Clips April 22, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips April 22, 2003

ARTICLES

US scoops cyber-terrorism pool
Cadets Train to Fight Cyber Attacks
NARA releases draft requirements for electronic records project 
DISA looks into global videoconferencing services 
DOD, VA to smooth transition
Firm's Survey of College-Bound Students Finds No Digital Divide
Students Lose Web Use in Copyright Case 
Visa acts to calm fears of ID theft
New Jersey to Make Driver's Licenses Harder to Counterfeit
Sensenbrenner says he'll enforce sunset of police powers
Santa Clarita Eyes Recycling Plan for Electronic Devices
City sets up wireless as lifeline
Internet Is Losing Ground in Battle Against Spam
U.S. Backs Record Labels in Pursuit of Music Sharer
President's Top IT Security Adviser To Resign 
FCC Eyes Internet Access Subsidy
Local Officials Rise Up to Defy The Patriot Act 
Now Digital, Spy Camera Technology Widens Gaze
AT&T Trying to Collect Bills From the Victims of Hackers
CSC Unit to Send Advisors to Iraq
Pros, cons of hiring ex-criminal hackers
Ex-Student Gets Probation in Hacking Case
Blackboard Gets Gag Order Against Smart-Card Hackers 
Data management system gets new analysis tool 



*******************************
Australian IT
US scoops cyber-terrorism pool
Karen Dearne
APRIL 22, 2003  
 
COUNTRIES on the US Government's Cyber Terrorist Watch List generated less than 1 per cent of all attacks on computer systems in the past six months, according to Symantec's latest Internet Security Threat Report.

In terms of overall volume, the United States topped the top-10 list of attacking countries, with 35.4 per cent of recorded cyber-attacks originating in the US. 
South Korea was second at 12.8 per cent and China third at 6.9 per cent. 

The others were Germany (6.7 per cent), France (4 per cent), Taiwan (3.9 per cent), Canada (3.2 per cent), Italy (3 per cent), Great Britain (2.2 per cent) and Japan (1.8 per cent). 

These nations were responsible for the origin of 80 per cent of all cyber-attacks, according to Symantec's analysis of real-time hacks detected by a sample of 400 companies deploying more than 1000 intrusion detection systems and firewalls in more than 30 countries. 

Researchers found that countries on the Cyber Terrorist Watch List produced no severe events against companies in the sample. 

And no verifiable cases of cyber-terrorist attacks were detected during the six months from July 1, 2002 to December 31, 2002. 

Indonesia and Iran were the two main attackers on the watch list, replacing Kuwait and Egypt, which topped the list in the prior six-month period. 

These four countries alone accounted for almost all the attack activity among watch list countries. 

*******************************
Associated Press
Cadets Train to Fight Cyber Attacks
Tue Apr 22,12:51 AM ET
By MICHAEL HILL, Associated Press Writer 

WEST POINT, New York - The cyberattacks hit after sunup. 

   

A stream of hostile data packets flooded a Web server. Cadets in camouflage fatigues moved double-time shouting about mail servers and passwords. 


Cadet Dan Jeffers calmly tracked the action on his computer screen, wondering about the enemy's next move. 


"I'm sure they're just surfing around, looking for something right now," said Jeffers, examining long gray lines of scrolling script. 


The Cyber Defense Exercise conducted last week among the service academies in the United States is a new kind of drill to prepare a new kind of military. The flanking maneuver Jeffers worried about didn't come from a tank column. It stemmed from hackers ramming his computer defenses. 


"The battle may be raging, but it's happening in cyberspace," said Lt. Col. Daniel Ragsdale of the U.S. Military Academy here. 


The third annual drill, which ran Monday through Thursday, included computer specialists from the country's three major military academies as well as institutions like the U.S. Coast Guard (news - web sites) Academy. 


At the West Point academy, a "blue team" of a few dozen cadets in a camouflage-draped computer lab faced off against a "red team" of hackers from the National Security Agency, the federal intelligence agency that specializes in electronic intelligence gathering and cryptography. 


Red team's basic mission was to bore through each academy's Internet firewall and probe for weaknesses that could give them access to secure data. 


The exercise fits in the military's recent emphasis on "network-centric warfare"  linking commanders, soldiers, weapons and intelligence into an overarching computer grid. Such real-time battlefield information is supposed to cut through the confusion that leads to the oft-cited "fog of war." 


Gone are the days when soldiers took pride in their lack of technological expertise, said Ragsdale, who directs West Point's Information and Technology Operations Center. 


"Somehow, you were more of a soldier if you were a technophobe," Ragsdale said. "You know, `Give me a grease pencil and a piece of acetate, and I'll give you a battle plan.'" 


These days, cyberattacks  and defense  are an important part of the Pentagon (news - web sites)'s arsenal. 


"We're doing network attacks, we are hacking into e-mail systems of adversaries," said Dan Goure of the Lexington Institute, a military think tank. Goure noted reports of U.S. intelligence operatives e-mailing Iraqi generals during the war. 


Modern information warfare involves not just attempts to disable enemy networks with cyberattacks but also to penetrate them and plant bogus information. 


The Pentagon is thus going to lengths to protect its own systems, relying on tools ranging from encryption to special programs that hunt for computer worms, Goure said. 


At West Point four years ago, Ragsdale said there was no talk about "information assurance" warfare. Today, data security is key to the cyberexercise, which has grown in scope since it began in 2001. 

   



On Day Two of this year's exercise the cyber attacks continued all day  literally hundreds of thousands in the form of "malicious packets." 

"They'll try everything they have. They'll unload their arsenal on us," said Maj. Scott Lathrop, the academy's information warfare instructor. 

The academy that musters the best defenses gets a trophy from the National Security Agency. West Point has won the last two years. While cadets weren't hanging up "Beat Navy Hackers" banners, the inter-academy rivalry is intense. 

A number of Army cadets stayed up into the wee hours after Monday's initial attacks to refortify their local area network. Cadets ate sandwiches at their terminals as one companion rested his head on a table. 

Cadet Shaun Baker of Houston said the intense pace was worth it, even if it sapped him for physical training later on. 

"We have a PT test tomorrow that I have to get some sleep for," he said. "That's not happening."
*******************************
Government Computer News
04/21/03 
NARA releases draft requirements for electronic records project 
By Jason Miller 

The National Archives and Records Administration last week took the first step toward completing its mammoth Electronic Records Archives project, releasing a draft requirements plan. 

To get comments from industry and federal users, NARA has posted the draft plan on FedBizOpps.gov and listed it in the Federal Register, said Dan Jansen, a NARA project manager for ERA. 

?We want to give industry as much information as early as we can so they can prepare to bid on the procurement,? Jansen said. ?We also want to touch the potential users of the new system and have then tell us how comprehensive the requirements are from their point of view.? 

NARA plans to release a draft request for proposals by the end of June and a final RFP later this year, he said. 

The draft requirements conform to the broad requirements NARA wants to accomplish by creating the new system. It does not detail specific hardware or software nor does it prescribe any type of application to solve the problem of archiving electronic documents, Jansen said. 

NARA will use the comments as well as those from its six user and industry groups to put together the final RFP, he said. The agency expects to pare the initial bids to a pair of vendors that will compete in a second-round competition. NARA will ask both vendors to write specifications for the system and then design a system that takes into account authenticity, verification and longevity of electronic records, Jansen said. 

Comments on the draft requirements are due May 14. NARA has posted them http://www.archives.gov/electronic_records_archives/acquisition/request_for_comment.html
*******************************
Government Computer News
04/21/03 
DISA looks into global videoconferencing services 
By Dawn S. Onley 

The Defense Information Systems Agency has released a request for information on digital videoconferencing technologies for use worldwide. 

The Defense Video Service Program Management Office wants recommendations of systems that will let Defense Department users choose their level of service. This could range from a multipoint conferencing hub service to an end-to-end service that would include site operation, maintenance and equipment, DISA officials said. 

Conferencing units can include studio, fixed, desktop, mobile and deployable systems and related installation or maintenance services, according to the RFI released April 16. 

DOD uses videoconferencing in its combatant commands? to execute war plans, and in military training, simulation and general unit command and operation. 

DISA will use the RFI responses to develop a request for proposals slated for release early this summer. Vendors can submit responses until May 16 http://www.ditco.disa.mil/dcop/files/itreq/SYNOPSIS-RFI.DOC
*******************************
Federal Computer Week
DOD, VA to smooth transition
BY Judi Hasson 
April 21, 2003

The Department of Veterans Affairs and the Defense Department reached an agreement April 21 to smooth the way for service members to move from active duty to veteran status.

The ability to transfer data from DOD to VA quickly, easily and securely is a key element in making the transition seamless. Therefore, the joint strategic planning initiative will depend heavily on information technology systems to improve access to benefits, streamline application processes and eliminate duplication.

In addition to improving the technical capabilities of DOD and VA information systems, an information sharing task force will be established to develop a plan to automate data collection so necessary information is received in timely and accurate manner.

VA and DOD also plan to improve the coordination of their business processes to better manage capital assets, take advantage of their combined purchasing power, develop complementary workforce plans and find ways to enhance other key business functions.

"Our aim is to build a world-class partnership guided by principles of collaboration, stewardship and leadership," said David S.C. Chu, undersecretary of defense for personnel and readiness. "This approach will help us provide the best value for our beneficiaries as well as the taxpayer. It also recognizes both our common and unique mission requirements and ensures accountability for the results."

Veterans Affairs Deputy Secretary Leo Mackay said the plan provides the framework for "delivering high-quality services and benefits to service members and veterans. It ensures the process will continue into the future."
*******************************
Chronicle of Higher Education
Firm's Survey of College-Bound Students Finds No Digital Divide Among Them
By SCOTT CARLSON

A Baltimore market-research firm that surveyed 500 college-bound high-school students of different races contends that the digital divide no longer exists among them. But the researchers think the gap probably still exists among students who are not headed for college. 

Among those interviewed about their computer and Internet use were 100 African-American students and another 100 students of color from various ethnic backgrounds. The students who were polled had earned scores of at least 800 on the SAT. 

The researchers -- from the firm Art & Science Group -- found what they called "marginal" differences in computer use between white and black students, although white students still used computers slightly more in most cases. For example, 97 percent of white students had access to computers at home, compared with 94 percent of black students. Eighty-one percent of white students had access to computers at school, compared with 71 percent of black students. 

White and black students also used computers similarly, although black students used the Internet for research and for searching for information about colleges more often than whites. 

Richard A. Hesel, who supervised the survey for the Art & Science Group, says he was initially surprised at the findings. "It ran against conventional wisdom," he says. "But when we thought about it, it made sense. If you're in that pool of students bound to four-year colleges, it usually means that things have happened in the home and decisions have been made about what kinds of knowledge and tools you should have access to." 

However, he adds, the digital divide probably still exists among students who are not planning to go to four-year colleges, as students in this survey were. "You can still be very concerned about students who were not in our pool," he says. "I suspect we would have seen something different if we had looked at those students, but we didn't." 

Mr. Hesel expects that some people will have trouble believing the survey's results. "For those who insist on believing that African-Americans are disadvantaged in a way our data refutes," he writes in a publisher's note in the report, "may we dare to suggest that such attitudes may very well be a subtle and unintentional form of racism." 

But Lynette M. Kvasny, an assistant professor of information sciences and technology at Pennsylvania State University, still sees a stark difference in skills between students who come from rural areas and those who come from metropolitan areas -- and who typically have far more access to computers and broadband Internet connections. And she notes a dearth of black students in high-paying technology fields -- a substantial digital divide, in her view. White students often have parents who work in technology, providing a valuable source of support and guidance. 

She says that because of poor advice in high school and at home, black students have often been encouraged to shoot low. She says she was such a student herself. "I was interested in technology, but I was steered toward vocational school to learn how to mount tapes on mainframes," she says. Only through the pushing of good teachers did she enroll in college. And even so, she says, "I started college at a deficit." 
*******************************
Associated Press
Students Lose Web Use in Copyright Case 
Mon Apr 21, 3:54 PM ET

STATE COLLEGE, Pa. - Penn State deprived 220 students of high-speed Internet connections in their dorms after it found they were sharing copyrighted material, the university said Monday. 

   

"Basically, we received a complaint," said Penn State spokesman Tysen Kendig, who said he could not reveal who registered the complaint. 


"Upon investigation, we found that the students had publicly listed copyright-infringing materials on their systems to other members of this network," he added. 


Music and movie industry groups have urged universities to curb the sharing of copyrighted files and penalize violators. 


Students, who often have fast Internet connections and little cash, are seen as the vanguard in a wave of downloading that the entertainment industry claims is cutting into its profits. 


"I was kind of surprised at being caught," Jason Steiner, a freshman in aerospace engineering, told The Daily Collegian, Penn State's student newspaper. "I was sitting there online and all of a sudden I wasn't, with no idea why." 


The sanctioned students all live in campus residence halls. They can still access their campus accounts from other computers. 


The connections to their dorm rooms will be restored once the copyrighted materials have been removed, Kendig said. 


On March 31, Penn State's executive vice president and provost, Rodney Erickson, sent an e-mail to more than 110,000 students, administrators, faculty and staff reminding them that the university prohibits sharing copyrighted material and warning that such sharing is against the law. 


Earlier this month, 85 students at the Naval Academy in Annapolis, Md., were disciplined for using the school's network to trade copyrighted music and movies. 
*******************************
USA Today
Visa acts to calm fears of ID theft
By Christine Dugas, USA TODAY

In response to an epidemic of identity theft, Visa USA, the giant credit card network, is announcing Tuesday that it will provide its member banks with free ID theft insurance as an optional benefit for card holders. 

The coverage would provide eligible card holders with up to $15,000 in reimbursement for lost wages, legal fees and other costs associated with recovering from identity theft. Banks that issue Visa cards may extend the coverage to all their credit and debit card holders, or they may offer it as an incentive to sign up for a particular card or as a reward for premium card holders.

Visa's announcement is the latest salvo in the battle against identity theft, which occurs when someone illegally uses your personal identifying information to drain your accounts or purchase merchandise. Property and casualty insurers already have begun to offer ID fraud coverage. MasterCard and Visa have begun to reduce the amount of account information on merchant receipts. And card issuers have launched consumer education campaigns.

Americans are more worried about becoming a victim of identity theft than getting laid off, according to a survey by the ATM network Star Systems. More than two-thirds of the respondents said they want the financial services industry to do more to tighten security and verify customer IDs.

Identity theft has exploded. Last year, 161,819 identity theft complaints were filed with federal, state and local law enforcement agencies and private groups  nearly double the complaints in 2001, according to the Consumer Sentinel database maintained by the Federal Trade Commission.

Several insurance companies now sell identity theft coverage as part of homeowner's policies. Travelers charges $25 a year for an ID theft rider. And Chubb offers the coverage for no extra charge. 

As part of today's announcement, Visa is unveiling a partnership with Call For Action, a non-profit consumer network, that will offer a toll-free hotline for identity theft counseling (866-434-6854). Consumers also can go to the Web site for fraud-prevention tips (www.callforaction.org).

"Visa wanted to take the hassle out of being a victim of ID theft," says Rosetta Jones, director of corporate relations for Visa USA. She said that Visa's research found that 68% of identity theft victims say the biggest problem is the time it takes to remedy the problem. 

But Visa also may be taking the steps to make its brand more competitive. "It's time for Visa to pull something out of a hat and reverse its market share slide," says Stuart Feldstein, president of SMR Research. He noted that Visa has fallen behind rival MasterCard in terms of number of U.S. accounts.
*******************************
New York Times
April 22, 2003
New Jersey to Make Driver's Licenses Harder to Counterfeit
By LAURA MANSNERUS

RENTON, April 21  New Jersey driver's licenses, known as the easiest outside Alaska to counterfeit, will be replaced starting in late July with a digital model that state officials say will be among the most tamper-proof anywhere.
Gov. James E. McGreevey announced plans for the new design today, promising that the phase-in could be handled at the notoriously slow offices of the Division of Motor Vehicles.

The state has hired a contractor to produce the licenses with equipment at the offices, which will add employees and offer express lanes for people who have completed a preliminary registration online.

The 45 agency offices around the state must check identification documents, like birth certificates, utility bills and Social Security cards, for each driver before issuing replacements.

They must also photograph the more than one million drivers who still have licenses with no photographs and only a thin laminate jacket.

Governor McGreevey and Diane Legreide, the director of the vehicle division, said the new licenses would have an array of security features, some visible and some not, like holograms, a bar code and digital signatures.

The bar code can be scanned by machines to be installed in police cars, allowing officers to verify a driver's identification at the site of a stop and to call up his motor vehicle record.

The contractor, Digimarc Corporation of Tualatin, Ore., has produced new licenses in 34 states and has chosen the best features from them, Mr. McGreevey said. Only one other state, Alaska, still uses paper licenses.

Although the paper licenses have long been known to be duplicated or changed easily, state officials became especially concerned after the terrorist attacks of Sept. 11, 2001, when two of the hijackers were reported to have counterfeit New Jersey driver's licenses.

Those reports were never verified, but the security concerns grew when eight employees of the motor vehicles division and 24 other people were charged with producing and selling counterfeit licenses. Then, in November, Mr. McGreevey's transportation commissioner issued a report describing the Division of Motor Vehicles as rife with patronage and inefficiency.

The Legislature authorized the new licenses, which will cost $4.5 million, in a broader plan to overhaul the agency.

The state has no timetable yet for replacing licenses, and officials have not decided how many will be replaced before they expire. The first of the six million drivers to be called in will be those whose current address or Social Security information is not consistent with other state records.

The new system will raise the license fee to $24, from $18. New Jersey driver's licenses must be renewed every four years.
 *******************************
Milwaukee Journal Sentinel
Sensenbrenner says he'll enforce sunset of police powers
By CRAIG GILBERT
cgilbert@xxxxxxxxxxxxxxxxxxx
Last Updated: April 17, 2003

Washington - House Judiciary Chairman F. James Sensenbrenner Jr. said Thursday that he would fight any effort now to make permanent many of the expanded police powers enacted after the Sept. 11 attacks as part of the USA Patriot Act.

"That will be done over my dead body," said Sensenbrenner in an interview.

The Menomonee Falls Republican also said it was "way premature" for Congress to consider a new package of anti-terrorism proposals being drafted by the Justice Department - a so-called "Patriot Act Two."

Before that happens, he said, the "burden of proof" is on the Justice Department to prove the merits of what he called "Patriot Act One." 

Sensenbrenner's comments are notable because he is a critical player in the running debate between the Bush administration and civil liberties advocates on both the right and left who see the new search and surveillance powers as a threat to privacy and individual rights.

The committee chairman has charted a middle course in that debate, supporting the 2001 Patriot Act despite misgivings. He fought for the sunset provision in the act, which provides that some of the government's new surveillance and investigative powers will automatically lapse at the end of 2005 unless Congress passes and the president signs another law extending them.

The Bush administration opposed the sunset, but agreed to it as part of a legislative compromise in which it got most of the new powers it sought.

Now there is a reported push by some in Congress and the administration to undo the time limits, though it's not clear how serious and urgent the effort is.


Hatch amendment

Last week, Sensenbrenner's Senate counterpart, Republican Judiciary Chairman Orrin Hatch of Utah, circulated an amendment to drop the sunset in the Patriot Act. Aides described it as a tactical move related to another piece of intelligence legislation.

A Hatch judiciary aide was non-committal Thursday about whether the senator plans to aggressively pursue a repeal of the sunset any time soon.


"I can tell you that Senator Hatch did not support the sunset when the Patriot Act was passed," said spokeswoman Margarita Tapia. "He will continue to monitor the bipartisan, constitutional Patriot Act to ensure our intelligence and law enforcement officials have the necessary tools to
prevent a terrorist act."


The Justice Department did not return a phone call seeking comment.


One critic of the law, Timothy Edgar of the American Civil Liberties Union, called Hatch's amendment a "shot across the bow by those who want to get rid of the sunset provision." Edgar contended that it "backfired" because of criticism it drew from activists and lawmakers at both ends of the political spectrum.

"There is pretty clearly a serious effort by law enforcement people to strip the sunset provision and expand the law into a sort of Patriot Two," said Damon Ansell of the conservative Americans for Tax Reform. He said his group opposes efforts to undo the sunset and had huge concerns about the enactment of additional police powers.

Sensenbrenner said repealing the sunset provision is a "non-starter" with his committee, and the "Senate better not try it." He called the sunset rule the only leverage lawmakers have in overseeing the law and getting Attorney General John Ashcroft and his department to answer questions about how they are using it.

He and the top Democrat on the committee, John Conyers of Michigan, have been dissatisfied with the responsiveness of the department to their oversight questions.


"If they want the sunset to be repealed, they're going to have to show that Patriot Act One is constitutional and has done good things," said Sensenbrenner.

Sensenbrenner said he regarded that as an open question, but said of the Justice Department, "the burden of proof is on them."


More police powers proposed

Critics of the law also have expressed alarm about a second Patriot Act. A draft Justice Department proposal, leaked in February, proposed additional search and police powers for the government, but Justice officials distanced themselves from the contents, and it is unclear what the department plans to send to Congress.


Sensenbrenner said that more than a month ago, the department offered to begin briefing House and Senate judiciary staff on their ideas for a new anti-terrorism bill. He said he and Hatch declined to have staff from their committees participate. Sensenbrenner said he told the department that it was premature to consider a new law when basic questions remain about the Patriot Act.

He also suggested Thursday that the administration had done a poor job of presenting its case on the issue.

"I have complained to the attorney general on a number of occasions that because they won't talk about the good that has been done with Patriot Act One, the opponents of the Patriot Act really have gotten the whole public debate to themselves," said Sensenbrenner.

Many provisions of the law have no sunset and are already permanent. One example is "sneak and peak" searches. The law expands the ability of agents to conduct physical and electronic searches without notice beforehand or immediately afterward.

Other provisions fall under the sunset. These include expanded wiretap authority in intelligence investigations and broader powers to obtain the records of businesses, from banks to libraries, in intelligence investigations. 
*******************************
Los Angeles Times
Santa Clarita Eyes Recycling Plan for Electronic Devices
The City Council will consider a program that would keep cast-off gadgets that may contain hazardous materials out of landfills.
By Richard Fausset
Times Staff Writer

April 22, 2003

Concerned about hazardous materials in cell phones, computers and televisions, the city of Santa Clarita is proposing a program to reduce the amount of electronic equipment its residents send to the landfill.
Under the proposal, a waste hauler would collect discarded electronic items free of charge and take them to a recycling plant.

The collection would take place in the weeks after Christmas, a prime time to cast off old electronic products.

At its meeting tonight, the City Council will consider applying for an $80,000 grant from the state's Integrated Waste Management Board to fund the project.

Although relatively small, the effort is part of a growing statewide acknowledgment of the hazards posed by discarded electronics. In 2001, the state Department of Health Services banned the dumping of TV and computer monitors with cathode ray tubes, which contain hazardous amounts of lead, although environmentalists say the little-known law often goes unheeded.

Other electronics contain such toxic elements as cadmium, barium and mercury. In February, the state Department of Toxic Substances Control announced that devices such as cell phones, stereos and computer hard drives would be banned from landfills starting in 2006.

The environmental group Californians Against Waste estimates that more than 10,000 computers and televisions break or are replaced every day statewide, but just 15% or less are recycled because consumers are often charged for the cost of hauling. 

Last year, a bill by state Sen. Byron Sher (D-Stanford) would have attached a fee of as much as $30 to every new TV and computer sold in California to help pay for collection and recycling. The measure, which was opposed by computer and TV trade groups, was eventually vetoed by Gov. Gray Davis. 

This session, Sher has introduced another bill that would "ensure" funds would be available to local government for collection and recycling programs.

Jason Smisko, Santa Clarita's environmental services manager, said his city's proposal would allow residents to recycle their electronics for free during a brief period each year until 2006, when the city's new trash contract goes into effect. That new contract will require the trash hauler to pick up and properly dispose of electronic waste as part of the agreement.

"We're looking for any opportunity to put less product into landfills," Smisko said. "If you can provide more cost-effective ways for people to get rid of materials, the better  especially in middle-class and affluent communities, where kids are carrying cell phones, and VCRs and computers are in every room."

Smisko also noted that Santa Clarita, like many California cities, has not met a state mandate to send no more than 50% of its trash to landfills, and could eventually face steep fines.

Mark Murray, the executive director of Californians Against Waste, said Santa Clarita's program would be a small step in a positive direction.

"It's not going to go very far in terms of covering the volume [of waste] that's out there," he said. "But it's a start."
*******************************
Federal Computer Week
City sets up wireless as lifeline
BY Brian Robinson 
April 21, 2003

After spending millions of dollars to develop the downtown commercial area of Winston-Salem, officials in the North Carolina city are setting up free wireless service to serve as a technology hook to attract young professionals and help the area thrive.

The new Wi-Fi system, which uses the Institute of Electrical and Electronic Engineers 802.11b wireless local-area network protocol, should be operating within the next three months. It uses several Cisco Systems Inc. Aironet 350 wireless base stations hooked into an existing fiber-optic network to provide wireless access along the city's Fourth Street downtown hub.

The aim is to encourage people to come downtown and dine at sidewalk restaurants and cafes, knowing they can have continuous and free access to the Internet for laptops and personal digital assistants, said Dennis Newman, Winston-Salem's chief information officer.

There was no intensive study done before making the decision.

"It's an idea we had and we just went off and did it," he said. "It was by far the easiest sale we've made [for an IT venture]. People in government understood this was a minimal risk from an investment point of view and that it was being applied directly to the base we are hoping to attract."

However, he said, the low cost of installing the wireless system stems from the fact that the fiber backbone was already in place. It was then simply a matter of getting the city's Internet service provider to route access to the wireless system. The city also has the necessary information technology expertise in-house to manage the whole thing, Newman said.

It's possible that similar wireless access could be provided for other parts of the city.

"We've certainly had the requests," Newman said. "But it depends on where we feel we can make the best use of limited funds. We'll wait and see how this Fourth Street project goes first."

Robinson is a freelance journalist based in Portland, Ore. He can be reached at hullite@xxxxxxxxxxxxxxx
*******************************
New York Times
April 22, 2003
Internet Is Losing Ground in Battle Against Spam
By SAUL HANSELL

Alyx Sachs is no longer sending people e-mail offering to "fix your credit risk free."

Confronted by an increasing number of individuals, businesses and Internet service providers using software meant to identify and discard unwanted junk e-mail  commonly known as spam  Ms. Sachs has been forced to become more creative in her marketing pitches. The subject line on her credit e-mail, for example, now reads "get a fresh start."

 From a small office on Sunset Boulevard in Los Angeles, millions of messages prepared on behalf of others by Ms. Sachs and her partner are still going out to e-mail in-boxes every day, promising not just to restore a poor credit rating but also to sell printer ink, 3-D glasses and, lately, even playing cards with pictures of wanted Iraqi leaders.

In the cat-and-mouse game of e-mail marketers and those trying to stop them, the spammers are still winning.

So far, nothing that has been tried to block spam has done much more than inconvenience mass e-mailers. Just as Ms. Sachs's company, NetGlobalMarketing, has been able to reword its e-mail to evade spam filters, others use even more aggressive tricks to disguise the content of their messages and to send them via circuitous paths so their true origin cannot be determined.

"There is no silver bullet," said Lisa Pollock, the senior director of messaging at Yahoo, the popular Web portal. "There will always be people who can find a way to get around whatever you have in place."

No doubt making a living selling things by e-mail is becoming harder. Not only are more messages being blocked by automated antispam systems, more senders of e-mail are also facing legal action. Last week, America Online and the Federal Trade Commission each filed suit against e-mailers that they say are illict spammers. Congress is seriously considering legislation to crack down on spam.

But the infestation is growing faster than the antispammers can keep up. Brightmail, which makes spam-filtering software for corporate networks and big Internet providers, says that 45 percent of the e-mail it now sees is junk, up from 16 percent in January 2002. America Online says the amount of spam aimed at its 35 million customers has doubled since the beginning of this year and now approaches two billion messages a day, more than 70 percent of the total its users receive.

Indeed, the spam problem defies ready solution. The Internet e-mail system, designed to be flexible and open, is fundamentally so trusting of participants that it is easy to hide where an e-mail message is coming from and even what it is about.

Another reason there is so much spam is that, with a simple computer hookup and a mailing list, it is remarkably easy and inexpensive to start a career in e-mail marketing. Companies that offer products like vitamins and home mortgages as well as those selling items like penis and breast enlargement kits will allow nearly any e-mail marketer to pitch their wares, paying a commission for any completed transaction.

The microscopic cost of sending e-mail, compared with the price of postal mailings, allows senders to make money on products bought by as little as one recipient for every 100,000 e-mail messages. Internet marketing companies typically charge $500 to $2,000 to send a solicitation to a million in-boxes, but the cost goes up if the list is from a reputable source or is focused on people in certain favored demographic groups. Sending the same offer to a million people by mail costs at least $40,000 for a list, $190,000 for bulk-rate postage and more for paper and printing.

Albert Ahdoot, for example, started a part-time business using e-mail to sell printer-ink refill systems while he was in college. When he dropped out of medical school, he hooked up with Ms. Sachs, a former producer with Geraldo Rivera who later worked in marketing at several Internet companies. With her client contacts, his technology and some e-mail lists they acquired, they started their business about a year ago.

Like many in the e-mail marketing business, Ms. Sachs says her e-mail blitzes are not spam because she sends them only to lists of people who have agreed to receive marketing offers over the Internet. These opt-in lists, as they are called, are generated when Internet users enter a contest on the Web or sign up for an e-mail list in which the fine print says the user agrees to receive "occasional offers of products you might find valuable from our marketing partners."

Arguing that no one is forced to sign up for e-mail pitches, Internet marketers say that the attack on spam has already gone too far, interfering with legitimate business.

"We have allowed these spam cops to rise out of nowhere to be self-appointed police and block whole swaths of the industry," said Bob Dallas, an executive of Empire Towers, an e-mail firm in Toledo, Ohio, widely cited on antispam lists used by many Internet companies.

"This is against everything that America stands for," Mr. Dallas added. "The consumer should be the one in control of this."

But activists who oppose spam say that some e-mailers who argue that they have permission to send e-mail to a certain address often do not. Earlier this year, a New York court ruled that a Niagara Falls, N.Y., company, MonsterHut, had violated antifraud laws for misrepresenting opt-in permissions.

Lower on the marketing totem pole than opt-in mailing is what the industry calls bulk e-mailing: blasting a message out to any e-mail address that can be found. CD-ROM's with tens of millions of e-mail addresses are widely available  advertised by e-mail, of course. These addresses have been harvested by software robots that read message boards, chat rooms and Web sites.

Others use what are called dictionary attacks, sending mail to every conceivable address at major e-mail providers  first, say, JohnA @example.com, then JohnB @example.com, and so on  to find the legitimate names.

Such distinctions, however, are usually lost on users who, in recent years, have found unwanted marketing pitches are overwhelming their legitimate e-mail.

As dissatisfaction has risen, the big Internet service providers, like AOL, and purveyors of free e-mail accounts, including Yahoo and Microsoft's Hotmail, have all greatly accelerated efforts to identify and block spam. Among other things, they have created prominent buttons for users to report offending e-mail as spam.

There is little that Internet services can do to keep spammers from gathering e-mail addresses directly from users. Many people still will type virtually their life history into an unknown Web site that claims to be offering a chance to win a Lexus.

But some Internet providers have built systems to identify when they are being subject to dictionary attacks and cut them off quickly before valid e-mail addresses are deduced.

To identify phrases and other patterns that occur in spam, the Internet service providers look at what is received in thousands of so-called honeypot e-mail accounts  those that have no legitimate reason to receive e-mail messages.

The spammers quickly caught on to this technique, however. So they have varied their messages  morphing, they call it  often by simply appending random words or characters, so the filtering systems no longer see millions of identical solicitations.

At the same time, e-mail users now receive spam that is not only unwanted but cryptic, too. In an attempt to avoid automatic filters that search for certain phrases, marketers offer, for example, "Her bal V1agra" and ways to make "F*A*S*T C*A*S*H."

So the Internet companies now look for unusual spelling as well. "Some people have jobs that change day to day," said Charles Stiles, the technical manager of AOL's postmaster team, which looks after spam blocking. "Ours changes from minute to minute. A filter that works one day will likely not work the next."

Another way spammers avoid detection is to send mail using the HTML format, the language mainly used to display Web pages. Spammers and major advertisers alike think that e-mail with varied type and inserted graphic images is more persuasive than ordinary text. But the spammers also find that this format makes it easier to evade the filtering programs.

A lot of spam now puts the actual sales pitch in an image that is only displayed when the user reads her e-mail. The filter reads merely some random text and the Web address of the image to be displayed.

Spam filters are now being adjusted to be suspicious of e-mails that only have links to Web images. But it is still hard for any program to distinguish, say, a pornographic come-on from a baby picture, especially when processing hundreds of millions of messages a day.

At the same time, the argument is intensifying over what represents legitimate e-mail, particularly when it ends up being blocked by an antispam filter. Last November, AOL threatened to block e-mail from Gap. Even though Gap said it only sent e-mail to people who explicitly signed up for its mailing list, AOL said that many of its members reported Gap mailings as spam. When it investigated, AOL found that Gap had been offering people a 10 percent discount for providing their e-mail address. Nearly a third of the addresses collected were fake, but they often belonged to other people who did not want the Gap e-mail.

"You can't underestimate the power of people to make up an e-mail address to get a 10 percent discount," said Matt Korn, AOL's executive vice president for network operations.

The other major approach to preventing spam is to block any messages sent from computers and e-mail addresses known to be used by spammers. This is harder than it seems because the spammers are constantly changing their accounts and are adept at methods to make up fake return addresses and hide behind private accounts. That does not prevent the big service providers, and an army of spam vigilantes, from creating blacklists of offenders.

These blacklists, however, often also block legitimate companies and individuals from sending e-mail. That is because the spammers find ways to hijack unprotected computers to relay their messages, thus hiding their true origins.

In the earlier, more innocent days of the Internet, many computers were set up to relay e-mail sent by any other user, anonymously, just to give a helping hand to those with connection problems. Now there still are computers set up to be what is known as an open relay, even though such machines are largely used by spammers.

Another approach to limiting spam, which is favored by big marketers, is to create a "white list" of approved senders, but this raises the question of who will compile such a list. A group of the companies that send e-mail on behalf of major corporations will put forward another proposal tomorrow that would allow senders to certify their identities in every e-mail message they send and report a rating of how much they comply with good mailing standards. Users and Internet service providers would then decide what sort of mail they choose to accept.

"We wanted to come up with a way of shining a big bright light on all those that want to stand in the light and say, `This is who I am, and I was that person yesterday, and I'll be that person tomorrow,' " said Hans Peter Brondmo, a senior vice president at Digital Impact, a major e-mail company and one of the developers of the proposal, known as project Lumos.

Rather than such a self-regulatory approach, the antispam legislation in the Senate would try to make many deceptive e-mail practices illegal. It would force commercial e-mail messages to identify the true sender, have an accurate subject line and offer recipients an easy way to remove their names from marketing lists. And it would impose fines for violators.

For her part, Ms. Sachs, the e-mail marketer, says that any such move would only end up making it harder to run a legitimate business.

"These antispammers should get a life," she said. "Do their fingers hurt too much from pressing the delete key? How much time does that really take from their day?"

By contrast, she said, "70 million people have bad credit. Guess what? Now I can't get mail through to them to help them."
*******************************
New York Times
April 21, 2003
U.S. Backs Record Labels in Pursuit of Music Sharer
By AMY HARMON

The Bush administration has sided with the recording industry in its court battle to force Internet providers to disclose the identities of subscribers who may be illegally trading materials online.

A Justice Department brief supports the claim by the Recording Industry Association of America that it should be able to force Verizon Communications under the digital copyright law to identify a subscriber suspected of providing more than 600 songs from well-known artists for other Internet users to download.

The subpoena was sought by the music industry under the 1998 Digital Millennium Copyright Act, which allows companies a shortcut to obtain Internet users' names without a judge's order under certain circumstances.

Verizon asserts that the shortcut was meant to be limited to cases where the material on Web sites is stored on the Internet provider's computers. To extend the statute to material that resides on subscribers' computers, like songs and movies that are traded using KaZaA and other popular peer-to-peer software, Verizon says, violates the constitutionally protected rights of free speech and due process of Internet subscribers.

But in a filing with the Federal District Court in Washington on Friday, the Department of Justice wrote that the law did not violate the free speech rights of everyday users because it was directed only at those who violate copyrights.

The law's subpoena provision "targets the identity of alleged copyright infringers, not spoken words or conduct commonly associated with expression," the Justice Department wrote in its brief. The brief also asserted that the law did not violate due process protections because the Constitution does not specifically prohibit the process set up by the digital copyright law, which requires that copyright holders ask a court clerk for an order to compel Internet providers to surrender customer names.

Sarah B. Deutsch, vice president and associate general counsel for Verizon, said the company was disappointed by the Justice Department brief. Lifting the requirement on copyright holders to go before a judge to request identifying information, she said, would permit any copyright holder easily to obtain personal information about an Internet subscriber. "This would let copyright holders use the court's power to send people threatening letters and never sue," Ms. Deutsch said.

The recording industry welcomed the Justice Department brief. "The government's filing today supports the proposition that we have long advocated  copyright owners' have a clear and unambiguous entitlement to determine who is infringing their copyrights online, and that entitlement passes constitutional muster," said Matthew J. Oppenheim, senior vice president for business and legal affairs at the recording industry group. "Verizon's persistent efforts to protect copyright thieves on pirate peer-to-peer networks will not succeed."

Legal experts said the Justice Department's brief was a significant setback for Verizon. Judge John D. Bates, who has ordered Verizon to turn over the name of the subscriber at issue in the case, held a hearing on April 1 on the constitutional issues in the case. He must decide whether to grant Verizon's request to stay his order pending an appeal. "To have the government entering the case to defend the law certainly makes the law as interpreted look more legitimate," said Jessica Litman, a professor of copyright law at Wayne State University.

But Professor Litman said the appeals court could still rule in Verizon's favor based on an interpretation of how Congress intended the law to be applied. When it was passed in 1998, peer-to-peer software like KaZaA, which allows users to trade files directly from their home computers, did not exist. "The Web was only five years old in 1998," she added.
*******************************
Washington Post
President's Top IT Security Adviser To Resign 
By Brian Krebs
washingtonpost.com Staff Writer
Friday, April 18, 2003; 4:31 PM 

White House cybersecurity adviser Howard Schmidt will resign from his post at the end of the month, raising concerns about the Bush administration's commitment to implementing its strategy for protecting the nation's critical information infrastructure.

Several friends and close associates of Schmidt said he had informed them of his plans to leave the White House. The former chief of security at Microsoft Corp., Schmidt became chair of the President's Critical Infrastructure Protection Board in February following the departure of his predecessor, Richard Clarke. 

Schmidt played a key role in drafting the administration's recently released cybersecurity strategy, and has spent the last two years building ties with the private sector in a joint effort to protect the nation's most important information systems from cyber-attack. He had been negotiating to become cybersecurity adviser to Homeland Security Secretary Tom Ridge, but his effort fell through, according to friends and associates interviewed for this story. 

Schmidt's imminent departure would leave the administration without a high-ranking official solely in charge of cybersecurity, at a time when many observers are criticizing the White House for shifting attention and resources away from the issue.

"Industry understands this is an important issue. Congress and the president have said [it is too], yet the department has no senior level official working full-time on the issue," Clarke said. Failing to appoint a cybersecurity adviser at Homeland Security "reflects a total lack of intellectual understanding of the issue on the part of the people working for Ridge," he said.

In January, the administration consolidated the work of five federal cybersecurity offices into the Homeland Security Department, but it remains unclear how those divisions will work together or whether they have adequate resources to carry out their mission. 

Full responsibility for cybersecurity matters currently rests with Robert Liscouski, a former Coca-Cola executive who was recently named assistant secretary of infrastructure protection at the Homeland Security Department. Liscouski's portfolio includes both cybersecurity and protecting the nation's vital physical assets from attack. Given the scope of the physical infrastructure challenge, some observers have said cybersecurity matters will be overlooked. 

"The great irony here is that we have President Bush doing what Clinton refused to do - namely giving cybersecurity incredibly high prominence in naming a personal assistant to the president and issuing a national cybersecurity strategy," said Harris Miller, president of the Information Technology Association of America. 

"Yet, a few weeks after the strategy's release, all of the leadership (on cybersecurity) disappears. There are some very serious consequences of that in terms of the lack of leadership, because a lot of what needs to be done requires a full time cheerleader."

After Clarke's departure from the White House in February, the administration announced that it was abolishing the Critical Infrastructure Board and transferring its duties to the Department of Homeland Security. That move did not eliminate Schmidt's role as White House cybersecurity adviser, though it did eliminate his responsibility for leading the board.

Schmidt declined to comment for this story. White House and DHS officials did not return calls seeking comment.
*******************************
Los Angeles Times
FCC Eyes Internet Access Subsidy
Spurred by allegations of fraud, the agency is expected to tighten rules for the 'e-rate' program.
By Jube Shiver Jr.
April 21, 2003

WASHINGTON -- The Federal Communications Commission this week is expected to tighten rules for the third time on a program that provides subsidized Internet access to schools and libraries, but has been persistently criticized for its largess and lax oversight.

Spurred by continued allegations of widespread fraud, commissioners Wednesday plan to adopt regulations that would disqualify telecommunications service providers that repeatedly flout the rules of the government's multibillion-dollar "e-rate" program, intended to wire thousands of rural and poor schools and libraries for high-speed Internet access.

The program is financed by a monthly $1-to-$2 "universal access fee" that appears on virtually every telephone bill. Critics accuse participants -- which range from telecom upstarts to industry giants such as Lucent Technologies Inc., IBM Corp. and the four Baby Bell companies -- of inflating service costs, charging for unauthorized equipment and technology and not seeking competitive bids.

Congress, the FCC, the Justice Department and more than a dozen states have launched investigations into the program in recent months.

"Based on what we've seen so far, we are not talking about a couple of isolated incidents but widespread instances of fraud and abuse," said Ken Johnson, a spokesman for Rep. W. J. "Billy" Tauzin (R-La.), chairman of the House Commerce Committee and a longtime critic of the e-rate program. "Schools are hooked up to the Internet for free and the federal government is robbed blind."

The Center for Public Integrity, a Washington-based watchdog group, said it learned of one unnamed school that paid $20,000 annually to lease a piece of computer networking gear that could be purchased outright for $20,000. The school also was paying an unusually high $96,000 a year for a maintenance contract, the center said in a study published earlier this year.

The program "is honeycombed with fraud and financial shenanigans," the report declared, "but the government officials in charge say they don't have the resources to fix it."

That study echoed similar findings issued in October by the FCC's inspector general, which concluded: "The results of audits and the allegations under investigation lead us to believe the program is subject to unacceptably high risk of malfeasance."

Despite e-rate's success in bringing high-speed Internet access to thousands of schools and libraries nationwide, the program's critics point to projects they say were never intended to be funded.

In Fresno, for instance, telephone equipment provider Lucent installed a "homework hotline" in 1999 that was paid for in part by funds from the e-rate wiring program. More recently, e-rate program officials have delayed or denied applications from IBM Corp., alleging the computer concern won some contracts without competitive bidding.

Lucent said the Fresno work was performed by its former networking subsidiary Avaya Inc., which is now an independent company. Avaya officials did not return calls seeking comment.

IBM spokesman Andy Kendzie acknowledged that some of the company's e-rate applications have been denied or delayed, primarily in Texas and a few other states. But he denied any wrongdoing by IBM.

"We have been fully compliant with FCC's rules," Kendzie said. He blamed the holdup of IBM's e-rate applications on regulatory red tape and said IBM has written the FCC asking the agency to "streamline" the process.

Action by the FCC on Wednesday would mark the agency's third attempt to reform the e-rate program, which has proved to be one of the most controversial aspects of the Telecommunications Act of 1996.

In 1998, the FCC shut down Schools & Libraries Corp., a nonprofit company that the FCC created to oversee the e-rate program, after the corporation drew fire for allegedly turning a blind eye to excessive funding requests. The corporation's $200,000-a-year chief executive resigned from his post after criticism that his salary was lavish. The FCC later slashed the CEO's pay to $150,000.

In addition, the FCC established a nonprofit group called the Universal Service Administration Co. to administer e-rate and two other related telephone-subsidy programs.

The new rules would authorize USAC to disqualify any company, school or library that repeatedly violated program rules aimed at ensuring fiscal accountability such as competitive bidding and fair dealing. The FCC could also make recommendations to the Justice Department to prosecute wrongdoers.

But it's unclear how much of an effect the new rules will have, given that more than 75% of the nation's schools already have been wired under the program. What's more, the rules would do little to address the lack of government oversight of the e-rate program. Only two FCC auditors are assigned to e-rate transactions, which finance an average of 30,000 Internet connection projects each year.

Rather than wait to see if the FCC rules work, Rep. Thomas G. Tancredo (R-Colo.) has reintroduced a bill to terminate the e-rate program, branding it "an additional hidden tax on the already overtaxed American people."

The measure is pending before the House Committee on Energy and Commerce.
*******************************
Washington Post
Local Officials Rise Up to Defy The Patriot Act 
By Evelyn Nieves
Monday, April 21, 2003; Page A01 

ARCATA, Calif. -- This North Coast city may look sweet -- old, low-to-the-ground buildings, town square with a bronze statue of William McKinley, ambling pickup trucks -- but it acts like a radical.

Arcata was one of the first cities to pass resolutions against global warming and a unilateral war in Iraq. Last month, it joined the rising chorus of municipalities to pass a resolution urging local law enforcement officials and others contacted by federal officials to refuse requests under the Patriot Act that they believe violate an individual's civil rights under the Constitution. Then, the city went a step further.

This little city (pop.: 16,000) has become the first in the nation to pass an ordinance that outlaws voluntary compliance with the Patriot Act.

"I call this a nonviolent, preemptive attack," said David Meserve, the freshman City Council member who drafted the ordinance with the help of the Arcata city attorney, city manager and police chief.

The Arcata ordinance may be the first, but it may not be the last. Across the country, citizens have been forming Bill of Rights defense committees to fight what they consider the most egregious curbs on liberties contained in the Patriot Act. The 342-page act, passed by Congress one month after the Sept. 11, 2001, terrorist attacks, with little input from a public still in shock, has been most publicly criticized by librarians and bookstore owners for the provisions that force them to secretly hand over information about a patron's reading and Internet habits. But citizens groups are becoming increasingly organized and forceful in rebuking the Patriot Act and the Homeland Security Act for giving the federal government too much power, especially since a draft of the Justice Department's proposed sequel to the Patriot Act (dubbed Patriot II) was publicly leaked in January.

Both the Patriot Act and the Homeland Security Act, which created the Cabinet-level department, follow the Constitution, says Justice Department spokesman Mark Corallo. Federal law trumps local law in any case, which would mean Arcata would be in for a fight -- a fight it wants -- if the feds did make a Patriot Act request. LaRae Quy, a spokeswoman for the San Francisco FBI office, whose jurisdiction includes Arcata, said that the agency has no plans to use the Patriot Act in Arcata any time soon, but added that people misunderstood it. Although some people feel their privacy rights are being infringed upon, she said, the agency still has to show "probable cause for any actions we take."

But to date, 89 cities have passed resolutions condemning the Patriot Act, with at least a dozen more in the works and a statewide resolution against the act close to being passed in Hawaii.

"We want the local police to do what they were meant to do -- protect their citizens," said Nancy Talanian, co-director of the Bill of Rights Defense Committee in Florence, Mass., which gives advice to citizens groups on how to draft their own resolution.

Although cities across the country passed antiwar resolutions before the attack on Iraq with little notice from the administration, Talanian said that the anti-Patriot Act resolutions are "not quite as symbolic" as those that passed against the war.

"Normally, the president and Congress don't pay that much attention when it comes to waging war," she said. "But in the case of the Patriot Act, the federal government can't really tell municipalities that you have to do the work that the INS or the FBI wants you to do. The city can say, 'No, I'm sorry. We hire our police to protect our citizens and we don't want our citizens pulled aside and thrown in jail without probable cause.' "

In Hawaii, home to many Japanese Americans who vividly recall the Japanese internments during World War II, Democratic state Rep. Roy Takumi introduced a resolution on the Patriot Act as a way to raise debate, he said. Although the resolution may be seen as symbolic, he said, "states have every right to consider the concerns of the federal government and voice our opinions. If a number of states begin to pass similar resolutions, then it raises the bar for Congress, making them realize our concerns. I hope to see what we've done here plays a role in mobilizing people to take action."

Lawmakers and lobbyists on both ends of the political spectrum are beginning to sound more alarms about the antiterrorism act, which gave the government unprecedented powers to spy on citizens. Rep. Bernard Sanders (I-Vt.) has introduced a bill, the "Freedom to Read Protection Act" (H.R. 1157), that would restore the privacy protections for library book borrowers and bookstore purchases. The bill has 73 co-sponsors.

Earlier this month, Rep. F. James Sensenbrenner Jr. (R-Wis.), the chairman of the House Judiciary Committee, and Rep. John Conyers Jr. (Mich.), the ranking Democrat, asked the Justice Department for more information on the government's use of the Patriot Act to track terrorists, questioning what "tangible things" the government can subpoena in investigations of U.S. citizens.

Sensenbrenner and Conyers sent an 18-page letter to Attorney General John D. Ashcroft, challenging the department's increased use of "national security letters" requiring businesses to hand over electronic records on finances, telephone calls, e-mails and other personal data.

They questioned the guidelines under which investigators can subpoena private books, records, papers, documents and other items; asked whether the investigations targeted only people identified as agents of a foreign power; and asked the attorney general to "identify the specific authority relied on for issuing these letters."

The Justice Department said it is working on the request.

But citizens groups, worried about a timid Congress, are not waiting for their elected officials to act before launching a campaign against the proposed sequel to the Patriot Act, the "Domestic Security Enhancement Act." The Idaho Green Party has begun the Paul Revere Project to stop Patriot Act II before it can be passed.

The proposed addendum to the Patriot Act, which the Justice Department has insisted is only a draft of ideas, would enlarge many of the controversial provisions in the first Patriot Act. It would give the government authority to wiretap an individual and collect a person's DNA without court orders, detain people in secret and revoke citizenship, among other powers.

The proposed sequel to the act has galvanized communities in a bottom-up, grass-roots way, Talanian said. "Before a community votes on resolutions, they engage in forums and petitioning to show the town council they want this. After, communities band together and do things like visit the offices of their entire congressional delegations and say our communities have these concerns and now we are asking you to help."

In Arcata, where forums drew little debate, the new law is an unqualified hit. It passed by a vote of 4 to 1, but has what looks like near-unanimous approval from residents.

Meserve, a weather-worn builder and contractor in his fifties who wears a ponytail and flannel shirts, hasn't felt so popular since he won his council seat running on the platform, "The Federal Government Has Gone Stark, Raving Mad." 

"The ordinance went through so easily that we were surprised," he said. "We started going up to people asking what they thought. They thought, 'great.' It's our citywide form of nonviolent disobedience."

The fine for breaking the new law, which goes into effect May 2, is $57. It applies only to the top nine managers of the city, telling them they have to refer any Patriot Act request to the City Council.
*******************************
New York Times
April 21, 2003
Now Digital, Spy Camera Technology Widens Gaze
By LAURIE J. FLYNN

A ceiling-mounted electronic eye captures every transaction at the cash register. In the parking garage, more tiny cameras record every arrival and departure. To many business owners, these aspects of modern life seem a small price to pay for personal safety. But to some customers, they are new examples of Big Brother run amok. 

The use of surveillance cameras in private businesses and public spaces has been a matter of debate for some time. But even as the controversy becomes more heated, the use of surveillance equipment is surging, driven by new digital technology, falling prices and terrorism jitters.

Sales of digital surveillance systems and the services required to install them are growing rapidly at a time sales of many other technologies are limited by tight corporate budgets. In the United States, annual sales of digital surveillance products and services is expected to reach $8.5 billion by the end of 2005. That is up from $5.7 billion in 2002, according to J. P. Freeman, a market research company in Newtown, Conn.

One indication this trend will accelerate was the announcement by I.B.M. last month that it would offer a new package of consulting and system-design services for digital network-based video surveillance systems. I.B.M. evidently thinks that retail stores, corporations and government agencies will soon abandon older analog videotape systems and move the management of these surveillance operations to corporate information technology departments.

"Corporations need to reduce costs and become more effective," said Michael Maas, vice president for marketing at I.B.M.'s communications sector in Armonk, N.Y. "Digitization of security does that."

While many companies are switching to digital video security, most retail and hotel businesses are still using videotape systems. Law enforcement appears to be making the transition somewhat faster.

As part of its new strategy, I.B.M. said, it now has 3,000 consultants to help customers incorporate digital video security into their existing information technology operations. The hope is that the businesses that have hired I.B.M. to protect their data will use its services for digital surveillance and buy more of its hardware, as well. "This gives I.B.M. the opportunity to be a one-stop operation," said Joseph Freeman, J. P. Freeman's chief executive.

But selling physical security systems to information technology departments may prove hard even for I.B.M. Most security systems are still managed by old-school security officers. Managing security "has been going on in an ad hoc way down in the basement," said Lou Latham, an analyst at Gartner, a consulting firm. "It's a business that's industrial, and not considered an information technology thing."

But now it is possible to integrate surveillance systems into corporate networks and databases. Unlike videotape systems, digital images stored on DVD's or CD's can be indexed and searched easily. Using digital video, investigators can, for instance, nearly instantly retrieve images of every person who passed through a door on a certain day.

Digital video's other advantage is that its images can be quickly transmitted over networks. Police officers responding to a robbery can view surveillance images in their squad cars. And digital video systems can be used in conjunction with other corporate security systems, like badge readers and alarms. With criminal databases and pattern-matching algorithms, new digital equipment can analyze activity caught on camera, even as it is taking place, and can detect the presence of weapons.

Compared to these features, analog video looks downright rudimentary. Videotape deteriorates over time, posing significant storage problems and requires the installation of a video recorder on every camera. And tape can be painstakingly slow and inefficient to use in a criminal investigation, Mr. Latham said.

National Car Parks of London has already upgraded to digital video surveillance equipment, having installed 400 cameras in its parking lots throughout Britain. Each garage can be monitored from a control room using a digital network, reducing crime, according to I.B.M. And having the ability to monitor traffic and crime patterns in each garage allows the company to use its staff better to focus on trouble spots.

The digital surveillance equipment market is fiercely competitive, with many specialized manufacturers and systems integrators. CCS International and Pelco, leaders in the surveillance equipment industry, have sold to corporations and government agencies for more than a decade. Panasonic, Sony, Sanyo and other camera and equipment makers have also succeeded in finding their own niches in the security field.
*******************************
New York Times
April 21, 2003
AT&T Trying to Collect Bills From the Victims of Hackers
By LAURIE J. FLYNN

Victims of a telephone hacking swindle are disputing a contention by AT&T that they are responsible for costly long-distance calls fraudulently made through their voice mail systems.

The dispute revolves around a string of incidents in which hackers broke into business voice mail systems and rigged them to accept international collect calls from the Philippines and other countries. The charges for these calls, which occurred when the businesses were closed, typically run in the thousands of dollars. While most of the victims so far have been in California, similar incidents have recently been reported in Texas and Ohio.

The city of East Palo Alto, Calif., is now battling with AT&T over who is responsible for a $30,000 long-distance phone bill that resulted from voice mail hacking. Over a five-day period last summer, hackers in the Philippines and Belgium penetrated the agency's voice mail system, operated by SBC Communications, the local phone service provider, by figuring out system pass codes. An official of AT&T notified the city that its phone system had been hacked before the phone bill came in the mail.

Now AT&T wants the city to pay the bill for the fraud, which it says was the customer's responsibility to prevent. It offered a settlement in which it would pay 30 percent of the charges, but the city says the company should pay the whole thing.

But Michael Lawson, city attorney for East Palo Alto, said: "Our position is that it is not our fault." The vulnerability of the system is something AT&T has been aware of for 10 years."

While fraudulent long-distance schemes have been going on for many years, voice mail hacking is more recent. Hackers have discovered that if voice mail customers do not change their default pass code when the system is set up, they can sometimes break in by figuring out assigned pass codes. Hackers breaking into the system then change the outgoing message to one that automatically accepts collect calls. 

AT&T, like many other phone companies, uses an automated voice-recognition system when processing collect calls. The hacked system responds "yes" at the appropriate prompt, and the automated phone attendant accepts the response. Once connected, the hackers can leave the line open for hours, charging up enormous bills. 

AT&T insists that the problem is not widespread. "There's no question these are isolated incidents," a spokesman, Gordon Diamond, said. "We've only detected a handful of them." Mr. Diamond said the company thinks the collect calls might have been put through with the help of a live operator, rather than through the automated system. 

Chris Toeppen, who until recently owned a real estate investment firm in Menlo Park, Calif., is still battling with AT&T over the $11,000 bill incurred through hacking into his three-year-old voice mail system last fall. He acknowledges that he used a pass code that could have been easily guessed, never thinking anyone would bother hacking it.

AT&T gave him a deadline of last week to pay the bill or the company would submit it for collection, an action Mr. Toeppen thinks could damage his credit. Still, he let the deadline pass.

"It's as though somebody steals your car and robs a bank with it," Mr. Toeppen said, "and then the bank comes and wants you to pay for it." He said that at the time, AT&T's network security team told him the problem was growing.

AT&T now requires that individuals accepting collect calls, besides having to respond "yes" when prompted, also enter a three-digit number.

But while some phone companies still have live operators calling to get approval for collect calls, AT&T has no plans to abandon its automated system. Mr. Diamond said the company first become aware of the problem last year and in November posted a consumer advisory on the fraud section of its corporate Web site. It advises voice mail users to always change the default pass code and change their new pass codes often; to choose a complex pass code of at least six characters; and to never use birthdays, addresses or phone numbers. 

SBC, the company that operates the hacked voice mail systems, says it tries hard to educate its customers on security. Still, a company spokesman, John Britton, said, if it had happened on its own long-distance network, SBC would identify it as fraud and adjust the charges, as long as the customer was willing to file a police report.

Linda Sherry, executive director of Consumer Action, a nonprofit consumer advocacy group in San Francisco, applauded AT&T for now requiring the three-digit number for authorization but insists that the company should still pay the bills of the hacking victims.

"It's outrageous," she said. "The very first thing AT&T needs to do is not make these people pay."
*******************************
New York Times
CSC Unit to Send Advisors to Iraq
The El Segundo firm's DynCorp subsidiary will rebuild the nation's police and judiciary under the one-year, $50-million contract.
By Mark Fineman and David Streitfeld
Times Staff Writers

April 19, 2003

WASHINGTON -- From cops to construction, rebuilding post-war Iraq is becoming good business for California firms.

A unit of El Segundo-based Computer Sciences Corp. won a $50-million State Department contract Friday to provide up to 1,000 civilian law-enforcement advisors to rebuild Iraq's police force, prisons and judiciary. Several industry analysts believe that the contract could be worth much more if it is extended beyond its one-year term.

The award to CSC's DynCorp, based in Reston, Va., came less than 24 hours after the U.S. Agency for International Development gave its main Iraqi reconstruction contract to Bechtel Group of San Francisco, which is now responsible for repairing Iraq's airports, roads, bridges, hospitals, schools, power grids and water and sewage systems.

Two other California companies, Fluor Corp. of Aliso Viejo and Parsons Corp. of Pasadena, are expected to bid for an Army Corps of Engineers contract to rebuild the Iraqi oil infrastructure, a pact that could be worth billions of dollars.

The Bechtel project is expected to be ultimately worth tens of billions, although the initial contract provides for up to $680 million over the next 18 months. Bechtel will focus first on the port of Umm al Qasr and on power plants, a spokesman said Friday. The port is a prime entry point for humanitarian aid, and much of Baghdad remains without power.

A senior port engineer and a senior power engineer will arrive in Kuwait by Tuesday and will join Iraq project chief Terry Valenzano and other staff, Bechtel spokesman Mike Kidder said.

Although Bechtel has overall authority, it intends to assign most of the actual work to subcontractors, Kidder said, and "to maximize the participation of Iraqis."

In an e-mail message Friday to Bechtel's 50,000 employees, Chairman Riley Bechtel said, "We won this work on our record, plain and simple.... It's a record that few, if any, companies in the world can match." He added that Bechtel was "proud to serve" the people of Iraq.

Under the law-enforcement contract, DynCorp will provide advisors who have at least a decade of experience in U.S. law enforcement, judicial affairs and corrections, including two years of police training, crime-scene investigation, border security and customs.

DynCorp already has recruited more than 150 advisors for the job under a contract it won in 1996 to help build new police forces in the Balkans. And judging by the response, the company probably will have little trouble finding at least 1,000 present or former U.S. law-enforcement officers to work in war-torn Iraq.

"The interest is very enthusiastic. I'm getting calls from law enforcement all over the country," said Mike Dickerson, CSC's chief spokesman. "There seems to be a tremendous amount of interest from the New York City region in particular, for whatever reason."

Dickerson said it won't be easy to establish new law-enforcement institutions in a nation that has no democratic tradition and has lived for a quarter-century under a draconian police state in which torture, executions and disappearances were common.

"I don't believe we would have bid on the contract if we weren't up to the challenge," Dickerson said. "We've taken on rather daunting challenges in the past."

DynCorp was one of just a few companies the State Department invited to bid on the Iraq law-enforcement contract. The absence of open, competitive bidding for Iraqi contracts has come under fire in Congress, but department officials insist it was necessary because the contract had to be awarded quickly.

DynCorp was an obvious front-runner. The firm, which was bought by CSC last month, started training police on contract for the State Department in Haiti in 1994. And its 1996 contract in the Balkans has been extended year after year to include police and judicial training in East Timor and Afghanistan.

It was under that 1996 contract that the State Department asked DynCorp to recruit the first 150 police, prison and judicial advisors for Iraq last month. That group will head to Baghdad in coming weeks, after an initial assessment is conducted by a team of 26 contract advisors to the Justice Department. The department advisors will begin arriving in the region next week, a State Department official said.

The DynCorp contract includes a provision for an additional year, "if there is a need for it," Dickerson said. A State Department official said the contract, like the 1996 police-advisor contract in the Balkans, could be used for police services elsewhere in the world.

CSC already has more than 2,100 employees in the area around Iraq working under contracts with the Army Central Command. Most are providing logistics, information technology and base support for U.S. forces.

Under a separate contract with the State Department's Diplomatic Security Services agency, DynCorp is providing bodyguards for Hamid Karzai, who was installed as Afghanistan's interim president after U.S. forces drove the Taliban from power.
*******************************
San Francisco Gate
Pros, cons of hiring ex-criminal hackers
The theory in the world of hacking is this: No one can test the security of a computer system better than former attackers themselves. 

But some security experts say that notion is nonsense. 

"Breaking in is really easy; it's preventing it that's hard," said Ira Winkler, Hewlett-Packard's chief security strategist, who insists that the best security testers he's ever worked with have the squeakiest of clean records. 

Yet there are plenty of examples of convicted hackers who went from crime to lucrative security jobs. A student who used another hacker's template to launch the "Anna Kournikova" virus landed a job offer from the mayor of Sneek, his Dutch hometown. 

Mark Abene, who calls himself "Phiber Optik," went to work as a security consultant while still on probation after spending a year in jail for breaking into phone systems. And Kevin Mitnick, the world's most notorious criminal hacker, started his own security consulting business after his no-Internet probation ended in January. 

Winkler faced off with Mitnick and lawyer Jennifer Granick, known for defending accused hackers, at a Tuesday evening panel discussion titled "Foxes in the Henhouse," at the RSA Conference, a computer security trade show at San Francisco's Moscone Center. They were joined in discussing the pros and cons of hiring reformed criminal hackers as security experts by Christopher Painter, 

deputy chief of the Justice Department's computer crime section. Painter was the prosecutor who put Mitnick behind bars for nearly five years. He's also battled Granick in the courtroom. 

Not surprisingly, the debate was heated. 

Painter said hiring convicted hackers sets a lousy example for youngsters. 

"Kids growing up need to understand that breaking into a computer is really not different from breaking into someone's house. If the consequence is that it leads to a career as a consultant, that's not a good role model," Painter said. 

But Granick, who directs the litigation clinic at Stanford University's Center for Internet and Society, argued that denying rehabilitated hackers jobs is no deterrent. 

"People who are going to commit crimes aren't thinking, this is going to (get me) my career," she said. "In reality, people don't think they're going to get caught." 

Mitnick maintains that because he served five years behind bars and is now reformed, there's no reason he shouldn't use his computer skills for the good guys. 

"Look at (convicted junk bond trader) Michael Milken," he said. "Look at Steve Wozniak and Steve Jobs. They weren't convicted of selling 'blue boxes' on Berkeley's campus, but it's well-known that they did, and no one would doubt the value they brought to the industry." Wozniak has admitted in interviews that he and his Apple co-founder made and sold the devices, which generated a tone that would fool a pay phone into dispensing free calls. Wozniak wrote the forward to Mitnick's book, "The Art of Deception." 

Whether or not they say they're reformed, criminal hackers just aren't worth the risk, said Winkler, who previously worked for the National Security Agency. He recalled how apparently reformed hacker Abene, while testing security for a client in 1997, launched a program that harvested passwords from Web servers all over the world. 

"It was supposedly an accident," Winkler said. "How do you explain that level of risk to your shareholders?" 

Throughout the discussion, tension escalated between Mitnick and Winkler. 

"I've testified before Congress twice and I've assisted the Commission on National Security," Mitnick said. Then he looked directly at Hewlett-Packard's Winkler and grinned. "I was going to be speaking at HP, but one person was jumping up and down. I don't know who that person is." 

"They're actually deciding whether or not to fire the person who thought of it now," Winkler shot back. 

E-mail Carrie Kirby at ckirby@xxxxxxxxxxxxxxxx 
*******************************
Associated Press
Ex-Student Gets Probation in Hacking Case
Fri Apr 18, 6:32 AM ET

BOSTON - A former Boston College student accused of using special software to collect personal data on thousands of fellow students, staff and faculty was sentenced to five years of probation. 

   

Douglas Boudreau, 22, of Warwick, R.I., pleaded guilty Thursday to interception of wire communications, unauthorized access to a computer system, larceny, identity fraud and other charges. 


After collecting the personal information, Boudreau reconfigured his own campus ID card to make purchases and illegally enter school buildings, Attorney General Tom Reilly said. 


He used the newly encoded cards at the book store, dining hall, and laundry rooms, stealing about $2,000 in goods and services. 


In addition to the probation, Judge Carol S. Ball ordered Boudreau to go into counseling, pay back the school and agree to computer monitoring. 


No telephone number was listed for a Douglas Boudreau in Warwick. 
*******************************
Washington Post
Blackboard Gets Gag Order Against Smart-Card Hackers 
By Anitha Reddy
Friday, April 18, 2003; Page E01 

A D.C.-based company that sells a "smart card" network used on more than 200 college campuses has blocked two students from publicly describing how to override the system to circumvent building security, obtain free soft drinks and avoid paying for laundry.

Blackboard Inc. obtained a court order last weekend preventing Billy Hoffman, a computer science major at Georgia Tech, and Virgil Griffith, a student at the University of Alabama, from discussing vulnerabilities in the card system at a hacker convention in Atlanta.

The case has prompted heated discussion online among hackers and technology groups, because it touches on a controversial federal law that forbids people to pick the virtual locks protecting electronic content.

Hoffman described breaking into a card reader installed in a dorm laundry room "with a cheap metal knife" and discovering how to trick the system into doling out free washes in an article last year in 2600, a hacker magazine.

"Hopefully, this article will force Blackboard to change to a more secure system," Hoffman wrote. Hoffman has spoken at several hacker conventions on the topic in the past two years, according to his online résumé and Bob Roth, the chief executive of another campus card provider, NuVision Networks Corp.

Blackboard did not sue Hoffman immediately after the article was published because it understood that Georgia Tech had punished him, said Greg Baker, vice president of product development for Blackboard Transaction System. Georgia Tech would not say whether it sanctioned Hoffman. 

But now, the company says Hoffman's talks provide a "blueprint" for vandalism and copyright infringement and mislead clients about the safety of its systems.

"We weren't really worried about security of the system. We were worried about the reputation of the system," Baker said. The company said that, to its knowledge, no one has ever hacked into its card systems, used on college campuses since the 1980s.

In a statement, the company accused Hoffman and Griffith of "promoting methods to dismantle secure hardware installations by vandalizing and gaining access to wiring of Blackboard Transaction Systems."

"These flaws don't necessarily just extend to silly things such as tricking a Coke machine -- they have much more important implications to physical security," Hoffman said in an Associated Press report yesterday. 

Hoffman and Griffith declined to be interviewed yesterday through their lawyer, Pete Wellborn. Blackboard cards go by a variety of names and have a variety of uses. At some schools, such as Ohio State University, students swipe their Blackboard cards to enter dormitories and other secured buildings.

At Georgia Tech, Blackboard's cards are called BuzzCards, a reference to the school mascot, the yellow jacket, and they are carried by all students, faculty and staff. They are the school's main ID card and serve as library cards, meal cards and campus debit cards that can be used in vending machines and laundry rooms.

The computer system that stores BuzzCard balances isn't linked to the same databases that store students' financial, academic and health records, according to university spokesman Bob Harty. 

Wellborn, the attorney for Hoffman and Griffith, said Blackboard rested its case on several federal and state statutes, but not the 1998 Digital Millennium Copyright Act. That act set off a debate between proponents who argued it safeguarded intellectual property and legal experts who declared it would smother innovation. It remains controversial in the technology community. 

Blackboard's lawyers cited the act in their letter last week demanding the pair call off their presentation. Wellborn, who has an undergraduate degree in computer science and teaches Internet law at Georgia Tech, said it could come up in the case. 

Last month, Hoffman attended a trade show for campus card users as a paid consultant for Blackboard competitor NuVision Networks. Roth said the company had invited Hoffman to the New Orleans event after using excerpts from his article on Blackboard's card system in its promotional literature for the past two years.

In fact, Hoffman peppered Blackboard's Baker, who was manning a booth at the show, with questions about Blackboard's security before identifying himself, Baker said. He added that Hoffman "seemed nice and pleasant."

A hearing on the case is scheduled for May 30 before DeKalb County Superior Court Judge Anne Workman, who issued the restraining order. 
*******************************
Government Computer News
04/17/03 
Data management system gets new analysis tool 
By Vandana Sinha 

An automated data analysis tool will power a new FBI counterterrorism database, letting bureau analysts easily pore through more than 1 billion documents and share information with other intelligence agencies. 

The tools, ClearTags and ClearResearch, will draw patterns from terrorism-related intelligence collected from several sources into a centralized data mart that?s part of the agency?s modernized Trilogy network. 

Trilogy?s Virtual Case File component, the electronic container for all this data, will be up and running by the end of the year, said FBI spokesman Ed Cogswell. 

ClearTags and ClearResearch will be installed in the desktop PCs of 300 FBI analysts. The applications are intended to ease information sharing between the FBI and organizations at the CIA and Homeland Security Department. 

The tools will also give intelligence officers a quicker method for scanning telephone records and various databases at the Bureau of Alcohol, Tobacco and Firearms, Defense Department, Drug Enforcement Agency, State Department, and state and local agencies. 

ClearForest Corp. of New York City, which created the Extensible Markup Language-based ClearResearch business intelligence and tagging technology, refused to disclose the contract?s value.
*******************************
Associated Press
Arab Web Sites Plagued by Attacks 
Thu Apr 17, 4:57 AM ET

By RAWYA RAGEH, Associated Press Writer 

DOHA, Qatar - The war in Iraq (news - web sites) set off a rash of online vandalism against Arab Web sites, site administrators and security experts say, with dozens of Web sites attacked. 

   

At Islamonline.net, one of the most popular destinations for reports and analysis on Islamic affairs, traffic doubled after U.S. forces invaded Iraq. So did cyberattacks, which reached 250 a day, according to Mutiullah Ta'eb, the site's general coordinator. 


Another attack put Arabia.com, a Dubai-based Web site, off line the third day of the war. 


It is not clear how many sites have been targeted in the attacks, which typically sought to alter Web pages or bring a site down. 


Ta'eb of Doha-based Islamonline said hacking attempts also stepped up after the Sept. 11 attacks. 


"It is not fair," says Mariam al-Hajiry, the site's administrator. "But I guess it is all part of the challenge that we have taken upon our shoulders ... to be able to deliver our message." 


Islamonline contains information about Islam in English with a moderate and measured tone, and does not express the kind of extreme stances found on militant sites. 


Citing security concerns, al-Hajiry would not say what kind of attacks Islamonline has faced. 

The most high-profile Arab Web site targeted by hackers is that of satellite news channel Al-Jazeera. 

The channel, an unusually outspoken voice in the Arab world, based in Doha, drew intense criticism after it carried Iraqi TV footage of dead and captive U.S. soldiers that U.S. networks declined to air. 

Soon after, the site's English and Arabic pages were replaced by pro-American hackers who called themselves the "Freedom Cyber Force Militia." 

Similarly, pro-Islamic hackers have defaced some U.S. and British Web sites and flooded some with anti-war graffiti. 

"Indeed, this has been happening a lot lately," said Mikko Hypponen, manager of the antivirus research department at the Helsinki-based security firm F-Secure Corp. 

"Of course, all this activity is unofficial and is not done by the real state-sponsored network warfare units  but by independent groups and lone hackers," Hypponen said. 

Experts say the importance of the phenomenon should not be overstated. Though it threatens surfers' ability to communicate and gather information freely, it is not real war. 
"If cyberwarfare was truly effective it would be likely that we would see terrorist groups and nation states using the Internet for warfare rather than using troops and missiles," said Graham Cluley, senior technology consultant at security firm Sophos Inc. near Boston. 

Hackers deface hundreds of Web sites every day, mostly without political messages, and the percentage of attacks related to the war is apparently small. 
   
With most Arab media controlled by their governments, the Internet gives Arabs access to an unusually broad range of views. However, only 1.7 percent of the Arab world, or 7.4 million people, had Internet access late last year, according to the Madar Research Group of the United Arab Emirates.
*******************************