[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips October 29, 2002



Clips October 29, 2002

ARTICLES

Bush to Sign Voting Revamp Bill
Sun shields server rooms from attack
Reuters Accused in Privacy Case
Roster Change Government IT personnel moves
RealNetworks to release player source code
Nonprofit to Create Open Source Software
Who owns your e-mail?
P2P App's Aim: Defend Free Speech
E-mail greeting card hides porn
Study tallies sites blocked by Google

***************************
Associated Press
Bush to Sign Voting Revamp Bill
1 hour, 24 minutes ago
By SANDRA SOBIERAJ, Associated Press Writer

WASHINGTON (AP) - President Bush (news - web sites) is signing legislation to revamp the nation's voting system and protect against the kinds of errors that threw his own election into dispute two years ago.

The White House scheduled a morning bill-signing ceremony for Tuesday, starting Bush's two-day respite from campaigning for GOP House, Senate and gubernatorial candidates in next Tuesday's elections.


Under the Martin Luther King Jr. Equal Protection of Voting Rights Act of 2002, states will receive $3.9 billion in federal money over the next three years to replace outdated punch-card and lever voting machines or improve voter education and poll-worker training.



The new law's protections against voting error will not affect next week's balloting but are scheduled to be mostly implemented in time for the 2004 congressional and presidential vote, which will most likely include Bush's re-election bid.



It was Bush's bitter 2000 Florida recount battle with Democrat Al Gore (news - web sites) with its confusing "butterfly ballots," half-perforated punch ballots and allegations of voter intimidation that gave rise to the legislation. Bush's election was ultimately decided by the Supreme Court.



The House approved election changes late last year and the Senate followed suit in April, but Republican demands for strong anti-fraud provisions stalled reconciliation of the two versions for months. Lawmakers did not send a final bill to Bush until last Wednesday.



"This has been a long marathon, but the finish line is finally in sight and the winner is the American public," said Senate Rules Committee Chairman Chris Dodd, D-Conn. "This landmark legislation will ensure that everyone not only has the right to vote on Election Day, but that their voice is heard."



Beginning Jan. 1, first-time voters who registered by mail will be required to provide identification when they show up at the polls.



By the 2004 vote, states will be required to provide provisional ballots to voters whose names do not appear on voter rolls. Those provisional ballots would counted once valid registration is verified.



For 2006 balloting, states will be required to maintain computerized, statewide voter registration lists linked to their driver's license databases. States will also be required to have voting machines that allow voters to confirm the way they marked their ballot and, if necessary, change their votes before they are finally cast.



Such voting software was tested in one jurisdiction in the 2001 Virginia gubernatorial election. The Century Foundation, which reviewed the results, found that the "lost vote" rate went from between 600-700 votes in the 2000 election to just one vote in 2001, said Tova Andrea Wang, a staffer to the National Commission on Federal Election Reform who later oversaw the foundation's study.


"The bill goes a long way toward addressing a lot of the problems, but the extent to which the bill works relies on what the states do because they are given a lot of discretion," said Wang.

"A new polling machine is fine and great as long as people know how to use it, and there's no specificity in the legislation on poll-worker training and voter education."

Wang and other election experts also worry that discriminatory enforcement of the voter-ID requirements could especially disenfranchise minorities, the poor, immigrants and students. She called the provision "something that may have to be revisited."
***************************
Reuters
Pro-Islamic Hackers Gear Up for Cyber War, Experts Say
Tue Oct 29, 4:30 AM ET
By Michael Christie


SYDNEY (Reuters) - Pro-Islamic hackers are on the frontline of a potential new cyber war after the end of a cease-fire by "hacktivists" and virus designers that followed the September 11 attacks on the United States, Internet experts say.



Pro-Islamic hackers are escalating attacks against countries backing the U.S. war on terror and its campaign against Iraq, while the "Bugbear" worm and last week's strike on the Internet backbone signal that cyber villains are again on the prowl.


London-based computer security firm mi2g said on Tuesday that October had already qualified as the worst month for overt digital attacks since its records began in 1995, with an estimated 16,559 attacks carried out on systems and Web Sites.



The firm which advises banks, insurance and reinsurance firms on security said politically motivated attacks had risen "sharply."



"We have noticed that more and more Islamic interest hacking groups are beginning to rally under a common anti-U.S., UK, Australia, anti-India and anti-Israeli agenda," it said.



According to the zone-H database, an independent site which monitors hacker activity, politically motivated Web Site defacements make up around 11 percent of the total.



Most hacking is attributable to "script kiddies" from Brazil to Germany "bragging and strutting," said Dean White, the SANS Institute Internet Storm Center coordinator for the Asia Pacific.



But real-life events like the September 11 anniversary, simmering violence in Israel, bombs in the Philippines or the October 12 blasts that killed 180 people on Indonesia's island of Bali all could be expected to serve as inspirations on the Web.



SOMETHING AROUND THE CORNER



"We were saying we have to be ready and we have to be prepared, it's been quiet for too long, there's going to be something around the corner," White told Reuters.
*****************************
New York Times
Online in Cairo, With News, Views and 'Fatwa Corner'
By DANIEL J. WAKIN


CAIRO, Oct. 28 Inside a run-down building in a middle-class Cairo neighborhood, a hybrid group of eager young dot-commers and idealistic religious messengers produces one of the Islamic world's leading Web sites, Islam-Online.net.

"We all consider this an act of jihad, how to liberate people's minds from ignorance," said Ahmed Muhammad Sa'ad, using "jihad" in its sense of spiritual struggle. Mr. Sa'ad is a recent religious school graduate and a prize-winning reciter of the Koran who helps channel readers' requests for religious rulings, or fatwas, to Islamic legal scholars around the world.

Islam Online says it wants to present a positive view of the faith to non-Muslims, to strengthen unity in the Muslim world and to uphold principles of justice, freedom and human rights. Scholars of the region say they see the Web site as a leading example of efforts by moderate Muslims to push for the Islamization of societies by nonviolent means.

"There's a desire to make it a one-stop shop," said John L. Esposito, a professor of religion and international affairs at Georgetown University. "But obviously no single Web site can do that for anything, let alone the Islamic world."

The Web site also has an English version, aimed at Muslims living outside the Arab world. Professor Esposito points out that only about a quarter of the world's 1.2 billion Muslims speak Arabic, and that for the rest, English is an increasingly common second language.

The site is ambitious in content. Along with news articles, there are in-depth discussions of Islamic issues, political analyses, discussion groups, advice pages and a "fatwa corner," where readers can ask questions or look up past edicts from religious scholars. That is where Mr. Sa'ad works.

The promulgation of fatwas by call-in shows and Web sites has spread in recent years. Islam Online provides private responses for personal issues, and public ones for questions of general interest. One recent day, the Arabic site advised a questioner that killing women and children in war was forbidden unless they were warriors; that a woman could appear unveiled before her son-in-law; that abortions of deformed fetuses were wrong if the condition was one that could be lived with.

The site's news section reflects the point of view of most media in the Arab world, emphasizing the suffering of Palestinians, criticism of Israeli policies and opposition to the United States' policy on Iraq. The commentary section is generally mild in tone. The site appears to steer clear of touchy doctrinal issues, like traditions that separate Shiites from Sunnis.

During a reporter's recent visit to the offices here, young employees sat at work over computer keyboards behind a series of closed doors. About 100 people, mostly Egyptians, with a sprinkling of others from across the Arab world, work here; most of the women on hand wore head scarves.

In the newsroom, Eman Ahmed, 24, a graduate of Cairo University in her first job, was rewriting a correspondent's account of the Bahraini elections. "I am doing good things for Muslims and Islam," she said. In the fatwa room, a group of graduates of the prestigious Islamic university Al Azhar, including Mr. Sa'ad, dealt with requests for religious rulings. Later, work stopped throughout the offices for evening prayers.

Mutiullah Tayeb, the Web coordinator, said Islam Online was receiving about 250,000 page views a day, which he said made it the leading Islamic site. "We have to have mutual understanding, conversation," he said, "and not allow other people just to describe Islam on behalf of Muslims."

The Web site began operating three years ago in Doha, Qatar, where its technical and corporate offices are located. Qatar's leader, Sheik Hamad bin Khalifa al-Thani, has made efforts to create a more open, liberal atmosphere. Another prominent result of that openness is Al Jazeera television, which has broadcast messages by Osama bin Laden and his confederates, and has drawn criticism from governments across the Arab world for its outspoken ways. The Qatari royal family, which finances Al Jazeera, is a major supporter of the Web site, according to its deputy editor, Hossam el-Din el-Sayed.

Islam Online and Al Jazeera are both feeling the influence of an Egyptian-born cleric, Sheik Yusuf Abdulla al-Qarawadi. In addition to acting as the Web site's spiritual guide and chairman of its board, he has gained prominence through a regular call-in show on Al Jazeera, in which he expounds on theological topics and answers questions about Islamic practices and principles.

He has given mixed signals on the subject of women, saying that nothing in the Koran forbids their voting or driving but that a woman's main role is as a mother.

Sheik Qarawadi, who has a history of anti-American views, condemned the Sept. 11, 2001, attacks as a "heinous crime," saying on the Web site that the killing of innocents is a "grave sin" under Islam. But the sheik also condemned Egypt's leading Muslim scholar for rejecting terrorist attacks that killed Israeli civilians. The perpetrators were fighting colonizers, he said, and in Israel all men and women are "soldiers."

But Mr. Sayed, the site's deputy editor, said that Islam Online was by no means a mouthpiece for the sheik. He, like others interviewed at the site's offices, emphasized that it was a vehicle for a broad range of mainstream Islamic views.

"I have this idea about sharing the principles and concepts of Islam with humanity," he said. "We are defending justice, not only Muslims."
********************************
CNET News.com
Sun shields server rooms from attack
By Michael Kanellos
Staff Writer, CNET News.com
October 28, 2002, 9:00 PM PT


Sun Microsystems has come up with a way to insulate computer networks from fires, floods and bomb attacks: Split up the machines and put them in different cities.
The Sunnyvale, Calif.-based server manufacturer on Tuesday will unveil its Enterprise Continuity program, a collection of services and technology designed to prevent network failure by physically separating computers that work together in a unified cluster.


Properly installed, computers in the same cluster--running, for example, a stock trading system or conducting drug research--could be located 125 miles away from one another without increasing latency or lag time. Current fiber connections only allow computers in a cluster to be separated by six miles. Beyond that distance these computers can't function seamlessly to run the same application together.


"This allows you to pick up half your cluster and get it out of the disaster footprint," said Chris Wood, director of technology sales and marketing in Sun's storage division. "You want to move from disaster recovery to didn't stop in the first place."


Nortel Networks participated in the project and will assist Sun in implementing installations.

The Sept. 11, 2001, terrorist attacks and other events in recent years have prompted a surge of interest in physically distributed computing. The German government, for example, has passed legislation that banks geographically disperse their processing centers. Downtime caused by outages can quickly cause millions' worth of damage.

To date, companies have mostly hired disaster recovery companies to perform data retrieval or create systems that mirror ongoing operations to prevent downtime. Some companies have tried services similar to the one that Sun is selling as well.

Although not cheap, Enterprise Continuity will be less expensive compared with many traditional disaster recovery options because the active computer systems and the backup systems are the same thing. If an explosion knocks out half the cluster, the remaining half will absorb the work.

The system depends largely on an artifact of the dot-com era: dark fiber. In the late 1990s, companies planted miles of fiber-optic cable into the ground in Europe and North America. A substantial portion of it has yet to be used.

In Enterprise Continuity, customers will exclusively lease portions of this unused fiber and create a dedicated, secure link between two halves of a separated cluster. In developing the system, Sun largely worked on tuning its servers and storage systems for this sort of architecture while Nortel examined the high-speed communications issues.

"It turns out that putting distance into architectures that were originally designed to run 500 meters (500 yards) was a bigger challenge than expected," Wood said. The long-distance lasers on the market now, for instance, only reach six miles, which made them ineffective.

These systems, which will all involve custom installations, will be targeted at the largest 1,000 companies in the world. Sun has certified that its StorEdge 3900, 6900 and 9900 storage systems and the SunFire 15k server can be used in these installations.
*************************
Associated Press
Reuters Accused in Privacy Case
Mon Oct 28, 3:46 PM ET


STOCKHOLM, Sweden (AP) - A small Swedish information technology company Monday filed criminal charges against news service Reuters PLC for obtaining an earnings report from a Web page it considered private.



Intentia International asked Sweden's National Criminal Investigation Department to investigate whether Reuters PLC broke the law by retrieving parts of Intentia's third-quarter report from a Web page before Intentia released it publicly.


Reuters published Intentia's report on Oct. 24 after it became available through Intentia's Web site. The report was available to anyone who typed the correct Web address. But Thomas Ahlerup, a spokesman for the company, said the Web page was not available through normal channels on the site.



He said Intentia's legal advisers consider Reuter's action to be an infringement of laws that govern information technology property.



Reuters' Nordic bureau chief in Stockholm, Jonathan Lynn, said in a statement that the company was surprised by Intentia's stance. Reuters published information on the results "after they had been accessible over the Internet."



A release from Reuter's London headquarters said "there was no substance to the allegations that it made an illegal entry to Intentia's IT systems."



Last week, Reuters published an earnings report from banking group Nordea AB ahead of the scheduled release. Nordea has acknowledged that parts of the report were mistakenly put on its Web site.



Ahlerup said that if authorities deem that Reuters retrieved the information from a public part of the Web site, it could set an important precedent, making anything on a company's Web server public information, he said.



"We want the authorities to test what can be considered to be private or public," Ahlerup said.



Ahlerup wouldn't comment on whether the company had made market-sensitive information available before it was released.
***************************
Federal Computer Week
Roster Change Government IT personnel moves
Oct. 29, 2002.


Fred Thompson, a longtime information technology official at the Treasury Department, will end his 30-year federal career on Nov. 1.

He is leaving the federal government in the midst of a departmental reorganization that resulted in cuts to the IT staff.

Thompson, assistant director for consulting and marketing at Treasury's Office of the Chief Information Officer, is the latest IT official to announce his departure. Last week, Mayi Canales, the acting CIO, said she was leaving her job in government effective Oct. 25 to start a consulting business.

Mike Parker, currently the director of Enterprise IT Business Planning and Assurance for Treasury's CIO office, will become the interim acting CIO while officials look for a permanent candidate. Parker began his tenure at Treasury as director of financial management for the CIO office in 1999.
*****************************
Government Computer News
DOD settles on new rule for software buys


By Dawn S. Onley
GCN Staff

The Defense Acquisition Regulations Council published a final rule Friday requiring contracting officers to first review the Defense inventory for commercial software and maintenance services before checking elsewhere.

The rule adds the Enterprise Software Initiative requirements to the Defense Federal Acquisition Regulation Supplement Subpart 208.74.

"The goal is to achieve significant savings to the taxpayer through lower prices and better use of software licenses," the council wrote in the rule.

The Defense ESI working group lobbied for the rule as a way to put some teeth in a two-year-old mandate that was widely overlooked. A July 2000 memorandum from the Defense CIO's office required contracting officers to consult ESI when buying commercial software and maintenance services, but the memo was often ignored. The latest move by the council makes the measure a part of the DFARS, the rules that procurement officials must follow in purchasing for military agencies.

The rule requires Defense contracting officers to first check the Defense inventory for large software buys, said James S. Clausen, co-chairman of the group. The blanket purchasing agreements offer DOD agencies discounts of up to 90 percent off list prices for items such as communications software, database products, office automation and security tools.

If the inventory does not have an enterprise agreement for a particular product, or if a contracting officer is not satisfied with the price or terms, he or she can apply for a waiver to use another vehicle, officials said.
*****************************
Government Executive
GSA awards contract to upgrade Web site


From National Journal's Technology Daily




Responding to the Bush administration's call to offer more citizen-focused services, the General Services Administration (GSA) has awarded a contract to overhaul its Web site.



The agency said Monday that it has awarded the $930,000 contract to Bates Worldwide and its partner 141XM. The initiative follows a marketing study that GSA conducted last February outlining the need to make the site more user friendly.



In particular, customers said the site contains too much information that is not always intuitively organized. Work already has begun on the site to meet the spring 2003 deadline.



GSA's Office of Citizens Services and Communications will be conducting customer surveys and working with internal stakeholders "to determine the type of information clients want to see on the Web sites," said Tom Skirbunt, acting director of strategic planning and marketing.



GSA may look to sites like FirstGov.gov as models for aspects of the GSA redesign.
***************************
Computerworld
Net's Vulnerability Exposed
Attack on root servers resulted in moderate damage - this time
By Jaikumar Vijayan and Patrick Thibodeau
OCTOBER 28, 2002


Last week's assault on the Internet's core addressing system may not have caused much real damage, but it highlights the Internet's vulnerability to more sophisticated cyberattacks in the future, security analysts warned.
All 13 of the Internet's root Domain Name System servers - three of which are located outside the U.S. - were victims of a massive distributed denial-of-service attack on Oct. 21.


"It was the single most elaborate and focused attack on the DNS network that we have ever seen," said Tom Ohlsson, vice president of Matrix NetSystems Inc., an Austin, Texas-based Internet performance monitoring company.

The attack appears to have been an attempt to disrupt the Internet by clogging root DNS servers with useless traffic. The root DNS servers provide the vital translation services needed for converting a Web name such as www.computerworld.com into a corresponding numerical IP address.

But overall Internet service appears to have been largely unscathed, with few major disruptions reported, Ohlsson noted.

That's because most of the information contained in the 13 root DNS servers is cached in redundant and hierarchical fashion across multiple secondary DNS servers.

"On the plus side, this shows that despite all those apocalyptic projections, the Internet is more resilient than people think," said John Pescatore, an analyst at Gartner Inc. in Stamford, Conn. "But it also shows that the basic plumbing of the Internet still has vulnerabilities that need to be addressed or brought up to business-quality levels."

Simple Solution

The relatively simply nature of last week's DDOS attack is what made it easy for administrators to detect and choke off the offending traffic in a few hours, analysts said.

But service would have started degrading if the attack had been sustained long enough for the information contained in the secondary DNS caches to start expiring - a process that usually takes from a few hours to about two days, analysts added.

"This wasn't exactly the most sophisticated attack in the world," said Jerry Brady, chief technology officer at Guardent Inc., a security consultancy in Waltham, Mass. "But I've got to believe that this is going to inspire a lot more attacks like this in future."

In a DDOS attack, hackers typically break into and take over thousands of poorly protected networked computers - including those in homes - and use such "zombies" to send torrents of useless data at target servers or networks.

"It is the electronic equivalent of somehow getting 50,000 phones to dial 911 at the same time," said Mark D. Rasch, former head of the U.S. Department of Justice's computer crimes unit.

The Internet Corporation for Assigned Names and Numbers (ICANN), the private group that's charged with ensuring the stability and security of the DNS, will discuss methods for improving DNS security at its annual meeting next week in Shanghai.

Among the fixes ICANN will be looking at is deploying the DNS Security protocol to improve data origin authentication, said Stephen Crocker, an Internet pioneer and computer scientist who heads the ICANN security committee.

The more daunting problem is improving the security of PCs sold without any security protections. "It's a public nuisance issue," Crocker said.

And DNS servers aren't the only component of core Internet infrastructure that can be taken down by such attacks, analysts say. For instance, an attack directed against a few well-selected Border Gateway Protocol routers - which are used to exchange routing information for the Internet - could cause large portions of traffic to be misdirected at will, said Ted Julian, president of Arbor Networks Inc., a Lexington, Mass.-based vendor of DDOS prevention tools.

Last week's attacks "represent an important escalation of these kinds of threats," Julian said. "DDOS is no longer being targeted at single Web sites, but at the entire Internet infrastructure."
****************************
USA Today
RealNetworks to release player source code


SEATTLE (AP) Microsoft has billions of dollars working to its advantage, but crosstown rival RealNetworks is hoping to line up the rest of the world on its side.

RealNetworks on Tuesday planned to release most of the secret blueprints, or "source code," to its software that allows computer users to play audio and video over the Internet. It planned to similarly release the source code for its server and encoding software in December.

By sharing the code with thousands of developers, the company believes it can more quickly and more effectively spread adoption of its software tailored for scores of different computers, wireless phones and handheld devices.

Still, the Seattle-based company is keeping other parts of its source code secret, including the blueprints for such features as burning compact discs.

The release is part of RealNetworks' new "Helix" strategy, announced in July. The company is the latest convert to the so-called "open-source" software movement of sharing software blueprints. The idea is that an assortment of programming talent will improve and build upon existing technology.

That's a starkly different strategy than Microsoft follows. The Redmond-based software giant closely guards its source code and considers such open-source software as Linux operating systems and server programming as significant competitive threats.

RealNetworks now has 300 million users of its media-playing software, mostly on personal computers. It wants to reach 1 billion users in five years, on everything from cell phones to handhelds, chief executive Rob Glaser said. Not counting media software embedded in browsers, RealNetworks has a slight edge over Microsoft, with about 31 million home users in June, compared with 30.1 million for Microsoft players, according to the research firm comScore Media Metrix.

Since the announcement, more than 2,000 developers have signed on to the RealNetworks Helix Web site to participate, the company said. RealNetworks is offering two licenses one for enthusiasts who must agree to make their creations available for free to anyone in the community and another for companies who must pay a royalty to RealNetworks for any commercial programs built off the source code.

Microsoft said RealNetworks' Helix initiative is a ploy.

"Real is using open source theatrics to try to change the perception among the developer community that they are hard to work with and too restrictive in their licensing terms," said Michael Aldridge, lead product manager of Microsoft's Windows Digital Media.

RealNetworks needed to make such a strategic change in order to keep pace with the explosion of interest in digital media, said Richard Doherty, director of research firm The Envisioneering Group in Seaford, N.Y.

"No one can handle it all," he said. "So the only way RealNetworks could expand is to give up some of the magic through open source."

Regardless of whether it's an offensive or defensive move, it helps differentiate RealNetworks from Microsoft in a race that has grown too close to call, said Max Flisi, an analyst with International Data Corp. "They wanted to do something that was not just 'let's release the next version and claim it is twice as fast.' "
*****************************
New York Times
Nonprofit to Create Open Source Software
By LAWRENCE M. FISHER


SAN FRANCISCO, Oct. 28 Mitch Kapor, a software industry pioneer, has started a nonprofit organization to create software applications in the manner of the "open source" movement, in which the underlying code is freely shared with the public.

Mr. Kapor, who in 1982 created the first so-called killer app for personal computing, the Lotus 123 spreadsheet, and was a co-founder of the Lotus Development Corporation, has financed the new organization, the Open Source Applications Foundation, with $5 million of his own money. But he is also accepting donations. Andy Hertzfeld, a leader of the original Apple Macintosh development team, has joined as a full-time volunteer, and the foundation has five other employees, all based in San Francisco.

The foundation's first software program is to be a personal information manager, or PIM, as such programs are known. Code-named Chandler, the software is to combine e-mail and calendar functions with tools for sharing files among multiple users. Mr. Kapor said he planned to release a functional portion of the program by the end of the year, and hoped to have a finished product by the end of 2003. At this time the Foundation plans to release Chandler, both the production program and the underlying source code, as a free download, but Mr. Kapor said he would not rule out a commercial package, most likely from a third party.

"I actually think the PIM is the central productivity application, not the word processor or the spreadsheet," Mr. Kapor said last week. "Where people spend their time is their e-mail and calendar," he said. "I've felt frustrated that what is out there falls short of something satisfying."

Most large companies use Microsoft's Outlook Express for e-mail and calendars. But the program's more advanced features, like file sharing and collaboration, are available only when it is used with Microsoft Exchange, a more costly product requiring network server computers. Mr. Kapor said Chandler would offer this kind of performance to smaller organizations at much lower cost by using so-called peer-to-peer technology, which relies on the users' PC's and eliminates the server.

"Individuals and small organizations are at a disadvantage today," he said, "and I'm an old PC guy. I'm in favor of end-user empowerment and decentralization." Mr. Kapor said Chandler was aimed at filling an unmet need for smaller organizations, not at unseating Microsoft in large companies. Groove Networks, a company backed by venture capital and founded by the Lotus Notes creator, Ray Ozzie, has also produced a peer-to-peer e-mail and collaboration program, but it, too, is primarily aimed at large companies, Mr. Kapor said.

The Open Source Applications Foundation will offer its code free to individuals or organizations, provided they also make any code they produce using the foundation's work freely available as well. Companies producing proprietary commercial products with the foundation's underlying code will pay a fee.

Jeff Tarter, editor of Softletter, said he was skeptical that there was a market for Mr. Kapor's new venture, but the success of the Linux operating system had also defied the skeptics.

"I haven't seen any evidence that there's a hole in the market here," he said. "But all the rational people have been completely wrong about most of these markets. So the fact that this sounds loony is probably a good thing."
*************************
CNET News.com
Who owns your e-mail?
By Evan Hansen
October 29, 2002, 4:00 AM PT


Nancy Carter has a message for Internet service providers: Keep your hands off my e-mail.

The Toronto, Ontario-based freelance TV producer has been battling U.S.-based Inter.net Group for the past 16 months over a billing dispute she says may have cost her a lucrative job opportunity. Now she wants $110,000 in damages over a policy that led Inter.net's Canadian subsidiary to keep her ISP account open for incoming e-mail even while denying her access to the account.

Beyond the money, Carter said she wants to change the way ISPs handle suspended and canceled e-mail accounts. At stake, she asserts, is an industrywide practice that amounts to extortion, in which ISPs may hold private communications hostage until bills are settled up.



E-mail has "entered our lives at warp speed, and the law needs to keep up," she said of her lawsuit, filed earlier this month in federal court in Canada. "You can't interfere with the mail. The post office has to return a letter even when it doesn't have enough postage."

Carter's legal odyssey is unfolding in the wake of bankruptcies among major ISPs including Excite@Home and Northpoint Communications, failures that have put ISP consumer protection issues on the front burner for lawmakers in the United States.

Dave Kramer, an attorney with Palo Alto, Calif.-based firm Wilson, Sonsini, who is not involved in Carter's suit, said disputes over suspended e-mail accounts in the United States are typically covered by terms of service contracts that consumers agree to when they sign up with ISPs. In general, he said, such contracts give ISPs wide latitude to set conditions, including collecting and refusing to hand over e-mail until bills are settled.

"Still, I wouldn't be surprised to see ISPs tweak their contracts" in response to the case, Kramer said.

Related consumer protection issues have already been heating up in California, where Gov. Gray Davis recently handed Internet companies a split decision.

Davis late last month signed a bill that requires e-mail service providers to give 30 days' notice before shutting down e-mail accounts. The law, which goes into effect Jan. 1, 2003, does not apply in situations where an account holder has violated the terms of service or when service is interrupted for reasons beyond the e-mail provider's control.

Davis subsequently vetoed a more sweeping bill that would have enacted the same restriction on ISPs (Internet service providers). The governor called the bill "well intentioned," but said it failed to provide sufficiently for cases of consumer misconduct or technical mishap.

A question of privacy
Carter's legal quest began last year, when she filed a complaint with the Privacy Commissioner of Canada charging Herdon, Va.-based Inter.net with violating the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).


Enacted in 2000, the law prohibits anyone from collecting personal information without consent and putting it to commercial use.

Carter argued that Inter.net had violated the law by collecting e-mail messages addressed to her and using the files as a weapon to force her to pay a disputed bill.

The commissioner does not reveal the names of parties involved in suits brought before him. Nevertheless, Carter said the findings related to her case were published in a report issued Aug. 28. In that brief, the commissioner found that the ISP in question had failed to adequately disclose its policy on delinquent accounts, and agreed that the policy violated PIPEDA, clearing the way for a civil trial.

A representative for Inter.net, a company formed following the bankruptcy of PSINet last year, declined to comment on the finding or the lawsuit.

According to Carter, Inter.net presented her with a $214 charge for 14 months of service that had gone unbilled because of an accounting error.

Carter said she agreed to pay half, an arrangement the company initially accepted but later rejected. At that point, she terminated the account and signed up with an alternate provider, Carter said.

The old account, however, was kept open under suspension without her knowledge, she said, and e-mail continued to pile up. Carter eventually was able to retrieve 24 e-mail messages some three and a half weeks after the cancellation, including one from a potential employer encouraging her to apply for a $65,000 contract job at the Discovery Channel. Prior to the e-mail, Carter and her potential employer had exchanged telephone messages about the position. Unbeknownst to her, the e-mail would have been the next link in that chain, but by the time she got it, the position had been filled.

In his report, Canada's Privacy Commissioner said Inter.net's policies are standard practice in the ISP industry that need to be changed.

The commissioner recommended that "the ISP immediately cease collecting, storing, and denying access to e-mails addressed to holders of accounts under suspension and adopt instead the practice of deflecting such e-mails back to the senders with notification to the effect that the messages could not be delivered."

Few companies offer e-mail senders a way other than a direct reply to verify whether their messages have gotten through to, and been read by, the intended recipient.

America Online, the world's largest ISP, provides members with an e-mail receipt notification option and lets members check on the status of e-mail sent to other members.

But AOL spokesperson Nicholas Graham said the company's privacy policy does not allow AOL to indicate to anyone other than the owner of the account whether someone had access to the account at any given time. As a result, accounts that have been suspended may continue to receive e-mail without notification to senders that the account is inaccessible to the owner.

Graham added that AOL requires members who violate the company's terms of service to return to good standing before they can access e-mail that has accumulated during this period. AOL members who cancel their accounts voluntarily lose any accumulated e-mail unless they reactivate their accounts before the files are purged, a process that may take a few weeks to complete.

AOL members who send e-mail to a canceled AOL account receive notification that the account is no longer active. Non-AOL members e-mailing a canceled account receive a different notification stating that the message did not reach its intended address.

Carter said she has pursued Inter.net in the hopes of barring ISPs from collecting e-mail sent to delinquent accounts and of forcing them to notify e-mail senders when an account they have tried to reach is inactive.

"I want the industry to stop doing this," Carter said.
***************************
Wired News
P2P App's Aim: Defend Free Speech

Developers of peer-to-peer file sharing application Freenet issued a long-awaited "major release" on Monday, marking the controversial project's first such advancement since August 2001.

The announcement ends an extended quiet period for its creators, and underscores their hopes of reaching more users.

Like its more popular peer-to-peer cousins Kazaa and Gnutella, Freenet allows people to exchange files over the Internet through a shared network.

But unlike other networks, Freenet's creators say they designed the application with free speech, not free entertainment, in mind. The software provides a forum for anonymous publication, using data encryption and a decentralized network designed to prevent shutdown by anyone -- unfriendly governments, ISPs and even the network creators themselves.

Hampered by stability problems and a less-than-friendly user interface, earlier versions were relegated to a limited audience of tech-savvy users. But Freenet's developers say version 0.5 addresses those limitations, and includes enhanced encryption and anonymity capabilities.

The application's identity-cloaking design makes it impossible to determine the actual number of users, but 25-year-old Freenet project founder Ian Clarke says the software is downloaded roughly 2,000 to 3,000 times daily. Last week, Kazaa averaged 442,460 downloads a day on CNET's Download.com.

Reportedly, users in China have translated the software's user interface to Mandarin Chinese, and have adapted it for distribution on a single floppy disk.

"I'm told they're using it to share documents the government has been trying to censor, some of which are related to the Tienanmen Square massacre and (banned Chinese spiritual organization) Falun Gong," Clarke says.

He acknowledges that Freenet will inevitably also be used by the Web's "seedier elements" to distribute other kinds of outlawed content -- potentially including child pornography or racist propaganda. Freenet's distributed design means that a network participant could unknowingly store fragments of illegal or offensive content on their computer, in encrypted form.

"If you believe in freedom of speech, you need to protect other people's right to it, even when you disagree or find it distasteful," Clarke says. "Freenet is like a parallel World Wide Web, where everybody is anonymous."

The project's conceptual base was documented in 1999 in a paper Clarke, who is Irish, wrote while studying at Edinburgh University in Scotland. On a whim, he published his paper online, soliciting help to execute the project. Freenet's first release launched in March 2000, and Clarke moved to Los Angeles shortly thereafter. Freenet now consists of about 30 volunteers and one paid student developer.

This week, Clarke also announced he is stepping down from Uprizer -- a company he founded in 2000 to explore commercial applications for Freenet -- to launch a new company called Cematics.

Clarke says Uprizer will relocate to Singapore, where it will find a ripe market for its content distribution products in a region where bandwidth cost is widely estimated at four to five times U.S. averages.

Freenet's developer fans are creating a number of surprising applications for the software, including one designed to enable FM-quality radio broadcasting over its network. Projects like these aren't likely to win the notorious network any new friends among entertainment lobbyists who argue it promotes unlawful distribution of copyrighted material.

But Clarke claims copyright law was the last thing on his mind when he started the project.

"So much of the uproar over copyright implications of Freenet seemed off-topic to me," he says. "I wanted to say, 'Look, welcome to the jungle. This is capitalism, where people are forced to adapt to new technology.' Copyright is just one way of encouraging artists to create.

"And, ultimately, free speech is more important than your current copyright laws."
***************************
CNN Online
E-mail greeting card hides porn
By Jeordan Legon
CNN
Tuesday, October 29, 2002


(CNN) -- The e-mail looks harmless enough: A link to a greeting card that appears to be sent by a friend.

But clicking on the link can place porn images on a desktop, download a barrage of x-rated ads, or send similar e-cards to those listed in Outlook's address book.

No downloadable e-mail attachments to install. No infected disks shared. All the user has to do is go to a link.

E-mail marketers -- many of them porn sites -- are increasingly borrowing tactics used by hackers to trick potential customers into seeing their messages, anti-virus experts say. And often, they use Microsoft's ActiveX Controls, which are meant to make Web pages more interactive, to instantly download their unwanted programs.

"It like the boogy man. It's going that way," said Chris Wraight, tech consultant for anti-virus company Sophos. "You have to be careful and be very, very suspicious."

They're not viruses or worms, but they are annoying -- modifying a user's computer in ways they never intended, said Lawrence Baldwin, president of Internet security firm myNetWatchman.com.

"The general thinking of the average Internet user is that ... by running antivirus and not downloading executable files, they don't have to worry," Baldwin said. "But they're getting a false sense of security."

One e-greeting prompts warning
There are many such direct marketing e-mails making their way around the globe. One this week elicited enough complaints that it prompted warnings from anti-virus firms and by Tuesday, Canadian company Cytron Communications had taken down the offending site.


The Cytron-enabled e-mail greeting mimicked many legitimate greeting card sites by including a personalized subject line: "(Recipient) you have an E-Card from (sender)." Within the message, there was a link to friendgreetings.com and a small note: "E-card viewer plug-in may be required to view some cards."

Those who clicked on the link and accepted the lengthy user agreement unwittingly downloaded a program that peppered them with porn-filled pop-up ads and handed over the e-mail addresses in their Outlook e-mail address book to the marketer.

Not doing anything illegal
The direct marketer is not doing anything illegal, so many anti-virus firms are treading carefully -- not treating such misleading campaigns as viruses, but warning users nonetheless.


"It was a gray area... that we have to watch carefully," Wraight said.

Baldwin advises users to avoid clicking on e-mail links to sites they don't recognize. And he suggests disabling the Internet Explorer function that allows browsers to instantly download ActiveX Controls. Doing so will cause a warning box to appear anytime such files are encountered, which could get annoying because Macromedia Flash, used to create Web animations, uses ActiveX Controls.

But a little annoyance is worth it in the long run, he said. "You have to configure your browser to protect yourself."
****************************
CNN Online
Study tallies sites blocked by Google
Friday, October 25, 2002


NEW YORK (AP) -- What you get through Google's powerful and popular search engines may depend on where you live.

A report Thursday from Harvard Law School found at least 100 sites missing from search results when accessing Google sites meant for French and German users.

Most of the missing sites are ones that deny the Holocaust or promote white supremacy. France and Germany have strict laws banning hate speech, while the United States favors freedom of expression even for unpopular viewpoints.

The sites themselves were not blocked. But the effect is the same when users cannot find them, said Danny Sullivan, editor of SearchEngineWatch.com.

"Search engines are an incredible tool for people to locate information on the Web," Sullivan said. "If you pull a Web site out of a search engine, you are in some degree censoring, in some degree making it inaccessible to some people."

In a statement, Google spokesman Nathan Tyler said the company must occasionally remove sites to avoid legal liability. Such removals, he said, are in response to specific requests and are not done preemptively.

"We carefully consider any credible complaint on a case-by-case basis and take necessary action," Tyler said. "We only react to requests that come to us."

Google, Yahoo!, Amazon and several other companies run separate sites for different countries, often in native languages and featuring local currencies. The primary, ".com" version is generally considered the U.S. site, though it is accessible from elsewhere, including France and Germany.

Jonathan Zittrain, a professor at Harvard Law School's Berkman Center for Internet & Society, and Ben Edelman, a Berkman researcher, found about 65 sites excluded from Google.de, the German site. They found 113 sites, including the 65, missing at Google.fr, the French site.

Testing was conducted Oct. 4-21.

Remove sites for legal reasons
Edelman said users would have no inkling of any exclusions unless they compared search results side by side. He suggested Google could better serve users by inserting a "placeholder" where sites are removed due to government or other censorship.


Google's stated policy calls for removing links when site owners request them.

It also removes them for legal reasons, most prominently when the Church of Scientology International complained of copyright violations at a Norwegian site run by critics.

After free-speech advocates complained, Google agreed to notify the site ChillingEffects.org when it gets a copyright-related removal request.

Google, as a private company, is generally not bound by the free-speech guarantees in the First Amendment, which applies to restrictions imposed by government.

But Edelman said that private or not, the company has a public responsibility as a widely used resource.
***************************



Lillie Coney Public Policy Coordinator U.S. Association for Computing Machinery Suite 510 2120 L Street, NW Washington, D.C. 20037 202-478-6124 lillie.coney@xxxxxxx