[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips December 2-3, 2002

Clips December 2-3, 2002

ARTICLES

Recording Industry to Accelerate Complaints About Illegal File Sharing
Nederland High School senior Teri Allen to join the Air Force [Privacy]
Judge Delays Ruling in File-Swapping Case
In switch, HP announces support for e-waste bill
Bill would give new rights to victims of spam e-mail
Identity Theft More Often an Inside Job
Bug alert firm moves to soothe critics
Calif. Trial Nears for Landmark Copyright Case
Suit Says Dating Service Is Running a Con Game
GAO pushes digital TV deadline
Fewer Media Owners, More Media Choices
Black Market for Software Is Sidestepping Export Controls
Russia Battles Video Piracy; But the Pirates Shoot Back

*****************************
Chronicle of Higher Education
Recording Industry Plans to Accelerate Complaints About Illegal File Sharing
By SCOTT CARLSON

The recording industry plans to increase the number of complaints it lodges with colleges when it believes students are using file-sharing programs in violation of copyright law, an entertainment-industry official said last week.

Cary H. Sherman, president and general counsel of the Recording Industry Association of America, announced the new push in an e-mail message to the president of Pennsylvania State University at University Park, Graham B. Spanier.

The message preceded the first meeting of a committee of recording-industry representatives and university administrators. The committee's members will be trying to hammer out differences on copyright law and develop ways to deter illegal file sharing through peer-to-peer, or "P2P," networks and other means.

In his note, Mr. Sherman said that CD sales had dropped because of piracy and that with the arrival of the "critical holiday retail season," colleges and universities would be likely to receive more copyright-infringement notices from his group.

"Until now," he wrote, "we've been somewhat circumspect in the number of notices we send and to date have sent a relatively small number of P2P-related notices compared to the large number of infringements we're finding, but we no longer feel that we can afford the luxury of ignoring infringements."

At the end of the note, Mr. Sherman encouraged Mr. Spanier to "feel free to forward this information to anyone else in the university community."

In an interview, Mr. Sherman said that the recording-industry association had not yet worked out a strategy for the new push to catch infringers and did not know how many more notices would go out. But he said that the industry would not rely on automated notices, as companies like MediaForce and NetPD have in the past. The two companies, which use software that automatically looks for copyright infringers and fires off cease-and-desist letters, have swamped administrators who deal with file sharing on campuses.

"The idea is not to inundate universities with things they can't really handle, but to give them notice of things that they can do something about," he said.

Mr. Spanier, who called Mr. Sherman's letter a "courtesy," said: "My feeling is that they are looking for people who are massively infringing," not students who download the occasional song.

The letter also referred to the planned meeting between the recording industry and university administrators, which will convene on December 10 at Penn State. Mr. Spanier said that the meeting would be an attempt to "explore areas where we have mutual interests" in copyright issues. University officials are concerned about preserving fair-use provisions for libraries and scholarship, he said.

Mr. Spanier will head the higher-education side of the committee, which will include, among others, Molly Corbett Broad, president of the University of North Carolina, and Charles E. Phelps, provost of the University of Rochester. For the entertainment industry, Hilary B. Rosen, chief executive officer of the Recording Industry Association of America, and Jack Valenti, chief executive officer of the Motion Picture Association of America, are among those expected to attend. Representatives of Educause, the American Council on Education, and the National Association of State Universities and Land-Grant Colleges will also be there.

Mr. Spanier said the meeting may result in coordinated lobbying on copyright issues. "We can hope to cooperate with each other on legislation that could be very helpful to higher education," he said. "In the past, legislation has popped up, and we've found ourselves arguing with each other about it."
********************************
Beaumont Enterprise [TX]
Nederland High School senior Teri Allen
has decided to join the Air Force after graduation,
but not at the prodding of a military recruiter.

One of her classes triggered her interest in the Air Force, and she went to enlist with a friend. Calling a recruiter on her own seemed too scary, she said.

That's one of the reasons she likes a federal law that requires schools to provide the names, phone numbers and addresses of juniors and seniors to military recruiters who request the information.

"I think it's OK because when you tell (recruiters) no, they stop bothering you," she said.

The law is part of the No Child Left Behind Act, the federal education bill that President Bush signed into law in January. It mandates that schools must supply the contact information unless a parent bars its release.

The requirement seems like a catch-22, said Susan Humphrey, a Nederland High School counselor.

Although she knows the military needs recruits, she feels protective of her students, she said.

"These are just such uncertain times," she said.

School districts must notify parents at the beginning of the school year that they have the option of barring the release of the information, said Jim Bradshaw, U.S. Department of Education spokesman.

Districts that do not comply with the law risk losing the federal education funds they receive from the education department, he said.

"We expect schools to comply," he said.

The law applies to all districts that received U.S. Department of Education funds by July 1.

Sgt. Jonathan Scott, an Air Force recruiter in Beaumont, said most schools already gave out the contact information as long as they had parental consent.

But that wasn't the case everywhere, said Douglas Smith, spokesman for the Army recruiting command in Fort Knox, Ky.

In the past, he said, some recruiters had to compile lists of juniors and seniors by using driver's license records and asking students if they had friends who might be interested.

"Recruiters very much need to know how to reach high school juniors and seniors," he said. "The more people we are able to contact and tell what we are able to offer, the more chance we have to enlist more people."

A joint letter from Secretary of Education Rod Paige and Secretary of Defense Donald Rumsfeld that was released last month said the legislation was passed in response to the challenges that military recruiters face.

The law also says that schools that receive federal education funds must prove military recruiters with the same access to students as they give to postsecondary institutions and prospective employers.

"A lot of times kids wouldn't have ever thought about going into the military or going to a certain college unless the recruiter had contacted them," Scott said.

Reach this reporter at:

(409) 833-3311, ext. 418.
********************************
Los Angeles Times
Judge Delays Ruling in File-Swapping Case
By P.J. Huffstutter
December 3 2002

A federal judge on Monday weighed arguments, but postponed ruling in a contentious hearing over the fate of the popular Morpheus and Grokster file-swapping networks.

Both sides in the copyright infringement lawsuit -- filed against the networks by Hollywood studios, major record labels and music publishers -- asked U.S. District Judge Stephen Wilson to rule in the case that has emerged as a key legal fight in the post-Napster world.

Attorneys for movie studios and record labels asked that the companies behind Grokster and Morpheus be found guilty of massive copyright infringement. Representatives for Grokster Ltd. and Streamcast Networks Inc., which distributes the Morpheus file-swapping software, asked that the case be dismissed so they can grow their businesses.

The networks let users find and copy music and movies stored on each other's computers, often in violation of copyright laws.

"I have to go and rethink" the case, Wilson told a packed courtroom, after listening to more than two hours of arguments.

Wilson proposed submitting a "speaking order" and requesting comments from both sides about specific questions within the order. The judge did not say when, or even if, he would issue such a document.

"The fact that the judge is weighing the matter is very encouraging for us," Streamcast Chief Executive Steve Griffin said. "It's clearly a complicated case."

It's also complicated by another question before Wilson -- whether Sharman Networks Ltd., operator of the popular online file-sharing network Kazaa, should be included in the case.

In October 2001 the entertainment industry sued the Dutch software company that was distributing the Kazaa software and licensing the technology to Streamcast and Grokster. The company later said it was broke and licensed the technology to Vanuatu-based Sharman, which also took over the Kazaa Web site and brand name.

The labels, studios and music publishers moved in July to add Sharman and LEF Interactive, an Australian management company led by Sharman Chief Executive Nicola Hemming, to the lawsuit. But Sharman and LEF asked Wilson to dismiss on the grounds that U.S. courts lack jurisdiction.
*******************************
Mercury News
In switch, HP announces support for e-waste bill
By Karl Schoenberger
Mercury News

In a shift that will change how toxic electronic waste is recycled in California and possibly nationwide, Hewlett-Packard has said it will support state legislation to require PC manufacturers to bear the cost of computer disposal.

The world's largest PC maker had persuaded Gov. Gray Davis to veto an innovative e-waste measure in October. Encouraged by HP's shift, state Sen. Byron Sher, D-San Jose, author of the defeated bill, resubmitted e-waste legislation Monday, the opening day of the new legislative session.

HP's reversal came last week as the Mercury News published a three-part series that documented the labor and environmental problems related to computer assembly and recycling in China.

Ted Smith, director of the Silicon Valley Toxics Coalition, called HP's shift a significant breakthrough.

``The combined HP-Compaq company is the single largest manufacturer of PCs in the world. They are the linchpin for producer responsibility,'' said Smith, whose group helped expose the primitive recycling industry in China. ``The fact that they have changed their position vastly improves the likelihood we'll get a very good e-waste bill in the new session.''

In its series, the Mercury News detailed how the industry relies on cheap overseas labor to make a profit on its products, while distancing itself from responsibility for the toxic materials used in its short-lived products. Increasingly, discarded PCs end up as waste in China, where legions of migrant workers earn pennies a day scavenging the hazardous trash with their bare hands. The series also showed how solutions to these problems -- including HP's industry-leading take-back program and recycling facilities -- face big obstacles.

But HP's shift may have softened industry resistance to mandatory recycling that would raise the price of computers, cell phones and other electronic goods.

HP's product recycling solutions manager, Renee St. Denis, said that because California often leads the nation on environmental protection, her company wanted to take a leadership role.

``It seems California is going to be the state that's going to set the agenda for the country on this issue,'' she said. ``So we thought it was important for us to put our cards on the table, to say what kind of role we would play in the solution.''

The company announced its plan at a Nov. 25 hearing in Sacramento held by the California Environmental Protection Agency and other state agencies on potential e-waste regulation. California EPA Secretary Winston Hickox opened the session by waving the front page of the Nov. 24 Mercury News, which featured a dramatic photograph of a Chinese man scavenging for computer plastic near the bank of a polluted river.

``I don't like this paper, but I think we have to pay attention to what this article says,'' Hickox said in jest, observers reported. (Hickox was referring to a Mercury News report in October linking him to a controversial campaign donation to Davis from the oil company Tosco.)

At the all-day hearing, HP's St. Denis proposed a plan to require all U.S. PC makers to share the cost of recycling based on their market share in California.

The hearing was convened to follow up on Davis' instructions to state agencies to come up with policy recommendations after he vetoed Sher's bill in October. At the time, Davis said he hoped to expand the scope of the legislation from computer monitors and televisions, and review the cost structure in the vetoed bill, which involved a $10 fee to consumers.

St. Denis said the company would soon formally submit its e-waste recycling proposal to the California EPA.

If adopted, proponents say, such a law could pave the way for federal regulations on computer recycling, and prevent hazardous material from being dumped in landfills or exported to developing countries like China.

Monday night, a Davis press official said the governor had not yet heard of the HP proposal, but he encouraged industry to join the search for solutions.

``The governor encouraged industry to participate in working for recycling solutions when he vetoed the e-waste bill,'' said Hilary McLean. ``I don't think he's seen this new proposal, but he's heartened that companies are getting involved.''

It's not clear whether the industry will embrace HP's lead. Representatives from Sony and the Electronic Industries Alliance attended the meeting but did not speak on the issue, observers said.

``I haven't received any official response from other companies, but I think they were surprised,'' said St. Denis, who manages HP's take-back and recycling programs, which charges consumers a fee of up to $30 for e-waste collection. ``All of us are searching for solutions, but I think this took them off guard because they aren't ready to talk about a California-specific solution.''

Still, HP's policy shift has Silicon Valley companies talking.

``The HP proposal has a lot of people thinking,'' said Margaret Bruce, environmental programs director for the Silicon Valley Manufacturing Group. ``It puts orthodontic pressure on the issue. We're still waiting to see the other shoe drop.''
********************************
San Francisco Chronicle
BUSINESS DIGEST
Bill would give new rights to victims of spam e-mail

A bill introduced Monday in the state Senate would allow California residents to sue senders of unsolicited e-mail advertising for $500 per message received.

SB12, introduced by Sen. Debra Bowen, D-Redondo Beach, bans e-mail advertising -- commonly known as spam -- unless there's an existing business relationship between the sender and recipient or the recipient has agreed to receive such ads. The bill is modeled on an existing federal law banning junk faxes.

The bill would expand an existing California law, also introduced by Bowen and enacted in 1998, that requires spammers to place an "ADV:" or "ADV:ADLT" label on unsolicited e-mail ads and to include a valid return address or toll- free number through which recipients can get themselves removed from e-mail advertising lists.

Under the current law, only a city attorney, district attorney, the state attorney general and Internet service providers can pursue spammers in court.
****************************
Washington Post
ManTech Fires Several on Staff After Probes
By Renae Merle
Tuesday, December 3, 2002; Page E05

ManTech International Corp., a Fairfax government contractor, has fired several employees after an internal probe revealed that documents were altered before being turned over for a Defense Department investigation.

"A limited number have been terminated, and the investigation is ongoing," said Peter Lamante, a company spokesman. Lamante declined to say how many employees had been fired or whether more dismissals could be coming.

The probe centers on a multiyear contract ManTech held with the Defense Security Service, which issues security clearances and conducts background checks. Under the contract, which ended earlier this year, ManTech employees helped conduct the background checks, but did not handle classified information, said Lamante.

In October, the Defense Department inspector general's office opened an investigation into whether ManTech had overcharged and if all employees had the required security clearances. After receiving the subpoena, ManTech launched an internal investigation, Lamante said.

The company discovered that five time sheets for one employee, who did not possess the proper security clearances, had been changed before being turned over to the Defense Department. The time sheets were changed to show that the government had not paid the employees' salary, according to Securities and Exchange Commission filings.

"We promptly informed the government of this development, and we terminated certain employees" of a subsidiary after the discovery, the filing said. A Defense Department spokesman declined to comment.

ManTech is also the subject of an Environmental Protection Agency probe. The agency is investigating whether the company charged it for more hours than it worked under the contract, according to an SEC filing. A federal grand jury is also investigating whether ManTech improperly charged the government for the cost of an acquisition, according to the filing. ManTech received the first subpoena last year and another on Aug. 2.

"Government inquiries are a regular part of the business of contracting with the government," Lamante said. "We are cooperating fully, and none of the current investigations we believe will have a material adverse affect on our financial performance."

The disclosure of the Defense Department probe coincided with an announcement that ManTech would be selling more than 6 million shares to the public, raising money for acquisitions but diluting shareholder interest. The company's stock lost 15 percent that day, closing at $18.80. It has since regained most of that ground, losing 18 cents yesterday to close at $20.
*******************************
Washington Post
Identity Theft More Often an Inside Job
Old Precautions Less Likely to Avert Costly Crime, Experts Say
By Brooke A. Masters and Caroline E. Mayer
Tuesday, December 3, 2002; Page A01

You can take all the steps you want to protect yourself against identity theft: Guard your wallet, shred your personal financial papers before throwing them in the trash, monitor your credit reports.

But no matter how careful you are, you may not be able to avoid having your identity assumed by someone who wants to go on a buying spree, using your credit card, bank account, Social Security number or other personal data.

That's because the nature of identity theft has changed and the threat today is more likely than ever to come from insiders -- employees with access to large financial databases who can loot personal accounts -- than from a thief stealing a wallet or pilfering your mail. Banks, companies that take credit cards and credit-rating bureaus themselves don't do enough to protect consumers, critics say.

"You can spend a lot of time and money trying to protect yourself," obtaining copies of your credit reports every three to six months, buying a credit-monitoring service to alert you when someone is making inquiries about your account or even buying identity-theft insurance, said Robert Gellman, a D.C. privacy consultant. "You can do as much as you can do, but it won't stop you from being a victim. There's nothing I'm aware of that will guarantee you not become a victim."

That fact was underscored last week when federal prosecutors announced that they had arrested and charged three people in connection with a scheme to steal the personal financial information of 30,000 Americans by downloading data from a computer and selling it to scam artists. The prosecutors said it was the largest case of identity fraud ever detected.

"There is a shift by identity thieves from going after single individuals to going after a mass amount of information," said Joanna Crane, identity-fraud program manager at the Federal Trade Commission. "There's an awful lot of bribery of insiders going on."

Law enforcement experts now estimate that half of all such cases come from thefts of business databanks as more and more information is stored in computers that aren't properly safeguarded. Security experts said the arrests illustrate how vulnerable business databases have become.

"Most companies aren't putting in the proactive steps," said Doug Barbin, a computer forensics consultant at Guardent Inc., a security firm. "It's seen as extraneous. Until it bites you, there's no incentive to do it."

National bank regulators have estimated that there are now half a million cases of identity theft a year. Privacy experts who specialize in identity theft say the number could be twice as high.

What is clear is that it's a growing problem. Beth Givens, director of the Privacy Rights Clearinghouse, said the identity-theft caseload of the Los Angeles County Sheriff's Department climbed to 4,149 cases last year from 2,119 cases in 2000. This year, she said, the department expects to process more than 6,000 cases.

At the federal level, complaints to the FTC have more than doubled, to 85,820 last year from 31,113 in 2000. For the first six months of this year, the agency received 70,000 complaints about identity theft. And 70 percent of the people who call the FTC have no idea how thieves got their personal information.

That was certainly the case for Kate South, 27, a business student at the University of Baltimore. The first sign of trouble came when Southwest Airlines told her in April that her credit card had been used to buy two tickets to the Midwest. When Southwest agreed to cancel the charge, South didn't give the incident much more thought.

In July, it happened again. This time Sears called. The retailer's fraud detectors had raised questions about a $1,000 credit line that South had allegedly opened and used to buy a $999 computer. This time, she got worried. She called the three major credit bureaus and got copies of her credit reports, and she found out that someone had racked up $50,000 in debt in her name -- buying a car, jewelry and a motorcycle and paying for gas service at a Florida apartment.

As South quickly learned, once an identity is stolen, it's not easy to clean up the mess. She has spent countless hours and hundreds of dollars trying to restore her good name and credit. Despite filing police reports, making lots of calls, and sending letters and faxes to the banks and credit card companies involved, the unpaid car loan remains on her credit report. As a result, she was turned down for a student loan she was counting on.

South says she finds it infuriating that the suspected thief, whom police and private investigators identified as black and in her forties, could so easily pose as a white woman 20 years younger. "It seems like a lot of this could have been prevented if people were doing their jobs," she said. "If they had made one phone call to me they could have stopped this."

South is also angry that the suspect hasn't been arrested and that when she reported the case to police in the District, where she was living at the time, they referred the complaint to the Secret Service. The police said the case was out of their jurisdiction, apparently because the city has no law against identity theft.

Several months of complaining and filing reports and affidavits with agencies including the Secret Service and the FTC are finally beginning to bear fruit. Chase Auto Loan, which financed the car purchase, recently agreed to clean South's record, and a different bank has agreed to give her a student loan.

"I never want to go through this again. . . . You feel like you're the one who did something wrong," she said.

Chase Auto Loan spokeswoman Charlotte Gilbert-Biro would not comment on the specifics of South's case, but she said the company has a policy of helping fraud victims clear their record. "We ask them to provide a notarized affidavit. Once we deem the claim to be legitimate, we try to do things as quickly as we can," she said. "We erase the debt, and we ask the credit bureaus to clean up the record."

Gilbert-Biro said car dealerships are responsible for verifying identities: "It is industry-wide practice that when a customer finances their car at a dealership, the dealer as the creditor has the responsibility to verify the identity of the individual. When we purchase the loan, we build in our own fraud detection." But, she said, "it's hard to be foolproof."

A spokesman for Sears said he could not comment on the case.

In the case that made headlines last week, a computer help-desk employee who had access to sensitive passwords from banks and credit companies allegedly downloaded personal information on 30,000 people over three years. Federal prosecutors said the employee then sold that data, including credit card numbers and checking-account information, to scam artists, splitting a fee of $60 per name with an accomplice. Authorities said they have turned up $2.7 million in losses to date and expect to find more.

"A lot of companies have gone to a lot of effort to protect themselves from being hacked, but it's a lot harder to stop a rogue employee," said James H. Vaules, head of the National Fraud Center Inc., a risk-management firm. "The accumulation of data through technology has outpaced our policies and procedures to protect it. The technology is there, but we're not using it."

"It should be more of a duty of the credit bureaus and businesses to ensure they are not disclosing your credit history to an impostor, but unfortunately the burden is unfairly on the individual to be on the lookout," said Evan Hendricks, editor and publisher of the Washington newsletter Privacy Times.

Several businesses are being created to respond to concerns about identity theft. Trans Union LLC is developing a credit-monitoring service that will alert customers when an account has been opened in their name. The two other credit bureaus, Experian Information Solutions Inc. and Equifax Inc., already have such a service. Experian's costs $79.95 a year; Equifax's, $69.95. Equifax's Credit Watch program also includes a $2,500 insurance policy in case you are a victim (after a $250 deductible).

Several independent firms provide similar services.

Jeffrey Junkas, a spokesman for Trans Union, said consumers do have some control over their own financial data. "They can opt out" of programs that allow financial institutions to share data, as well as those that allow credit card issuers to grant preapproved offers of credit. But, he said, "there has to be a free flow of information between businesses to keep the economy going. It's a fine line we have to balance."

Hendricks said that if consumers really want to be diligent, they can check their credit ratings at each bureau every three months -- it costs about $9 for each report. But even then, it won't stop identity theft. "It will just let you catch it early and let you stay ahead of the problem."

The only other thing you can do, he added, is "keep your fingers crossed that you don't get hit."
*******************************
News.com
Bug alert firm moves to soothe critics
By Robert Lemos
Staff Writer, CNET News.com
December 2, 2002, 4:22 PM PT

In a move aimed at quieting critics, network protection company Internet Security Systems posted guidelines Monday on how it will warn the public of flaws in companies' software.
The company faced loud complaints last April after it released news of a security hole in the popular open-source Web server software Apache, having given the application's developers only a few hours to respond. Two times since then, the company's policy on the timing of advisories has been questioned by its peers.

Chris Rouland, director of ISS's vulnerability research and analysis team, said that he hopes that publicly stating the company's policy and adhering to it will fend off complaints in the future. "We have had perception problems," he said.


While ISS has in the past followed a disclosure policy similar to the one released Monday, it is introducing a major change: The company will treat developers of open-source software, such as Apache, the same as proprietary developers, such as Microsoft.

"That's where we had some problems before," Rouland said.

The guidelines require ISS to wait 30 days after notifying a software firm of a vulnerability before going public. However, while the company has habitually alerted the National Infrastructure Protection Center--the FBI's cybersecurity task force--of any flaw that it finds, the guidelines don't require it to tell third-parties about software bugs that affect security. Normally, security researchers will notify NIPC and Computer Emergency Response Team (CERT) Coordination Center, a clearinghouse for information about vulnerabilities.

"We have found the best way is that the licensor of the software should notify the licensees," Rouland said. "We don't have a complete list (of software providers), so we don't want to leave anyone out."

This issue is mainly one for open-source developers. Linux users, for example, will frequently go to the company that sells a particular Linux distribution, such as Red Hat, for a bug fix rather than to the actual developer, such as the Apache Foundation.

Many companies such as Red Hat are members of CERT and could get advisories through that organization's alert system. However, ISS doesn't yet have an agreement in place to inform such third-parties.

"Multivendor, open-source security advisories are always challenging, and we are going to look to vendors to notify their downstream providers of their issues," Rouland said.

The policy conforms with a draft set of guidelines recommended by the Organization for Internet Safety, a group formed by Microsoft and several security companies, among them ISS.
*****************************
Reuters
Calif. Trial Nears for Landmark Copyright Case
Sat Nov 30, 2:04 PM ET

SAN FRANCISCO (Reuters) - Jury selection in the first criminal prosecution for alleged violations of U.S. digital copyright law will start on Monday in a Silicon Valley court, an attorney in the case said on Friday.


The closely watched case pits Russian software vendor ElcomSoft against federal prosecutors, who charge the Moscow-based firm violated the four-year-old Digital Millennium Copyright Act (news - web sites) with a software program allowing users to manipulate material in Adobe Systems Inc.'s (NasdaqNM:ADBE - news) eBook format by getting around copyright safeguards.


ElcomSoft is accused of selling online tools to "crack" Adobe's technology, which publishers use to sell books over the Internet. Adobe's technology prevents content from being copied or transferred online.


ElcomSoft attorney Joseph Burton told Reuters that to convict his client, prosecutors must prove the firm intended a "bad purpose" beyond marketing a tool circumventing Adobe's technology.


"The nut of the case is whether or not there was an intentional criminal violation of the statute," said Burton, a partner at law firm Duane Morris. "The statute requires a finding willfulness."


Prosecutors could not be reached to comment on their case against ElcomSoft.


Adobe had informed the FBI (news - web sites) of ElcomSoft software's capabilities, which led to the July 2001 arrest of programmer Dmitry Sklyarov at a Las Vegas hacker conference where he was promoting the technology.


The arrest led to protests by free-speech groups and a "Free Dmitry" movement among Internet activists.


The U.S. attorney's office later dropped charges against Sklyarov, who wrote the program for digital book copying, in exchange for his testimony against his company.


Sklyarov and ElcomSoft Chief Executive Alexander Katalov are expected to testify at trial in federal district court in San Jose, California.
*******************************
Los Angeles Times
Suit Says Dating Service Is Running a Con Game
An online firm is accused of using bogus love letters to entice men to pay a monthly fee.
By Monte Morin
Times Staff Writer

November 28 2002

"Wouldn't it be great if you could just punch in all the qualities you wanted in a girlfriend?" asks the computer dating Web site Ineedanewgirlfriend.com. "Now you can!"

But a class-action lawsuit filed Wednesday in Orange County Superior Court accuses the service of defrauding users -- not to mention breaking their hearts.

Consumer attorney Neil B. Fineman contends that the dating service e-mailed bogus love notes to lonely bachelors to get them to pony up the $25-a-month membership fee. Though men can post personal profiles on the Web site for free -- listing their age, occupation, likes and dislikes -- they must pay to reply to messages from prospective dates.

The lawsuit says that bogus e-mails with photos of beautiful women were sent to men asking them for a reply or for a date. Once the men paid their membership fees and e-mailed the women, they never heard back, it says. The plaintiff in the suit, a 35-year-old paralegal, says he was suckered into paying the membership fee after he received a steady stream of e-mails with photos of attractive women. He wants a refund.

Representatives of the Web site did not return e-mails or phone calls seeking comment Wednesday.

To prove his client's contention, Fineman says, he concocted a handful of cyber straw men -- false profiles of men he believed no woman would want to be involved with. They were the Internet's most ineligible bachelors, he said: hard-drinking, overweight, out-of-work men. Their goal, he stated in their profiles, was to meet rich, beautiful women who would support them.

The offers came rolling in.

"You sound HOT!" stated one reply, which included a photo of an attractive woman in a bikini. "I have a never-ending amount of money that my parents left me and would like to spend it on you. We can vacation year-round and stay drunk the whole time. Please say you will meet me."

Fineman said "women" who responded to his bogus profiles had varying backgrounds. "One claimed to have strong Christian values and was looking for a man to go on long walks on the beach," the lawyer said. "Another woman worked for a company selling adult toys and was interested in 'experimenting.' "

In some cases, the plaintiff's made-up profiles generated identical replies, although the names and photos were different, the lawyer said.

"There's no way these beautiful women could have actually been interested in the jerks we made up," Fineman said.

Fineman's client is identified in court papers only as E.A.B.; he did not use his full name, he said in an interview, because he's embarrassed about his predicament. He will be required by the court to identify himself once the case goes to depositions -- if it is not settled before then.

"They're taking advantage of a very vulnerable class of people," the man said. "A lot of us aren't doing very well in the dating scene. What they're doing is putting a hook in front of your face with a worm on it, but it's not a worm, it's a pretty girl."

The Web site bills itself as a tool for men to meet women with similar interests. "Avoid the bar scene! Or the endless blind date fix-ups from 'concerned' friends and relatives!" the site proclaims. "How long can you leave everything to chance?"

The plaintiff said he was surprised -- and a little suspicious -- at the number of e-mails he received from women when he posted his profile. With other computer dating services, he said, he has only occasionally received unsolicited e-mails from women. And messages from women with model-like features are even rarer.

After getting e-mails from three women, he decided to pay for a membership, he said, but the nascent romances fizzled immediately when nobody messaged him back.
******************************
Boston Globe
GAO pushes digital TV deadline
Study: Regulators should mandate dropping analog
By Peter J. Howe, Globe Staff, 12/2/2002

With the US television industry making only sluggish progress in converting to digital formats including high-definition TV, a General Accounting Office study being released today suggests that federal regulators should mandate a deadline for cable operators to begin carrying digital channels instead of over-the-air analog channels.

The study, commissioned by US Representative Edward J. Markey of Malden, the ranking Democrat on the House telecommunications subcommittee, also urges the Federal Communications Commission to consider a deadline for requiring television set makers to include components enabling cable and satellite TV subscribers to get digital channels directly.

Five years ago, Congress directed the FCC to set a 2006 deadline for the nation's television broadcasters to shift from analog signals to digital formats that can deliver sharper pictures and CD-quality sound. The move would also free up thousands of analog TV frequencies for reuse by wireless telecommunications providers and public safety agencies.

However, most officials doubt the 2006 deadline will be met because stations would not be required to shut off their analog signals until 85 percent of viewers in their markets own digital-ready television sets. Fewer than 1 percent of the 28 million sets sold in the United States last year included a digital TV tuner, according to the Consumer Electronics Association.

In August, the FCC ordered that, by July 2007, all new TVs sold in the United States that have 13-inch or larger screens must have a digital tuner. The electronics association, however, has argued that this mandate could add $250 or more to the price of TV sets, although other industry groups say that added cost could eventually drop to under $20 as mass-production efficiencies develop.

But the new study by the GAO, an arm of Congress, says a major unresolved issue is how to make digital signals more available for the roughly 80 percent of US homes that get TV from cable or satellite.

Instead of requiring cable and satellite subscribers to use an over-the-air tuner to get digital signals, the GAO study said the FCC should consider requiring sales of TV sets that can get a digital signal directly from a cable line without requiring a set-top box, similar to today's cable-ready analog sets.

''Mandating digital cable-ready capability could be an effective policy for speeding the [digital TV] transition if the marginal cost of doing so were found to be reasonable and if the outstanding interoperability issues could be settled,'' the study said.

Also, given that cable operators are resistant to carrying two versions of each broadcast station - the over-the-air analog channel and the digital version - having the FCC pick a date, probably late this decade, for replacing analog signals with digital on cable systems would speed the transition, the study says.

About 620 US television stations, including all the major stations in Greater Boston, have begun transmitting some digital content, according to the National Association of Broadcasters. About five of eight US households are in areas where broadcasters are transmitting at least five digital channels, although broadcasters say they have little incentive to pour money into more digital broadcasts because so few viewers own sets that can bring them in.

Markey said the GAO study ''underscores the fact that the digital television transition is woefully behind schedule, and highlights the need for action by the FCC to force progress by industry participants in several key areas.''

''DTV still has incredible potential for being a driver of economic growth, innovation, and job creation, but only if the government provides the leadership required'' to overcome ''digital dawdling by many industry participants,'' Markey said.

He said FCC deadlines for cable systems to carry digital channels and for TV set manufacturers to produce digital cable-ready sets could be ''especially effective'' in speeding the transition.

The National Cable Television Association, representing companies such as Comcast, AT&T Broadband, and Time Warner Cable, argues that digital TV conversion is happening ''at a reasonable pace'' compared to the adoption of other new technologies.

''Congress and the FCC should continue to work with industry to ensure that the transition proceeds at a reasonable pace but should reject government-imposed solutions,'' the association said in a recent policy paper.

While the industry-backed Cable Labs has developed technology standards for digital cable-ready sets, the CEA and NCTA have been wrangling over details for nearly three years, with TV set makers reluctant to commit to making them until cable companies reach a nationwide standard.

The cable group also says that, despite all the focus on TV set technology, ''compelling digital content is the driving force in this transition. Broadcasters promised Congress they would create high-definition programming for consumers in exchange for $70 billion worth of free spectrum, yet few have fulfilled this commitment. Right now, HBO offers more high-definition programming in any given week than all of the broadcast networks combined.''

Peter J. Howe can be reached at howe@xxxxxxxxxx
*********************************
New York Times
Fewer Media Owners, More Media Choices
By JIM RUTENBERG
November 2, 2002

or decades, public interest advocates have successfully argued for stringent limits on the number of newspapers, radio stations and television outlets that a company can own.

They have summoned images of Citizen Kane, or worse, Big Brother, warning that without strict regulation a few powerful corporations could take control of political discourse while homogenizing entertainment and defanging news.

But the advocates are now facing an issue that is much more complicated because despite consolidation, media choices have expanded exponentially through technology. Now the typical American can watch Britain's BBC News, among others, on television and choose from tens of thousands of news Web sites, from Al Jazeera, based in Qatar, to The Times of India, based in New Delhi. As a result, federal regulators are questioning whether fears of corporate media domination have become obsolete.

The impact of the Internet and the expansion of cable and satellite TV will be discussed next month, as the Federal Communications Commission considers loosening ownership restrictions in what could be the largest overhaul of media regulations in a generation. The issue could also be raised if ABC News and CNN ever agree to merge, reducing the number of independently owned national television news outlets from five to four.

Those who have an an opinion on the slackening of ownership rules have until Jan. 2 to submit a filing. Opponents argue that huge leaps in the number of entertainment and information sources mask a consolidation of media ownership and a sameness in television and radio programming that F.C.C. leaders are choosing to ignore.

Proponents of deregulation say that the average household has access to so much information in so many different forms that no single company could ever exert undue influence over consumers. In fact, they argue, large media conglomerates like AOL Time Warner and Comcast, through their investments in cable and Internet, are helping to bring more choices than ever to the average American household.

Just such an analysis is driving the F.C.C., now under the control of Bush administration appointees.

To some, the average American home has almost too much television to watch 89 channels by the count of Nielsen Media Research. Nearly a third of United States homes with televisions have satellite or digital cable systems that give them access to more than 200 channels.

"When I look at the trends in television over the last 20 to 50 years, I see a constant and increasing explosion in variety," said Michael Powell, the F.C.C. chairman. "In the purported golden age of television there were three networks."

Most car radio dials have access to nearly two dozen stations, according to F.C.C. data. Satellite radio systems, if they gain traction in the market, will offer far more. Meanwhile, almost two-thirds of all Americans have the Internet at home, the F.C.C. says, allowing them to peruse just about any major newspaper or magazine in the world.

With all this in mind, the F.C.C. is considering sweeping away or greatly relaxing rules that limit how many television stations a company can own nationwide; that bar companies from owning a major television station and newspaper in the same town; and that limit the number of radio and television stations that companies can own in one market.

"I think that these issues have traditionally been debated at kind of a superficial, sociopolitical level," Mr. Powell said. "Is it really true that Americans do not have access to lots of diverse voices to require government intervention?"

The response of the public interest advocates and some politicians is that while the media menu has expanded, it is chosen according to the commercial interests of a handful of companies.

A new network has little chance of getting off the ground without agreements from Comcast and AOL Time Warner to carry it. The two companies serve about half of all cable households.

The advocates argue that there is little incentive for the cable giants to make room for networks that do not have the backing of another major media company, like Walt Disney, which can use its popular ESPN or the ABC broadcast network as a wedge to force pickup of newer channels. Independent networks tend to have a shot at being on television only if they can attract investment from the cable companies.

This dynamic has helped lead to a dearth of major networks addressing minorities or people interested in high culture or civic affairs, areas that do not promise the ratings and profit bonanzas that major media companies are seeking, said Gene Kimmelman, senior director of the Consumers Union.

"With a handful of companies deciding what makes it in programming," said Mr. Kimmelman, "many points of view, many tastes are underrepresented in the marketplace."

He said ownership limits should, if anything, be increased so that no company has that much power over what programming people can see.

Underscoring their point, advocates say that while the number of national television channels has increased greatly, ownership of those outlets has not.

For instance, in North Jersey, nearly 70 percent of the 75 basic service channels on Comcast are at least partly held by seven companies: Comcast, Viacom, AOL Time Warner, Disney, General Electric, the News Corporation and Liberty Media. According to an F.C.C. study, a significant number of the nearly 300 national television programming networks are owned by just 14 companies.

"This is a very narrow definition of diversity," said Jeff Chester, executive director of the Center for Digital Democracy, a group that supports greater media regulation. "Just because there are five home shopping networks, four fix-em-up channels and five talking head news channels doesn't mean there's real diversity or competition."

He and other advocates said that a further easing of ownership rules could lead to a greater homogenization of television and radio. Worse, they said, it could give media companies too much political control in their given markets.

Proponents of media deregulation say this sort of analysis ignores economics. Good media executives, they say, know that people will pay well over $50 per month for 200 channels only if they are offered a compelling array of choices.

"Common ownership can lead to more diversity," Mr. Powell said. "What does the owner get for having duplicative products? I don't know why you'd want to have two newspapers that say the same thing. I would say, `Let's make one Democratic, let's make one Republican."'

And, he said, large corporations are often better positioned to start and sustain various media outlets than are smaller companies.

For instance, regulators allowed the News Corporation, headed by Rupert Murdoch, to buy The New York Post in 1993, despite its ownership of New York's Channel 5, because the newspaper, owned by the developer Peter Kalikow, was only a breath away from death. That saved a local voice in New York that would have been lost.

And consumer demand has, in fact, pushed cable companies to start their own local news and public affairs channels, adding to diversity. For instance, it was Time Warner that gave New York City something the city lacked a 24-hour local news station, New York 1, that does not adhere slavishly to the if-it-bleeds-it-leads format of local news. New York 1 has reporters covering each of the five boroughs, and areas like transportation and schools. In the Philadelphia area, Comcast has CN8, which covers high school sports as well as local news issues.

Each company started these networks in part to gain an edge on rapidly growing satellite television systems, which struggled just to get capacity to carry existing, local channels in all of their markets.

EchoStar, meanwhile, has found that there is money in offering immigrant communities programming from their home countries with Russian-, Arab-, Chinese-, South Asian- and Greek-language packages.

Public interest advocates said all this misses the most important points. They question how many people really use the Internet as a major news source.

According to an F.C.C.-commissioned study, the average television viewer watches more than 2.5 hours of news a week. Mark Cooper, director of research for the Consumer Federation of America, says studies show that people use the Internet for news about one-fifth as much. Advocates acknowledged that Internet use will surely rise. They said their real fear was that the major cable companies, if left to their own devices, would use their broadband Internet services to limit choice and guide users to Web sites in which they have interests.

And, they said, while those large media conglomerates' new local news outlets may be good for day-to-day coverage, they may prove less useful in investigating any nefarious behavior by their parent companies and their political patrons.

"The issue," said Mr. Kimmelman of the Consumers Union, "is whether at any critical time when it's important to get updated news local or national is there an ability to distort or present one point of view more prominently than another?"

Still, Mr. Kimmelman said, "This is not to say something horrible happens day in and day out. If it even happens once it wasn't worth the risk of distorting democracy by letting somebody own too much of the media."

Mr. Powell said he is fully cognizant of these fears, and that he is not completely "cold to them."

But, he said, "I don't know that if because you can articulate the anxiety it is a compelling case for having massive structural regulation of the industry."
******************************
New York Times
December 2, 2002
Black Market for Software Is Sidestepping Export Controls
By JOHN SCHWARTZ

Digital piracy, often thought of as the illicit trade in music, office software and games, has moved into more dangerous territory.

A black market has emerged for scientific and engineering software powerful enough to fall under United States export restrictions. Such software can be used in a wide range of tasks like designing rockets or nuclear reactors or predicting the path of a cloud of anthrax spores.

Intellectual property "isn't just Napster," and it "isn't just copying Madonna's songs," one Justice Department official said, adding, "It's the software that allows you to model the fuel flow in a fighter jet."

Much of the specialized software cannot be exported legally to "pariah" nations like Libya, North Korea or Iraq. Yet Steve M. Legensky, the founder and general manager of Intelligent Light, an engineering software company in Lyndhurst, N.J., has found bootleg copies of his company's software, which is bound by the export controls, being offered on the Internet alongside sophisticated engineering wares from 120 other companies. Many of those companies are also subject to more stringent rules against exporting their technology to a broader list of countries deemed a military risk by the United States government.

The illicit copies of the software from Intelligent Light, which in licensed versions typically sells for $12,000, was being sold by Chinese entrepreneurs for $200. The posted advertisement for the wares promised that a "step-by-step install guide and crack file make it easy to install and use!" Which means that anyone with a modem and a little cash can evade the export control rules, even those that apply to prohibited countries.

"All they need to do is get a wire transfer, and they can get the software over the Internet," Mr. Legensky said.

Jeanne L. Mara, the company's president and chief executive, said, "It stinks that people can get it for nothing but it absolutely stinks that these guys can get it for nothing."

But when companies want to take action against a breach of the export controls, they often find themselves frustrated whether because the United States government is reluctant to crack down on emerging trade allies like China or because software piracy over the Internet is almost impossible to stop, even when there are attempts to do so.

Ms. Mara said that she had made the rounds in the Commerce, Justice, State Departments and the Small Business Administration. For her troubles, she said, she got many sighs and apologies from officials who seemed averse to addressing the delicate politics and economics of United States-China relations.

Black-market sales and violations of copyright are not new, and China has long been notoriously lax in its protection of international copyright. The Business Software Alliance, an industry lobbying group with a vigorous anti-piracy program, estimates that 92 percent of the business software used in China is pirated.

Robert M. Kruger, the group's vice president for enforcement, said that despite small declines in the rate of piracy, the dollar amount was growing as the nation developed. "The bottom line is, we have still a tremendous amount of work to do to make China a safer place for intellectual property, and software in particular," he said.

Though the case against piracy is passionately argued by paid advocates for the music and film industries and Silicon Valley, the Business Software Alliance's own surveys show that most consumers find it hard to summon outrage. They see the fight as a way to ensure that Bill Gates and Britney Spears get every penny coming to them.

Not all concerns about software piracy, however, are about ensuring that the rich become richer. When software like Visual Light shows up on the wrong desktop, issues of national security come into play, said Tom Kurke, the vice president for business development and global alliances for Bentley Systems, which helps companies collaborate on and manage projects in architecture, engineering and construction. "Piracy is bad enough, but piracy in these blacklisted countries is three times worse," he said.

His company, which is a member of the Business Software Alliance, has also found black market sites that sell its product, which can be exported only under restrictions like those that govern Intelligent Light. "We're absolutely concerned from the revenue side of the pirating of our intellectual property the stealing of software," he said. "But there is a legitimate concern for these technologies being used in countries where you wouldn't want these used."

William A. Reinsch, president of the National Foreign Trade Council in Washington, said, "If you're talking about bad guys and Iraq is a classic example you don't want to give them the ability to get out of the stone age if you can avoid it."

In Ms. Mara's case, "as soon as the word `Chinese' came up, everybody ran in the other direction," she said. At least at the Justice Department, she said, the officials and agents recognized the threat her software posed if it reached the wrong people.

Scott S. Christie, an assistant United States attorney in Newark, said that Ms. Mara was presenting a bedeviling problem: trying to enforce United States copyright and export rules in other countries. "We scratched our heads and gave a lot of thought as to exactly what we could do, given the realities," he said.

And that's where it stands, he said. "We're still trying to resolve in our minds what the best approach is going to be," he added. "Unfortunately, it's an issue of sovereignty and diplomacy, which is sort of outside of my realm and what I do."

It is a common refrain. At the Defense Department, a spokeswoman said that the Defense Security Cooperation Agency, which monitors weapons sales and exports, did not watch individual software packages closely. "The software that we're interested in," she said, "is either embedded code or firmware" that is, the software that is built into chips as part of a completed weapon system.

The United States has made progress in recent years in setting up agreements with China to address law enforcement issues, Justice Department officials said. "The Department of Justice will review any matter, and consider taking appropriate prosecutorial measures" to combat software piracy, said John G. Malcolm, deputy assistant attorney general in the criminal division.

But in practice, mounting an international investigation is daunting, and reserved for such prominent cases as the inquiry into accusations of of illegal fund-raising by Democrats by Chinese donors during the 1996 presidential campaign.

The biggest problem with policing software exports, current and past officials say, is the ephemeral nature of the wares: with the Internet, software can slip past national barriers with the simple click of a mouse. When experts like Mr. Reinsch talk of trying to restrict the movement of software, they tend toward metaphors of genies and bottles, bubbles under wallpaper and putting toothpaste back in tubes. "This drove me crazy as an export official," said Mr. Reinsch, who led the Bureau of Export Administration in the Clinton administration. "How do you enforce this?"

Mr. Reinsch and the federal government learned the hard way in the 1990's, when the Clinton administration tried to limit the export of strong encryption software. The nation's high-technology industries argued that the policy only hurt American businesses and honest buyers because the technology could be developed anywhere and could be distributed illicitly via modem. Ultimately, the White House relented and softened export restrictions.

The idea of restraining other software is similarly quixotic, said Stewart A. Baker, a former general counsel of the National Security Agency and a prominent Clinton administration voice opposing the spread of strong encryption technology internationally. "In the crypto area, you had no real support from industry, and they were delighted to see it escape" to other countries, he said. "But here with the best will in the world, you see it's escaped."

To his mind, Mr. Baker said, Intelligent Light's problems are part of a broader trend of mistakenly looking at national security issues as problems for law enforcement. "O.K., you can't prosecute 'em," he said. "Well, duh." Instead, he said half-jokingly, the government could be exploring alternatives. "Surely, this is the case where you ought to call a government-funded hacker and say, `Screw it up!' " and make it more difficult for the black-market entrepreneurs to conduct their business.

Another expert in technology and the difficulties of export, however, said he was not worried about the wanderings of high-end engineering software. "If I had my druthers, it would not go to Iraq," said James A. Lewis, a senior fellow and director of the technology program at the Center for Strategic and International Studies in Washington.

But software alone is not enough to do great harm, he said, adding that with programs like those used to create nuclear weapons, it is also crucial to have the data generated by past bomb tests. "It's the data sets, at the end of the day, that make a difference," Mr. Lewis said.

He joked that the software companies could do better to enlist some real muscle. "Maybe they can get the M.P.A.A. to chase after these guys," he said, referring to the Motion Picture Association of America.

Ms. Mara and Mr. Legensky are not laughing, however. They say they used to receive the occasional handwritten letter with postmarks and stamps from Iraq bearing Saddam Hussein's picture. "We have heard of your beautiful software," the letters would typically say. "We would like to buy it."

Since the software became part of the illicit Internet bazaar, Ms. Mara said, the stream of exotic postmarks has tapered off.
******************************
New York Times
December 2, 2002
Russia Battles Video Piracy; But the Pirates Shoot Back
By SABRINA TAVERNISE

M OSCOW, Dec. 1 It was a Sunday evening and Konstantin V. Zemchenkov was leaving work to celebrate his birthday. As the chief of a task force fighting illegal video and DVD production, he had spent the day preparing for a raid on a Moscow-based piracy operation.

But several blocks from his office, along a route Mr. Zemchenkov took every day to get home, an unidentified gunman fired seven shots at the car. One blew out the right front tire. Another lodged in the metal under the hubcap.

Mr. Zemchenkov, 47, survived unharmed, but prosecutors are calling it attempted murder and have begun an investigation. Mr. Zemchenkov suspects the answers lie in his raid on a warehouse containing pirated DVD's on Nov. 14, and the strike at the producers themselves, which went ahead on Nov. 25.

"My driver shouted at me to get down," said Mr. Zemchenkov, director of the Russian Anti-Piracy Organization, whose low-profile headquarters is a safelike cavern with thick metal bulletproof doors and rooms made smaller by stacks of confiscated videocassettes and DVD's. Its members include seven foreign groups, among them the Motion Picture Association of America.

It was a conspicuous beginning to a campaign by the Russian government to get tough with the hundreds of Russian producers of illegal audio and video products. Russia's Internal Affairs Ministry estimated at a briefing today that between 80 percent and 90 percent of mass-produced films on video and DVD here are produced illegally.

What is perhaps most worrisome, the police and officials said, is the growing number of local business groups that have begun producing DVD's. As many as six Russian factories are now pumping out unlicensed DVD's, the officials say. Only a quarter of the estimated two million DVD's to be sold in Russia this year were produced legally, and the Russian-made DVD's are turning up in markets in the West.

"Before it was a problem with the import of illegal DVD's, but now they are made here," said Mr. Zemchenkov. "We've found Russian-made DVD's in Brighton Beach," a heavily Russian area of New York. "Now it's a problem not just for Russia but for Europe and the U.S.," he said.

Pyotr Y. Poroikov, chief of the mass communications department at the Russian Press Ministry, said last week that Russia could "without exaggeration, be called a piracy giant."

"We can't say that today, Nov. 28, there has been a revolution in stamping out piracy," he continued. "But the process has begun."

Mr. Poroikov said controls included a new rule that required each producer of DVD's and CD's to obtain a license from the Press Ministry, which is responsible for intellectual property issues. Of 200 applications received since June, the ministry has issued 90 licenses. The other factories are now in a legal no man's land.

In early October, the Press Ministry presented the problem to the Russian cabinet. Officials argued that rampant piracy was a threat to Russia's effort to join the World Trade Organization and caused losses of millions of dollars for Russian as well as foreign actors and musicians.

Since then the authorities, as well as Mr. Zemchenkov's organization, have conducted a number of raids, including the one on a Moscow producer on Nov. 25 the day after someone shot at Mr. Zemchenkov.

He led that raid, confiscating 30,000 CD's he said had been illegally produced. Mr. Zemchenkov has not been frightened away, but in one concession to safety, he now alternates cars and his route to the office.

"Now I am always looking around myself," he said privately after the news conference today. "They offered me a bulletproof vest. But I think if someone wanted to kill me, they would."
******************************
Wired News
Lax Security: ID Theft Made Easy

The people charged last week with stealing the identities of at least 30,000 Americans weren't criminal masterminds.

They simply took advantage of sloppy security practices that allowed them easy and unrestricted access to sensitive data.

Security experts worry that the slipshod safety measures haven't been corrected, and warn that unless companies get serious about security, identity thefts will continue to rise.

Investigators in Manhattan said they have identified about 12,000 additional people whose credit reports may have fallen into criminal hands during the almost three years that the New York-based identity fraud ring was active. The scam was first detected eight months ago.

But victims and potential victims wonder why it took authorities so long to nab the criminals, whom federal prosecutors described as "brazen" and "sloppy."

Consumers suggest the credit bureaus that failed to protect their personal data from the criminals are equally at fault.

"Credit report companies act like they own the data they collected about me and can use it however they want," said Nicholas Pastore, a New York graphic designer who was a victim of identity fraud two years ago.

"I've had a hellish time fixing their screwup, and have lost a job and been turned down by a landlord due to my wrecked credit," Pastore said. "Shouldn't the credit report companies have notified me before they released my data? Shouldn't they bear the cost of fixing the problems they caused?"

"Consumer privacy and corporate accountability are the major issues here," said Harvey Jacobs, a Washington, D.C., attorney. "The credit bureaus have to reevaluate how they release information, and they have to be held financially and legally accountable if the information is misused."

Some also see a conflict of interest in the fact that credit bureaus profit from consumers' security concerns. The three major credit-reporting bureaus each sell consumer services they promote as protection against identity fraud.

For $80 a year, Experian's Credit Manager, for example, scans a subscriber's credit report daily and sends alerts of "potential fraudulent items and other critical changes" in the report. Credit bureaus Equifax and TransUnion offer similar services.

"It's kind of like an e-commerce site that stores my credit card number, and then offers me a fee-based service to protect that information," fumed Tina Bechon, a secretary in Illinois who was a victim of identity theft last year.

Bechon said she's spent about $1,000 "in registered mail, notary and phone fees," but her fraud-impaired credit report still haunts her.

"The first bit of advice you get is to put a fraud alert into your credit bureau records," Bechon said. "But once you do that, all your credit accounts are frozen for a few months, and it's insanely difficult to get new credit for a few years after."

Representatives from the three major credit card companies said they are extremely concerned about protecting consumer data, and do what they can to correct problems.

"There's no charge for a consumer to review their credit report if they feel they have been a victim of fraud," said an Experian spokeswoman.

Security experts also slammed Teledata, which employed Phillip Cummings as a help-desk worker. Cummings is charged as a principal operator in the New York fraud ring for selling Teledata client access codes to two other men, who then used the codes to obtain customer credit records.

"Companies spend a lot of time hardening their networks to protect against attacks coming from the outside, but don't do much about preventing misuse of information available to insiders," explained Kevin Mitnick, the once-notorious social engineer and co-founder of information-security company Defensive Thinking.

Mitnick advises companies to establish clear security policies that clarify who should have access to what information -- and then audit who looks at what.

Mitnick was also amazed by reports that Teledata did not cut off Cummings' access to its network after he left the company.

Federal prosecutors said Cummings' employee password allowed him into the Teledata system for almost two years after he stopped working there. Cummings also managed to copy and install Teledata's proprietary software on his own laptop.

Mitnick said that as of six months ago there were several easily exploitable loopholes in credit bureau systems that allowed the malicious or curious to obtain copies of others' credit reports.

"During a radio show I did last year, I watched someone order a credit check on me without having to enter my Social Security or credit card number," Mitnick said. "The 'security' of the credit bureau system was very easily bypassed. Companies need to stop taking security shortcuts."
*****************************


Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx