schwartz said.

"We are watching very closely" to see what balance the OMB will strike between openness and security, he said.

OMB has been seeking opinions on "sensitive but unclassified," but declined to comment on the National Academies presidents' recommendation.
***************************
Government Executive
October 31, 2002
Agencies' port security efforts called 'insufficient'
By Molly M. Peterson, National Journal's Technology Daily

Homeland security officials say they have made progress over the past year in their complex, multi-agency effort to implement technologies aimed at preventing terrorists from using massive sea containers to smuggle weapons of mass destruction into the United States. But many lawmakers and watchdogs see a lack of coordination in those efforts and have cautioned that the most effective technologies are not being deployed quickly enough.

"Despite reassurances from the administration, the security of our nation's ports and borders remains insufficient to protect us from nuclear smuggling by terrorists," Pennsylvania Republican Jim Greenwood, chairman of the House Energy and Commerce Oversight and Investigations Subcommittee, said during a hearing earlier this month. "Simply put, more needs to be done."


A System 'Ripe For Exploitation'

An independent, blue-ribbon task force co-chaired by former Sens. Gary Hart, D-Colo., and Warren Rudman, R-N.H., echoed that warning last week, releasing a report that called the global trade system "ripe for exploitation and vulnerable to mass disruption by terrorists." Noting that 95 percent of all non-North American U.S. trade moves by sea, the 17-member task force said trade security is a "critical mandate" in need of immediate action.

"While 50,000 federal screeners are being hired at the nation's airports to check passengers, only the tiniest percentage of containers, ships, trucks and trains that enter the United States each day are subject to examination, and a weapon of mass destruction could well be hidden among this cargo," said the task force, which was sponsored by the Council on Foreign Relations.

The panel added that federal grants have covered only a tiny percentage of what it will cost port authorities to prevent such smuggling. The task force cited estimates that adequate physical security would cost the nation's commercial ports about $2 billion. But so far, only $92.3 million in federal grants have been approved.

"Even then, the grants have not been awarded on the basis of a port's relative importance to the nation," the task force said, noting that the ports of Los Angeles and Long Beachthrough which 43 percent of all U.S.-bound sea containers arrived in 2001requested $70 million in grants after the Sept. 11 terrorist attacks but were awarded only about $6.2 million. "The adequacy of such grant levels needs urgent re-examination."


A Critical Eye Toward Customs

Another urgent priority, according to many lawmakers, is improving technological expertise within the Customs Service, the agency with primary responsibility for combating nuclear smuggling.

"While Customs agents put their lives on the line every day and are experts in the interdiction of guns, drugs and money, they are not experts in the interdiction of nuclear devices or in the assessment, procurement or deployment of systems designed to detect nuclear devices," Greenwood said. "Customs simply does not possess the technical expertise for a coherent strategic plan for prioritizing, selecting and installing radiation-detection equipment at our 301 ports of entry."

But Greenwood noted that other agenciessuch as the Energy Department's National Nuclear Security Administration (NNSA) and the Defense Department's Defense Threat Reduction Agency (DTRA) do have that type of expertise. He said Customs must improve its ability to tap that expertise and coordinate its high-tech initiatives with those of other agencies.

"These scientists possess real-world experience in not only the detection of nuclear sources but in the assessment and the installation of the necessary equipment," Greenwood said. "But ... Customs is not utilizing our country's best and brightest to protect us from the threat of nuclear terrorism at our nation's ports and borders."

Florida Democrat Peter Deutsch, who serves as ranking member on Greenwood's subcommittee, said that although Customs has made some progress in recent months, the agency's port security efforts over the past year have been "marked with confusion and delay."

Deutsch raised concerns about Customs' efforts to install radiation-detection equipment at ports and borders since Sept. 11. "I believe that the efforts of your agency, for whatever reason, have lacked a cohesive strategy to accomplish this goal, and this effort needs to be better organized," Deutsch told Customs Commissioner Robert Bonner during the subcommittee hearing. "I believe that your agency has also proceeded too slowly."


In Search Of The Best Strategy

Several lawmakers also complained after a recent General Accounting Office (GAO) report showed that the federal government has deployed more sophisticated radiation-detection technology to Russian ports and borders than it uses at U.S. ports.

GAO officials said the Energy Department has installed 70 portal monitors at various locations in Russia, at a cost of $11.2 million. So far, those monitors have led to the interception of 275 cases containing radioactive materials. "I think it's important that we take those same types of steps in the U.S.," Kentucky Republican Rep. Edward Whitfield told the subcommittee.

Customs Commissioner Robert Bonner told the panel that deploying advanced nuclear-detection technology to foreign countries helps U.S. Customs agents stationed overseas to screen cargo containers for potential terrorist weapons before they leave for the United States. "An important part of our strategy to address the nuclear threat is pushing our zone of security outward, pushing our borders outward, so that ... our ports of entry in the United States are the last line of defense, not the first line of defense against this threat," Bonner said.

But Bonner added that NNSA has helped Customs to improve security at U.S. ports by drawing on expertise from the Energy Department and several of the national laboratories. He said that so far, Customs has deployed 96 large-scale X-ray and gamma-ray imaging systems to certain U.S. ports to help screen cargo containers for terrorist weapons. Customs agents at all U.S. ports also wear personal radiation detectors known as "pagers" on their belts.

"So there is some capability to detect nuclear materials at U.S. ports of entry, but to further augment our nuclear detection capabilities ... we are also acquiring and deploying portal radiation detectors," Bonner said. He noted that Customs plans to purchase 400 portal monitors by the end of fiscal 2003 and will deploy at least one to each U.S. port.

But Gary Jones, director of the GAO's natural resources and environment division, said it could take several years to test and install all of those monitors. She noted that portal monitors are currently in use at only one U.S. border crossing, as part of a pilot project. "And the results of that pilot are not yet available," Jones told the panel.

Jones also noted that preventing nuclear smuggling requires more than just high-tech equipment. "Customs personnel must be effectively trained in radiation science, in the use of the equipment, and in identifying and responding to alarms," Jones said, adding that Customs needs a comprehensive port-security plan and better coordination with agencies at all government levels.

Acting NNSA administrator Linton Brooks said efforts to prevent nuclear smuggling have demonstrated the need for a Homeland Security Department. "The president's proposal, when it is enacted, will help us draw together the disparate elements of the government," Brooks said.
*****************************
Government Executive
October 31, 2002
FBI director says industry must do more to prevent cyberattacks
By Shane Harris
sharris@xxxxxxxxxxx

FBI Director Robert Mueller Thursday implored industry technology executives to do a better job securing the Internet and other data networks by reporting incidences of online crime to the bureau.


"You're not enabling us to do [our] job" by withholding reports about criminals who successfully penetrate companies' data networks or attack their systems, Mueller told those attending a Falls Church, Va. forum on combating online crime and cyberterrorism. Corporations are reluctant to report such attacks to law enforcement agencies for fear of revealing their systems' vulnerabilities. They worry the information could give competitors an edge, or invite more attacks by criminals once they discover the weaknesses.


The Information Technology Association of America and Computer Sciences Corp. sponsored the event.


Mueller acknowledged those fears and agreed that if FBI investigations have an adverse effect on a company, it doesn't serve the government's interest. "If we put on raid jackets and come in [to a place of business], that publicity will not help us do the job," he said.


Still, the FBI receives only about one-third of the reports that it wants from companies, Mueller said. Since the private sector owns and operates about 90 percent of U.S. data networks, upon which facilities such as water treatment plants and electric grids operate, the government is beholden to businesses to secure cyberspace largely on their own.


"We need your help," Mueller said, noting that the FBI "lacks the expertise in a number of areas" to effectively police the online world alone. In the past, the FBI hasn't hired agents based on their technological prowess. For years, the bureau so neglected its own use of technology that, until recently, most agents didn't have access to the Internet and couldn't send e-mail outside the agency.


Today, the FBI is installing new computers and networks. Mueller said officials are also taking several actions in response to the threat of cybercrime, which he said is now a top enforcement priority, along with preventing terrorism and conducting counter-intelligence.


Field offices are consolidating their cybercrime efforts to mirror the cybersecurity division at the FBI's Washington headquarters, Mueller said. Historically, agents with the most experience investigating online crime haven't been placed in a single division. "In the past, we have fragmented our responsibilities" in this area, Mueller said.


The FBI is also trying to recruit "a new type of agent," and is seeking candidates with specialized computer skills who are not only technologically fluent, but familiar with the kinds of attacks criminals have perpetrated online, Mueller said.


Mueller added that the FBI is one of the best-equipped agencies to investigate online crime, despite its own technological shortcomings. "We're on the cutting edge of technological investigations," he said, noting that the bureau has established computer forensics labs in several cities to analyze suspects' computers and collect evidence to use at trial.


Mueller said that the FBI couldn't measure its success by how many criminals it apprehends or attacks it prevents, adding that if there's another terrorist attack, "we've failed."


Instead, the bureau must look at how involved the private sector becomes in prevention efforts as an indication of how the fight against cyberterrorism is faring. He cited an association called InfraGard as an example of cooperation between government and the private sector. The group is a joint initiative of the FBI and an association of businesses, academic institutions and state and local law enforcement agencies that share information about cybersecurity and infrastructure protection.
*****************************
Computerworld
FBI chief: Lack of incident reporting slows cybercrime fight
By DAN VERTON
OCTOBER 31, 2002

Since the Sept. 11 terrorist attacks last year, FBI director Robert Mueller has taken the unprecedented step of making the fight against cybercrime and cyberterrorism the bureau's No. 3 priority behind counterterrorism and counterintelligence. But private-sector cooperation in that fight remains woefully inadequate, Mueller told an invitation-only meeting of industry and government officials today.
"We probably get one-third of the [cybercrime] reports that we would like to get," said Mueller, speaking at the National Forum on Combating e-Crime and Cyberterrorism, sponsored by the Arlington, Va.-based Information Technology Association of America and El Segundo, Calif.-based Computer Sciences Corp.

"You're not enabling us to do the job," Mueller said, referring to the lack of incident reporting coming from the private sector. Without more companies stepping forward and cooperating with law enforcement on prosecuting known or suspected cybercrimes, the FBI's analysis and prediction capability will not improve, nor will the overall state of security on the Internet, said Mueller.

"We understand that there may be privacy [and public relations] concerns," said Mueller. "We, as an organization, have learned that you don't want us [responding] in raid jackets, you want us there quietly." However, for the attacks to stop, "there has to be a sanction."

For its part, the FBI under Mueller's stewardship has undertaken a massive reorganization designed to make the agency more nimble and savvy when it comes to responding to and understanding cyberbased attacks against the nation's critical infrastructure.

In addition to making cybercrime and cyberterrorism one of the bureau's top three priorities, Mueller said the FBI has changed its hiring practices to focus on recruiting "a new type of agent" that can bring a "bedrock of experience" from the world of IT.

The bureau has also taken steps to improve information sharing with other federal, state and local agencies. So far, Mueller has set up three joint FBI-Secret Service cybercrime task forces and recently created a computer forensics laboratory in San Diego, with plans to establish additional labs throughout the country. The labs will include the participation of various agencies, including the Customs Department and the Immigration and Naturalization Service.

Although it is "absolutely critical" that the private sector and the government work together, Harris Miller, president of the ITAA acknowledged that "the reality is that our interests are not always in alignment." However, the chances of successfully battling e-crime and cyberterrorism without government help "are literally zero," he said.

Given the increasingly organized nature of cybercrime syndicates and various other "techno-gangs," it is critically important for companies to come forward when they are the victims of a crime, said Paul McNulty, U.S. Attorney for the Eastern District of Virginia. Without that cooperation, there is a real chance that "cyberspace could become an economic blight ... where people are afraid to go."

There remains, however, a "huge gulf between industry as vendor and industry as customer," said Marty Stansell-Gamm, chief of the Computer Crime and Intellectual Property Section at the Justice Department. Discussions have not yet taken place that would enable industry to speak with one voice, she said.
****************************
Computerworld
New Wi-Fi security would do little for public 'hot spots'
By BOB BREWIN
OCTOBER 31, 2002

The new security features that wireless LAN vendors plan to build into products under the Wireless Protected Access (WPA) program will do little to protect enterprise or individual users in the booming Wi-Fi public-access "hot spot" market.
That market got another boost yesterday as Redmond, Wash.-based T-Mobile announced plans to provide such service in clubs and lounges operated by American Airlines Inc., Delta Air Lines Inc. and United Air Lines Inc.

John Pescatore, an analyst at Gartner Inc. in Stamford, Conn., said that public-access providers such as T-Mobile or Boingo Wireless in Santa Clara, Calif., typically do not turn on any form of security because to do so would inhibit their business by reducing the convenience of the high-speed (11M bit/sec.) Internet access these operators sell.

Pescatore advises that mobile enterprise workers use a virtual private network (VPN) connection if they intend to use a public-access WLAN service to tap into a corporate database or e-mail server. He also suggests that anyone using a public-access Wi-Fi service to install a personal firewall to prevent snooping by other users on the same public network.

Peter Beardmore, senior marketing director at Colubris Networks Inc., which sells a "hot spot in a box" WLAN setup through Boingo, said public-access WLAN users without a firewall run the risk of another airport or coffee shop user poking around in their files using the "Network Neighborhood" tools found in the Windows operating systems.

Beardmore said Colubris, based in Laval, Quebec, helps Boingo prevent this kind of casual sniffing by "forcing all traffic upstream" to a Colubris server either incorporated into the access point or separate from it. This technique, Beardmore said, prevents what he called "paper-to-peer" sniffing of one client on a public-access WLAN network by another.

But Bearmore agreed with Pescatore that enterprise users should also protect their data through the use of a VPN.

Eventually, he said, public-access providers could build the authentication part of WPA into their servers for monthly customers, providing companies such as Boingo with a way to authenticate the identity of regular -- though not casual -- customers.
****************************
Computerworld
CIOs: Stop 'begging' for IT funding and start showing value
By THOMAS HOFFMAN
OCTOBER 31, 2002

NEW YORK -- IT leaders can prove the value of IT investments to senior management by shifting away from being viewed as a cost center and focusing on how they are helping companies achieve top-line growth, said CIOs at a Society for Information Management (SIM) conference held here yesterday.
One way to do that: Think out of the box, looking beyond some of the more obvious areas to identify value opportunities.

That's what James H. Noble has done at Philip Morris Companies Inc. Dissatisfied with standard decentralized, centralized and shared services approaches to running an IT organization, the vice president and CIO of the New York-based consumer products company convinced senior management and business unit leaders to create a federated shared services organization. That way, the IT department can look beyond "squeezing costs out of IT" and operate as a profit center aimed at helping generate new business.

One reason the federated shared services model should appeal to IT leaders is that CIOs "are all tired of begging around with a tin cup to our internal customers" for project funding, Noble said.

He speaks from experience. Earlier in his career, Noble consulted with Shell Oil in Houston to help the company form a shared services group. Shell eventually decided to market its shared services to other companies, and "they've had a lot of trouble making that succeed," Noble said.

What Philip Morris has done is create a Web-based "company store" where business unit leaders can shop for IT services from its shared services group and compare the costs of providing support with benchmarking results from Meta Group Inc. For example, Noble's group charges $70 per month, per managed end-user seat, vs. the $105 per-month average charge for Meta benchmarking participants.

Under this federated model, argued Noble, his organization is able to demonstrate a better, more flexible and scalable range of services and lower costs than third-party vendors saddled with cost-of-sales overhead. In addition, he claimed his group responds faster to customer requests while maintaining a "professional, benchmarked, arms-length" relationship with the business units.

The shared services model has helped Noble "raise the agenda of the CIO to the board level" by enabling him to debate investment prioritization with other business unit leaders. He also said it has enabled his organization to deliver in one year what it otherwise would have taken the IT department 5 years to complete.

Still, there are risks to adopting this approach. In shifting to a shared services model, for example, the number of people reporting to Noble plunged from more than 500 people to just 22.

"In most corporate cultures, your clout is often viewed by the number of people you have reporting to you," said Jerry Luftman, director of the Wesley J. Howe School of Technology Management at Stevens Institute of Technology in Hoboken, N.J. But under the federated shared services model adopted by Philip Morris and other companies, such as IBM, Bristol-Myers Squibb and Prudential Insurance Company of America, the people who continue to report to the CIO "are very strategic people that have gained the recognition of senior management," Luftman said.

To help prove the value of IT to its top executives, Shelley Leibowitz, Morgan Stanley Dean Witter's managing director and company CIO, has leveraged co-sourcing and outsourcing engagements to save money and focus on core competencies while diversifying its IT support. Case in point: Morgan Stanley used to struggle with quality assurance and systems testing in-house, said Leibowitz. By outsourcing those functions to a set of vendors on a project-by-project basis, the New York-based financial services giant has seen the quality of its QA work and systems testing "greatly improve," she said.

For her part, New York University CIO Marilyn McMillan set up an educational portal project beginning in June 2000 "where deliverables were set on a schedule like a vendor product." That approach helped her "earn the credibility" from senior management and gain funding for each new release of the portal, which is now on Version 5.0.

It also helped McMillan gain approval recently for an additional "six-figure investment" to add workflow capabilities for end users to access administrative applications through the portal.
******************************
Computerworld
ICANN ends Shanghai meetings by passing reforms
By TODD R. WEISS
OCTOBER 31, 2002

Reforms and changes are coming to the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit group that runs the Internet's Domain Name System.
After four days of meetings in Shanghai that ended today, ICANN's board of directors approved a wide-ranging set of bylaw changes aimed at addressing issues that have caused rifts among the group's membership over how ICANN watches over the Internet.

In a telephone interview with reporters today, M. Stuart Lynn, ICANN's president and CEO, said the meetings were "a major step forward on the reform trail" and will help the nonprofit group as it strives to be more responsive to complaints and criticisms from its membership.

Among the changes approved were a reduction in the number of board members from 18 to 15 and creation of an ombudsman's office. ICANN will also be dissolving the Protocol Supporting Organization, replacing it with a Technical Advisory Committee (TAC), and will establish a Country-code Names Supporting Organization (CNSO). ICANN is also approving a name change for the Domain Name Supporting Organization, which will now be known as the Generic Name Supporting Organization (GNSO).

The new ICANN structure will include three supporting organizations -- the GNSO, the CNSO and the Addressing Supporting Organization -- with four standing advisory committees of the board: the Governmental Advisory Committee, the TAC, the DNS Root Server System Advisory Committee and the Security Advisory Committee.

Some proposed reforms and amendments didn't make it into the final package, Lynn said. Yesterday, ICANN held a public forum where members and others could give their views on the proposed changes. After hearing those comments, ICANN made additional changes to reflect the suggestions, he said.

Among them: Reversal of a recommendation that would have stopped ICANN members from being able to vote multiple times on issues, depending on what membership subgroups they represent. Under existing rules, for example, members get two votes on an issue if they are an Internet service provider and also a top-level domain (TLD) registry. Critics opposed a plan to limit each member to one vote, and the proposal was dropped, Lynn said.

"There were a lot of good arguments on why it was a bad idea," he said.

With the bylaws and changes approved, ICANN plans to meet again in December in Amsterdam to put in place a transition plan, he said.

Also discussed at the conference was the security and health of the Domain Name System itself, which underwent a distributed denial-of-service (DDOS) attack last week when all 13 of its root servers were bombarded with messages meant to disrupt them (see story).

Lynn said the hacker attack, which lasted about an hour on Oct. 21, showed that "stability is a prerequisite to security" because the system handled the disruption almost invisibly to users. "But that doesn't mean we can't do better," he said.

At the session, Steve Crocker, ICANN's security committee chief, gave an overview of the DDOS attack and its effects on the DNS system. "The whole purpose of the Internet is to pass traffic," Lynn said. "A DDOS attack is someone sending too much traffic. The answer is how long does it take to respond and to be sure there is capacity to withstand it until you can shut it off."

"The DNS isn't a black box that you can wrap chains around," Lynn said.

Also raised at the meetings was the possibility that some TLD holders may try to challenge ICANN next year for some of its administrative power (see story).

Some of those TLD holders said they may want to try to take over some of the administrative work now done by ICANN under a contract with the U.S. Department of Commerce. The so-called Internet Assigned Numbers Authority (IANA) maintains administrative contacts for the Internet, updates name servers and completes other administrative tasks. Under an idea floated at the ICANN meetings, some TLD holders said they are thinking of making their own bid for the next IANA contract, which expires in March.

Lynn said the issue is evidence that "relations with the [TLD holders] always have their ups and downs." While some TLD holders were looking into such a possibility, not all feel that way, he said. "It depends on who you want to believe," Lynn said. "We're going to move forward in a positive way."
******************************
Washington Post
Web Oversight Group Changes Election
By Christopher Bodeen
Associated Press Writer
Thursday, October 31, 2002; 2:01 PM

SHANGHAI, China The group that oversees Internet addresses finalized changes Thursday that end direct elections to its board of directors a move critics complain could make the group indifferent to ordinary users and hurt innovation.

The steps are part of an organizational overhaul meant to improve the efficiency of the nonprofit Internet Corporation for Assigned Names and Numbers, said chief executive Stuart Lynn.

The changes were approved by a 15-3 vote on the final day of a conference on Internet addresses this week in Shanghai.

"This will make ICANN a much more efficient and effective organization that will get things done better and faster and be more plugged-in to the community than we are now," Lynn told reporters following a board meeting.

Lynn and others said the group's former method of electing five of the 18 board members bogged ICANN down in debates that held up its main work making decisions that affect everything from how Web sites are named to how e-mail is sent.

The board had approved the framework of the reorganization earlier, and this week's meeting was largely about filling in the details, including approving the new bylaws.

Under the new system, the board is to be picked by a nominating committee and a trio of affiliated organizations representing groups of address holders. The changes are to take effect at an ICANN conference in Amsterdam in December.

Critics said the revisions were aimed at getting rid of dissenting board members who say the group is out of touch with Internet users.

"ICANN ... is not allowing public participation," said Karl Auerbach, a California consultant who is one of the five elected board members. He voted against the changes.

"It is very much becoming a body that follows the interests of big business," Auerbach added. He said the group had become an aggressive protector of corporate copyrights on the Internet and was becoming irrelevant to ordinary users.

ICANN has authority over domain names the suffixes such as ".com" and ".org" at the end of Internet addresses through a 1998 agreement with the U.S. government.

Other critics said the group's new bylaws fail to address the controversial question of how to work with regional registries that control the awarding of national suffixes such as ".uk" for Britain and ".jp' for Japan.

Those registries want more autonomy and chafe at paying dues to ICANN.

"There are too many holes (in the new bylaws) that are not appropriate for where we stand at this time and in our responsibility to the Internet," said Robert Blokzijl, an ICANN board member and founder of the European Internet registry, RIPE.

Blokzijl joined Auerbach and Andy Mueller-Maguhn of Germany, another elected board member, in voting against the changes.

Lynn defended the changes, saying ICANN would work with registries to define relations better. But he said the registries weren't unified in their views.

The ICANN board also approved a plan that could require regional registries to pay the world body more for each address that they register.

The money will help ICANN build up its ability to coordinate and fight hacker attacks, such as last week's "denial of service" assault on the 13 computers scattered around the globe that store directories of online addresses and direct traffic on the Internet.

In that attack, servers were flooded with data relayed by hackers through other users' computers in what appeared to be an attempt to overload them and shut down the network. Some disruption was reported, but specialists said it suffered no permanent damage.

Also Thursday, Lynn said he would recommend creating three new Internet domain names, though he said there were no plans yet on when to create them or what they would be called.

ICANN introduced seven new domains in 2000 to help relieve demand for the most popular ".com," but Lynn said the slowing global economy had reduced calls for large numbers of new domain names.
*************************
USA Today
U.S. software-piracy rate rose slightly in 2001, study shows

WASHINGTON (Dow Jones/AP) The rate of business-software piracy in the United States climbed slightly in 2001, an industry trade group said Thursday.

The Business Software Alliance, citing a new study conducted by the International Planning & Research Corp., said the U.S. software-piracy rate in 2001 was 25%, up 1 percentage point from 2000.

Theft of software cost the United States $1.8 billion in retail sales of business software applications and more than 111,000 jobs, the group said.

"Software piracy has a damaging economic impact on not only the software industry, but on the economic health of the nation as a whole," Business Software Alliance President Robert Holleyman said.

"It depletes available funding for valuable research and development and causes staggering job losses and billions of dollars in lost wages and tax revenue," Holleyman said.

The study analyzed piracy last year in each state. Researchers calculate the piracy rate by comparing estimates of software applications installed with estimates of applications that are legally shipped.

The state with the highest piracy rate was Mississippi, at 48.7%. New York was lowest at 11.9%.

The state with the sharpest drop in its piracy rate from 2000 to 2001 was New Hampshire, falling 16.3 percentage points, to 17.2% in 2001, from 33.5% in 2000.

Maryland's rate fell 14.7 percentage points, followed by California, Nebraska, Utah, Nevada, Colorado, New York, Illinois and Missouri.
**************************
New York Times
Hacking Victims' ID to Stay Secret
By THE ASSOCIATED PRESS
Filed at 6:41 p.m. ET

WASHINGTON (AP) -- Senior law enforcement officials assured technology executives Thursday that government will increasingly work to keep secret the names of companies that become victims to major hacking crimes, along with any sensitive corporate disclosures that could prove embarrassing.

The effort, described at a cybercrime conference in northern Virginia, is designed to encourage businesses to report such attacks and build public confidence in Internet security. Officials promised to use legal mechanisms, such as protective orders and sealed court filings, to shield corporate hacking victims from bad publicity.

``It's important for us to realize that you have certain concerns as victim companies that we have to acknowledge,'' FBI Director Robert Mueller said. He promised, for example, that FBI agents called to investigate hacking crimes will arrive at offices discretely without wearing official jackets with ``FBI'' emblazoned on them.

``The mere calling of us in an investigation can have an adverse impact on the image of your company,'' said Mueller, who has made cybercrime an FBI priority. In exchange for this protection, Mueller said, companies should more frequently admit to the FBI when they are victims of hacking. ``You're not enabling us to do the job,'' he said.

Government efforts to tighten Internet security and investigate online attacks have long been hampered by reluctance from companies to admit they were victims, even in cases where executives quietly paid thousands of dollars in extortion to hackers. Companies say they fear loss of trust by customers and shareholders, costs associated with a formal investigation and increased scrutiny by regulators.

New efforts to protect the identities of hacking victims also contrast markedly with traditional hacker culture, which frequently blames companies and organizations that are targets of online attacks for failing to secure their networks adequately.

``There may very well be ways that law enforcement can get a criminal sanction imposed but not have all the names of the companies made public,'' said Marty Stansell-Gamm, chief of the Justice Department's computer crime section. But she cautioned: ``That's not something that law enforcement can guarantee.''

Instead, Stansell-Gamm said companies that have publicized hacking crimes along with their own explanations have fared well with customers and shareholders.

``Companies that worry too much about public response underestimate the public's ability to assess the situation with some sophistication,'' she said. ``If a bank robber sticks a gun in a teller's face, the public is not confused about who's fault that is.''

Paul McNulty, the U.S. attorney for the Eastern District of Virginia, said government's goal is to ``prosecute cases while at the same time achieving the kinds of protection and addressing the concern that the business community rightly has.'' He pledged that prosecutors will ``minimize publicity so there is no disincentive to come forward.''

McNulty's district is home to major technology companies and one of the Internet's most important physical junctions.

He cited congressional efforts, supported by the Bush administration, to exempt from the Freedom of Information Act any details that companies might disclose to the proposed Department of Homeland Security about vulnerabilities in their operations. He said amending the law could be helpful ``in case there is a concern that reports of hacks or intrusions in federal records might find their way into the hands of those who would use that information against us.''

Another U.S. attorney, Roscoe Howard of the District of Columbia, said the Constitution requires that a criminal defendant be permitted to face the accuser at trial, but he noted that many computer-crime investigations culminate with a plea agreement, where the names of victim companies can be kept secret.

``Nobody wants to be yanked out in front of the public to say, 'Hey, I was the victim of a crime.' Most people don't want their 15 minutes,'' Howard said. ``We can protect you where we can, and we will do that when it's within the law and the constitutional rights of the defendant. When we've got individuals (as witnesses) we want to keep off the stand, we just won't use them.''
****************************
CNET News.com
Europe's cops can't collar cybercriminals
By Reuters
November 1, 2002, 6:16 AM PT

LONDON--Europe is losing out in its fight against cybercrime, a top law enforcement official said Friday.

"With cybercrime, it's become so obvious that we've lost the battle even before we've begun to fight. We can't keep up," Rolf Hegel, head of Europol's serious crime department, told the Compsec 2002 computer security conference here.

The broad threat of cybercrime has puzzled police forces around the world for years. And now there is mounting evidence that organized criminal groups are using new technologies to commit everyday crimes and some new ones.


The Internet and mobile phones have become a reliable tool for criminals, experts say, used in child pornography rings and in a hush-hush crime that is hitting the corporate world with more regularity: threats of unleashing denial of service attacks on targeted computer networks to extort money from businesses.

Police can't keep up. "We are far behind," Hegel said.

Last month, Europol formed the High Tech Crime Center, a task force with a mission to coordinate cross-border cybercrime investigations in Europe. Hegel said the force is understaffed and under-resourced, but he hopes it will begin to make a difference in future investigations.

There is a sense of urgency amid the law enforcement community to bolster its digital sleuthing capabilities.

A coordinated attack on a clutch of central Internet root servers across the globe earlier this month has puzzled law enforcement officials, stoking fears it could be the work of an organized criminal group aiming to disrupt vital communications networks.

Hegel admitted that if such an attack targeted a European communications network today, police would have a very difficult time tracking down the culprits. The High Tech Crime Center was formed to beef up investigations into such occurrences, he added.

"We will focus our efforts on organized criminal groups," he said, but added assistance was needed from the victims who are often reluctant to share information with police for fear it will harm their business.

"I hope this type of incident leads to more in-depth discussions with the victims, the companies," he said.
****************************
Reuters Internet Report
RIAA Scores Victory in Aimster Case
Thu Oct 31, 3:51 PM ET

LOS ANGELES (Reuters) - The recording industry on Thursday claimed a victory in its ongoing legal assault against online piracy after a federal judge granted a preliminary injunction against file-swapping service Aimster, which recently changed its name to Madster.

The Recording Industry Association of America (news - web sites), which represents industry giants like Bertelsmann AG (news - web sites)'s BMG, EMI Group Plc (news - web sites), AOL Time Warner Inc. Vivendi Universal and Sony Corp (news - web sites). said the court's decision follows a Sept. 4 ruling granting the record companies' request for a preliminary injunction.


Madster -- a well-known file-sharing service that emerged in the wake of now idled Napster (news - web sites) and allows members to download and swap copyrighted songs -- was not immediately available.


The RIAA said Judge Marvin Aspen of the U.S. District Court for the Northern District of Illinois on Wednesday night ordered Madster implement filtering technologies so that it does not infringe copyrighted works over its network.


The legal battle between Madster and the music and movie industries dates back to Spring 2001. The central issue in the case was whether Madster, formerly known as Aimster, violates copyright laws because users can exchange pirated material.


Madster operates by piggybacking on the instant messaging (news - web sites) (IM) network of AOL Time Warner's America Online so that an Madster member becomes an online "buddy" of every other Aimster user and can access songs from other member's files.


Madster argued it was protected by the Audio Home Recording Act (news - web sites) of 1992, which ensures the right of consumers to make analog or digital recordings for private, noncommercial use.


Various suits against Aimster were consolidated before Judge Aspen, who ruled last month that Madster must make changes to prevent copyrighted material from being exchanged. Aspen, however, said certain aspects of the service, like sharing personal text messages, should be allowed to continue.


Earlier this year, two companies that run Madster and Madster's founder John Deep himself filed for bankruptcy protection, according to press reports.


The RIAA said it was continuing its crusade against other file-sharing services. "Other unauthorized peer-to-peer networks should take note of this decision....should also take advantage of these technologies and prevent illegal trading of copyrighted works on their systems," said Cary Sherman, president of the RIAA.
***************************
MSNBC
Will high-tech save or sink future elections?
Experts, officials weigh the promise and peril of electronic vote systems
By Alan Boyle

Oct. 31 On a crisp autumn morning in 2012, George got a call from his ballot box. He'd been tinkering with his presidential vote on the Netphone for weeks, and had dropped it in the e-mailbox just the night before. Now the election system's voicemail was calling him back to verify his vote. A recorded message read off the confirmation numbers, as usual but this time around, the digits didn't match. George thought for a moment: Was it just a glitch, or did someone actually do what the crypto company said was impossible? Had his vote been hacked?

TEN YEARS from now, that scenario could represent normalcy or a nightmare, depending on what happens between now and then.
On one hand, boosters see online voting as a shot in the arm for an ailing electorate. A small-scale Internet voting experiment in England's Swindon district helped boost turnout for May's local council elections by about 3.5 percent, compared with figures from two years earlier.
"It worked beyond our wildest dreams," election official Alan Winchcombe said.
On the other hand, the glitches bedeviling present-day electronic voting don't exactly inspire confidence. Statistics from the Caltech-MIT Voting Technology Project indicate that touch-screen machines have performed about as poorly as the infamous punch-card machines over the past 12 years.
This year, Florida is weathering a wave of criticism over problems with touch-screen systems. In Texas, touch-screens had to be taken offline for repairs during early voting because the displays were miscalibrated.
Would Internet voting add to the potential confusion and fraud? Rebecca Mercuri, a computer science professor at Bryn Mawr College and founder of Notable Software, is certain it would.
"We're taking an inherently insecure medium, the Internet, and layering security on top of it," she said. "It doesn't work."

WHY VOTING IS DIFFICULT
Jim Adler, founder, president and chief executive officer of VoteHere, agrees that Internet voting is a huge challenge. That's why his company developed the online system that was put to the test in Swindon.
"If this was so easy, banks would be doing elections," he said from VoteHere's headquarters in Bellevue, Wash. "We wouldn't be in this business if we thought elections were as easy as bank transactions."
He's willing to put his software up against more traditional voting methods, in hopes of snaring a piece of the billions of dollars in federal funds that will be paid out over the next few years for election reform.
"Give me tough requirements," he said. "Don't just give me a red light and tell me we're never going to go there."

Why is electronic voting so tough?
"All of the things that make us nervous about doing something by computer are magnified in the voting context," said Doug Chapin, director of ElectionLine.org, a nonpartisan research center in Washington, "because voting is the first decision which leads to all other decisions. If you believe that democracy is a process, and if there's any question about the legitimacy of that process, then it strikes at the legitimacy of the government as a whole. Just witness all the navel-gazing that went on in the wake of Bush v. Gore."
To continue with the banking analogy, it's OK if the bank knows how much money you have in your account but it's not OK if the election office knows how you voted. It's OK to get a statement from the bank showing your transactions but it's not OK to get a piece of paper showing how you voted. And yet, the voting process should leave a verifiable audit trail not only to guard against election fraud and allow for recounts, but also to ensure that every vote cast is counted.
HOW THE SYSTEM WORKS
Can Internet voting satisfy all those criteria? VoteHere's Adler insists that it can, using data encryption, digital signatures and advanced cryptographic protocols.
Voters would sign into the balloting system using two sets of numbers that they received in advance, plus a code based on personal information familiar to the voter. Once they're finished clicking through the ballot, it would be encrypted and a digital signature would be added.

"As soon as you have encrypted and signed a ballot, it's in its own little safe," Adler said. The digital signature serves as evidence that the vote is genuine and has not been altered.
The system could be used to cast a ballot at a polling place, over the Internet, over the telephone or via a gizmo like George's.
At the office, the ballots would be recorded in their encrypted form, and then they would be "shuffled," deciphered and tabulated under the eyes of trusted authorities. If someone wanted a recount, the counters could go back to the encrypted vote register and start over again. The voter could also check that his or her vote was tallied correctly by matching up verification codes just as George did in 2012.
"If you have voter verification, you don't have to trust the machine," Adler said. "I don't care if a computer virus upsets my vote, I'm going to detect it."

FACING REALITY
During VoteHere's test in Swindon, nearly 11 percent of the roughly 40,000 voters used the Internet, while about 5 percent voted over the phone.
"One of the political parties was going on, carrying mobile phones (and) saying, 'If you wanted to vote now, here you go,'" Winchcombe said. That party, the Liberal Democrats, drew the highest number of electronic votes, he said.
Winchcombe said VoteHere monitored the system for signs of fraud and detected "two or three attempts where people were trying to create their own PIN numbers" but no successful hacks.
Mercuri, however, is skeptical that Internet voting could ever be made secure.
"All of that is completely susceptible to the latest virus attack, the latest denial-of-service attack, sniffers and snoopers," she said. "There are vendors out there who are trying to mislead the public and election officials into thinking that they have secure cryptography."
When it comes to remote voting, Mercuri sees nothing that would stand in the way of a voter selling or transferring his or her voting codes to someone else unless election officials employed an intrusive biometric ID system. She even has her doubts about today's touch-screen systems: She says such machines should be modified to generate paper ballots, which would be tallied separately to certify the computerized results.
She and other experts say the incentive for fraud or just plain mischief will increase as electronic voting becomes more widespread. Even if new security measures are developed, that would raise new hurdles for voting access, said Caltech Professor Michael Alvarez, a member of the MIT-Caltech voting research team.
"Most Americans aren't familiar with what a digital certificate is," he said. "It will require use of a password, and most people forget what their password is."
Beyond the cybersecurity issue, remote Internet voting raises the same concern about coercion that mail-in absentee voting does, Alvarez said. He said online voting also could accentuate the country's "digital divide" between high-tech haves and have nots, Alvarez said.
"The folks who don't have Internet access tend to be elderly," he noted. "They tend to belong to particular demographic groups. ... Internet voting may run into potential Voting Rights Act problems."
Proponents of e-voting say that concern could be remedied by placing voting kiosks in government buildings, community centers, libraries and shopping malls. Los Angeles County operated 21 such kiosks for its early voting period this year.
The touch-screen setup, which allowed voters to cast ballots at convenient locations outside their home precincts, was a hit from the very first day. "Some of the locations had people lined up," said Conny McCormack, the county's registrar.

BRAVE NEW WORLD
Although researchers say the time isn't yet right for wide-scale Internet voting, they acknowledge that an increasing number of electoral tasks, such as registration and requests for mail-in absentee ballots, will be handled online.
Meanwhile, the small-scale experiments continue. A handful of Americans got a taste of online voting two years ago, in Arizona's Democratic primary and through an experiment in Internet-based absentee voting for overseas military personnel. Only 84 people voted in the Pentagon's $6.2 million trial which worked out to about $74,000 a vote. But Alvarez is gearing up for what he expects will be a bigger federally funded experiment in 2004.
"In the future, we're probably going to be voting on electronic devices, remotely," he said. "We're studying the problem, we're running experiments and trials. In a decade, we'll be much closer than we are right now."
****************************
MSNBC
Candidates use, misuse technology
Federal employees get e-mail solicitation from Bush
By Yochi J. Dreazen
THE WALL STREET JOURNAL

Oct. 31 Hundreds of federal employees got an unexpected e-mail earlier this month from a senior official they rarely hear from: President Bush.

"YOUR DONATION ... will make a big difference to my agenda to make America safer, stronger, and better," Mr. Bush wrote in the campaign solicitation sent from his RNC.org e-mail address. "So please help me today by sending the Republican National Committee as much as you can afford."

QUICK APOLOGY
The Republican fund-raising organization quickly apologized and said the e-mail was aimed at Republican voters and activists, not government employees. Still, Rep. Henry Waxman, a California Democrat, has called for an investigation into whether the e-mail violated a federal law that limits political activity by federal employees.
Call it Politics 2.0. With pivotal midterm elections just days away, both parties are using e-mail and autodialers to make hundreds of prerecorded phone calls per hour to get out the vote and raise last-minute funds.
Politicians and campaigns have been using e-mail and the Internet as a way of spreading their message for several years, but the technology's increasing sophistication is changing how politics is played. Today, parties and candidates can quickly and cheaply send well-tailored e-mails and phone calls while being able to update files on current and prospective supporters.

The danger, of course, is that the technology also makes it easier than ever for the parties to skirt the laws or even break them by sending e-mails to the wrong addresses, failing to comply with arcane telemarketing statutes, or wrongly linking government Web pages to sites run by one of the parties. And as the technologies develop faster than the regulations targeting them, further abuses are predictable.
Earlier this year, for instance, Republicans in Arkansas accused Democrats there of using public property for partisan purposes after a teacher used a computer terminal owned by the school district to send e-mail supporting Democratics in state eletions. The Republican National Committee, meanwhile, came under fire recently after a State Department Web site for its consulate in Guadalajara, Mexico, was linked to an RNC fund-raising page, an apparent violation of federal laws prohibiting government resources from being used for partisan purposes. The site was quickly taken down, and the RNC blamed the error on a low-ranking government employee.
"These are uncharted waters," says Fred Wertheimer, the president of Democracy 21, a campaign-finance watchdog group. "There's already a Wild West atmosphere when it comes to dealing with campaign finance laws, and technology just magnifies the uncertainties and ambiguities."
One area of increasing concern is the two parties' use of sophisticated autodialing systems. The Federal Elections Commission, which regulates campaign mailings and e-mailed communications, hasn't ruled on them. But the Federal Communications Commission regulations require all messages delivered by such systems to leave the address or telephone number of those behind the calls, though many politicians don't do so.
"Autodialing is a serious problem because the government appears to be entirely ignoring it," says Trevor Potter, a former FEC commissioner who is a now a lawyer in Washington. "You can spread virtually any message quickly, and never have to really say who you are or where you're calling from."

CUT COSTS
A few months ago, many California voters received a prerecorded message from Mr. Bush urging them to "support our great Republican candidates." The message said it was paid for by Team California and the California Republican Party, but failed to leave an address or phone number for either, in apparent violation of the FCC regulations. California GOP officials said they were looking into the matter, but had no further comment.
The technology also allows parties to cut their communications costs. For example, the DNC has run a pilot program to check the accuracy of the addresses on file for Democrats in the U.S. so their state affiliates won't waste money mailing letters to the wrong places. The party estimates it has saved more than $15 million this year.
Both parties largely see the new technology as a way of raising money, especially from small donors who will become crucially important when new campaign-finance rules take effect next month. And the Web sites of both major parties can accept campaign donations by credit card. DNC technology director Doug Kelly says online fund raising in recent months "has been going through the roof," though he declined to provide specific numbers.
Chuck DeFeo, Mr. Kelly's counterpart at the RNC, says his party is also doing well with its fund-raising requests such as the one sent by Mr. Bush earlier this month. "It was one of the most successful electronic solicitations we've ever done," he says.
Other politicians, however, are learning that technology brings its own complications. Earlier this year, California GOP gubernatorial candidate Bill Jones used an e-mail address harvester and a Korean Internet-service provider to end unsolicited bulk e-mails to prospective voters. The campaign sent hundreds of e-mails to addresses ending in the suffix ".ca," apparently thinking they were California voters. They weren't the addresses were in Canada.

       Copyright © 2002 Dow Jones & Company, Inc.
All Rights Reserved.
***************************
MSNBC
IRS, tax preparers OK free e-filing
ASSOCIATED PRESS

WASHINGTON, Oct. 31 Up to 78 million taxpayers will probably be able to file their tax returns electronically without charge under an agreement between the Internal Revenue Service and a group of tax preparers and software publishers.
"THIS REPRESENTS AN important step forward for taxpayers and our e-filing efforts," said IRS Commissioner Charles Rossotti, who signed the agreement Wednesday with Free File Alliance manager Mike Cavanagh.
Taxpayers usually pay a fee, averaging $12.50, for online filing, and that is on top of fees for preparation services or computer software. Of the 125.6 million tax returns filed this year, 46.5 million were filed electronically.
Under the terms of the agreement, participants in the consortium of preparers and filing services must provide free services to at least 10 percent of the taxpayers they serve in order to become a member of the consortium.
But IRS expects far more than 10 percent of taxpayers to receive free electronic filing, and to persuade preparers and services to join the consortium, IRS has agreed not to compete with consortium members in providing tax preparation and filing software. The goal is for 60 percent of the 2002 tax returns, or about 78 million, to be filed for free next year.
Public access to the free service will be available on a website to be launched in January, Treasury Secretary Paul O'Neill said. Links to the service will be available through www.irs.gov and www.FirstGov.gov.
With the signing of the agreement, most major tax preparers are expected to join the consortium.
President Bush has also proposed a 15-day extension for taxpayers who file electronically, including those who take advantage of the free-filing initiative. That proposal awaits approval by Congress.
****************************
Euromedia.net
European Commission favours broadband subsidies
30/10/2002 Editor: Pablo Asbo

As a part of the Eurescom summit 2002, which brought together representatives from government and industry to study the future for broadband in Europe, a representative of the European Commission defended the policy of subsidising the introduction of broadband infrastructure in certain areas.

Andrew Houghton, representative of the Commission's DG Information Society, put forward the example of the eEurope 2005 action plan which specifically advocates the use of EU structural funds to facilitate broadband access in remote and rural areas.

However, Joachim Claus, head of innovation management at Deutsche Telekom, rejected all types of state intervention in broadband services, including subsidies for the building of infrastructure.

On other issues, such as the scope of the regulatory framework necessary for further proliferation of the technology, more agreement was reached. It was argued that better regulation with more coherence throughout Europe is needed for broadband to be introduced successfully.
***************************
Sydney Morning Herald
English standards slip due to SMS usage
Singapore
November 1 2002

The standard of written English is getting sloppy among students in Singapore due to the overwhelming popularity of the Short Message Service, better known by its acronym SMS, the Straits Times said today.

Eight out of 12 secondary schools told the island's leading English daily there was no cause for alarm yet, but said students were increasingly using SMS-style English in their class assignments.

For instance, some students now spell the word "before" as "b4", "night" as "nite" and "with" as "wif".

Neo Tick Watt, a principal at Tampines Secondary School, said he was concerned efforts to promote the use of good English were "being undone by SMS."

But Montford Secondary School's principal Simen Lourds said it was natural for students to use SMS as it was the "in thing."

Some educators said students resorted to using SMS language due to laziness, but sometimes they are unaware that it was wrong.

"It can be grammatically incorrect, but because it is used so much, it becomes acceptable," said Suparman Adam, principal at Bukit Batok Secondary.

One student, Diana Lim, said she stopped using SMS language in her essays after her teacher failed two of her assignments, the report said.

A former British colony, the majority of Singapore's 3.2 million people are proficient in English, which is one of four official languages and the language of administration in the multi-racial Southeast Asian society.

But the widespread use of Singlish - a hybrid combining English, Chinese, Malay and Indian - was enough to spark a national campaign held annually in recent years to promote the proper use of the English language.
****************************
New Zealand Herald
Huge tides of daily internet use wash over South Korea
01.11.2002
By SIMON COLLINS

When millions of South Koreans took to the streets in red T-shirts and headbands during this year's World Cup, they used the internet to find where to go.

In September, when a Korea Development Bank official suspected a loan to a Hyundai company might have been used to make a secret $800 million payment to North Korea, word leaked out on a website.

And, when Seoul business strategist Joyce Lee planned a holiday in Germany, she entered one of one million "online communities" run by Korea's top internet portal, Daum Communications.

Using the Daum Cafe travel community, she got accommodation and rail service information from Koreans who had visited Germany.

Daum marketer Robin Kim and his wife used another online community when considering English language tuition for their son.

"I put 'educating children' on the keyboard and can find a lot of online communities about that. We can meet some teachers and parents in that community, so we exchange information," Kim says.

"A lot of people give the response that this is an appropriate time for a 7-year-old to learn English, so I am quite positive to enter the English class for my son."

In South Korea, probably more than anywhere, the internet is incorporated in people's daily lives.

Since 70 per cent of its homes use high-speed broadband internet, South Korea is charting a whole new world. In other countries, fewer than 10 per cent of people have broadband; in New Zealand only 4 per cent.

Korea's huge lead is no accident. Dr Suh Sam Young, president of its National Computerisation Agency, says: "From the mid-1980s there was consensus among Korea's leading groups that, even though we are behind in industrialisation, we have to be first in the information society."

In 1995, the Government contracted with KT (Korea Telecom) and Dacom to provide a nationwide broadband "backbone" including services to all schools, research institutes and public agencies.

Schools contractor KT agreed to supply 256-kilobytes-a-second broadband to schools free for five years.

In return, the Government put up 5 per cent of the network's $22 billion capital cost. Schools agreed to make KT their home page, to use multimedia for 10 per cent of the time in all classes and to assign homework requiring student use of the internet.

Suh says the telecom companies wanted a service charge of more than US$100 ($206) a month.

"We decided individual households have to use this, so the price has to be less than US$40 ($83) a month," Suh says.

When KT stalled in protest, two companies, Thrunet and Hanaro Telecom, quickly signed up thousands of customers in 1998-99. KT joined the race in December 1999.

"There has to be competition," says Suh.

Despite KT's doubts, Koreans proved willing to pay fees which now average about US$25 ($51) a month for education, for games - and for scandal.

Suh says when South Korean actors and actresses put one of their scandals on the internet, everyone wanted to see it. "That was what spread the demand for high-speed networks."

The Government provides free or discounted internet training for 10 million, including housewives, prisoners, the elderly, the disabled.

After the Asian crisis in 97-98, it hired unemployed people to put a huge amount of historical and official data on the internet. It pays educators to produce Korean-language educational material.

It provides free broadband access in 9000-plus public libraries, 2000 post offices and 3500 other public offices. School networks are open to the public after hours.

In addition, in 22,500 privately owned "PC rooms" (internet cafes) around the country, youths pay 1000 won ($1.70) an hour - mainly to play games.

In effect, the PC rooms created a market for broadband, which made people willing to pay for it at home. Now, says Suh, 96 per cent of households with school-aged children have high-speed internet.

A recent survey shows 49 per cent of internet use is to search for information, 26 per cent for games, 14 per cent for email, 3 per cent for education, 2 per cent each for chatting and shopping and 1 per cent for banking.

Seoul storekeeper Jang Myong Ja, 62, and her husband Lim Young Jai, 66, got free training with Silvernet, the Korean equivalent of New Zealand's Senior Net. Jang has written an article for the Silvernet website about a counselling centre for Alzheimer's Disease, and has a family homepage with a gallery of photos.

Her daughter-in-law, Paik Soo Yeon, uses the internet every day to read the newspaper, do shopping and get community news.

A Government pamphlet says many apartment blocks are wired up to local networks and the cost included in their monthly maintenance fees.

Their network bulletin board messages range from "What can I do for my baby who has a sudden fever?" to "I want to give away things that I don't use to someone who needs them".

"In the past people usually gathered at sarangbang [community rooms] to share their kindness and friendship among neighbours, but in our modern society the internet is filling that role," a brochure gushes.

Almost 9 per cent of all Korean transactions last year were done by e-commerce.

"Korean people don't have much time to do the supermarket, so use the internet market," says Harry Song, of Hyundai's online shopping network.

Books are the most popular internet buy (19 per cent), followed by computer hardware (11 per cent), houses (10 per cent), cosmetics (9 per cent) and leisure and hobby goods (8 per cent).

Daum and other agencies operate job-finding services. The Ministry of Labour also runs an employment database to help people find jobs.

An MP, Dr Huh Unna, sees high-speed internet as a tool for democracy. She is excited about a system that will let voters trace how taxes are spent in "real time", and records her views and diary on her home page so voters can respond.

The next stage in the Korean plan is internet access through mobile phones. Once again Korea leads the world: 64 per cent of the population has a cellphone and 83 per cent of cellphones are internet-capable.

Uses include a global positioning system to give you a map when you're lost, a used-car trading service to check car registration and settle payments, mobile banking and stock trading. Every Korean cellphone seems to have a fold-up screen over a keypad which is almost as small and thin as a calculator.

However, the Korean experience raises concerns, particularly about internet addiction. Last month, a 24-year-old man died in a PC room after playing computer games non-stop for 86 hours.

A recent Daum survey shows 15 per cent of Koreans are "internet-dependent", using the internet at least 40 hours a week, mainly to play games.

Just over half of Korean women use chat services, some until 5am or 6am, and then fall asleep in class or at work. The Information Culture Centre for Korea knows of 200 divorces caused by "a wife's online chat addiction".

Among lonely adults and teenagers, internet chatting replaces real relationships.

For New Zealand, Korea's online culture offers opportunities and lessons.

A lesson for traders is that selling in South Korea requires an internet presence. Tourism NZ is launching a Korean-language section of its website this month.

Politically, the Korean experience suggests that high-speed internet will not reach most people quickly without Government subsidy and commercial competition. In a globalised world, that access is likely to be increasingly important.

But New Zealand's small-scale society offers an opportunity to do better than Korea in using the internet as a tool to complement real, face-to-face activities and relationships - not replace them.

* Simon Collins visited South Korea with support from Asia 2000.
****************************
Earthweb
Pressure Grows For IT Security Pros
By Sharon Gaudin

IT and security administrators have a big job ahead of them in 2003, with Giga Information Group analysts predicting they'll have to push to stay on top of system patches and merge their technical efforts with straight-up business thinking -- all under the tight constraints of a flat IT budget.
[story http://itmanagement.earthweb.com/secu/article/0,,11953_1492031,00.html]

***********************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx