Clips March 17, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips March 17, 2003

ARTICLES

Privacy Advocates Increase Efforts to Restrict Banks' Data Sharing
Privacy advocate warns of microchip invasion [Privacy]
Student Charged With Hacking at U-Texas 
Hackers evolve from pranksters into profiteers
Password-stealing e-mails spread
Callahan moving to Homeland
Patent Donations Are Criticized
Telecom advisory group wraps up work on best security practices 
DOD, vendors to test secure access
U.S.-South Korean war games go high-tech
Soldiers Rely on Help Desk, Techs When Gear Fails
Political Targets With Moving Parts
EBay to Make Changes on Racial Slurs
Senators call for CAPPS oversight
Bill calls for open source look
E-mail can spell trouble for unprepared government agencies 
Homeland officials expect to meet immigration deadlines 
IT systems at U.S. borders found lacking
Md. launches 24-hour online librarian service
In Broadband, Comcast Lets Users Find Their Own Flourishes
Anti-Spam Group to Meet in San Francisco
Online file-sharing networks bring porn into workplaces

*******************************
New York Times
March 17, 2003
Privacy Advocates Increase Efforts to Restrict Banks' Data Sharing
By ADAM CLYMER

SACRAMENTO, March 16  Privacy advocates are stepping up an effort to require California's banks and other financial institutions  either through legislation or a referendum  to get consumers' permission before sharing or selling their financial data.

For the past two years the financial industry has succeeded in killing a privacy measure in the State Assembly. On March 3, the State Senate again passed the bill and sent it to the Assembly. But now, with public opinion surveys showing high levels of support for financial privacy, the industry is considering a compromise. 

The bill would require financial institutions to get customers' permission before providing data to other companies and would halt distribution of that data to their affiliates if customers asked them to do so.

"I am very optimistic that at the end of the day there will be such a measure," Herb J. Wesson Jr., a Los Angeles Democrat and the Assembly speaker, said this weekend. Mr. Wesson said that "moderate Democrats," whose votes have blocked the measure before, and businesses that oppose the bill were becoming more flexible.

But if the bill fails again, banking interests will probably have to fight an even stronger measure on the ballot next March. 

"Everybody views California as a battleground," said Chris Larsen, the chief executive of E-Loan, an Internet lending company, and the ballot measure's main backer. "California is such a big market that it would be a tipping point. It would provide a strong national example."

The developments in California are a preview of a major struggle this year in Congress, where financial institutions contend that states should not have the flexibility, provided in the Gramm-Leach-Bliley Act of 1999, to impose privacy requirements that are more stringent than required by federal law. The major thrust of that measure was to tear down the legal walls that separated banks and stockbrokers.

The popularity of bank privacy measures was shown last year in North Dakota, where privacy advocates won 72 percent of the vote in a referendum even though banking interests had overwhelmingly outspent them. 

But while the banking industry nationally was not too concerned about North Dakota, California is a different matter, with 12 percent of the nation's population and above-average household income. Its financial services industry, according to consumer advocates, has annual revenues of $32 billion from direct mail, telemarketing and e-mail advertising, all of which might be curtailed under the legislation. Critics of the Senate bill here include Citicorp, Bank of America, JP Morgan Chase, MBNA, Capital One, Wells Fargo, Aegon Insurance and State Farm Insurance.

State Senator Jackie Speier, a Democrat from the San Francisco area and the lead sponsor of the bill, said a strong measure might finally be passed this year, in large part because banks were facing the threat of voters enacting an even tougher law next year if the Legislature failed to act.

Fred Main, senior vice president of the state chamber of commerce and spokesman for the opponents of the privacy measures, said he hoped to see a "reasonable, workable compromise" in the Legislature. The opponents have begun a newspaper advertising campaign saying the Speier bill would "impose millions of dollars in added costs with no significant benefits to consumers."

Under the Speier bill, if a customer does not answer a request for permission to share information with outside companies, the data cannot be shared. Mr. Main said such a provision would be acceptable if it were confined to curbing the use of data for marketing. 

The bill would also allow customers to prevent data sharing among companies that are affiliates or subsidiaries. In such cases, if the customer did not act, the sharing could proceed. Ms. Speier added that provision last year to meet an objection by Gov. Gray Davis, who has not publicly supported her measure.

But Mr. Main said that giving customers the opportunity to prevent information sharing would interfere with business practices that customers welcome. 

The voters' initiative, which will be on the March 2004 primary ballot if sponsors collect 373,816 signatures, would go further. It would bar sharing among affiliates and subsidiaries unless customers gave permission first. And if customers ignored the request, the sharing would be illegal.

"The initiative is significantly worse" than the Speier bill, Mr. Main said.

But Mr. Larsen, its prime sponsor, disagreed. "Privacy has always been part of the California character," he said, adding that the state has several dozen privacy laws.

Mr. Larsen gave the effort $1 million, which he said should be enough to collect the signatures needed to get on the ballot, although more money would be needed later for advertising.

E-Loan provides money for mortgages and home-equity and automobile loans. The company's business would be helped, Mr. Larsen said, if consumers were less afraid of invasion of privacy and identity theft. He said he doubted the Assembly would pass the Speier bill, so the initiative was needed as insurance.

Assemblywoman Hannah-Beth Jackson, Democrat of Santa Barbara and a leading backer of the measure, said it had a strong chance of passing this time. She said the Assembly had become slightly more consumer-oriented since last fall's election and predicted that the financial services industry would "come on board or else the initiative will become law."
*******************************
Boston Globe
Privacy advocate warns of microchip invasion 
Promise, peril seen in advent of ID microchips

By Hiawatha Bray, Globe Staff, 3/17/2003 

Katherine Albrecht has a thing about privacy. That's why the Nashua resident hasn't used a credit card in over two years and only shops at Internet retailers who accept money orders. 

''There's got to be some degree of private life,'' Albrecht says. She wants to live her life without having her every action filed in a corporate database. Indeed, Albrecht has founded a privacy lobbying group called CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering). 

CASPIAN has directed most of its fire at supermarket discount cards, which allow retailers to collect data on your buying habits. Now it's taking aim at a new target -- much smaller than a discount card, and in Albrecht's view, a lot more dangerous. 

The Italian clothing firm Benetton last week said it would begin inserting tiny radio frequency identification chips, or RFIDs, into some of its clothing products. These chips will let the company track a particular sweater or skirt from the factory floor to the shelf of the store. Boston's own Gillette Co. is doing the same with personal grooming items such as Mach 3 Turbo razors. The company recently signed a contract for a half-billion RFID chips, to be provided by the delightfully named Alien Technology Corp. of California. 

The RFID concept, developed in large part at the Auto-ID Center at the Massachusetts Institute of Technology, is seductive in its cleverness. You take a microchip the size of a pinhead and attach an antenna. Embedded on the chip is a product identification number that's drawn from a vast pool of 96-bit numbers. 

Internet addresses are 32 bits long. There are a total of 4.2 billion such addresses, tops. Moving up to 96 bits gives you a lot more numbers to play with, so many that you can assign a unique code to every single manufactured product -- not just an ID code for each car, but a code for each nut and bolt. 

The chips sell for less than a dime, partly because they don't contain batteries. Instead, you pass a chip within a few feet of a reader, which broadcasts radio waves. This feeble stream of energy provides enough juice for the chip to wake up and radio back. So RFID chips only go on the air when they're near a reader; even then they must be within a few feet in order to work. 

Albrecht fears that readers will be installed everywhere and connected to databases filled with personal information. Imagine a video screen on a grocery cart, beaming customized ads at you, because it recognized the RFID chip in your shoe. 

Albrecht even worries that retailers will persuade consumers to install RFID readers in their homes, in exchange for price discounts. Then they'll be able to track your consumption patterns down to the last bottle of milk. Says Albrecht, ''You've essentially created a world in which there is no privacy.'' 

But Gillette spokesman Paul Fox says his company has no interest in following people home. The real reason for RFID, he says, is that misplaced and stolen inventory costs American companies $70 billion a year. 

With RFID, companies can know exactly where every item is stored. When fresh merchandise arrives, the warehouse's RFID reader will automatically detect it and log it in. Same thing at the retail store. Gillette is even working on a ''smart shelf'' that will be tested at a Wal-Mart store in Brockton later this year. Every time somebody carries off a razor, the store's computer deducts it from inventory. If somebody picks up 10, he's probably a shoplifter. So the shelf instructs the store's video system to take a picture of the guy and warns store security. 

Fox insists this is all Gillette has in mind. ''We have no interest in collecting data beyond the shelf,'' he says. 

But Albrecht figures RFID is bound to be abused unless it's regulated. She favors legislation requiring that consumers be notified when a product contains an RFID tag. The idea also appears in an RFID Bill of Rights suggested by MIT graduate student Simson Garfinkel. He thinks consumers should also have the right to know any time a device reads data from the tag and a right to have tags permanently switched off. But Garfinkel wants voluntary compliance, not a law. 

In any case, consumers will have to ask to have each item's chip turned off, every time they go shopping. 

Kevin Ashton, executive director of the Auto-ID Center, would rather you left them on, however. Say you want to return a defective product. Who needs a receipt? Just scan the chip. If a maker of infant car seats issues a recall, you could scan the chip to learn if your kid's seat is among the defective ones. 

Still, the retailers and manufacturers are the real beneficiaries of these chips. And there's nothing wrong with that. But what about the rest of us? RFID chips could soon be in our groceries, our medicines, and our clothes. Will we know the chips are there? Will we know how to turn them off? Will we know who's scanning them, and what they're doing with the information? 

Even those who lack Albrecht's fervent love of privacy would be well advised to start asking these questions. Now. 


Hiawatha Bray can be reached at bray@xxxxxxxxxx 
*******************************
Washington Post
Student Charged With Hacking at U-Texas 
Social Security Numbers Stolen 

By Karin Brulliard
Special to The Washington Post
Saturday, March 15, 2003; Page A02 


AUSTIN, March 14 -- Federal prosecutors today charged a University of Texas student with breaking into a school database and stealing more than 55,000 student, faculty and staff names and Social Security numbers in one of the nation's biggest cases of data theft involving a university.

Christopher Andrew Phillips, 20, a junior who studies natural sciences, turned himself in at the U.S. Secret Service office in Austin. He was charged with unauthorized access to a protected computer and using false identification with intent to commit a federal offense.

Authorities had announced the cyber-theft last week. It sent shock waves through the campus of the nation's largest university, prompting students and staff to consider replacing credit cards and freezing bank accounts. There is no evidence that Phillips disseminated or used the information, officials said.

Phillips was released without bail and will have "limited access to computers," Johnny Sutton, U.S. attorney for western Texas, said at a news conference. "The main message today is that these cases will be taken seriously, these cases will be prosecuted, and this case will be prosecuted vigorously." 

If convicted, Phillips faces as many as five years in prison and a $500,000 fine, Sutton said.

After searching Phillips's Austin and Houston residences, Secret Service agents recovered the names and Social Security numbers on a computer in his Austin home, Sutton said. According to the indictment, Phillips wrote and executed a computer program in early March that enabled him to break into the university database that tracks staff attendance at training programs.

"This is a wake-up call to all institutions that use the U.S. Social Security number as their customer ID number," said Dan Updegrove, the university's vice president for information technology. "It's something that all of us have to undo."

The university began in late 2001 to limit its dependence on Social Security numbers as database identifiers, Updegrove said. Within two years, the university will use an electronic identification number that can be matched only to Social Security numbers in a hidden database, he said.

The data theft is probably the biggest ever at a university, said Jay Rosen, director of consumer and victim services at the Identity Theft Resource Center, a nonprofit group in San Diego.

"It's a massive undertaking as to what [the hacker] did," he said, noting that identity theft is a growing problem nationwide. "All I need to steal your identity is your name and your Social Security number."
*******************************
Washington Post
Student Charged With Hacking at U-Texas 
Social Security Numbers Stolen 
By Karin Brulliard
Saturday, March 15, 2003; Page A02 

AUSTIN, March 14 -- Federal prosecutors today charged a University of Texas student with breaking into a school database and stealing more than 55,000 student, faculty and staff names and Social Security numbers in one of the nation's biggest cases of data theft involving a university.

Christopher Andrew Phillips, 20, a junior who studies natural sciences, turned himself in at the U.S. Secret Service office in Austin. He was charged with unauthorized access to a protected computer and using false identification with intent to commit a federal offense.

Authorities had announced the cyber-theft last week. It sent shock waves through the campus of the nation's largest university, prompting students and staff to consider replacing credit cards and freezing bank accounts. There is no evidence that Phillips disseminated or used the information, officials said.

Phillips was released without bail and will have "limited access to computers," Johnny Sutton, U.S. attorney for western Texas, said at a news conference. "The main message today is that these cases will be taken seriously, these cases will be prosecuted, and this case will be prosecuted vigorously." 

If convicted, Phillips faces as many as five years in prison and a $500,000 fine, Sutton said.

After searching Phillips's Austin and Houston residences, Secret Service agents recovered the names and Social Security numbers on a computer in his Austin home, Sutton said. According to the indictment, Phillips wrote and executed a computer program in early March that enabled him to break into the university database that tracks staff attendance at training programs.

"This is a wake-up call to all institutions that use the U.S. Social Security number as their customer ID number," said Dan Updegrove, the university's vice president for information technology. "It's something that all of us have to undo."

The university began in late 2001 to limit its dependence on Social Security numbers as database identifiers, Updegrove said. Within two years, the university will use an electronic identification number that can be matched only to Social Security numbers in a hidden database, he said.

The data theft is probably the biggest ever at a university, said Jay Rosen, director of consumer and victim services at the Identity Theft Resource Center, a nonprofit group in San Diego.

"It's a massive undertaking as to what [the hacker] did," he said, noting that identity theft is a growing problem nationwide. "All I need to steal your identity is your name and your Social Security number." 
*******************************
USA Today
3/16/2003
Hackers evolve from pranksters into profiteers
By Jon Swartz USA TODAY

SAN FRANCISCO  Computer identity theft has long been a fast-growing cybercrime. But increasingly, hackers are seeking profit rather than just fun.

Complaints of Internet-related identity theft tripled to 1,000 last year, says the Federal Trade Commission. While that still accounts for a only fraction of the 160,000 nationwide reports of identity theft, the growth is alarming as more consumers put credit card and other financial data online.

"It's the perfect crime of the information age," says Rich Stana, of the General Accounting Office. "The Internet gives identity thieves multiple opportunities to steal personal identifiers and gain access to financial data."

The biggest break-ins came last month, when computer intruders accessed more than 10 million Visa, MasterCard and American Express credit card account numbers from the computer system of a third-party payment company. No theft occurred.

Also last month, a computer-science student allegedly hacked a University of Texas database and swiped the Social Security numbers of more than 55,000 students, employees and former students, county prosecutors said. Authorities last week charged Christopher Andrew Phillips, 20, with unlawful access to a protected computer and unlawful use of a means of identification. Phillips told officials he had no intention of using the information to harm anyone, according to court papers.

But in two other high-profile cases, hackers did use the information to access funds:

Tokyo police arrested two men for allegedly determining the passwords five people used to access their bank accounts online and transferring $141,000 from those accounts to another bank. One of the men, using an alias, withdrew $136,000, police said. 
The two men, an unemployed computer software developer and a businessman, allegedly got the passwords by using software to determine what keystrokes a previous PC user used. They allegedly snooped on about 100 computers at 13 Tokyo-area cybercafes last year. The software was downloaded from the Internet.

Thomas Pae, 20, the ringleader of an international computer hacking and Internet fraud scheme, admitted to authorities he purchased credit card numbers from hackers on the Internet and used them to purchase $324,061 in computer equipment from Ingram Micro, Amazon.com and others. Last month, Pae was sentenced to 33 months in prison. 
Such ID thefts have prompted financial institutions to fortify their computer systems with millions of dollars in security software and shore up computer security among employees, security experts say.

The Justice Department, meanwhile, is encouraging banks that are victims of computer crimes to be more forthcoming with details to aid authorities in the arrest and prosecution of hackers.

Many banks are still hesitant to report break-ins, fearing they'll scare away customers, says consumer advocate Edmund Mierzwinski. A California law, beginning July 1, would require companies to notify customers of computer breaches.

At the same time, though, hackers are getting more elusive, security experts say. They scour Internet cafes, libraries and other publicly available PCs to steal personal data. Not only can hackers scope out potential victims, but the virtual form of hit-and-run makes it harder for police to locate hackers.

So-called spoofers send e-mail to victims with links to fake commercial Web sites, posing as Internet auctions and credit card issuers, to lure consumers into providing personal information. Earlier this month, users of eBay's online-payment service received fraudulent e-mails posing as legitimate PayPal alerts. They asked for bank and credit card details.

To prevent ID theft, security experts are bracing for an expensive fight. Internet identify theft, on average, costs victims about $800 and 175 hours to rectify, says consumer advocate group Privacy Rights Clearinghouse.

"Hackers are usually motivated by ego and human curiosity," says Steven Chang, chairman of anti-virus software maker Trend Micro. "The scary part is when the motive turns from gaining knowledge to stealing."
*******************************
MSNBC
Password-stealing e-mails spread

March 13   Beware any e-mail, however professional in tone, that asks for personal account information. Internet users continue to be flooded with legitimate-looking e-mails that ask recipients to enter account numbers, passwords, and other data. A new con aimed at Discover Card holders is just the latest in a long line of scam e-mails sent by con artists trying to hijack accounts at AOL, PayPal, eBay and other online firms. 
 
    A FLURRY OF e-mails sent Wednesday purported to be from Discover Financial Services. The messages told recipients that their accounts were on hold and they needed to log in with their account number and mother?s maiden name to reactivate them.
       ?Due to your inactivity your account has been put On Hold,? the e-mails said, just under a Discover Card logo pulled from from Discover?s Web site. ?To remove this status you have to Log In to your account and review Discover Privacy Policy.?
       The e-mail looks real, and most of its content is pulled directly from Discover?s computers. Even a suspicious recipient who looked at the e-mails source code would see a series of links to www.novusnet.com, the company?s Web site. But replies to the e-mail, including any credit card numbers, are quietly routed to a computer with an Internet address in Russia.
       Discover spokesperson Beth Metzler said customers started complaining about the realistic-looking e-mails late Wednesday night. She wouldn?t say how many complaints the firm received, indicating only that the issue impacted ?a limited number of customers.? The e-mails were sent to random addresses, she said, so both account holders and non-account holders received them.
       ?We do not conduct business this way, and would never request that kind of information over e-mail,? Metzler said. ?We?re taking appropriate actions to make sure consumers do not respond to these types of e-mails.?
       She didn?t know how many customers, if any, might have fallen for the scam.
       But it was convincing fake, said Cheryl Faye Schwartz, who received the e-mail Wednesday night.
       ?The e-mail that I received looked as if it came from Discover. However, I became suspicious because I use my card often and I know my account is active,? she said.
     The use of such password-stealing e-mails appears to be on the rise. Rosalinda Baldwin, a consumer advocate at TheAuctionGuild.com, said she saw a sharp uptick in attempts to steal eBay accounts during the holiday season. 
       ?The number of PayPal and eBay scam e-mails to steal information are increasing by astounding rates,? she said. ?Folks posting on the boards report getting eight to 10 a day.?
       Just last week, Earthlink said some of its subscribers received e-mails telling them to resubmit their personal information or face account termination, due to a ?recent system flush.? Users were sent to a Web site named El-network.net, which has since been shut down.
       Last month, a set of e-mails sent to eBay users asked customers for personal information, but when recipients clicked on the link supplied they were taken to a computer hosted at the University of North Carolina in Charlotte.
       One computer hacker, who claims to have sent out such e-mails in the past, told MSNBC.com that response rates are 1 or 2 per 100 e-mails. 
       
COMPANIES QUICKER TO REACT
       Companies are scrambling to react to the problem. In late February, scam artists targeted Register.com, a domain registration service. The company responded quickly, putting a ?customer warning? prominently atop its home page on Feb. 20. The notice is still there.
?You may have received an email that appears to come from Register.com that sends you to Renewal-Center.com to renew your domain name,? the notice says. Please be aware that Renewal-Center.com is NOT affiliated with Register.com ... Renewal-Center.com is trying to fraudulently obtain your credit card information.?
       Register.com spokesperson Lisette Zarnowski said she had no idea how many customers might have fallen for that scam. Renewal-Center.com is no longer in operation.
       She said that placing a warning on the home page was the best way to alert customers about the scam.
      ?We felt it was important to warn customers,? she said. ?We are a customer service business and want to give our customers the most upfront information we have. We don?t want them to be duped.?
*******************************
Federal Computer Week
Callahan moving to Homeland
BY Judi Hasson 
March 15, 2003

The chief information officer at the Homeland Security Department, is quickly putting together his team. The latest addition is the Labor Department's deputy chief information officer, Laura Callahan, who will join the new department April 1.

Callahan will be the senior director of an office that will be in charge of management, policy and enterprise initiatives such as disaster management and Project SafeCom, a communications network linking first responders, Homeland Security Department CIO Steve Cooper told Federal Computer Week.

"We're moving as fast as we can," Cooper said.

Callahan is the latest in a series of information technology executives to join the new department's CIO shop. Others include Scott Hastings, who was the CIO at the Immigration and Naturalization Service, and Woody Hall, who was the CIO at the Customs Service. Both of those agencies have been folded into the department, and the Hastings and Hall will have similar responsibilities in the new department.

Ron Miller, who had been the CIO at the Federal Emergency Management Agency and had been on detail to the Homeland Security Department, is moving to the Small Business Administration, where he will be taking a newly created job handling policy and the "transformational lead."

Cooper told the Northern Virginia Technology Council last week that he would also like to tap Nathaniel Heiner, the chief knowledge officer at the Coast Guard, who has been detailed to the new department for 90 days. But he has not yet persuaded the Coast Guard to let him go.
*******************************
Mercury News
U.S.-South Korean war games go high-tech

SEOUL, South Korea (AP) - A ``war'' was being waged Sunday across the divided Korean Peninsula with communist fighters bombing U.S. troops, submarines torpedoing ships and tanks shelling enemy bunkers.

But casualties weren't filling field hospitals. This battle was happening in cyberspace, the backbone of massive maneuvers being staged here by U.S. and South Korean forces to practice repelling any North Korean invasion.

The United States already has deployed an intimidating array of weaponry for the war games, including the aircraft carrier USS Carl Vinson and a wing of radar-evading stealth fighters, which is here for the first time in a decade.

But underpinning the monthlong drills is the Korean Battle Simulation Center in Seoul, where soldiers role-playing U.S. and North Korean forces square off over keyboards 24 hours a day, plotting each other's destruction.

``This is not a video game,'' said Jude Shea, the retired U.S. Army Lt. Col. who is running the exercises.

The simulation center is in a high-security building filled with rows of computers, dangling wires and huge wall-mounted monitors charting everything from body counts to weather developments.

``Ground is being taken or lost, casualties are being assessed,'' Shea said. ``Equipment is being damaged and destroyed, enemy and friendly aircraft are engaging each other... there are ships that are steaming.''

The United States, which bases 37,000 troops in South Korea, says the annual maneuvers are not related to heightened tensions over North Korea's suspected nuclear weapons programs.

But they come at a sensitive time and North Korea objects to the U.S. military maneuvers, calling them a rehearsal for invasion.

Pyongyang's official Rodong Sinmun newspaper reported Sunday that U.S. military moves against the North Korea were ``in full swing'' and called them ``a dangerous military racket to ignite the second Korean war.''

South Korea wants the two adversaries to use both direct and multilateral approaches to end the dispute peacefully.

Shea said the current war games were planned nine months ago, before tensions in the region started rising in October when U.S. officials said North Korea admitted having a secret nuclear weapons program.

Washington and allies suspended fuel shipments; Pyongyang retaliated by expelling U.N. monitors, withdrawing from the Nuclear Nonproliferation Treaty and restarting a nuclear reactor mothballed for years under U.N. seal.

Shea refused to divulge specific battle scenarios but said they are being used to train 14,000 soldiers.

Another 1,000 computer operators at five nerve centers, including one in Virginia and another in Hawaii, are creating the war conditions that keep U.S. and South Korean troops drilling in the field.

About 90 percent of the maneuvers are conducted in cyberspace, with field commanders punching in their countermeasures to enemy attacks. Others are full-blown exercises, such as next week's amphibious beach assault by U.S. and South Korean Marines backed by the carrier Vinson.

Soldiers playing the North Koreans read about the North's military strategy and comb spy reports.

``Anything we think North Korea would do, we do,'' said U.S. Army 2nd Lt. James McMillian, who plays his communist counterpart in the computer games.

The computer-assisted war games end April 2.

But no matter how lifelike they become, Shea admits they can't duplicate one of war's grimmest realities.

``The concern about being killed or maimed,'' he said. ``I don't think we will ever achieve that.''

The Koreas were divided in 1945, and their border remains tightly sealed.
*******************************
Associated Press
EBay to Make Changes on Racial Slurs 
Fri Mar 14, 3:15 PM ET

By DEBORAH KONG, AP Minority Issues Writer 

Following complaints from activists, Internet auction giant eBay said Friday it will caution sellers against describing items using a racial slur. 

   

When a seller uses the n-word in an item description, a new box will automatically pop up on the computer screen. It will tell the seller that the listing contains a word which may be "highly offensive to many in the eBay community" and could violate the company's policy against racially offensive items. 


"It's a small victory, but it also sends a good message that corporations have to be sensitive to communities of color," said Earl Ofari Hutchinson, president of the National Alliance for Positive Action, a racial and social justice group that worked with eBay to bring about the changes. 


eBay spokesman Kevin Pursglove said the change, made at the suggestion of Hutchinson's Inglewood, Calif.-based group, will likely go into effect by the end of April. 


The company's listing policies are "constantly evolving," Pursglove said. "A great majority of the guidelines and policies that we have in place now come from users. This is another good idea that came from users." 


The new pop-up window will also recognize that, in some cases, the use of the slur is necessary to describe an item if the word appears prominently on the item itself, such as with a book, CD or movie title. 


eBay will ask sellers to "take a moment to review your listing carefully and ensure that your language shows appropriate sensitivity to potential buyers and others who might view the item." 


Hutchinson and others had said it was painful to find listings for books, prints, card games, antique glass sets, tobacco tins and other items that used a racial slur with no context, and were sometimes described as "cute" or "adorable." 


He acknowledged that such historical black memorabilia is bought by museums and private collectors, and can be used to educate people about racism in America's past. However, Hutchinson said he objected to reproductions that are sold to "make money off of racism." 


eBay says it has always removed reproductions  as opposed to "historical black Americana items"  but is now adding new language to its offensive items policy. 

The policy will now say, "occasionally, eBay users list antiques or historical pieces that now, in modern society, can be racially or ethnically offensive to some in the eBay community." 


While such historical relics can serve as "important tools for education about the past," eBay will not allow "listings of racial or ethnically inappropriate reproductions," the new policy will say, adding that "eBay, of course, does not promote or encourage racial intolerance." 


The policy will also caution sellers to avoid using the n-word unless it's necessary to describe the item. 


eBay's current policy already says the company will "judiciously disallow listings or items that promote or glorify hatred, violence, or racial intolerance, or items that promote organizations (such as the KKK, Nazis, neo-Nazis, and Aryan Nation) with such views." 


In May 2001, it began banning the sale of artifacts from Nazi Germany, the Ku Klux Klan and notorious criminals, in hopes of avoiding legal problems in other countries; in France, Germany, Austria and Italy it is illegal to sell items relating to the Third Reich.
*******************************
New York Times
March 17, 2003
Patent Donations Are Criticized
By TERESA RIORDAN

GREGORY AHARONIAN is intent on exposing what he says may turn out to be the next big tax accounting scandal: patent donations.

Mr. Aharonian, in a recent issue of his e-mail newsletter, Internet Patent News, decries what he says is the alarming trend of companies "donating bogus patents to universities and claiming big tax deductions on their federal taxes."

Though no statistics have been compiled, experts note a big upswing in patent donations to universities and other nonprofit organizations. 

In the last few years, DuPont, Lubrizol, Eastman Chemical, General Motors and other companies have given away patents whose values were estimated to total hundreds of millions of dollars. SAIC, a research and engineering company in San Diego, has donated more than 40 technology patents, which the company valued at more than $100 million, Mr. Aharonian said.

The patent that has especially raised Mr. Aharonian's ire is one donated last month by SBC Communications to the University of Texas at Austin. Valued at $7.3 million, it covers a virus-screening program.

"This patent stinks like a dead cow in the Houston shipping channel on a hot summer day," Mr. Aharonian wrote recently in his newsletter.

Known for his hyperbole and his contrarian views, Mr. Aharonian is also considered an authority on software patents, and he speaks frequently to patent lawyers around the world.

Moreover, he is not the only one scrutinizing the practice of corporate patent donations. Several weeks ago, the Internal Revenue Service issued a new set of guidelines clarifying what is allowed and what is not. More guidelines are likely to follow. "We're not done with this issue," an I.R.S. spokeswoman said.

Mr. Aharonian said the SBC patent was probably worthless because it was highly unlikely that it could be enforced. The patent never should have been granted, Mr. Aharonian said, because the company did not tell the Patent Office examiner about important "prior art"  examples of similar software invented already.

He cited pertinent conference proceedings, journals and papers from the 1980's and early 1990's that are not disclosed in the patent. Moreover, he said, a Dutch company, Tunix, already sells similar software.

SBC said it had contracted the patent appraisal to iCMG, a consulting group in Los Angeles specializing in intellectual property transactions, and a subsidiary of Acorn Technologies, a start-up financed by the software legend Peter Norton. ICMG said it could not comment, citing a nondisclosure agreement with SBC.

SBC acknowledged that no "prior art" search was conducted as part of the valuation. "Generally speaking, the assumption on these things is that the patent is accurate and valid," said Jason Hillery, a spokesman for SBC.

Gordon Smith, president of AUS Consultants, an intellectual property estimator in Moorestown, N.J., said prior-art searches were not usually included in patent appraisals.

"It's like an appraiser estimating the price of a home," he said. If this were real estate, "I would make the assumption that the title is free and clear."

But the parameters of a patent are not tangible and thus far less clear-cut than those of a house, Mr. Aharonian pointed out. Intellectual property boundaries are often sorted out only after legal wrangling. Moreover, since the spike in patent applications in the economic boom of the 1990's, the Patent Office has repeatedly been chastised for the low quality of its reviews.

University of Texas officials said they had accepted the donation because it offered research opportunities. "We are approached on a regular basis" to receive such donations, said Steven P. Nichols, a professor of mechanical engineering, "and we do not pursue it unless it benefits us."

Professor Nichols said that in January 2000, the university had accepted a donation of patents and equipment valued at $83.5 million from Shell Technology Ventures, a subsidiary of Shell Oil.

Since then, the university has licensed the technology to TerraTherm, a company that uses conductive heating and vacuums for environmental cleanup. So far, Terra- Therm, which has $7 million in annual revenues, has paid the University of Texas $335,000 in royalties.

Giving a patent worth $10 million to a nonprofit institution immediately reduces corporate taxes by $3.8 million for a company that pays 38 percent of its profits in taxes.

Mr. Aharonian said the SBC donation would come out to about $2 million in tax savings. But the balance sheet at the University of Texas puts quite a different value on the patent: $1.

"That's the value we assign all patents at the university," Professor Nichols said. "We simply don't know the value of the technology until after the fact."
*******************************
Government Computer News
03/14/03 
Telecom advisory group wraps up work on best security practices 
By William Jackson 

The Network Reliability and Interoperability Council on Friday completed work on a set of best practices to ensure the security and availability of the nation?s communications infrastructure. 

During its quarterly meeting, industry working groups chartered by the Federal Communications Commission presented 162 recommendations for steps to be taken by network operators, manufacturers and service providers to help with service restoration in the event of man-made or natural disruptions. The recommendations will be voted on by the entire council by March 28. 

In December, more than 300 practices to enhance physical and cybersecurity of networks were approved by NRIC. 

NRIC was created as an industry advisory committee in 1992, and received its most recent charter from FCC chairman Michael Powell in January 2002. NRIC VI focuses on homeland security and was charged with coming up with a set of voluntary best practices for network security and survivability. Under the current charter, NRIC for the first time includes representatives from the cable, wireless, satellite and Internet service provider industries, as well as traditional telecom companies and equipment manufacturers. 

Approval of recommendations made Friday would complete the first phase of the council?s current work. The second phase is education and outreach to encourage use of the best practices. 

Best practices approved in December for securing the physical network focus on application of new technology, access controls, personnel, design and construction methods, inventory management, auditing and surveillance, and integrating security in business planning. 

Best practices for securing the cybernetwork focus on technology, operations and administration, authentication and virtual access control, incident management, attacks from users. 

Practices recommended for adoption Friday focus on restoring service after attacks on or damage to physical or cyber links. Approved practices will be available on the NRIC Website, at www.nric.org.
*******************************
Federal Computer Week
DOD, vendors to test secure access
BY Colleen O'Hara 
March 17, 2003

The Defense Department and the vendors it works with plan to test a system later this year that would give them access to each other's employee credentials as part of an effort to bolster the security of their facilities.

The interoperability demonstration pilot project, scheduled for this fall, would test the feasibility of creating a cross-credentialing system between DOD and industry. 

As envisioned, the Defense Cross-credentialing Identification System would consist of a collection of shared government and contractor databases, but the control and management of that information would remain with the agency or company that collected it. 

A device would read the data stored on a smart identification card, such as a person's photograph and fingerprint, and validate it against information stored in the appropriate database via a Web-based interface. If it's a match, the person would be granted access to the facility.

"There is a big move to identify individuals and authenticate who they are," said Michael Mestrovich, co-chairman of the Federated Electronic Government Coalition, which is helping develop the pilot project. The problem, he said, is that even smart cards with public-key infrastructure certificates built into them "don't solve the problem of someone stealing the card or creating one."

Mestrovich said the pilot project has "applications across the board" and, once proven, could be expanded beyond the national security domain into other areas. DOD officials are considering a future pilot project that would apply the concept to network and system access.

The Defense Manpower Data Center, which manages DOD's identity databases, has developed a prototype National Visitor's System that will play a central role in the pilot project, said Rob Brandewie, deputy director of the center. The system "allows you to check the validity of DOD credentials within DOD," he said. "Cross-credentialing takes it one step further."

In addition to improving facility security, the pilot project aims to streamline business processes. "There is a big payoff in security," Brandewie said. "It also provides a shortcut way of validating or authenticating a business partner and getting them where they need to be. It complements what we've been doing?to improve identity management in DOD."

Defense employees participating in the pilot project will continue to use their Common Access Cards, which are becoming the standard DOD identification, and contractors will continue to use their company-issued ID cards, but with some modifications  for example, biometrics and "pointers" to relevant data will be added. 

SRA International Inc. is participating in the pilot project as a natural extension of its current work with the the Defense Manpower Data Center, said Danny Michael, vice president and director of joint support systems at SRA. In addition to modifying its ID card, the company will invest in hardware and software and establish a communications link with DOD databases. 

"The beauty is, with standards established, everyone is not required to adopt a single card," Michael said. "This process allows each company to maintain [its] own internal security controls. It leaves the security officers in control of granting access."

Reconciling the policies and processes between DOD and contractors is likely to be a bigger challenge than deploying the technology, said Chuck Alvord, head of business development for global information technology at Northrop Grumman Mission Systems, which is also participating in the pilot project.

"It's really [about] systems administration and getting a common lexicon" between DOD and contractors, he said. The pilot project will seek to address "how we adjudicate trust policies that exist at the DOD level and within the defense industry." Northrop Grumman is "a good example of a company that has a tremendous amount of defense work, and we're looking at a way to simplify the process."

***

Access granted 

The Defense Department and its industry partners plan to test the idea of sharing identity credentials on each other's employees to beef up building security.

Among the project's objectives:

* Develop concepts for accessing and validating employees' credentials at U.S. facilities and temporary overseas duty stations.

* Incorporate current policies, standards and processes into an automated access-control system.

* Create a pilot architecture, then develop a Defense Cross-credentialing Identification System.

* Create a system that allows organizations to retain control of their employees' information.
*******************************
Mercury News
U.S.-South Korean war games go high-tech

SEOUL, South Korea (AP) - A ``war'' was being waged Sunday across the divided Korean Peninsula with communist fighters bombing U.S. troops, submarines torpedoing ships and tanks shelling enemy bunkers.

But casualties weren't filling field hospitals. This battle was happening in cyberspace, the backbone of massive maneuvers being staged here by U.S. and South Korean forces to practice repelling any North Korean invasion.

The United States already has deployed an intimidating array of weaponry for the war games, including the aircraft carrier USS Carl Vinson and a wing of radar-evading stealth fighters, which is here for the first time in a decade.

But underpinning the monthlong drills is the Korean Battle Simulation Center in Seoul, where soldiers role-playing U.S. and North Korean forces square off over keyboards 24 hours a day, plotting each other's destruction.

``This is not a video game,'' said Jude Shea, the retired U.S. Army Lt. Col. who is running the exercises.

The simulation center is in a high-security building filled with rows of computers, dangling wires and huge wall-mounted monitors charting everything from body counts to weather developments.

``Ground is being taken or lost, casualties are being assessed,'' Shea said. ``Equipment is being damaged and destroyed, enemy and friendly aircraft are engaging each other... there are ships that are steaming.''

The United States, which bases 37,000 troops in South Korea, says the annual maneuvers are not related to heightened tensions over North Korea's suspected nuclear weapons programs.

But they come at a sensitive time and North Korea objects to the U.S. military maneuvers, calling them a rehearsal for invasion.

Pyongyang's official Rodong Sinmun newspaper reported Sunday that U.S. military moves against the North Korea were ``in full swing'' and called them ``a dangerous military racket to ignite the second Korean war.''

South Korea wants the two adversaries to use both direct and multilateral approaches to end the dispute peacefully.

Shea said the current war games were planned nine months ago, before tensions in the region started rising in October when U.S. officials said North Korea admitted having a secret nuclear weapons program.

Washington and allies suspended fuel shipments; Pyongyang retaliated by expelling U.N. monitors, withdrawing from the Nuclear Nonproliferation Treaty and restarting a nuclear reactor mothballed for years under U.N. seal.

Shea refused to divulge specific battle scenarios but said they are being used to train 14,000 soldiers.

Another 1,000 computer operators at five nerve centers, including one in Virginia and another in Hawaii, are creating the war conditions that keep U.S. and South Korean troops drilling in the field.

About 90 percent of the maneuvers are conducted in cyberspace, with field commanders punching in their countermeasures to enemy attacks. Others are full-blown exercises, such as next week's amphibious beach assault by U.S. and South Korean Marines backed by the carrier Vinson.

Soldiers playing the North Koreans read about the North's military strategy and comb spy reports.

``Anything we think North Korea would do, we do,'' said U.S. Army 2nd Lt. James McMillian, who plays his communist counterpart in the computer games.

The computer-assisted war games end April 2.

But no matter how lifelike they become, Shea admits they can't duplicate one of war's grimmest realities.

``The concern about being killed or maimed,'' he said. ``I don't think we will ever achieve that.''

The Koreas were divided in 1945, and their border remains tightly sealed.
*******************************
Associated Press
Soldiers Rely on Help Desk, Techs When Gear Fails
Sun Mar 16, 2:53 PM ET
By Chelsea Emery 

NEW YORK (Reuters) - When radioman Colum Keating had equipment problems on his nuclear fast-attack submarine in the 1970s, he fixed them himself or suffered the consequences. 


But that self-help approach in current times is becoming more difficult as gear grows more technologically complex. 


"The technology has gone triple, quadruple what it was," said Keating, a former Navy petty officer, second class, who is now retired from the military. 


So soldiers now turn to tech-support specialists, who go out on the battlefield, monitor and follow the missiles or electronics on shipboard, or answer questions by telephone from across the globe. 


The extra help is likely to be crucial should the United States lead an attack on Iraq (news - web sites). The United States and Great Britain now have some 250,000 troops in the Gulf region, ready for a showdown with Iraq over its alleged weapons of mass destruction. The Pentagon (news - web sites) has deployed B-2 stealth bombers to assist with any conflict, as well as about a dozen missile-firing warships. 


Lockheed Martin Corp. (NYSE:LMT - news) sends technical representatives, or "tech reps," to Fort Bragg, North Carolina, or other bases to help with the defense contractor's TADS night-vision sensor used in U.S. Apache attack helicopters. When the choppers move out, so do the tech reps, who follow the equipment wherever it goes. 


"You need someone there to ensure the readiness of the system, to ensure that it's ready to fight and perform," said Lockheed spokesman Tom Jurkowsky. 


Raytheon Co. (NYSE:RTN - news), the prime system contractor for the Patriot PAC-3 missiles, said it has a contractor with every PAC-3 unit that is fielded. PAC-3 missiles use hit-to-kill technology to destroy their targets. 


CONTROL, ALT, DELETE 


Of course, there's the ever-present computer help desk. 

Itronix, a maker of rugged wireless computers and handheld devices for tracking troop and enemy movements, staffs a 24-hour help desk at Spokane, Washington, for its military and civilian customers. 


The five-person military help desk receives about two calls a week from its customers in the United States and abroad, said Roger Cresswell, director of services market for Itronix. 


The company, with locations in France, Germany, the UK and Asia, also trains at least one person from every military unit that carries its GoBook Max or GoBook II wireless computers in basic repairs, such as swapping hard drives or antenna replacement. 


If field technicians can't fix the problem, they swap the computers, which use a Microsoft Windows-based operating system, for new ones at a restocking location. 


Common office tech support, which helps with recalcitrant computers, is much maligned in the United States, sometimes criticized for being slow or using too many technical terms. But military personnel say they greet their tech reps with relief and gratitude. 


"It's a very arduous job," said Jack "Tiny" McLaughlin, a former lieutenant commander for the U.S. Navy (news - web sites), who flew United Technologies Corp. (NYSE:UTX - news) Seahawk helicopters and relied on tech reps for component repairs. "They had to work with the enlisted guys who did the work as well as the officers who oversaw it. They worked 12-hour days and were out for six months continuously." 


While some tech reps are civilians who volunteer to follow the products to a variety of locations, most have military backgrounds and are accustomed to spending months away from home. 


Tech reps generally are accepted by the enlisted personnel, but those who order and supply replacements for broken equipment often attract the ire of soldiers on the battlefield. 

"The supply system might not have it stock, or they'd only keep one part in supply and we break two," McLaughlin said. 

Others concurred. 

"If we had problems with something that was stuck or jammed, we'd kick it or hit it and then take it back," said a former soldier who declined to be identified. "But then they'd say they didn't have a replacement and you'd have to spend several days without the equipment you needed, or carrying broken equipment around." 

And sometimes, there are things that even the most experienced tech reps can't help. 

Once out on patrol, Keating and his crew heard a persistent rattling on board their submarine. No one could locate the source or the cause, so the boat returned to Guam for repairs. 

The problem: A plastic coffee cup bouncing around in the sail. 
*******************************
New York Times
March 17, 2003
Political Targets With Moving Parts
By MATTHEW MIRAPAUL

he best political cartoons skewer their targets. Thomas Nast helped exterminate corruption in Tammany Hall. Bill Mauldin pilloried military incompetence. Herblock's spotlight depicted a shadowy Richard M. Nixon. The cartoonist's sword has been the pen and mostly still is.

But now the Internet is giving a small group of political cartoonists a high-tech way to wage battle. While many editorial cartoonists use the Internet to exhibit their printed drawings to a broader audience, the Internet's audio and video capabilities have also inspired a few cartoonists to create animated political cartoons for the Web.

The latest example of an animated political cartoon is "Operation: Terrortubbies," put online on Friday. It was written, drawn and directed by Don Asmussen, an editorial cartoonist for The San Francisco Chronicle.

Mr. Asmussen has a talent for mashing together politics and popular culture to savagely satiric effect. His two-minute cartoon starts as a parody of how Hollywood's glossy films romanticize war, complete with a scene from the imaginary "My Big Fat Greek Vietnam War." The humor turns blacker when Mr. Asmussen suggests that the Bush administration, with its color-coded terrorist alerts, addresses the public as though it were the preschool Teletubbies audience. The animated work is at www.dontoons.com.

In May Mr. Asmussen will begin producing an animated cartoon for The Chronicle's Web site. A new episode of "Action News Family," in which a family of newscasters will discuss topical events, will be put on the Web every other week. For Mr. Asmussen, 38, the animations are a way to reach young people who are more interested in entertainment than politics. "Editorial pages are so dry," he said, "and it is hard to get kids to read them." He intends to engage them by creating a familiar cast of characters. "It's almost like `Peanuts' with politics," he said.

SFGate.com, The Chronicle's Web site, already publishes Mark Fiore's weekly animated cartoons. Phil Bronstein, The Chronicle's editor, said he was eager to add Mr. Asmussen, whom he compares to Mark Twain, to the online mix. "The Web has a lot of moving parts," he said, "and people who use the Web often are used to animation in one form or another. If you have the capabilities, why not use them?"

Well, why not? Surprisingly few sites offer animated editorial cartoons. Mr. Fiore also sells his work to The Village Voice, Mother Jones and Salon.com. The veteran cartoonist Bill Mitchell produces three pieces a week for CNN.com, and MSNBC.com shows Bruce Hammond's work. 

Netzeitung.de, a German Internet-only newspaper, produces several animated political cartoons every week. But most online news sites seem content to republish cartoons from their printed pages, a practice sometimes called shoveling.

Steve Outing, a senior editor at Poynter.org, an online journalism resource, said he expected more animated cartoons as they become cheaper to make and more users gain access to high-speed, animation-friendly Net connections. "I absolutely believe that this form will take off in the future," he said. "I don't think online readers will be satisfied with shoveled print cartoons."

Daryl Cagle, who maintains the large Professional Cartoonists Index site, disagreed. "The most popular cartoons on the Web are on the topics that are the most popular, without regard to color or animation," he said. Because few companies will pay for animation, he added, there is little incentive for editorial cartoonists to produce them as anything other than labors of love. (Mr. Cagle's site is at cagle.slate.msn.com.) During the dot-com boom, cartoonists of all kinds, lured by the promise of Internet riches, tried producing online work, both static and animated. When the money stopped flowing, most abandoned the medium.

But it may be time for renewed interest in the genre. With a possible war looming, people are apparently paying closer attention to the news. And more people than ever are getting their news online. According to a research survey in December by the Pew Internet and American Life Project, there are now 115 million adult Americans on the Internet. On any given day about a quarter of them get their news there. A war would increase that number.

Brian Duffy, the editorial cartoonist for The Des Moines Register, said he intended to return to the Internet. For four years Mr. Duffy produced animated versions of his print cartoons for the paper's Web site, but he stopped about a year ago. He said his editors were keen to restart the feature in about a month. 

Online cartoons range from lightly animated efforts like Mr. Duffy's to full-scale productions like Mr. Asmussen's. Mr. Fiore's work falls in the middle. Mr. Fiore, also based in San Francisco, said he was able to earn a living from syndicating his weekly cartoons, so he stopped producing printed pieces last June. He said it took him about three times as long to make an animation as a print cartoon. 

Mr. Fiore, said, "I can play on people's eyeballs and emotions more than I could on the page." For instance, in a recent cartoon ridiculing the North Korean leader, Kim Jong Il, Mr. Fiore added a sappy soundtrack to heighten the tone. (An archive of Mr. Fiore's work is at www.markfiore.com.)

Mr. Fiore works alone, but Mr. Asmussen collaborates with an animation director, Michael Lipman. As a result, their cartoons can take several weeks to produce. This means that Mr. Asmussen must make sure they are not dated by the time they go online. The "Operation: Terrortubbies" opening was revised after duct tape faded from the news. Mr. Asmussen said such changes forced him to predict where world events might lead. "It's like you're playing chess with the news," he said.

If printed political cartoons work best when they take a well-aimed poke at their target, animated cartoons should inflict multiple punctures. But Lucy Shelton Caswell, a journalism professor at Ohio State University who studies the history of newspaper cartoons, said she had observed little of this. "The animated cartoons that I have seen seem to have a frenetic, jerky pace, or they are very slow," she said. "A really good editorial cartoon just goes bing."

At least one political cartoonist who stopped producing animated work is eager to return. Clay Bennett, who won the 2002 Pulitzer Prize for editorial cartooning, made four short animations in the mid-1990's before he was hired by The Christian Science Monitor. "There's something about bringing your creations to life," he said. "You can certainly understand Dr. Frankenstein's excitement when you see things move and breathe."
*******************************
Associated Press
EBay to Make Changes on Racial Slurs
March 14, 2003

By DEBORAH KONG, AP Minority Issues Writer 

Following complaints from activists, Internet auction giant eBay said Friday it will caution sellers against describing items using a racial slur. 

   

When a seller uses the n-word in an item description, a new box will automatically pop up on the computer screen. It will tell the seller that the listing contains a word which may be "highly offensive to many in the eBay community" and could violate the company's policy against racially offensive items. 


"It's a small victory, but it also sends a good message that corporations have to be sensitive to communities of color," said Earl Ofari Hutchinson, president of the National Alliance for Positive Action, a racial and social justice group that worked with eBay to bring about the changes. 


eBay spokesman Kevin Pursglove said the change, made at the suggestion of Hutchinson's Inglewood, Calif.-based group, will likely go into effect by the end of April. 


The company's listing policies are "constantly evolving," Pursglove said. "A great majority of the guidelines and policies that we have in place now come from users. This is another good idea that came from users." 


The new pop-up window will also recognize that, in some cases, the use of the slur is necessary to describe an item if the word appears prominently on the item itself, such as with a book, CD or movie title. 


eBay will ask sellers to "take a moment to review your listing carefully and ensure that your language shows appropriate sensitivity to potential buyers and others who might view the item." 


Hutchinson and others had said it was painful to find listings for books, prints, card games, antique glass sets, tobacco tins and other items that used a racial slur with no context, and were sometimes described as "cute" or "adorable." 


He acknowledged that such historical black memorabilia is bought by museums and private collectors, and can be used to educate people about racism in America's past. However, Hutchinson said he objected to reproductions that are sold to "make money off of racism." 


eBay says it has always removed reproductions  as opposed to "historical black Americana items"  but is now adding new language to its offensive items policy. 

The policy will now say, "occasionally, eBay users list antiques or historical pieces that now, in modern society, can be racially or ethnically offensive to some in the eBay community." 


While such historical relics can serve as "important tools for education about the past," eBay will not allow "listings of racial or ethnically inappropriate reproductions," the new policy will say, adding that "eBay, of course, does not promote or encourage racial intolerance." 


The policy will also caution sellers to avoid using the n-word unless it's necessary to describe the item. 


eBay's current policy already says the company will "judiciously disallow listings or items that promote or glorify hatred, violence, or racial intolerance, or items that promote organizations (such as the KKK, Nazis, neo-Nazis, and Aryan Nation) with such views." 


In May 2001, it began banning the sale of artifacts from Nazi Germany, the Ku Klux Klan and notorious criminals, in hopes of avoiding legal problems in other countries; in France, Germany, Austria and Italy it is illegal to sell items relating to the Third Reich. 
*******************************
Federal Computer Week
Senators call for CAPPS oversight
BY Megan Lisagor 
March 14, 2003

The Senate Commerce, Science and Transportation Committee approved an amendment March 13 that would require congressional oversight of a controversial computer system that will perform background checks, combing government and commercial databases to assess the risk posed by airline travelers.

The Transportation Security Administration tapped Lockheed Martin Management and Data Systems earlier this month to get the Computer Assisted Passenger Pre-Screening II program, called CAPPS II, off the ground. TSA officials believe the system will help security staff focus on the few individuals who deserve closer scrutiny, rather than relying on random checks. 

Privacy advocates and some lawmakers have questioned the constitutionality of CAPPS II and demanded more information on how the system will work.

Sen. Ron Wyden (D-Ore.) introduced the amendment, which requires Homeland Security Secretary Tom Ridge to report to Congress within 90 days on the program's expected impact on the flying public. Ridge must address how TSA will use individual information and what safeguards the agency will implement. 

"I'm all in favor of finding ways to be smarter about aviation security and to target aviation security resources more efficiently," Wyden said in a news release. "But a system that seeks out information on every air traveler or anyone who poses a possible risk to U.S. security, and then uses that information to assign a possible threat 'score' to each one, raises some very serious privacy questions. It's a matter of good public policy for the privacy and civil liberties implications of this program to be reported to Congress."

CAPPS II activates as soon as a person buys a ticket, taking full advantage of the Internet to scan government watch lists, financial records and other personal data available online, looking for any suspicious behavior. The system will analyze names, addresses and other data, coding passengers red, yellow or green -- colors that will appear on their boarding passes.

Travelers branded with red will be prevented from flying, a determination resting on a watch list compiled by intelligence and law enforcement authorities, officials said. Passengers placed in the yellow category will face additional screening before they're allowed to board. "Green" travelers will be free to go.

"TSA has sought to meet the urgent need to heighten security at airports as we press the war against terrorists," James Loy, undersecretary of transportation for security, said in a March 11 news release. "We will accomplish this without compromising the privacy and civil liberties enjoyed by every American."

Critics remain unconvinced and have compared CAPPS II to the Defense Advanced Research Projects Agency's Total Information Awareness program. TIA, in theory, would enable national security analysts to detect, classify, track, understand and preempt terrorist attacks against the United States by drawing on surveillance and spotting patterns in public and private transactions.

In January, the Senate approved another Wyden amendment, blocking TIA's use unless Congress specifically authorizes it after the Bush administration submits a report about the program's effects on privacy.

The CAPPS II language is now part of the Air Cargo Security Bill.
*******************************
Federal Computer Week
Bill calls for open source look
BY Brian Robinson 
March 14, 2003

A bill recently introduced in the Oregon legislature requires state agencies to consider the use of open-source software in any decisions on information technology purchases. 

If it passes, Oregon would be one of the first states to recognize the growing open-source movement in its statutes.

Under the terms of the bill, state agencies committed to proprietary software could continue to use it but would have to consider open-source software, such as Linux, as a new option. Agencies would also have to justify the purchase of proprietary software when open-source software is available for the same purpose.

Oregon Rep. Phil Barnhart, who introduced the bill, said he already has a commitment from the co-chairman of the House General Government Committee, Rep. Jerry Krummel, for a hearing on the bill sometime in the coming month if it is assigned to that panel.

"The bill also talks about the need for open standards in general," Barnhart said. "A big part of the issue we in government are faced with is that we have some very complex databases that will need to operate in tandem, and right now it's very difficult to move to where a database in one agency can connect with a database in another agency" because of the use of proprietary systems.

Another concern is the huge budget deficit facing Oregon, "which is a lot more serious than many people realize," he said. Judicious use of open-source software and open standards could help save the state a substantial amount of the money spent on IT. 

Moving to open-source software might also mean more jobs for consultants and other companies in Oregon's high-tech Silicon Forest, he said, which has been hard hit by the collapse of the technology sector in the past couple of years.

Finally, greater security concerns may also drive people to open-source software.

"Some of the big software companies have said they are building their products so they can monitor their use over the Internet," Barnhart said. "We have to maintain the confidentiality of much of our data, and by using open source software, we won't have to submit to these kinds of license-use checks."
*******************************
Government Computer News
03/14/03 
E-mail can spell trouble for unprepared government agencies 
By Vandana Sinha 

As millions more e-mail messages clog government inboxes, the legal consequences of e-mail delivery and storage have become a bigger issue for government agencies, an attorney who specializes in record retention cases said. 

Agencies must follow strict rules dictated by the National Archives and Records Administration on retaining and archiving records, including e-mail that previously was considered casual communication. 

Although there aren?t many cases where agencies have breached those rules, an increasing reliance on e-mail could make following them and fulfilling things like Freedom of Information Act requests more complicated, said David S. Cohen, a partner and co-founder of Cohen Mohr LLP in Washington. 

?Some of the rules are counter-intuitive,? Cohen said yesterday at a seminar sponsored by Storage Technology Corp. of Louisville, Colo. ?They?re sometimes complex. But they?re becoming increasingly important.? 

He said an average 36 billion messages circulate throughout government agencies each year. And once employees hit ?send,? they lose control over where a message eventually lands. ?E-mail is treated too informally by most e-mail users,? said Cohen, urging government users to assume each e-mail they send could end up on the front page of The New York Times. ?If you live by this rule, you will avoid mistakes.? 

He said good agencywide e-mail practices involve comprehensive management programs, easy retrieval systems, folder size limits, and retention time lines and rules. 

?The government has the same problems with e-mail and litigation as private firms do,? Cohen said.
*******************************
Government Executive
March 12, 2003 
Homeland officials expect to meet immigration deadlines 
By Molly M. Peterson, National Journal's Technology Daily 

Immigration officials expect to meet their Dec. 31 deadline for implementing an automated system for documenting all foreigners who enter and exit U.S. airports and seaports, the Homeland Security Department's undersecretary for border and transportation security told a Senate panel on Wednesday. 


"There has been a substantial amount of work that has gone into that," Asa Hutchinson said during a joint hearing before two Senate Judiciary subcommittees. "We believe the first deadline of [collecting] entry-exit information at our airports and seaports can be met this year."

But meeting later deadlines for extending that system to the nation's land borders will be more difficult, according to Hutchinson.

Current law requires immigration officials to implement a fully automated system for collecting data on foreign visitors at the 50 largest land ports-of-entry by the end of 2004 and all land ports by the end of 2005. Hutchinson said meeting those deadlines will be a daunting challenge "because that takes new systems [and] new infrastructure ... that are not even in existence today."

Hutchinson said his directorate plans to "closely evaluate" its progress on meeting the deadlines and keep Congress informed. "We believe there's an urgency there and we're going to work very hard, but there are many challenges there," he said.

Meanwhile, immigration officials are building on an existing system in order to meet the 2003 deadline for documenting foreigners who enter and exit the United States through airports and seaports, according to Robert Mocny, director of the Bureau of Immigration and Customs Enforcement's entry-exit program.

"We're currently collecting arrival and departure data for all visa-waiver passengers arriving in and leaving from the United States," Mocny said, referring to a program that allows citizens of 27 participating countries to visit the United States for 90 days or less without first obtaining visas. "We will build upon that to meet the 2003 [deadline]."

But Mocny said tracking visa-waiver passengers who fail to leave the United States within 90 days still poses a challenge for immigration officials. The automated tracking system produces an "exception report" for people who overstay their welcome, he said, but "at this point, we're not in a position to be able to go and find that person immediately. That's what we're going to work on ... but we are collecting arrival and departure data."

California Democrat Dianne Feinstein said the Student and Exchange Visitor Information System (SEVIS) and other tracking measures implemented by immigration officials over the past 18 months might have prevented some of the Sept. 11, 2001, hijackers from entering the country.

But Feinstein said border security officials need more tools to keep terrorists and potential terrorist weapons outside the United States. "I realize that technology is not the sole answer to meeting the challenges of securing our country from the entry of those who wish to do us harm," Feinstein said. "But it is an essential element."
*******************************
Computerworld
IT systems at U.S. borders found lacking
By DAN VERTON 
MARCH 17, 2003

WASHINGTON -- The prospect of war in Iraq has raised new concerns about the Department of Homeland Security's progress in deploying the IT infrastructure needed to improve border security. 
Testifying at a Senate Judiciary Subcommittee hearing last week, Asa Hutchinson, the department's undersecretary for border and transportation security, said the DHS would likely meet the Dec. 31 deadline for deploying a new entry/exit system at the nation's airports and seaports. But he said the 2004 and 2005 deadlines for deploying the full array of IT systems along the land borders with Canada and Mexico could prove too difficult and expensive to meet. "That takes new systems, new infrastructure that are not even in existence today," Hutchinson said. 

The need for a reliable and efficient system at the borders has been "made more urgent by the prospects of the United States going to war with Iraq and the possibility that Saddam Hussein might try to use weapons of mass destruction in America," said Stephen Flynn, a senior fellow in national security studies at the Council on Foreign Relations in New York. 

The Department of Homeland Security's frontline troops at the borders and ports "are woefully understaffed, working with obsolete technologies, [have] inadequate support for training [and] are simply not up to the challenge," Flynn said. 

Under law, the Department of Homeland Security has until the end of 2005 to complete the deployment of an integrated entry/exit system that makes maximum use of biometric technologies to identify foreign visitors to the U.S. and reduce the possibility of terrorists using forged documents to cross the borders. 

So far, more than 6 million biometric border-crossing cards have been issued. And recent pilot programs using the cards on the Canadian border have uncovered more than 250 impostors, Hutchinson said. Additional biometric card readers are scheduled to be deployed by the end of the year, he said. 

But the IT infrastructure challenges are formidable. 

"Biometrics will be part of the entry/exit program, [but] we currently don't have the infrastructure in place to accommodate that," said Robert Mocny, director of the entry/exit program at the U.S. Bureau of Immigration and Customs Enforcement. 

"The challenges for the land border are daunting," Mocny acknowledged. "Especially when you talk about the 50 largest land ports of entry. There are environmental laws [and other restrictions] that apply to the growth of infrastructure." 

Mocny said $245 million given to the department for IT infrastructure improvements and a portion of the $362 million provided for the entry/exit system will go toward biometric infrastructure support. 

But that may not come close to paying for a complete system, said Nancy Kingsbury, an analyst at the General Accounting Office, the investigative arm of Congress. In addition to card readers, the infrastructure would include computers and communications enhancements to handle more electronic processing. 

"There are issues of scalability that will require considerable testing and development to bring the system to the point where hundreds of millions of identity checks annually are feasible, accurate and efficient," said Kingsbury. 

There are also questions surrounding the technical and operational effectiveness of biometric technologies in projects as large as border control, she said. 

"The costs and benefits of the system need to be assessed," Kingsbury said. "Suffice to say, we're talking billions of dollars just to implement biometrics."
*******************************
USA Today
Broadband Net begins to fulfill its promise
By Kevin Maney, USA TODAY
March 16, 2003

Broadband Internet has finally flipped into the mainstream, and that will have a big impact on consumers, as well as tech and media companies.

The past week brought a wave of announcements in broadband  high-speed Internet via cable or DSL. ABC unveiled ABC News Live, a 24-hour Internet feed of raw news video. Major League Baseball announced MLB.TV. It will Webcast 1,000 games this year, marking it the league's biggest online venture ever. Microsoft began a service that lets users with broadband send live video to each other at rates as high as 15 frames per second, which approaches TV quality.

All of that follows last year's launch by major film studios of Movielink. It allows broadband users to download movies to their PCs. "We now have a confluence of broadband providers, PCs equipped for same, content ... and people who have this capability" in their homes and offices, says Paul Wiefels, managing director of tech-marketing consultants Chasm Group.

The developments mean broadband users will see a rush of innovative programming, while dial-up Internet users will increasingly be unable to see the coolest new offerings. Demand for broadband programming could reinvigorate media companies and drive demand for tech products that help users better access broadband, such as beefy PCs.

Giving broadband critical mass:

Sheer numbers. In 2000, only 6 million homes had broadband  not enough to make broadband programming financially viable. This year, more than 23 million homes will have broadband Internet, research firm eMarketer says. That's about as many homes as had cable TV in 1980, the year CNN launched and one year before MTV. 
The numbers mean content owners are starting "to do much bigger and more aggressive things" for the Net, says Dan Sheeran, vice president at Internet media company RealNetworks.

New technology. Within the past six months, Microsoft and RealNetworks  the two major makers of the software behind Internet video  have brought out technology that significantly increases picture quality. MLB, for instance, will use compression schemes from RealNetworks that give users a full-screen picture that's better than VHS quality at a streaming rate that barely taxes a typical cable modem. 
Subscription revenue. Much the way HBO proved cable viewers would pay extra for premium shows, new broadband services are showing that subscription services are viable. MLB's service will cost $14.95 a month or $2.95 a game. ABC News Live will cost $4.95 a month. If those prove themselves, say industry executives, more will come along. "All the good things we'd hoped were going to happen are indeed starting to happen," says Jim Ramo, CEO of Movielink.
*******************************
USA Today
Md. launches 24-hour online librarian service
March 17, 2003

BALTIMORE (AP)  It's the middle of the night and your Internet search fails to call up the fact or information you need. If you live in Maryland, don't despair  a librarian can help. 


A new service allows Maryland residents to reach a librarian online around the clock for information ranging from recipes to tax information, or just about anything they could find in the state's libraries. 

On Monday, libraries across the state will begin offering a free service called Maryland AskUsNow. Librarians will be available 24-hours-a-day, seven-days-a-week for online chat sessions. 

"What we're really doing is we're breaking down those barriers of time and space that have existed for hundreds of years," said Joe Thompson, project coordinator for the service. 

The service will be available to all Maryland residents by logging on to local library Web sites or the program's official site (www.askusnow.info). 

When someone signs on for a chat session, a question can be relayed to a librarian, who will search print and electronic sources for an answer. The user and the librarian will be able to see the same screen at the same time. 

Maryland is the second state to set up such a statewide system, Thompson said. New Jersey has had a similar system for more than a year. 
*******************************
New York Times
March 17, 2003
In Broadband, Comcast Lets Users Find Their Own Flourishes
By SAUL HANSELL

PHILADELPHIA  High-speed service may be the future of the Internet, but it has been nothing but trouble for most companies involved. Comcast, the newly crowned king of cable, is the accidental exception.

So far the three leaders that emerged in the first Internet wave, with service based on slow telephone modems  America Online, Microsoft's MSN, and Earthlink  have attracted few customers for the speedier access known as broadband. And they have lost considerable money trying to resell fast connections bought wholesale from cable or telephone providers. 

Telephone companies have had some success selling their version of broadband directly to consumers and small businesses. But the phone companies still lose money on every broadband subscription. And Excite@Home, a company in which Comcast was an early investor and which was created to sell cable broadband service, collapsed in bankruptcy in 2001. 

Then there is Comcast itself. Without really setting out to do so, the company has become the biggest provider of broadband Internet services, with 3.6 million subscribers, and profit margins that would be the envy of any business. The question is whether Comcast can continue to perform at that level in the broadband arena once serendipity gives way to strategic planning.

The chief executive, Brian L. Roberts, predicts that by the end of the year Comcast will have five million Internet customers. That would tie it with Earthlink as the third-biggest Internet service of any kind in the country by subscribers, after AOL and MSN. By revenue and operating profit, Comcast would trail only AOL.

"High-speed data is now the hottest product we have," Mr. Roberts said. 

Internet service is also a hot and profitable product for the other major cable companies. So far, American users prefer cable over phone company broadband service by two to one. Compared with phone company broadband, which can be difficult and expensive to install, the service is inexpensive to provide, once a cable system has been upgraded for digital television service. 

"The volume and quality of Internet usage has been far beyond anyone's expectation," Mr. Roberts said in his office, which overlooks the towering statue of William Penn atop Philadelphia's City Hall.

Comcast became the largest beneficiary of the broadband updraft when it bought AT&T's cable unit last year, giving the company high-capacity wires into more than 21 million homes, more than twice as many as any other cable system. 

But how long can Comcast continue winning by default? Rivals are cutting prices and spending hundreds of millions of dollars to develop features  like online music, video clips and advanced ways to fight e-mail spam and pop-up ads  that they hope will attract broadband users. They want to differentiate their services from those of cable systems like Comcast, which so far offer little more than an e-mail account, a rudimentary home page and a fast Internet connection.

"For the early adopter, `fast and always on' is great," said Michael Grasso, who is the executive director of Internet marketing at SBC Communications, the telephone company with the most broadband subscribers. But the more typical consumer will want more than a commodity service, Mr. Grasso said. "As we try to push the service to the mass market," he said, "we need to go beyond just selling a fast pipe." 

SBC, which provides broadband through telephone network technology called D.S.L, for digital subscriber line, is paying Yahoo several dollars a month per subscriber to create content and software for SBC's D.S.L. customers. The offerings include a personalized Internet music service and parental control software. Two other big phone companies, Verizon and Qwest, have similar arrangements with MSN. And America Online is about to introduce its revised broadband service, one that it plans to sell as a premium service over cable or D.S.L. 

But Comcast executives argue that there is no evidence yet that people choose a broadband service based on the goodies that are offered on the home page. When the Internet was new, users flocked to AOL for guidance on what to do and where to go. But anyone willing to pay nearly $50 a month to buy high-speed service presumably already knows where to surf.

That said, now that Comcast has become the broadband leader, it plans to start investing, modestly, in building its content and services, the president of Comcast's cable unit, Stephen B. Burke, said. 

"I use My Yahoo," said Mr. Burke, referring to the flagship personalized home page of the Yahoo portal, to which he receives access at home through his Comcast cable modem. "My challenge to our team is to come up with something good enough to get me to switch off Yahoo." Mr. Burke said he envisioned a service that would feature the personalization of a service like My Yahoo, with video clips taking advantage of the capabilities of broadband.

"I would turn it on in the morning," he said, "and see a personalized two-minute video stream of what I was interested in  the cable industry, Philadelphia weather and how the 76ers were doing." 

The next version of Comcast's broadband home page, set for introduction later this year, will not be quite that fancy. But it will have many short video segments, mainly provided by cable networks with extensive television relationships with Comcast. Users might be able to replay recent recipe segments of the Food Network, for example.

Comcast sees Internet service much as it sees basic cable  as a foot in the door that will lead to selling add-on services to broadband customers. In most cases, Comcast will simply market services operated by others, like music download providers or online gaming networks. But it is developing a few premium offerings itself. 

Its first offering is meant to help connect several computers in a home to one another and to the broadband connection. Users could set up networks with hardware that is available at any electronics store. But Comcast figures that they will pay a monthly fee instead, in return for the hardware, software, an even faster connection and a visit by an installer who will set up the networks.

The phone companies are trying to win customers by cutting prices for D.S.L. service, which in most of the country had been $50 a month, slightly more than cable Internet. (Last year, Comcast raised its prices to about $46 a month.) SBC charges $35 a month for the first year, and those who buy a bundle of local and long-distance phone service pay as little as $25 a month for D.S.L. 

Comcast executives suggest that there is no need to cut prices yet. 

"When a product is growing by 40 percent a year," Mr. Burke said, "the market is telling you there is a pretty good price-to-value relationship." 

Cable has won market share over D.S.L. in part because cable modem service generally has a higher maximum speed but also because it is available to more people. 

Comcast can offer broadband Internet service to more than 90 percent of its longstanding cable customers and to 75 percent of the cable customers that the company acquired from AT&T. It plans to make broadband data service universally available within two years. 

SBC's D.S.L., by contrast, is available to only 66 percent of its telephone customers. The company sharply slowed D.S.L. modernization of its telephone network two years ago because of a Federal Communications Commission requirement that phone companies must share access to their networks with rivals at low prices. (The F.C.C. recently exempted broadband services from those rules.)

Cable companies are not generally required to open their systems to rival Internet services, although Comcast promised to do so in order to win approval for its AT&T acquisition. Even in Comcast's case, the terms for such sharing are subject to negotiation rather than regulation. Representatives of other companies that want to offer high-speed service over Comcast's cables, including Yahoo and Microsoft (which owns 5 percent of Comcast's stock) regularly send emissaries to Philadelphia. But so far they have gone home empty-handed. 

Comcast did agree to let America Online offer its broadband service on about one-third of Comcast systems as part of a broader negotiation that dissolved a joint venture AT&T had with AOL Time Warner. But analysts say the wholesale price that AOL will pay is especially steep  more than $38 a month. 

As it keeps both wholesale and retail prices for Internet service high, Comcast says its pretax operating profit margins are nearly 50 percent. That margin does not include any accounting for the $10 billion it will ultimately cost Comcast and AT&T to update their systems. But the main purpose of that renovation  which involved running high-capacity fiber optic cables into each neighborhood  was to offer hundreds of television channels and interactive services like pay-per-view movies. Internet service uses less than 1 percent of the capacity of these systems.

Moreover, Comcast has found that the Internet business has become even more profitable than providing basic cable service. The capital costs are lower: a cable modem costs $50 compared with a television set-top box at $225. And churn  the rate at which customers cancel their service  is far lower for Internet service than for video. Most important, broadband Internet access is a product that most satellite television services do not have. 

Many things could go wrong for Comcast, especially if rivals force a war on prices and features. For now, the hardest part of Comcast's broadband is guessing how big it will become. Comcast initially forecast that no more than 10 percent of potential customers would buy broadband service. But the penetration is already 14 percent and growing. And in some affluent markets, Comcast already has more than 50 percent penetration. 

"We predicted this would be a good business," Mr. Burke said. "The good news is this is a wonderful business." 
*******************************
Los Angeles Times
Anti-Spam Group to Meet in San Francisco
 From Reuters
March 17, 2003

To stem unsolicited, unwanted e-mail, people and companies are going to extraordinary lengths -- at considerable expense.

They mask their e-mail addresses, install filters, create "white" lists of approved senders and blacklists of bulk mailers. An entire software sector has sprung up to try to defeat the spammers.

Yet in-boxes still are bursting with unsolicited offers of prescription-free Viagra, get-rich schemes and pornography.

To halt spam cold, many experts agree, requires a radical technical solution at the heart of the Internet.

So an international organization best known for creating the Internet's plumbing has decided to explore fundamental changes in its architecture that would effect a fix. This ultimately would require a global consensus -- and software updates for everybody.

The Anti-Spam Research Group holds its first physical meeting in San Francisco on Thursday. Members already have been discussing the problem over e-mail with such gusto that some participants complain they're getting more messages on anti-spam than from spammers.

The group was convened last month by the Internet Engineering Task Force, which in 1982 defined the standard known as the Simple Mail Transfer Protocol, or SMTP, that still processes all e-mail today.

"SMTP was developed some 20 years ago for a totally different type of Internet, one that was very open and trusting," said Paul Judge, the research group's chairman and director of research at the e-mail security firm CipherTrust Inc. "Today, the Internet is not those two things."

The research group's work could take years, though Judge said he was hopeful that a consensus could be reached sooner.
*******************************
Mercury News
Online file-sharing networks bring porn into workplaces
By Dawn C. Chmielewski
Mercury News

Child pornography and other sexually explicit videos and images are the most sought-after content on online file-swapping networks, surpassing even the brisk unauthorized music and movie trade.

A new study to be released today reveals that pornography accounts for more than 40 percent of the traffic on the Gnutella network, which connects such file-sharing services as Morpheus, LimeWire and BearShare. Child porn constitutes a small yet disturbingly measurable percentage of all searches: about 6 percent.

That raises potential liabilities for corporations, half of which have reported discovering unauthorized file-swapping applications on workplace computers, another survey has found.

File-swapping networks rose to prominence in 1999 along with Napster, which popularized the free, online exchange of music files. After Napster was shut down by the courts, ever more capable networks emerged to enable a broader menu of illicitly traded content, including movies, TV shows and video games.

Once defined by the plain brown wrapper, pornographers have traditionally exploited -- if not pioneered -- advanced ways to anonymously disseminate explicit content, from dial-in computerized bulletin boards of the 1970s to World Wide Web sites of the mid-1990s.

The study from Palisade Systems, an Ames, Iowa, company that sells network management software, is among the first to quantify the digital flesh trade.

Palisade connected to the Gnutella network and captured 20 million queries exchanged among computer users from Feb. 6 to Feb. 23. It analyzed nearly 400,000 randomly selected search terms.

The results reveal that the appetite for free porn exceeds the desire for free music. Some 42 percent of all searchers were looking for porn, compared with 38 percent looking for music.

``I thought music would far outweigh everything else. That definitely wasn't the case,'' said Stephen Brown, a product marketing manager for Palisade.

Major porn conduit

The broad analysis quantifies a finding last week by the federal General Accounting Office, which found peer-to-peer networks have emerged as a major conduit for child and adult pornography.

The accounting office, in cooperation with the Customs Cyber-Smuggling Center, found that child pornography is easily accessed and downloaded from peer-to-peer networks. Using a dozen search terms known to be associated with child porn, it identified 1,286 items on Kazaa, the most popular of the file-sharing networks. About 42 percent of the images depicted child pornography, and 34 percent were adult porn.

Beyond the obvious legal ramifications, the peer-to-peer porn trade creates potential new headaches for corporate network administrators because such material would evade traditional filters designed to block employee access to Playboy's Web site or other, more hard-core fare.

``When you do the study and you see the results and you say, `holy Toledo.' Virtually everything there can have game-over-like consequences'' for a corporation, said Eric Schnack, chief operating officer for Palisade.

Experts in employment law said corporations could be held liable if an employee uses a work computer to download pornography via file-sharing networks but only if another employee takes offense and reports it to management and the company fails to take action.

That could result in a sexual harassment claim for creating a hostile work environment.

``This is the reason why most companies have policies that limit computer use for business purposes,'' said Raymond Hixson, a partner at Fenwick & West, a law firm in Mountain View. ``Many policies explicitly state you should not be using the company's computer resources in a way that other employees might find offensive.''

Corporate vulnerability

It's less clear whether employees who use their work computer to download music or movies would expose their employer to liability -- despite a pointed letter from the Recording Industry Association of America, warning Fortune 1,000 companies to curb file-sharing.

Under the Napster decision, corporations could be held liable for contributing to copyright infringement if they know about it and are able to control it, said Robert P. Andris, an attorney specializing in copyright law at Ropers Majeski Kohn & Bentley in Redwood City.

Ironically, the software tools -- such as Palisade's -- sold to empower corporations that want to squelch unauthorized use of the company's resources could increase a company's vulnerability.

``These filtering products . . . put corporations in a position of: Do we want to know too much about this?'' Andris said. ``If they know, they are potentially liable under these theories.''

The Palisade study doesn't indicate how much of this activity occurs in workplaces.

Widespread at work

But a forthcoming survey from Websense, a San Diego network software maker, suggests that the use of file-sharing networks is a widespread workplace phenomenon.

Some 55 percent of information technology managers surveyed have found unauthorized file-swapping programs installed on employee workstations.

One, James Rhodes, a network administrator for Belz Enterprises, a commercial real estate company based in Memphis, said he thought he had squelched all unauthorized computer uses. He had used Websense's filtering software to block desktop access to adult content, shopping sites and other Web destinations that had nothing to do with company business.

A new version of Websense's product revealed otherwise. Two employees had installed Kazaa -- including a marketing person, who had inadvertently exposed the corporation's digital real estate photos to the global file-sharing network.

``All of our pictures are named with numbers. So everyone out there in Kazaa land thought they were adult pictures, and they were sucking up all our bandwidth,'' Rhodes said.
*******************************


From owner-technews@xxxxxxxxxxxxxxxxx Wed Apr  2 15:42:30 2003
Return-Path: <owner-technews@xxxxxxxxxxxxxxxxx>
Received: from sark.cc.gatech.edu (sark.cc.gatech.edu [130.207.7.23])
	by cleon.cc.gatech.edu (8.12.9/8.12.8) with ESMTP id h32KgUIw021769;
	Wed, 2 Apr 2003 15:42:30 -0500 (EST)
Received: from postel.acm.org (postel.acm.org [199.222.69.7])
	by sark.cc.gatech.edu (8.12.9/8.12.8) with ESMTP id h32Kg6DR008177;
	Wed, 2 Apr 2003 15:42:10 -0500 (EST)
Received: from postel (postel.acm.org [199.222.69.7])
	by postel.acm.org (8.9.3/8.9.3) with ESMTP id PAA22602;
	Wed, 2 Apr 2003 15:41:58 -0500
Received: from LISTSERV2.ACM.ORG by LISTSERV2.ACM.ORG (LISTSERV-TCP/IP release
          1.8d) with spool id 0012 for TECHNEWS@xxxxxxxxxxxxxxxxx; Wed, 2 Apr
          2003 15:20:05 -0500
Approved-By: technews@xxxxxxxxxx
Received: from hq.acm.org (hq.acm.org [199.222.69.30]) by postel.acm.org
          (8.9.3/8.9.3) with ESMTP id PAA20220 for
          <technews@xxxxxxxxxxxxxxxxx>; Wed, 2 Apr 2003 15:19:21 -0500
Received: by hq.acm.org with Internet Mail Service (5.5.2656.59) id <2C8G9LN8>;
          Wed, 2 Apr 2003 15:19:21 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: text/plain; charset="iso-8859-1"
Message-ID:  <8DFA8DABC2E6FA438EDCFD26881380A5D37A1D@xxxxxxxxxx>
Date:         Wed, 2 Apr 2003 15:19:20 -0500
Sender: ACM TechNews Early Alert Service <TECHNEWS@xxxxxxxxxxxxxxxxx>
From: technews <technews@xxxxxxxxxx>
Subject:      ACM TechNews - Wednesday, April 2, 2003
To: TECHNEWS@xxxxxxxxxxxxxxxxx
Content-Length: 9563
Status: RO
X-Status: 
X-Keywords:                 
X-UID: 410

Dear ACM TechNews Subscriber:

Welcome to the April 2, 2003 edition of ACM TechNews,
providing timely information for IT professionals three times a
week.  For instructions on how to unsubscribe from this
service, please see below.

ACM's MemberNet is now online. For the latest on ACM
activities, member benefits, and industry issues,
visit http://www.acm.org/membernet

Remember to check out our hot new online essay and opinion
magazine, Ubiquity, at http://www.acm.org/ubiquity

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ACM TechNews
Volume 5, Number 477
Date: April 2, 2003

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - -
Site Sponsored by Hewlett Packard Company ( <http://www.hp.com> )
     HP is the premier source for computing services,
     products and solutions. Responding to customers' requirements
     for quality and reliability at aggressive prices, HP offers
     performance-packed products and comprehensive services.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - -

Top Stories for Wednesday, April 2, 2003:
http://www.acm.org/technews/current/homepage.html

"Does Security Mean Sacrificing Privacy?"
"'Big Iron' Retains Lustre"
"ISMA Pushes DRM for MPEG-4"
"DMCA Critics Decry State-Level Proposals"
"Proposed Encryption Laws Could Prove Draconian, Many Fear"
"High-Performance Computing Clusters Have Gridlike Features"
"Are We Doomed Yet?"
"First American Open in Robot Soccer"
"Big Bang Project Sparks Cosmic Response"
"A Vision of Superefficient Displays"
"Molecule Toggle Makes Nano Logic"
"IBM, Government Talk Big Iron"
"Yeast Protein Wires Supercomputers"
"Wider-Fi"
"Cyber-War Tools Still on the Shelf"
"Smart Dust"
"The Wired War Has Arrived"
"Pushing the Edge"
"Surveillance Nation"

******************* News Stories ***********************

"Does Security Mean Sacrificing Privacy?"
ACM's Computers, Freedom, and Privacy (CFP) conference, now
underway in New York City, is highlighting how government electronic
surveillance efforts have accelerated in the wake of Sept. 11,
and topics of discussion will include the Total Information ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item1

"'Big Iron' Retains Lustre"
Enterprise applications, scientific research, and other factors
are fueling demand for mainframes and supercomputers; Bill
Zeitler of IBM Enterprise Systems notes that the mainframe market
has remained more or less the same over the last several years, ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item2

"ISMA Pushes DRM for MPEG-4"
In an effort to develop digital rights management (DRM)
capabilities to shield multimedia content formatted in MPEG-4,
the Internet Streaming Media Alliance (ISMA) is moving forward
with its Content Protection specification, which provides an ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item3

"DMCA Critics Decry State-Level Proposals"
Critics of the Digital Millennium Copyright Act (DMCA) are
alarmed over indications that state legislators are considering
proposals that would place even broader restrictions on the
circumvention of digital copy-protection safeguards.  The ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item4

"Proposed Encryption Laws Could Prove Draconian, Many Fear"
Critics are decrying Justice Department draft legislation that
calls for stiffer penalties on the use of encryption in the
commission of a crime, arguing that it would negatively impact
legitimate applications of cryptography and make little headway ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item5

"High-Performance Computing Clusters Have Gridlike Features"
Enterprise applications will not be suited for high-performance
computing clusters (HPCCs) until 2008, but there are several key
indicators showing readiness, including processor advances,
server density, and application development tools.  Unlike grid ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item6

"Are We Doomed Yet?"
Sheldon Pacotti writes that the computerization of information
and the spread of networking could lead to what Sun Microsystems'
Bill Joy terms "knowledge-enabled mass destruction," in which
freely disseminated information accessible to anyone could have ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item7

"First American Open in Robot Soccer"
Carnegie Mellon University is hosting the International RoboCup
Federation's first American Open in late April to early May,
where over 150 researchers and their soccer-playing robots will
congregate.  The goal of the international research and sports ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item8

"Big Bang Project Sparks Cosmic Response"
The CERN research institute in Switzerland is the site of the
Large Hadron Collider, a particle accelerator designed to test
the "big bang" theory by generating particles believed to have
existed when the universe was born, if they existed at all.  The ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item9

"A Vision of Superefficient Displays"
Ching Tang, who bears the title of Distinguished Inventor at
Eastman Kodak, is a pioneer of organic light-emitting diode
(OLED) technology, having found a breakthrough technique in 1985.
Tang discovered that sandwiching certain organic compounds ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item10

"Molecule Toggle Makes Nano Logic"
Hewlett-Packard Laboratories researcher Pavel Kornilovitch has
been working on a toggle switch that can open and close a circuit
much like a household light switch--except that this switch
exists on the molecular level.  For computing, molecular-scale ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item11

"IBM, Government Talk Big Iron"
IBM reports that company executives met with representatives from
the Homeland Security Department, the Energy Department, the
National Science Foundation, Lawrence Livermore National
Laboratories, and other federal outfits this week to discuss ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item12

"Yeast Protein Wires Supercomputers"
Handheld supercomputers equipped with nanoscale wires could one
day become a reality thanks to the efforts of researchers at the
Whitehead Institute for Biomedical Research.  Such wires could be
fashioned from highly durable fibers derived from genetically ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item13

"Wider-Fi"
The rapid adoption of the Wi-Fi standard is the sole bright spot
in the bleak economic climate hovering over Silicon Valley, but
the Institute of Electrical & Electronics Engineers (IEEE)
recently released a new standard, Wider-Fi, that promises to ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item14

"Cyber-War Tools Still on the Shelf"
Experts from the security and defense sectors say chances are
slim that the U.S. military will use cyber-warfare to disrupt
Iraq's infrastructure in the current conflict.  Mark Rasch of
Solutionary says the government has been wrestling with ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item15

"Smart Dust"
Microelectromechanical systems (MEMS) form the basis of "smart
dust," a sophisticated wireless sensor network composed of
minuscule, autonomous "motes" that could collect data for many
diverse operations, including patient and traffic monitoring, ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item16

"The Wired War Has Arrived"
The U.S. Army expects that communications and computer gear will
prove to be beneficial to its Third Infantry Division (3ID) as it
spearheads the Army's push to Baghdad.  The Army has equipped 3ID
armored vehicles with a system designed to provide a real-time ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item17

"Pushing the Edge"
Thrifty enterprises are turning to network edge appliances as an
efficient, inexpensive alternative to more costly software
deployments in order to handle fluid security needs, as well as
accommodate incoming XML data and support single networks that ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item18

"Surveillance Nation"
The era of the surveillance society is rapidly approaching due to
increasing technological sophistication--speedier networking,
more powerful microprocessors, improved software, cheaper
electronics, bigger hard drives, and so on.  Unmonitored public ...
http://www.acm.org/technews/articles/2003-5/0402w.html#item19


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-- To review Monday's issue, please visit
http://www.acm.org/technews/articles/2003-5/0331m.html

-- To visit the TechNews home page, point your browser to:
http://www.acm.org/technews/

-- To unsubscribe from the ACM TechNews Early Alert Service:
Please send a separate email to listserv@xxxxxxxxxxxxxxxxx
with the line

signoff technews

in the body of your message.

-- Please note that replying directly to this message does not
automatically unsubscribe you from the TechNews list.

-- To submit feedback about ACM TechNews, contact:
technews@xxxxxxxxxx

-- ACM may have a different email address on file for you,
so if you're unable to "unsubscribe" yourself, please direct
your request to: technews-request@xxxxxxx

We will remove your name from the TechNews list on
your behalf.

-- For help with technical problems, including problems with
leaving the list, please write to:  technews-request@xxxxxxx

----
ACM TechNews is sponsored by Hewlett Packard Company.