[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips October 22, 2002

Clips October 22, 2002

ARTICLES

Direct marketers want anti-spam laws
Two Dems Accuse HHS of Removing Info [Censorship]
Networks Act to Avoid More Blunders in Vote Tallies [E-Voting]
Errant E-Mails Ruffle House Democrats' Feathers
SeniorNet campaign pushes tech literacy
Internships go virtual as firms seek ways to save
A tough case to crack How IT can -- and cannot -- aid law enforcement?
Effort to double funding for science agency hits Senate snag [NSF]
Update: Navy searching for hundreds of missing computers
British Concern to Help U.S. Track Terrorists
Screensavers crack medical puzzle
Anti-terror fight goes to the source
Smart Fatigues Hear Enemy Coming
Professor's Case: Unlock Crypto
Terror Turns Real for Horror Site
Police Experts Meet on Internet Child Porn
Who controls your computer? [DRM]


*************************
CNet News.com
Direct marketers want anti-spam laws
By Declan McCullagh
Staff Writer, CNET News.com
October 21, 2002, 3:48 PM PT

The Direct Marketing Association said Monday that unsolicited e-mail has become so noxious that a federal anti-spam law is finally necessary.
Until now, the DMA has opposed the majority of anti-spam bills in Congress or offered only lukewarm support. But the ever-rising tide of junk e-mail has made the influential trade association rethink its stand.

"Even legitimate business' messages are not being looked at because of the get-rich-quick schemes and pornography and so forth," Jerry Cerasale, the DMA's vice president for government affairs, said in a telephone interview Monday afternoon.



The DMA's change of heart, which comes as the group meets in San Francisco for its 85th annual convention this week, means that a sizable obstacle to federal legislation has vanished. The DMA, along with its allies at the U.S. Chamber of Commerce and the National Retail Federation, have previously scuttled some anti-spam laws from being enacted by Congress.

"We absolutely need legislation," Cerasale said. "So we're going to have to work to get a compromise that'll have enough support so it will pass."

The DMA told the Senate Commerce committee in April 2001 that a law governing spam might not be objectionable if it overruled about 20 state laws currently on the books and prohibited only "the practice of sending fraudulent electronic mail messages" with forged headers.

Now the association, which boasts about 4,700 members that include direct mail, catalog and telemarketing companies, says it will lobby for legislation that has both of those requirements and also provides a way for recipients to remove themselves from future mailings. "We're finding that we need to give the consumers the choice to try and allow them to control their inbox, to try and say no, I don't want this, while leaving the medium open for commerce," Cerasale said.

But, Cerasale said, a federal requirement that consumers "opt in" instead of "opt out" of bulk e-mail is unacceptable. "We think the opt-in creates a true noneconomic model," Cerasale said. "We don't believe you get a viable economic model in opt-in."

Ray Everett-Church, who represents the Coalition Against Unsolicited Commercial Email (CAUCE) and other tech clients, says he's taking a wait-and-see approach.

"The fact that they are realizing that self-regulation hasn't solved the problem is a very important step," Everett-Church said. "It marks a welcome change in their thinking. But the folks in the anti-spam community are waiting to see what the DMA defines as acceptable under any proposed legislation."

Taking steps to can spam
In September, three consumer groups asked the Federal Trade Commission to take swift steps to stanch the flow of bulk e-mail.

The DMA opposed the suggested rules as overly intrusive, and the American Civil Liberties Union said the rules would be unconstitutional if adopted by the FTC. "Self-regulation is the way to go in terms of preserving First Amendment rights and, at the same time, making sure that frauds are not perpetrated," DMA Vice President Jim Conway told CNET News.com at the time.

Around the same time, however, the DMA and companies including AOL Time Warner and Verizon Communications began meeting in private to figure out if new laws were necessary.

Because Congress has adjourned until after the November elections, there's scant time left this year to enact an anti-spam law, meaning the legislative push would have to wait until the new Congress convenes in 2003.

If the DMA does start lobbying, Everett-Church says the big question will be the wording of the final bill: "The question is how are they going to define spam and solve the problem in a way that actually makes a difference to consumers' mailboxes?"
****************************
Associated Press
Two Dems Accuse HHS of Removing Info
Mon Oct 21, 6:36 PM ET

WASHINGTON (AP) - Two Democratic congressmen contended Monday that the Bush administration is putting ideology over science, citing appointments to advisory committees and the removal of information from Web sites.


Reps. Henry Waxman of California and Sherrod Brown of Ohio demanded explanations in a letter to Health and Human Services (news - web sites) Secretary Tommy Thompson.


They complained that information about the effectiveness of condoms had been removed from a Centers for Disease Control and Prevention (news - web sites) Web site; that experts serving on advisory committees were being replaced because their views do not match the administration's; and that HHS is singling out AIDS (news - web sites) groups with probing audits.


In addition, they said, information showing that abortion does not increase the risk of breast cancer (news - web sites) was removed from a National Institutes of Health (news - web sites) Web site. "Scientific information ... has been removed, apparently because it does not fit with the administration's ideological agenda," Waxman and Brown wrote.


They charged that "ideology has replaced scientific qualifications" as HHS chooses members of advisory committees. Among other examples, they pointed to a report on a CDC advisory committee on safe lead levels for children. The report found that nominations of respected academics had been withdrawn and replaced with consultants to the industry.


"We are deeply concerned that stacking advisory committees with individuals whose qualifications are ideological rather than scientific will fundamentally undermine the integrity of scientific decision-making at our leading public health agencies," the Democrats wrote.


HHS spokesman Bill Pierce said it is Thompson's prerogative to appoint whomever he chooses for advisory committees. By contrast, he said, Waxman and Brown "would like all of us to follow their agenda, their liberal agenda, on these issues."


"They should stop looking for conspiracy theories," Pierce added.
**********************
New York Times
Networks Act to Avoid More Blunders in Vote Tallies
By JIM RUTENBERG

Two years after the embarrassment of making erroneous projections in the 2000 presidential election, the major television news organizations are taking extra measures to avoid a recurrence.

CNN is contracting nearly 1,000 extra people to stake out polling places in important precincts to call in the vote tallies as they come in. ABC News, like NBC News, will isolate its election night analysts from other networks' reports and even its own producers to insure that competitiveness does not influence the results. The Fox News Channel is beefing up its exit polling unit. CBS News is sending monitoring teams into closely contested states to help decipher data.

All the networks say they will rein in the competitive instinct that drives them to be first, before declaring winners and losers.

At the top of each network's list is the development of a system that will reduce reliance on the Voter News Service, the network consortium that provides election results, polling data and projections.

Among the problems, network executives blamed the service for providing flawed exit poll data that led them to call Florida initially for Al Gore. This, Republicans said, may have led some voters to stay home. The system's failure to detect an overcount for George W. Bush in Volusia County, they complained, helped lead them to later report that Mr. Bush had won the state. That, supporters of Mr. Gore said, left the impression that he was a sore loser when he contested the vote.

The problems led the House Committee on Energy and Commerce to hold a hearing on the network missteps where a 10-minute video clip of the various misreports was shown.

"It was the perfect storm for election screw-ups," said Ken Johnson, a spokesman for the committee and Representative Billy Tauzin, Republican of Louisiana, who is the chairman. "Clearly, V.N.S. was the eye of the hurricane."

A new V.N.S. computer system has been designed to avoid the problems that plagued the 2000 election. But it is still undergoing vital testing, and all of its component parts might not be ready by Election Day.

Ted Savaglio, executive director of the news service, said the system's most important function, the actual tabulation of votes, was fully operational. But Mr. Savaglio said, its exit polling, which asks people how they voted and why, still has some glitches.

That means that the sort of analysis the service usually provides might be a little bit less robust than it has been in years past. Mr. Savaglio said the service might be able to provide exit polling in some states, or only on a national basis on such facts as how specific blocs voted in general.

The system that takes the raw material of the exit polls and precinct counts to project winners in the various races is also undergoing testing. Mr. Savaglio said he was hopeful, but unsure, it would be fully ready by Election Day.

While network executives expressed some frustration with the pace of getting the new system ready, they said they would rather it proceed carefully than too quickly. They said they had plenty of backup, including a separate vote-counting system run by The Associated Press.

"Our watchwords are 100-percent accuracy and reliability," said David L. Westin, the ABC News president. "We're not going to run anything with the risk that we're wrong."

Like its competitors, ABC has agreed not to project a winner in a given state until the scheduled closing time for all the polls.

ABC said competitive pressure partly contributed to the missteps in 2000. That is why it plans to keep its analysts away from televisions showing what the competition is reporting.

CBS News, on the other hand, will put its analysts in its main studio, to make sure that there is communication between anchors who hear regularly from experts and reporters in the field and executives making the actual decisions based on computer data.

CNN seems to be going to the greatest lengths to safeguard against error. Under a new system called CNN RealVote, the network will send nearly 1,000 people out to precincts in 10 key states. Those people "will actually phone in real votes when the ballot boxes are opened," said Walter Isaacson, the CNN chairman. "That's a system that's meant to be a double-check on exit polls."

All of the networks emphasized that they would move slowly this time.

"Viewers may have to stay up a little bit later to find out who runs the House and Senate," said John Moody, Fox News Channel senior vice president in charge of news. "But they will find out."
*****************************
Washington Post
Errant E-Mails Ruffle House Democrats' Feathers
By Dana Milbank
Tuesday, October 22, 2002; Page A25


President Bush and his aides called the congressional vote on Iraq a matter of conscience. Apparently not everybody in the White House shares that view.

A day after Congress voted to authorize Bush to use force against Iraq, a mass e-mail was distributed by the executive office of the president. It referred to Sen. Robert C. Byrd (D-W.Va.), who led the opposition to the resolution, as "doddering old Bob Byrd, the senile senator from West Virginia." It called Hispanic Democrats in the House who opposed the resolution "self-centered, do-nothing, $150,000/year plus perks yo-yo's."

"If they have a defense for their actions," the memo said, "they should deliver it to the kids in uniform that could one day have their ass shot off to protect these ninnies!"

Democrats demanded an apology and an explanation for the e-mail, written by a California Republican but distributed through White House e-mail by a White House official without identifying an author. The e-mail offered a view at odds with the official White House line that the Iraq vote was not about politics.

The author of this missive was Fernando Oaxaca, 75, a former Ford administration official and former chairman of the Republican National Hispanic Assembly. Oaxaca e-mailed the memo to GOP faithful across the country, including a few Bush White House officials. A White House aide then distributed the memo, without Oaxaca's name, to more than 100 Latino activists -- among them some staffers for the Hispanic Democrats Oaxaca had skewered.

"As far as I know it was an error, or a mispunching of a button in their e-mail system," Oaxaca said yesterday. He said he wrote the memo as a private citizen and the White House "is entitled to do what they want."

Sources said a relatively senior Bush aide liked the memo and directed a young aide to forward it to Hispanic Republican activists; the memo was accidentally sent instead, without explanation, to a mostly Hispanic Democratic group. Still, that does not explain why the White House would distribute such an e-mail, even to its allies.

On Oct. 11, White House press secretary Ari Fleischer described the previous day's Iraq votes as "matters of conscience, and the president thinks it is entirely appropriate for elected officials in both parties to exercise their good conscience on behalf of their constituents."

Fleischer's briefing ended at 12:57 p.m. At 2:49 p.m., the White House sent out the memo. Titled "Can you believe this?" the e-mail proclaimed the "sad results" that "every Latino Democrat in the Congress voted against supporting the president." It suggested the lawmakers "lack something our brave young volunteers in our armed forces have plenty of" and declared them "out of touch with their constituency and out of touch with America."

Referring to Reps. Jim McDermott (D-Wash.), David E. Bonior (D-Mich.) and Gary A. Condit (D-Calif.), the memo said of the Hispanic lawmakers: "Except for Bonior and McDermott, the congressional Baghdad Boys and Gary Condit, who else are they following? The other anti-Bush bloc voters, the Black Caucus?"

The memo closed with a series of phrases connected by ellipses: "Let's tell all these Washington folks how we feel . . . let's stay on their case . . . time is going by . . . the next anthrax or nerve gas delivery might come across our borders or dumped on our Embassies or Armed Forces facilities overseas . . . while we wait for the political circus to end!"

The e-mail ended with "Que verguenza!" -- Spanish for "how shameful."

That's what Rep. Silvestre Reyes (D-Tex.) thought -- for opposite reasons. On Friday, the combat veteran and chairman of the Hispanic Caucus fired off an angry letter to Bush requesting a "formal apology" and information about "what is being done to address this shocking misuse of government resources."

"Less than 24 hours after this serious issue was discussed on the floor of the people's House, one of your aides forwarded a mean-spirited, misguided and offensive message to dozens of individuals, including members of my staff," he wrote. Reyes expressed hope that "dissemination of such a mean-spirited message will be thoroughly investigated and those responsible will be appropriately disciplined."

White House spokeswoman Claire Buchan said the memo "was written by an outside activist and it does not reflect the president's views. We regret that it was mistakenly forwarded. The White House respects those who differ with us on this."

In another White House e-mail controversy, the president himself sent a solicitation for campaign funds that apparently went to some federal employees' government addresses. "Your donation . . . will make a big difference to my agenda to make America safer, stronger, and better," said the e-mail, from "President George W. Bush" at the address "georgewbush@xxxxxxxx"

The mass e-mail was intended for GOP faithful everywhere and likely was not targeting federal workers. But a government worker who received the solicitation at his ".gov" e-mail address complained to Rep. Henry A. Waxman (Calif.), ranking Democrat on the House Government Reform Committee, about a possible Hatch Act violation. "Obviously inappropriate, obviously illegal, and obviously a reflection that the administration will do anything to raise campaign dollars," said an obviously irritated Waxman.
***************************
Mercury News
SeniorNet campaign pushes tech literacy
By Mary Ann Ostrom
Mercury News


SeniorNet is launching its first national advertising campaign beginning today to encourage older Americans to become computer literate.

The yearlong campaign explaining the benefits of the Internet will consist of three public-service television ads in 23 markets, including the Bay Area. Planet Earth Media Foundation will produce the campaign, an in-kind donation valued at $4.7 million, and the San Jose-based Skoll Community Fund contributed a $250,000 grant.

SeniorNet, a San Francisco-based non-profit, provides support for more than 220 learning centers nationwide that train older adults in using technology. Although older adults are among the fastest-growing group to go online, a recent Pew Internet & American Life Project found only 22 percent of Americans ages 65 or older are regular Internet users. The first ad, being unveiled today at an event at Adobe Systems headquarters in San Jose, features a woman talking about the benefits of using the Internet to stay in touch with family and friends.

``It's clear we're not reaching everyone who needs to hear this message,'' said Ann Wrixon CEO and President of SeniorNet, founded in 1986. ``There are significant benefits to going online in terms of getting health information and avoiding social isolation. No one has taken on the challenge of doing the public education that needs to be done.''

Part of the campaign's aim is to draw the attention of government, business and community leaders in a bid to increase funding for older-adult technology training, Wrixon said.

Among speakers at today's campaign kick-off are Nuala O'Connor Kelly, the U.S. Department of Commerce's chief counsel for technology, Dixie Horning, executive director of the UCSF National Center of Excellence in Women's Health and SeniorNet's board chair, Jeff Skoll, former eBay president and founder of the Skoll Community Fund, and John Nicol, general manager of Microsoft Network's TV Services.
****************************
USA Today
Internships go virtual as firms seek ways to save
By Stephanie Armour, USA TODAY

Some cost-cutting employers are trying a novel alternative to the traditional student apprenticeship: virtual internships.

Companies are hiring college students to work on projects from afar rather than relocating them for short-term assignments. The programs, dubbed e-internships, are a new way for companies and pending graduates to get connected. (Related: Internship can give you a leg up.)

Employers are experimenting with the idea because more college students have access to computers, virtual work has become more commonplace and companies want to tap more-affordable labor sources. Firms can save money because the internships may be short in duration or unpaid. For example:

At Cardinal Health in Dublin, Ohio, college students in states such as Arkansas and Ohio have been hired for virtual internships. Using school computers, they've worked on data warehousing and other projects and searched for errors on Web sites. The students are paired with a mentor and are paid. The company is a provider of health care products and services.
Says Dennis Joseph, 23, a senior at Southern Arkansas University in Magnolia, who is testing applications as a virtual intern: "It tests your communication skills and shows you can work virtually."

International Truck and Engine, a maker of commercial trucks and diesel engines based in Warrenville, Ill., has launched a virtual internship program. Last year, four students at Hiram College in Hiram, Ohio, worked for the company and were supervised by phone and e-mail. The students, who each received $500, worked on a Web-marketing project.
"We get a lot of great work at a low cost," says Jim Clarke, manager of channel development in used truck operations. "The only thing is (that) they don't learn anything about the company culture. But it's a good recruiting tool."

At Edwards & Hill Communications in Baltimore, about 10 college students have participated in virtual internships. Using their own computers, the students post casting notices online for the multimedia company, which runs a Web site catering to the entertainment industry.
No one knows how many companies are offering virtual internships, but hiring experts say they're a creative approach that could catch on.

And even though students may never set foot in the companies that hired them, the e-internships often retain the hallmarks of traditional programs. Students often have mentors, projects to work on and online brainstorming sessions with colleagues.

"It was a pretty cool experience," says Guru Pinglay, 26, a technical support analyst at Cardinal Health who previously worked as a virtual intern and was hired in June. "The communication problems were more, but that was the only disadvantage."
*****************************
Federal Computer Week
A tough case to crack
How IT can -- and cannot -- aid law enforcement's search for a D.C.-area sniper
BY William Matthews
Oct. 21, 2002, 2002

Technology has received a prominent role in the hunt for a sniper who has killed nine and wounded two in a two-week spree in the Washington, D.C., metropolitan area, but even technology experts say the case is most likely to be cracked by cops, not computers.

"This is a fairly low-tech kind of crime," said Jay Siegel, a forensic science professor at Michigan State University's School of Criminal Justice. "What's going to solve this crime is old-fashioned police work. It does not require a lot of technology."

Nevertheless, numerous government agencies at the federal, state and local levels turned to information technology as a tool to help catch the sniper. Last week, the Army was preparing to contribute high-tech reconnaissance planes to track a getaway vehicle if another shooting occurs.

Meanwhile, police in Montgomery County, Md., where the shootings began Oct. 2, are working with a Canadian company to develop a computer-generated geographic profile of the sniper, which is intended to identify the area in which a criminal lives based on the locations of his or her crimes.

The FBI is using its computerized Rapid Start Information Management System to comb a vast database of evidence, tips and old cases, searching for similarities, patterns and matches that might steer police to the sniper.

The Bureau of Alcohol, Tobacco and Firearms has searched its National Integrated Ballistics Information Network for digital images of bullets or shell casings for any that might match the bullet fragments recovered from the shooting victims and the single shell casing found near a middle school where a 13-year-old boy was wounded Oct. 7.

Maryland state troopers have increased their reliance on recently acquired handheld computers for retrieving information from the Maryland Interagency Law Enforcement System, the FBI's National Crime Information Center and databases containing information on vehicles and suspicious individuals.

Despite the array of high-tech tools, after more than two weeks of sporadic sniping attacks, police still had no suspect, no motive, no composite sketch of the sniper, no positive identification of the gun, no license plate number and only a vague description of a possible getaway van and a truck.

"In the current state of things, you probably won't see a large impact" on the sniper case from computer and technology systems, said David Epstein, director of scientific services at the National Forensic Science Technology Center in Largo, Fla.

In some instances, the technology is too new to improve the chances of solving such cases. The ballistics information network, for example, "is still in the process of being rolled out," Epstein said. It contains relatively few ballistic images compared to the number of guns in circulation. Thus, finding a match for the sniper's weapon is highly unlikely, he said.

Early in the investigation, hope for a quick resolution was fueled by reports that the police were using geographic profiling to help locate the sniper's home.

With assistance from Environmental Criminology Research Inc., police created an electronic map that marked the location of each shooting. Based on that information, the profiling system used a complex algorithm to calculate where the sniper was likely to live. The procedure has been used in about 700 investigations and has been credited with helping solve about 150 of them, according to ECRI President Ian Laverty.

But in this case, days passed, shootings continued at sites more distant and dispersed, and the sniper remained at large. "What we usually find, having followed up on a lot of these cases, is that technology alone does not solve the crime and it's not intended to," Laverty said.

The science of extracting useful information from raw crime data, as geographic profiling does, "is just getting out of its infancy," Siegel said. "We're just learning that we can learn a lot from data."

That's what the FBI is trying to do with its Rapid Start system, said FBI spokesman Barry Maddox. Agents feed data and thousands of tips collected at the shooting scenes into the system, which analyzes them and compares them with data culled from old cases. Rapid Start hunts for data matches, similarities and patterns, and alerts agents to information that might point to a perpetrator.

Rapid Start, which has existed for more than a decade, was used in the investigations into the Oklahoma City bombing and the terrorist attack on USS Cole in Yemen, according to the FBI. Maddox wouldn't say whether it has yielded useful results in the ongoing sniper investigation.

The system has substantial capabilities, according to Siegel. Yet, 15 days after the first shooting, he was surprised that police still had not located the sniper's van. In a case like this, he said, technology is no substitute for "basic police legwork."

In all, a dozen or more law enforcement agencies have been working on the case, and their ability to communicate and cooperate showed marked improvement since their previous joint efforts, when they responded to last September's terrorist attack on the Pentagon and the anthrax attacks a month later.

Montgomery County, for example, used a notification system put in place after Sept. 11 to send electronic messages to key officials in the county when the sniper attacks began. "They were able to mobilize their emergency operations center and their emergency operations processes," said John Cohen, president and chief executive officer of PSComm LLC, a consulting firm that advises government agencies on how to use technology.

Extraordinary coordination among local, state and federal authorities made it possible for police to swiftly seal the exit ramps and block lanes along 20 miles of Interstate 95 and nearby roadways south of Washington, D.C., after the eighth slaying, which occurred at a Virginia gas station during rush hour Oct. 11. But the massive hunt came up empty-handed.

Police hope for better results with the aid of an Army RC-7 Airborne Reconnaissance Low plane, a small, four- engine plane mainly used to hunt for drug smugglers in Latin America and monitor North Korean military activities. Packed with $17 million worth of electronic systems, including computer-enhanced long-range cameras and heat-seeking sensors, the plane can stay aloft for about 10 hours.

John Pike, the director of GlobalSecurity.org, dismissed the idea that the plane's infrared sensors might be able to spot the flash of a rifle muzzle. And although equipment such as the plane's moving target indicator "is good for telling you whether the North Korean army is crossing" the demilitarized zone, it is not capable of spotting a vehicle of a particular color and tracking it through traffic, he said.

The long-range camera might prove useful if the plane happens to be in the immediate area of a sniper attack, but it would be useless if the attack occurs miles away, he said.

"This stuff isn't easy," Epstein said.
*****************************
Government Executive
Effort to double funding for science agency hits Senate snag
By William New, National Journal's Technology Daily

The reauthorization bill that would put the National Science Foundation (NSF) on track to double its budget in five years snagged in the Senate just before lawmakers recessed last week.

The bill, H.R. 4664, was set for voice-vote passage last Tuesday, according to the Senate Democratic cloakroom, but a senator anonymously objected, leading to no action before senators departed Thursday to campaign for the Nov. 5 election.

Industry groups charge that a Republican senator delayed action on behalf of the White House Office of Management and Budget (OMB), reportedly because of concerns about the planned spending increase. But an OMB spokeswoman said the office has no official position on the bill.

The House passed the measure June 5 by a margin of 397-25. It would authorize 15 percent funding increases for NSF each year from fiscal 2003 through fiscal 2005, including $5.5 billion for the agency next year, an increase of $719 million from fiscal 2002.

"The irony of the situation is [that] the appropriations committees have called for 13 to 14 percent program increases at NSF in the coming year," said David Peyton, director of technology policy at the National Association of Manufacturers.

Proponents of the bill said it would put NSF on a similar funding course as the National Institutes of Health (NIH), whose budget currently is being doubled over five years. According to an industry source, a White House official early in the Bush administration said that officials saw a lot of political support for NIH but not as much for other research areas.

As a result the tech industry "has been working hard" to increase political support for NSF's budget increase and believed it had succeeded. "So what's the problem?" the source said.

Funding for NSF falls under the appropriations bill for the Veterans Affairs and Housing and Urban Development departments.

Before departing, the Senate did approve by voice vote another bill sought by some in the tech industry. The measure, H.R. 2733, would authorize the National Institute of Standards and Technology (NIST) to work with manufacturing industries to develop and employ standards for information exchanges aimed at ensuring a seamless flow of information along the supply chain.


"We're looking for ways to reduce the costs of software duplication to the supply chain, where suppliers have to run multiple programs to do business with different customers" Peyton said. "We're going after excess cost in the supply chain."

The problem affects the automobile and aerospace industries in particular, he said. The bill would authorize $47 million over four years for NIST to work with industries. "We look forward to the appropriations committees funding the work in line with the authorization," Peyton said.
*****************************
Computerworld
Update: Navy searching for hundreds of missing computers
By DAN VERTON
OCTOBER 21, 2002

At least 595 laptops and desktops belonging to the Navy's Pacific Command in Hawaii have been potentially lost or compromised, according to an internal report that detailed the service's inability to account for hundreds of computers, some of which contained classified data.
The audit, conducted in July by the Naval Audit Service, concluded that the mishap poses a "threat to national security." It was obtained last week by Defense Week, a defense industry trade magazine, despite Navy efforts to block its release.

The report identifies failures and breakdowns in the Navy's system for tracking sensitive equipment deployed aboard Navy ships and submarines -- a system that remains largely paper-based and manual.

John Yoshishige, a spokesman for the Navy's Pacific Command in Hawaii, said that since last week the number of missing computers has been reduced from 595 to 187.

"And we expect that some of those may still turn up ashore," Yoshishige said. "The inventory in the report was only of afloat units."

He was referring to PCs and laptops used onboard ships and submarines.


In addition to ordering an inventory of all shore-based units, the commander of the Pacific Fleet has also directed that the command's CIO, known in Navy parlance as the N6, develop an inventory control management system that will be used by all Pacific Fleet commands.

This isn't the first time the military has lost computers containing sensitive data. For example, in August, two laptop computers classified at the top-secret level disappeared from a Sensitive Compartmented Information Facility (SCIF) run by the U.S. Central Command at MacDill Air Force Base in Tampa, Fla. The only reason those laptops were discovered to be missing was that Secretary of Defense Donald Rumsfeld had ordered investigators to look into how plans for an invasion of Iraq had leaked to the media.

Missing laptop and hard-drive fiascos have also stung the State Department, the Department of Energy and even the FBI in recent years. In August, the Justice Department acknowledged that it couldn't located 400 laptops and 775 weapons belonging to the FBI and the Drug Enforcement Agency. In addition, the classification level of 317 of the computers belonging to the FBI couldn't be determined.

Accountability problems often stem from the fact that individual military and civilian agency officials are appointed as control or accountability officers for a vast array of equipment, including mobile computers, desks and chairs, that's often deployed for extended periods of time around the world. In addition, the process of keeping tabs on equipment is often determined by the individual officer assigned to manage the hardware and isn't subject to any departmentwide or governmentwide standard.
*************************
New York Times
British Concern to Help U.S. Track Terrorists
By JOHN MARKOFF

SAN FRANCISCO, Oct. 20 Autonomy, a British developer of sophisticated information retrieval software, plans to announce on Monday that it has been chosen to provide an analysis system to help the United States government track suspected terrorists.

The company, which has headquarters here and in Cambridge, England, said that the General Services Administration had awarded it the multimillion dollar contract and that licenses for the software were being made available to the 21 agencies that may one day make up the proposed Department of Homeland Security.

The company's executives said they were not permitted to divulge the specific agency driving the contract award, but said that it was a "security-oriented agency."

John Cronin, Autonomy's vice president for the government sector, said that Steven I. Cooper, the chief information officer for the interim Office of Homeland Security established by the Bush administration, had been "very much" involved in the decision to purchase the software.

Autonomy's software uses statistical techniques to search for patterns of information across large masses of data. Mr. Cooper has said publicly on several occasions that the domestic security effort will require technology that will allow government agencies to share and analyze information, and that data-mining technologies will be a central part of the operation.

The Autonomy software will make it possible to build automatically updated indexes of disparate databases that are now maintained separately by different government agencies.

"The problem you have is that any one of these agencies can come up with pieces of the puzzle," said Michael R. Lynch, the chief executive of Autonomy. "This system will be accessed by over 200,000 people ranging from experts on shipping to experts on North Korea."

The chief knowledge officer of the Coast Guard, Dr. Nathaniel S. Heiner, said that a number of government agencies were already working toward integrating their data sources and that the Autonomy tool was a significant addition. "We can't leave any stones unturned when it comes to finding the right mix of information and getting it into the right hands," he said.

Industry analysts said that the Autonomy software could play a role in the effort to bring together information from different agencies with incompatible computer systems.

"They're looking at Autonomy as the simplest thing that can be incorporated into all of the agencies to build collaboration," said French Caldwell, a computing industry analyst at Gartner Inc., a market research firm. He added, however, that true collaboration would be a remarkably difficult challenge for the government. Many agencies currently do not even share secure electronic mail, he said.

One early application for the Autonomy software will be as part of a consolidated watch list for suspected terrorists that the agencies will maintain, according to Mr. Cronin of Autonomy. He described the possibility that dozens of separate data repositories would be accessible by Autonomy software known as the Intelligent Data Operating Layer, which is designed to integrate unstructured text documents and traditional database information.

Once the Autonomy indexing system is established, it could be used both to search all of the repositories simultaneously as well as to automatically generate alerts in response to certain inquiries.

The Autonomy software has the flexibility to search names and words with variable spellings as well as to retrieve information based on patterns that are related but may not match exactly.

The software is based on Bayesian statistical techniques, which are used to match patterns and are gaining favor among software designers and artificial-intelligence researchers.

The agencies that will acquire licenses to the Autonomy software under the contract include the Office of Homeland Security, the Secret Service, the Transportation Security Administration, the Coast Guard, the Federal Emergency Management Agency and the State Department.
****************************
BBC Online
Screensavers crack medical puzzle

The spare capacity of thousands of computers has helped scientists solve a complex problem - which could one day help them fight disease.

It is one of the first occasions so-called "distributed computing", in which each volunteer machine is given a chunk of data to compute, has led to a research paper published in a top scientific journal.

Problems suitable for "distributed computing" are those which would take years of processor time if carried out on just one, or a small group of computers.

However, if the task is divided between many thousands of computers, the time it takes to finish the job falls dramatically.

The downloaded software swings into operation when the computer has been idle for a set period.

The principle has been used for everything from the design of new drugs to the search for extraterrestrial life.

Folding conundrum

The success has been achieved by the Folding@home project, run by scientists at Stanford University in the US.

It is looking into proteins - essential chemical messengers which control many vital body functions.

Each long protein molecule is a sequence of amino acids folded into a complex, three-dimensional shape which is key to its particular role.

Protein misfolding is thought to play a role in many diseases, including CJD and Alzheimer's.

The aim of the Folding@home project was to simulate just part of this folding process, which takes just a few microseconds to happen.

A single average computer would take all day just to simulate one nanosecond of protein folding.

Willing volunteers

Folding@home was launched two years ago, and has so far recruited 200,000 PC owners.

A new recruit will download data analysis software, then be assigned particular computational tasks, sending the results back when they are completed.

A group of 30,000 computers was able to perform 32,500 folding simulations and accumulate 700 microseconds of data.

The results - predicting that a particular protein would take six microseconds to fold - tallied well with laboratory tests.

Dr Vijay Pande, from Stanford University, said: "These experiments represent a great success for distributed computing.

"Understanding how proteins fold will likely have a great impact on understanding a wide range of diseases."

The results were published in the online version of the journal Nature.

This is by no means the first success for distributed computing - it has cracked complex mathematical problems before - but it is the first to be published in a journal such as Nature.

The most famous project, the Search for Extra-Terrestrial Intelligence (SETI), which analyses radio telescope data, has also thrown up some promising "leads".
***************************
BBC Online
Anti-terror fight goes to the source

US anti-terror agencies are linking their intelligence databases to pool information about suspects and spot hints about future attacks.
The pool will include text documents, video and audio gathered from a regularly updated collection of sources of information about terror groups.

The agencies will analyse the information looking for trends, key individuals or recurring phrases that signify code words or concealed messages.

British firm Autonomy is providing the technology to sift through the data looking for clues.

Code clause

The US Department of Homeland Security is behind the project to unify the intelligence databases of the 21 agencies, which includes the CIA and FBI, and will try to ensure that anti-terror work becomes closely co-ordinated.

It hopes that by strengthening links between the intelligence databases of all the agencies involved in the fight against terror it will get a better idea of if, when and where future attacks might come.

Autonomy's software will be used to analyse text, video and audio sources looking for common concepts, phrases or individuals to produce a consolidated watch-list.

Analysis of freshly gathered intelligence will also help the agencies keep abreast of the plans of suspected terror groups.

The sophisticated analysis could also make it easier for anti-terror agencies to pick out the common code words or phrases used by groups to co-ordinate their activities.

More than 200,000 employees across the anti-terror agencies will be using the software.

Before now US anti-terror groups have struggled to find out how attacks are co-ordinated.

Widespread rumours that Al Qaeda is hiding passwords and plans inside pornographic images on the internet have not been substantiated, even after millions of images have been scanned.

The Department of Homeland Security was created after 11 September 2001 with the aim of preventing future terror attacks on US soil.
*****************************
CNET News.com
Google sued over site ranking
By Stefanie Olsen
October 22, 2002, 9:30 AM PT

Top billing in Google search results has become so coveted that one Web hosting company is suing for it.

Search King, an Oklahoma City-based Web site network and advertising seller, filed a lawsuit Friday against Mountain View, Calif.-based Google, alleging the search giant unfairly bumped down its Web addresses from top rankings in search results. The complaint was filed in the U.S. Western District Court of Oklahoma.

The popular search service "purposefully reduced Search King's value, as well as that of Web sites hosted by Search King," according to the complaint. This is "due to the fact that Search King was legally profiting from the page ranking assigned by Google to certain Web sites, with the intent to cause Search King's clients to cancel contracts with Search King."


Google could not be immediately reached for comment.

On its Web site, however, the company explains that Web site rankings may change each time it updates its index, which is every four weeks.

"You can be assured that no one at Google has adjusted the results to decrease the ranking of one site or increase the ranking of another," according to the site. "Google's order of results is automatically determined by several factors, including our PageRank algorithm."

At the center of the dispute are the "PageRank algorithm" and Google's hidden recipe for calculating search results--which have made it a hit with Web surfers the world over.

Though the company has largely kept secret its formula for answering queries with fast, germane results, it has publicized one big part of the equation. PageRank is a factor that determines a site's importance in results based on the popularity it has in the Web community--roughly tabulated by the number of links coming to that site and the importance of those pages linking to it. It boils down to a number between 1 and 10 given to a site to determine its position in specific results. Translated, a site with a PR 10 is favored in results over a site with PR 7.

According to explanatory notes on Google's Web site: "Google's order of results is automatically determined by several factors, including our PageRank algorithm. Due to the nature of our business and our interest in protecting the integrity of our search results, this is the only information we make available to the public about our ranking system."

Because Google is one of the largest search services on the Web, high ranking in its index could mean traffic from America Online, Yahoo and other licensing partners, as well from Google.com. With knowledge of how PageRank works, Web marketers and search engine spammers have tried to reverse-engineer the formula by creating elaborate link structures, or "link farms," to multiple sites to create page popularity and boost PageRank.

On a list of "do's and don't's" to get listed in the Google index, the company says Web sites should not "participate in link exchanges for the sole purpose of increasing your ranking in search engines."

Who's No. 1?
Some industry watchers say that the practice of building "link farms" resulted in recent changes to Google's search algorithm in September. Marketers such as Search King complain that Google's changes come with no forewarning to a Web community so dependent on it for traffic.

Search King owner Bob Massa said in the lawsuit that the site's PageRank was 7 out of 10 from February 2001 to July 2002, when it was then raised to an 8. But a month later, things went downhill for the network.

According to the complaint, the Web hosting company in August started the PR Ad Network--an advertising network in which it sold text links on the popular Web sites to get them a better listing in Google's results.

Shortly after Search King boasted the trick, the PR number for its Web site and those it hosts dropped from an 8 to a 4. The PR Ad Network itself was given a zero, "which in the Internet community is recognized as a manually determined penalty," according to the suit.

"Due to the high value associated with page rank, the purposeful reduction of Search King and related Web sites' page rankings has damaged (its) reputation and diminished its value," according to the suit.

"Google, as a provider of a ranking system upon with the Internet community relies, must apply the system in a manner that is not arbitrary, nor aimed at restraint of trade."

Search King is seeking a preliminary injunction against Google to be restored to its previous ranking. It is also seeking unspecified damages in excess of $75,000, a threshold it is using to file the suit under claims of tortious interference with contractual clauses.
*****************************
CNET News.com
Justice Dept. reaches for "smart" gun
By Sandeep Junnarkar
October 22, 2002, 8:02 AM PT


The U.S. Justice Department is turning to technology to help guns recognize whose finger is on the trigger.

The National Institute of Justice, the research and development arm of the Justice Department, is teaming up with Metal Storm, an electronic gun maker, to study how a firearm could be designed to determine whether the person wielding it should be allowed to fire it.

"If an officer drops a gun or it is taken away from him during a tussle, a 'smart' gun could not be turned against him because there would be means of specifically identifying the authorized user," said Charles Vehlow, Metal Storm's chief corporate officer. "The study will identify the various technologies that could make this possible and recommend the best ones to use."


The research will focus on biometrics systems such as fingerprint technologies, computer chips that could be programmed to recognize an individual's grip or other physical features, and electronic keys and codes.

"Biometrics clearly have advantages over keys and codes in terms of time needed to activate or disarm a firearm," said Vehlow.

Interest in biometrics--systems that recognize people by scanning for unique physical features such as fingerprints, an eye's iris and the contour of a face--has surged since the terrorist attacks on the Pentagon and World Trade Center in September 2001. Law enforcement agencies and private companies in the airline and travel industry are hoping to rely in part on some new technologies to help counter security threats.

Within law enforcement, there is a sense of urgency to find a way to protect officers from their own firearms. A review conducted over a 10-year period looking at how law enforcement officers were killed found that one in six was shot to death by their own firearm after being disarmed by a suspect. The report, dubbed the "FBI's Law Enforcement Officers Killed and Assaulted Uniform Crime Report," also found that 113 firearms were stolen from police officers during that period.

Earlier, the National Institute of Justice funded the Sandia National Laboratories, to the tune of $500,000 to study the problem of firearms being taken away from police officers, identifying the extent to which officers are assaulted and killed with their own firearms and also identifying the requirements officers would want in a "smart gun."

The institute is providing Metal Storm, a company traded on the Nasdaq Stock Market, with almost $200,000 for the current research and development. The company, based in Arlington, Va., said it would submit the results of the study in the first half of 2003, providing an analysis of the design, use, manufacturing process and costs of delivery a "smart gun."
******************************
Wired News
Smart Fatigues Hear Enemy Coming

Call it a security blanket for soldiers: GIs may someday march into battle armed with a swatch of fabric rather than bulky electronics.

Computer scientists and textile experts are working together to weave fabric with electronics that can assist the military in sound detection and other useful applications.


Researchers at the University of Southern California and Virginia Tech have developed a fabric woven with conductive wires and a cluster of seven button-size microphones that can be used to detect the sound of remote objects, like approaching vehicles.

"The fabric gives us the capacity to make very large computing systems with integrated sensors and integrated power supplies and to do this very cheaply with existing textile manufacturing capabilities," said Mark Jones, a professor of electrical computer engineering at Virginia Tech.

A small circuit board attached to the fabric compares the sounds from each microphone and uses algorithms to compute the direction the sound is coming from.

That direction, called the line of bearing, is then reported by radio to a laptop or PDA that the soldier carries.

Currently, pockets in the fabric hold the batteries that power the system. In future models, the circuit board and batteries would be woven into the material.

The fabric can be placed on the ground or hung from a tree in unsafe areas like potential combat zones. The material could also be used to manufacture tents or parachutes.

It's a cheaper and less cumbersome alternative to some of the mobile detection systems the military uses now, which are usually mounted onto trucks or jeeps, said Bob Parker, deputy director of USC's Information Sciences Institute.

A prototype of the special fabric will be tested in November. Parker estimated that the fabric will detect objects more than 100 meters away.

To build the prototype itself, researchers first had to find a weaver.

Until she received the e-textile project's unusual request, Dana Reynolds had only woven scarves and decorative cloth.

"It was pretty scary because I have never dealt with weaving with wire and I was clueless as to how it would behave," said Reynolds, who has been weaving as a hobby for several years. "Actually, it's turned out to be pretty easy."

Reynolds wove in about 24 strands of wire in each direction with light, crocheted cotton thread. She wove three different layers of material: the vertical wires are on the bottom, the horizontal wires are on the top, and in between the two is a buffer layer. The buffer prevents the wires from short-circuiting.

"I had to manually dig down through the layers and pull up one intersection of the horizontal and vertical wires and hold them together temporarily with a pin," Reynolds said. "They took those intersections and attached whatever microphones."

She estimated that the whole process took several hundred hours --including discussions with researchers, setting up the loom and doing the weaving.

She used 40 balls of crocheted thread plus the wires to create the prototype. The next prototype will be larger, measuring 30 inches by 10 yards.

Mixing the old art with state of the art electronics is tricky because it's still in the earliest stages of development.

"Textile folks and computer scientists have to learn to speak a common language, and that's only begun to happen," Parker said. "They approach problems from very different viewpoints."

A professor at North Carolina State University has developed a similar project and sees e-textiles as a burgeoning industry.

"Look at the fabrics around you," said Abdelfattah Seyam, who teaches at NC State's College of Textiles. "We have fabric on seats, carpets, wall coverings. We have a really giant area covered by textile fabrics.

"There are millions of fibers in a little square of fabric. Taking some of these fibers would be more than enough to form very advanced electrical circuits," he said.

Seyam said existing textiles machines must be modified to incorporate devices that can connect conductive fibers.

Once that's accomplished, the potential applications are numerous.

In the case of homeland security, if a person is carrying a weapon or chemicals in an airport, carpets and wall coverings made of e-textiles could identify them.

"Microphones, radio transmitters, sensors to measure pulse rate and body temperature, GPS -- you can have all of that incorporated into fabric," said Anuj Dhawan, a PhD student in fiber and polymer science and electrical engineering at NC State. The average soldier, then, "doesn't have to carry electronic equipment and his mobility can be increased."

Eventually, e-fabric could be programmed to lift up a corner of the material by itself and take a photo, or roll up and move on its own, Parker said.
***************************
Wired News
Professor's Case: Unlock Crypto

Daniel Bernstein seems intent on striking the deathblow to U.S. government regulations on cryptography.

The latest chapter in his decade-long battle began to unfold on Friday, when lawyers representing both the Department of Commerce and Bernstein, a University of Illinois associate professor of mathematics, statistics and computer science, prepared to ask federal district court judge Marilyn Hall Patel to grant a summary judgment. At stake: the last remnants of a system that once prevented U.S. citizens from releasing software code that creates secure, electronic communications.

Bernstein is trying to eradicate the last of the export laws that previously kept Americans from distributing any work related to cryptography.

It's a bit confusing to some in the cryptography arena who feel that the current laws allow anyone to distribute their programs without fear of reprimand. Bruce Schneier, security expert and author of Applied Cryptography, said the future battle over encryption won't be trying to free software code, but rather preventing corporations from using it to limit rights.

"We always thought about cryptography as being a tool to protect the little guy versus the big guy," said Schneier. "It never occurred to us that the Digital Millennium Copyright Act would get passed."

Even with the looming fight over the DMCA, many are still uncomfortable with the court battle Bernstein continues to wage.

"When you empower people to do things, we empower them to do bad things," said Mike Godwin, staff council at the Center for Democracy and Technology. "It's a hard problem: What do you allow people to do in a free society? This is the hard part of democracy. You have to end up trusting people."

The problem, the government claims, occurs when the technology falls into the hands of people outside democracies. Earlier this year, for example, The Wall Street Journal bought a computer in Kabul, Afghanistan, that held encrypted files. The news organization broke the security -- with the help of the government -- revealing a wealth of information about al-Qaida activities.

The security was relatively easy to break, since the al-Qaida operatives who owned the computer used an off-the-shelf, 40-bit encryption program. However, if they had used one of the newer, more powerful encryption programs, those messages would likely have been lost forever.

That has been the heart of the government's fight to limit general access to cryptography for the last 30 years. It does this by requiring people to apply for a license called a commodities jurisdiction. Without this license, nobody can export any cryptography product, which includes publishing it on the Web -- and, for good reason, according to Stewart Baker, an affable Washington lawyer with Steptoe &amp Johnson.

Baker, who was general counsel for the National Security Agency from 1992 until 1994, said there is strong evidence, for example, that World War II was won because we had better cryptographers than Germany and Japan. Behind tight security at Fort Meade, Maryland, the NSA has teams of mathematicians and programmers working on the some of the world's most powerful supercomputers, making and cracking codes.

Making the knowledge freely accessible to everyone, Baker said, takes away one of the United States' strategic advantages.

Bernstein has repeatedly beaten back the government's attempt to restrict cryptographic technology. But, Baker said, much of that battle was waged during a different political climate.

"If it had come up 10 years later, this battle probably could have been won," Baker said. "But even then it would have been a very hard battle because there are so many valuable uses for encryption.... My guess is that at the end of the day, we would have ended up here."

Here is a place where very strong public encryption technology is available to the public, thanks to a handful of people, working in a loose collective led by Dr. Whitfield Diffie. The group developed their own system for secure communication that was so strong the NSA deemed it a threat to national security to sell it commercially. That started an epic battle between the government and the technology community, which is chronicled in Steven Levy's book Crypto.

The legal flare-up began in 1995 when Bernstein filed suit against the State Department, claiming the export laws that limited where academics could publish their research were unconstitutional.

With the help of Cindy Cohn, now a staff attorney with the Electronic Frontier Foundation, Bernstein successfully challenged the government's ability to restrict publishing code. In 1999, Patel agreed with Cohn. Three years later, the 9th Circuit Court of Appeals upheld Patel's ruling.

Since then, the government has eased restrictions on export technology, although the government still maintains the right to limit certain exports.
*****************************
Wired News
Terror Turns Real for Horror Site

Matt Rexer admits that he was hoping to raise a little hell on his website.

But the sudden appearance this week of a message purporting to be from Osama bin Laden, head of the al-Qaida terrorist network, on Rexer's Clive Barker fan site truly spooked the horror film fan.

The message that turned up on Rexer's site congratulated the "... Islamic world for the heroic operations of courageous jihad carried out by its pious fighter children in Yemen, against the tanker of the crusaders, and in Kuwait, against the American invasion and occupation forces," and was signed "Osama bin Mohammad bin Laden, your brother."

Rexer's site isn't the only one forced to act as an unwilling al-Qaida content host, according to online antiterrorist activist Andrew Weisburd.

Weisburd has been tracking the Web activities of terrorist organizations for the last several months. He said that takeovers have occurred on at least three other sites recently.

Rexer said he had no idea why his "geeky tribute to a horror movie series" was selected as a home for a terrorist rant.

"I find it utterly bizarre that they'd bury their message in the middle of a page that celebrates a decadent, sin-filled, Western movie series and that also sports the word 'hell' all over the place," Rexer said.

Rexer's life was further complicated when a report by the AFP news wire service appeared in newspapers around the world, pointing to islammemo.com and Rexer's cenobite.com as the two websites that had posted bin Laden's latest message.

After the story ran, Rexer's site started to get a lot of interesting new visitors.

"It was not a fun experience at all," Rexer said. "It's both terrifying and infuriating to check your site's log and see that suddenly a whole bunch of your http_referrers are coming from Arabic anti-American sites."

The message didn't appear directly on Rexer's site, but could only be found by accessing the site through a URL that led to the file where Rexer stored images for the site.

Rexer only found out that his website had been altered when a French blogger contacted him after reading the AFP story to ask about the unusual contents of Rexer's site.

Rexer said that he discovered on Tuesday that his Web host company, Liquid Web, had also (briefly) hosted alneda.com, a site listed as belonging to the Center for Islamic Research that many believe is an al-Qaida communication site.

The Alneda site has been attacked on a regular basis and currently bears the message "Hacked, tracked and NOW owned by the U.S.A."

Rexer speculates that familiarity with the hosting company may have allowed his site's attackers to exploit a security hole on its servers.

Liquid Web could not immediately be reached for comment.

Mike Sweeney, owner of networking consultant firm Packetattack, said it appeared Rexer's user ID and password for the administrative side was cracked, and the attackers probably used a well-known weakness on the Web server to bypass security.

"This is not a site hijack but more of a parasite website," Sweeney said. "You have the host website and then buried within it is a second website, or the parasite site."

Sweeney said the attack could have easily been performed by someone with no real technical skills using tools widely available online.

Rexer said after he discovered bin Laden's message lurking on his website he quickly shut down access to the site, changed his password and informed his Web hosting company of the problem.

"Liquid Web deleted the folder that contained the bin Laden garbage and gave me the last IP to log into my account," Rexer said. "I used Visual Traceroute's demo page to trace that IP to a German DirecPC.com user."

Sweeney said it was obvious from the tracks left behind that whoever altered Rexer's site wasn't particularly skilled.

"Any hacker worth their bits would have cleared the log so there would not be obivious traces of someone being there," Sweeney said. "Any IP that is found there will probably be a cybercafe or a site that had been hacked and then jumped from. Tracking it back probably won't really accomplish all that much."
****************************
Reuters Internet Report
Police Experts Meet on Internet Child Porn
2 hours, 2 minutes ago

THUN, Switzerland (Reuters) - Police and criminologists from 34 countries began a three-day meeting Tuesday aimed at combating crime against children, especially pornography on the Internet (news - web sites), officials said.



Some 85 experts are taking part in the talks which follow a series of raids across Europe netting thousands of suspected pedophiles or customers of online child pornography sites.


The specialized group from Interpol, the international policing organization, links experts from Asia, the United States, Europe and Africa and strives to keep up with rapid technological advances.


Makers of child porn on the Web leave few traces, making it difficult to identify and prosecute them.


Interpol has gathered some 150,000 images of child abuse from all over the world. It shares information with countries on previous cases, especially those just joining the online age.


"It is very important that law enforcement (groups) share this information so organizations which are new in this field don't have to start from the beginning," said Anders Persson, Interpol criminal intelligence officer in human trafficking.


Swiss Justice Minister Ruth Metzler told the meeting demand for child porn, "with younger and younger children and harder scenes," was increasing.


"Morals know no boundaries and children are turned into cheap products. According to Unicef (news - web sites), a million children are forced each year into pornographic productions that generate $20 billion in sales," she said.
*****************************
Reuters Internet Report
Internet Providers Snub UK Data Demands
Tue Oct 22,11:51 AM ET
By Corinne Amoo

LONDON (Reuters) - The Internet (news - web sites) industry dealt a blow to Britain's tough anti-terrorism legislation on Tuesday by refusing to reveal personal cyber-data to police.



It has turned down a request from Home Secretary David Blunkett to allow police and intelligence officers to access the personal records of their customers on request without the approval of a judge.


The government's plans have drawn fire from civil liberties campaigners.


"Millions of innocent users of telephone, email and internet will have their private communications information and their movements stored on the off chance it might be of use in the future," said Roger Bingham from Liberty, a civil liberties lobby group.


Blunkett's anti-terrorism surveillance plans urge Internet providers to store the personal information of British web and email users for longer periods of time.


They also urge the Internet providers to make this personal information accessible to intelligence and law enforcement agencies, without seeking judicial approval.


"Data retention is not intended to infringe the privacy of the law-abiding citizen but is designed to ensure that terrorism is in no way assisted by the developing technologies," said a Home Office spokesman.


The Internet Service Providers Association (ISPA) are key players in the dispute and have told their members not to comply with the government's request, which they feel violates the Data Protection Act, 1998.


"We do not feel we can recommend Internet Service Providers voluntarily to comply with the government's proposed code of practice," an ISPA spokesman told Reuters.


"There are other laws such as the Regulation Investigatory Powers Act, 2000 where law enforcement agencies can ask for personal information on approval by a judge."
******************
Sydney Morning Herald
Who controls your computer?
By Richard Stallman
Comment
October 22 2002

Who should your computer take its orders from? Most people think their computers should obey them, not obey someone else. With a plan they call "trusted computing," large media corporations (including the movie companies and record companies), together with computer companies such as Microsoft and Intel, are planning to make your computer obey them instead of you. Proprietary programs have included malicious features before, but this plan would make it universal.

Proprietary software means, fundamentally, that you don't control what it does; you can't study the source code, or change it. It's not surprising that clever businessmen find ways to use their control to put you at a disadvantage. Microsoft has done this several times: one version of Windows was designed to report to Microsoft all the software on your hard disk; a recent "security" upgrade in Windows Media Player required users to agree to new restrictions. But Microsoft is not alone: the KaZaa music-sharing software is designed so that KaZaa's business partner can rent out the use of your computer to their clients. These malicious features are often secret, but even once you know about them it is hard to remove them, since you don't have the source code.

In the past, these were isolated incidents. "Trusted computing" would make it pervasive. "Treacherous computing" is a more appropriate name, because the plan is designed to make sure your computer will systematically disobey you. In fact, it is designed to stop your computer from functioning as a general-purpose computer. Every operation may require explicit permission.

The technical idea underlying treacherous computing is that the computer includes a digital encryption and signature device, and the keys are kept secret from you. (Microsoft's version of this is called "palladium.") Proprietary programs will use this device to control which other programs you can run, which documents or data you can access, and what programs you can pass them to. These programs will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If you don't allow your computer to obtain the new rules periodically from the Internet, some capabilities will automatically cease to function.

Of course, Hollywood and the record companies plan to use treacherous computing for "DRM" (Digital Restrictions Management), so that downloaded videos and music can be played only on one specified computer. Sharing will be entirely impossible, at least using the authorized files that you would get from those companies. You, the public, ought to have both the freedom and the ability to share these things. (I expect that someone will find a way to produce unencrypted versions, and to upload and share them, so DRM will not entirely succeed, but that is no excuse for the system.)

Making sharing impossible is bad enough, but it gets worse. There are plans to use the same facility for email and documents -- resulting in email that disappears in two weeks, or documents that can only be read on the computers in one company.

Imagine if you get an email from your boss telling you to do something that you think is risky; a month later, when it backfires, you can't use the email to show that the decision was not yours. "Getting it in writing" doesn't protect you when the order is written in disappearing ink.

Imagine if you get an email from your boss stating a policy that is illegal or morally outrageous, such as to shred your company's audit documents, or to allow a dangerous threat to your country to move forward unchecked. Today you can send this to a reporter and expose the activity. With treacherous computing, the reporter won't be able to read the document; her computer will refuse to obey her. Treacherous computing becomes a paradise for corruption.

Word processors such as Microsoft Word could use treacherous computing when they save your documents, to make sure no competing word processors can read them. Today we must figure out the secrets of Word format by laborious experiments in order to make free word processors read Word documents. If Word encrypts documents using treacherous computing when saving them, the free software community won't have a chance of developing software to read them -- and if we could, such programs might even be forbidden by the Digital Millennium Copyright Act.

Programs that use treacherous computing will continually download new authorization rules through the Internet, and impose those rules automatically on your work. If Microsoft, or the U.S. government, does not like what you said in a document you wrote, they could post new instructions telling all computers to refuse to let anyone read that document. Each computer would obey when it downloads the new instructions. Your writing would be subject to 1984-style retroactive erasure. You might be unable to read it yourself.

You might think you can find out what nasty things a treacherous computing application does, study how painful they are, and decide whether to accept them. It would be short-sighted and foolish to accept, but the point is that the deal you think you are making won't stand still. Once you come depend on using the program, you are hooked and they know it; then they can change the deal. Some applications will automatically download upgrades that will do something different -- and they won't give you a choice about whether to upgrade.

Today you can avoid being restricted by proprietary software by not using it. If you run GNU/Linux or another free operating system, and if you avoid installing proprietary applications on it, then you are in charge of what your computer does. If a free program has a malicious feature, other developers in the community will take it out, and you can use the corrected version. You can also run free application programs and tools on non-free operating systems; this falls short of fully giving you freedom, but many users do it.

Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime.

There are proposals already for U.S. laws that would require all computers to support treacherous computing, and to prohibit connecting old computers to the Internet. The CBDTPA (we call it the Consume But Don't Try Programming Act) is one of them. But even if they don't legally force you to switch to treacherous computing, the pressure to accept it may be enormous. Today people often use Word format for communication, although this causes several sorts of problems (see http://www.gnu.org/philosophy/no-word-attachments.html). If only a treacherous computing machine can read the latest Word documents, many people will switch to it, if they view the situation only in terms of individual action (take it or leave it). To oppose treacherous computing, we must join together and confront the situation as a collective choice.

For further information about treacherous computing, see http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html.

To block treacherous computing will require large numbers of citizens to organize. We need your help! The Electronic Frontier Foundation (www.eff.org) and Public Knowledge (www.publicknowledge.org) are campaigning against treacherous computing, and so is the FSF-sponsored Digital Speech Project (www.digitalspeech.org). Please visit these Web sites so you can sign up to support their work.

You can also help by writing to the public affairs offices of Intel, IBM, HP/Compaq, or anyone you have bought a computer from, explaining that you don't want to be pressured to buy "trusted" computing systems so you don't want them to produce any. This can bring consumer power to bear. If you do this on your own, please send copies of your letters to the organizations above.

Postscripts:

1. The GNU Project distributes the GNU Privacy Guard, a program that implements public-key encryption and digital signatures, which you can use to send secure and private email. It is useful to explore how GPG differs from treacherous computing, and see what makes one helpful and the other so dangerous.

When someone uses GPG to send you an encrypted document, and you use GPG to decode it, the result is an unencrypted document that you can read, forward, copy, and even re-encrypt to send it securely to someone else. A treacherous computing application would let you read the words on the screen, but would not let you produce an unencrypted document that you could use in other ways. GPG, a free software package, makes security features available to the users; they use it. Treacherous computing is designed to impose restrictions on the users; it uses them.

2. Microsoft presents Palladium as a security measure, and claims that it will protect against viruses, but this claim is evidently false. A presentation by Microsoft Research in October 2002 stated that one of the specifications of Palladium is that existing operating systems and applications will continue to run; therefore, viruses will continue to be able to do all the things that they can do today.

When Microsoft speaks of "security" in connection with Palladium, they do not mean what we normally mean by that word: protecting your machine from things you do not want. They mean protecting your copies of data on your machine from access by you in ways others do not want. A slide in the presentation listed several types of secrets Palladium could be used to keep, including "third party secrets" and "user secrets" -- but it put "user secrets" in quotation marks, recognizing that this is not what Palladium is really designed for.

The presentation made frequent use of other terms that we frequently associate with the context of security, such as "attack," "malicious code," "spoofing," as well as "trusted." None of them means what it normally means. "Attack" doesn't mean someone trying to hurt you, it means you trying to copy music. "Malicious code" means code installed by you to do what someone else doesn't want your machine to do. "Spoofing" doesn't mean someone fooling you, it means you fooling Palladium. And so on.

3. A previous statement by the Palladium developers stated the basic premise that whoever developed or collected information should have total control of how you use it. This would represent a revolutionary overturn of past ideas of ethics and of the legal system, and create an unprecedented system of control. The specific problems of these systems are no accident; they result from the basic goal. It is the goal we must reject.

Richard Stallman is the founder of the free software movement.

Copyright 2002 Richard Stallman
Verbatim copying and distribution of this entire article is permitted without royalty in any medium provided this notice is preserved.
****************************
Broadband News Online
NGN 2002 Keynote: Cyber Security - Vulnerabilities, Threats, and Responses
The United States must prepare for a major attack on its networks at a level that could bring down the economy, warned Richard Clarke, Special Advisor to the President for Cyberspace Security, Critical Infrastructure Assurance Office (CIAO), in a keynote address at the Next Generation Networks conference in Boston . No one should assume that future attacks to networks will be simply the worms, viruses and denial of service zombies that we have experienced in the past. Al Qaeda, Iraq , or some other terrorist group could target the basic mechanisms of the Internet, seeking to disable or destroy key switches, routers and transmission facilities. Too many vulnerabilities exist. Preparing for such a threat, argued Clarke, is everyone's responsibility, not simply the role of government. He believes that Internet security currently faces a "tragedy of the commons" - everyone believes that someone else should be responsible for maintaining and securing the common good. While the federal government played a key role in creating the Internet, Clarke argued that the government should not run or regulate the Internet. It should be an advisor to industry, a role model and fund basic research.

Clarke shared nine specific security goals that he asked network equipment vendors and service providers to work on:



Routers and switches must be designed with security in mind. Today, they are generally shipped without security features activated, and most do not use encryption and authentication.
Address the security vulnerabilities of BGP now
Address the security vulnerabilities of DNS now
Quickly adopt protocols that enhance security, especially IPv6. A world of mixed IPv4 and IPv6 implementations actually increases the security threat.
Address the physical security of our networks, especially key sites and fibers where the backbone is concentrated. Peering points and telecom hotels are vulnerable. Real redundancy, diversity and protection are needed.
ISPs should not blindly pass off traffic to their peers. They have the responsibility to know what is in the packets and not to hand off viruses or attacks. We need technology that allows us to scan packets in real time at high speeds.
We need a NOC system that can provide a real-time, holistic view of the entire Internet. The industry could achieve this with some government support.
We must get over the belief that segmenting networks is a "violation of Internet religion." We need some air-gapped networks, such as for utilities, aviation, banking, etc.
Security must be designed into systems from the beginning. It is not acceptable to rush technology to market before finding and fixing the vulnerabilities, or treating security as a difficult to use add-on.
Last month, the Bush administration announced a Draft National Strategy to secure Cyberspace. The government is currently seeking input and commentary from the industry and the general public. Clarke encouraged everyone review and comment on the plan, which can be found at: http://www.whitehouse.gov/pcipb/
*******************************

Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx