Clips July 10, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips July 10, 2003

ARTICLES

Waiting For Muris To Opt In 
Bringing Broadband To Rural America 
Experts say hacker hype is threat on its own
New site spoofs PayPal to get billing information
Wal-Mart cancels 'smart shelf' trial 
Eye scan to order school dinners [UK]
Report: Feds lack bioterror training
Army automates paper records system 
Cyberscam strikes Massachusetts state lottery
EU Takes Nations to Court on Patent Laws 
FTC official calls do-not-spam list unrealistic
Software prison term [Piracy]
Euro Scheme Makes Money Talk [RFID Chips] 
Cam phones spread new brands of mischief

*******************************
Washington Post
Waiting For Muris To Opt In 
By Jonathan Krim
Thursday, July 10, 2003; Page E01 

Could Federal Trade Commission Chairman Timothy J. Muris hold the key to breaking the logjam on fighting spam e-mail?

Fresh from the launch of this summer's biggest hit, the national do-not-call list to block unwanted telephone marketing, Muris is as close to hero status as a government bureaucrat ever gets.

Now, in a scenario spun by a couple of congressional staffers on both sides of the aisle, Muris could make something dramatic happen on Capitol Hill regarding spam.

Here's how this intriguing, if possibly fanciful, notion might become reality:

After a series of recent hearings, including two this week, on various bills that seek to curb unsolicited commercial e-mail, Congress continues to face two competing visions of how to deal with the problem. 

One, supported by the marketing, retailing and Internet provider industries, is to set stiff penalties for the worst of the spammers, those who use fraudulent tactics to disguise themselves while peddling get-rich-quick schemes, diet fads and pornography.

Bills supported by these industries all protect the rights of so-called legitimate marketers to advertise by e-mail, unless consumers specifically "opt out," or tell them to stop. In this view, many consumers want to be apprised of legitimate advertising and offers, and the ability to market via e-mail is an essential component of a robust Internet economy.

Anti-spam groups and some consumer organizations regard this approach as a Trojan horse for more spam. In this view, any unsolicited e-mail is spam, and consumers should be free of it unless they specifically request it, or "opt in."

Proponents of the opt-in approach note that telemarketers already have pledged to step up e-mail advertising as the do-not-call list forces them to forgo soliciting by phone. 

Cold political calculus suggests that the industries, with the money and access to legislators, have the upper hand.

Most of the hearings so far on the Hill have been dominated by advocates of their position that opt-out is the way to go. And not a single bill with a serious chance of passage reflects the opt-in approach, though some legislative proposals constrain marketers more than others.

But spam is such a visceral and burning issue that public opinion is a powerful wild card. And the opt-in forces have shifted their strategy, embracing another notion: A do-not-spam registry, along the lines of the do-not-call list.

The anti-spam groups reason that a registry is "opt-in" lite, a way for people to demand to be free of e-mail marketing in one simple step. As with the do-not-call list, marketers would have to check the no-spam registry and refrain from e-mailing anyone on the list.

The registry idea is the cornerstone of one pending bill, sponsored by Sen. Charles E. Schumer (D-N.Y.), who has craftily won the support of an unlikely mix of interest groups, from the Christian Coalition of America to the Coalition Against Unsolicited Commercial Email.

Enter the FTC and Mr. Muris, whose do-not-call list now has 21.8 million phone numbers. 

So far, Muris and his colleagues have shown no affection for a no-spam registry.

Such a list of e-mail addresses would be a prime target of hackers, they point out. Even if it were secure, marketers would still have to see the addresses to know which ones not to e-mail, which might cause the information to leak out.

And people change their e-mail addresses frequently, making administration of the list far more cumbersome and complex.

Anti-spam groups say these hurdles can be easily overcome.

The registry, at least to start, might only be for entire domains, such as allemployees@xxxxxxxxxxxxxxx

In this way, employers everywhere could sign up and make a dent in the spam steaming into workplace computers. No individual e-mail addresses would be on the list. 

Internet providers such as America Online, Microsoft and Yahoo would then have to decide if they wanted to add their members. So far, these companies have been fighting to kill state no-spam registries, and have not endorsed Schumer's bill.

Furthermore, companies such as Unspam LLC offer encryption software that could allow the FTC to list e-mail addresses on the registry in unrecognizable gibberish. 

Marketers could put their e-mail lists into the same form, and then check to see if they match what's on the registry.

Although the FTC is on record opposing the registry, Muris has been smart enough to never say never.

And sources say that the agency continues to look at the technical feasibility of such a list.

With Muris enjoying so much credibility as a regulator these days, it is unlikely Congress would approve a no-spam registry over his objections.

But with the do-not-call list being such a sure-fire winner, our scenario spinners consider a no-spam registry to be irresistible, especially as national elections get closer. If Muris were to embrace the idea, Congress would easily fall in line.

After all, it was President Bush who, on the campaign trail in 2000, once said he was "an opt-in kind of guy."
*******************************
Washington Post
Bringing Broadband To Rural America 
By Yuki Noguchi
Thursday, July 10, 2003; Page E05 

Kelly Shaw is trying to create a high-tech community amid the gently rolling hills of tobacco fields and furniture plants in the patch of southern Virginia where he grew up.

About a year ago, Shaw started Pure Internet Inc., a South Boston, Va., firm that sells dial-up and high-speed wireless Internet service. So far, among Halifax County's 37,000 residents, Pure Internet has about 40 takers for its high-speed service, plus 1,000 dial-up customers. 

But the business isn't profitable yet. It's hard to manage the cash flow, because it costs $600 to set up a single wireless customer -- an investment that takes 10 months for Shaw to pay off, he said. 

At a wireless industry conference in Washington this week, policymakers are talking about how to encourage more Pure Internets in rural America, where an estimated 10 to 30 percent of the residents don't have high-speed Internet service, whether a consumer cable connection, digital subscriber line or fiber-optic line, industry experts say.

The Department of Agriculture's Rural Utilities Service is sponsoring $1.45 billion in low-interest loans in its first major loan program for broadband providers. The first loans will be granted this summer, and Shaw said he might apply.

"High-speed broadband in areas of 20,000 population or less is absolutely essential if those rural communities are going to remain viable in the next decade," said Hilda Gay Legg, administrator of the Rural Utilities Service, who is scheduled as a keynote speaker today at the Wireless Communications Association International's conference at the Washington Convention Center. "The challenge is always: How are you going to make a good business case? How do you get enough revenue to pay back those loans?"

The government is currently reviewing 29 applications to make sure they have a viable business case, she said. The deadline for applications is July 31.

The Rural Broadband Coalition, an Alexandria-based advocacy group, is pushing for more government loans to help its members shoulder the high cost of capital, said Damian Kunko, the group's chief executive. Internet connections are particularly important for rural areas, because they increase access to remote health care and distance learning, he said.

"Capital funding is a huge issue. It's an issue for the overall telecom industry," but the government is getting involved in funding, which means new opportunities for small entrepreneurs in low-population areas, said Gregory L. Rohde, a former director at the National Telecommunications and Information Administration and a funding consultant for telecom firms. 

Rural area populations have lower incomes, which means $40 a month for any kind of high-speed Internet service is often too costly, said Shirley A. Bloomfield, vice president of government affairs for the National Telecommunications Cooperative Association, which represents 600 independent phone operators.

The NTCA's membership offers high-speed service in 80 percent of the areas it serves, but only 7 percent of customers choose to buy it, primarily because of the cost, she said.

Players in the wireless industry believe that new wireless technology could solve the cost problem, since its capital costs are just a fraction of those of fiber-optic options.

"We've got to get enough competition in the market" to drive some of those costs down, and wireless is a promising, lower-cost way to build infrastructure in remote areas, said Ronald J. Resnik, general manager of Intel Corp. and a board member of the WCA, who spoke at the conference yesterday.
*******************************
USA Today
Experts say hacker hype is threat on its own
7/9/2003 11:24 AM

SAN FRANCISCO (Reuters)  After a widely publicized hacking contest failed to cause as much damage as expected last weekend, computer security experts are advocating a novel response for Internet hackers out for a digital joy ride: ignore them.

Security firms frequently notify companies about attacks in which hackers can steal data, crash systems or do other nefarious acts. But excess publicity of relatively low-risk threats, such as Web site defacements, can do more harm than good, experts said.

Web site defacements, the electronic version of graffiti, cause more of a nuisance than real damage to computer networks, and they occur every day, experts said.

"It's the boy-who-cried-wolf phenomenon," Bruce Schneier, chief technology officer at network monitoring firm Counterpane Internet Security, said Monday. Hyping non-threats "dulls people to the real threats."

The Information Technology-Information Sharing and Analysis Center (ISAC), run by Atlanta-based Internet Security Systems Inc., and New York's Cyber Security and Critical Infrastructure Coordination center issued warnings last week about a Web site defacement challenge scheduled for Sunday.

Only 500 to 600 smaller Web sites recorded defacements during the contest, said Pete Allor, ISAC director of operations. That's less than the 3,000 or so sites that are defaced on a heavy hacking day, he noted.

Zone-H, the organization that archives Web site defacements, said its Web site was knocked offline for part of Sunday after being flooded with traffic in a so-called "denial of service" attack.

Feeding the frenzy

One group of security experts protested the hype, posting on their Web sites a spoof defacement that read: "I panicked over the Defacement Challenge scare and all I got was this lousy defacement."

The notice also gave a "reality check," pointing out that good security practices should be followed every day and "Massive attacks on the Internet are like conspiracy theories: those that are predicted don't occur and those that occur were never predicted."

"I'm sick of somebody saying they're going to do something, then the mass media reports on it and that feeds the hysteria," said Richard Forno, a security consultant and author.

"The media does feed the frenzy," Schneier said. "Rumors wouldn't get spread widely if it wasn't for the media."

Hackers hoping for publicity are only part of the problem, said Rob Rosenberger, editor of VMyths.com, a site devoted to clearing up myths and hoaxes related to viruses and other security events.

Security companies also benefit from threats that scare customers into buying more products, said Rosenberger, whose Web site, widely respected for its skepticism, has run out of money and faces an uncertain future. "This industry thrives very heavily on (media) ink."

Exaggerated threats could cause the public to lose faith in both security companies and the media, said Russ Cooper of security firm TruSecure. "When members of our industry who are supposed to be trustworthy and credible make silly claims then it does harm to the whole industry."
*******************************
Computerworld
New site spoofs PayPal to get billing information
The fake site is the latest of several "brand spoofing" scams 
By Paul Roberts, IDG News Service
JULY 09, 2003

A new Web site spoofs the PayPal Inc. online payment site and attempts to trick PayPal customers into divulging sensitive account and billing information. The fake Web site is the latest example in what security experts say is a rising trend of "brand-spoofing" scams. 
PayPal customers are directed to the site, www.paypal-billingnetwork.net, by an e-mail message that appears to come from the Mountain View, Calif., company. The message claims that due to a "recent system flush," the customer's billing and personal information is "temporaly unavailable" (sic). 

Customers need to verify their identity by visiting the site or risk having their account canceled, according to the message, which is signed by "Jhon Krepp" from the "PayPal Billing Department." The actual site is almost identical to PayPal's real site, with the same graphics, layout and wording. In fact, many of the links on the site point back to the actual PayPal Web site. 

PayPal couldn't be reached for comment about the scam site. 

Adding to the ruse, visitors to the fake site are greeted with an authentic-sounding pop-up message. "We've worked hard to help make PayPal even better! However, we have to ask you to re-enter your Billing Information," the message reads in part. Visitors are asked to have their latest PayPal billing statement and credit cards handy before entering the site. PayPal members who don't enter their billing information will have their PayPal accounts canceled, according to the message. 

After acknowledging this message, users are presented with a form that asks for a wide range of personal and financial information, including Social Security and driver's license numbers, date of birth, and credit card information. 

Unlike much of the site, however, the form doesn't reside on PayPal's Web site, but on a server at a different IP address. 

Paypal-billingnetwork.net is registered through Vancouver, Wash.-based Web hosting company Dotster Inc. Dotster didn't immediately respond to requests for comment. 

The PayPal scam is just the latest example of brand spoofing, which security experts say is a growing problem. 

Yesterday, e-mail filtering company SurfControl PLC in Scotts Valley, Calif., issued a warning about brand spoofing, saying it has noticed a jump since March in unsolicited e-mail messages tied to brand-spoofing scams. Like the most recent PayPal scam, the fraudulent e-mail messages pretend to be from customer service or security officials at well-known companies and direct the spam recipient to phony Web sites that harvest their confidential information, SurfControl said. 

Because of its role as an online payments clearinghouse with a large user base, PayPal has long been the target of online criminals. 

Recently, however, other high-profile companies have been the targets of brand spoofing, including Best Buy Co. (see story) and Discover Financial Services Inc.'s DiscoverCard (see story). Sony Electronics Inc., United Parcel Services Inc. and Bank of America Corp. have also been the targets of brand spoofing in the last few months, SurfControl said. 

SurfControl didn't receive any brand-spoofing e-mail before March but has received more than five new examples each month since then, the company said. The proliferation of open proxy servers is largely responsible for the problem, SurfControl said. 

Lists of the loosely managed or insecure proxy servers are freely available online, as are tools for locating open proxies, according to Susan Larson, vice president of global product content at SurfControl. 

Spammers use the servers to forward large volumes of e-mail messages to recipients. An open proxy server will not only forward the e-mail messages, but will also insert its own Internet address in place of the original source information, effectively covering the spammer's tracks. 

Working from lists of harvested e-mail addresses, spammers target high-profile companies, counting on the fact that a certain percentage of recipients will have a relationship with those companies, Larson said. Because of the low cost of sending spam and the huge sums that can be reaped by stealing someone's identity, only a small number of recipients need to fall for the ruse in order for the spammers to turn a profit. 

Consumers' growing comfort with online retail is also partially to blame for the increase in brand-spoofing scams, according to Larson. "So many more people are trusting the Internet to do financial business, we're not as skeptical as we used to be about going out on the Internet and giving passwords or credit card numbers or bank account numbers," she said. 

The Federal Trade Commission recently warned Internet users about the problem on its Web page. 

The FTC recommends checking for "sloppy copy" such as spelling mistakes or grammatical errors in questionable solicitations. Consumers should also check with the company in question before providing any personal information on a Web site, the FTC said. 
*******************************
CNET News.com
Wal-Mart cancels 'smart shelf' trial 
By Alorie Gilbert and Richard Shim 
Staff Writer, CNET News.com
July 9, 2003, 4:00 AM PT

Wal-Mart Stores has unexpectedly canceled testing for an experimental wireless inventory control system, ending one of the first and most closely watched efforts to bring controversial radio frequency identification technology to store shelves in the United States.

A Wal-Mart representative this week told CNET News.com that the retail giant will not conduct a planned trial of a so-called smart-shelf system with partner Gillette that was scheduled to begin last month at an outlet in Brockton, Mass., a Boston suburb.

"The shelf was never completely installed," Wal-Mart spokesman Tom Williams said. "We didn't want it. Any materials that were there (in Brockton) were removed. We never had products with chips in them."


Radio frequency identification (RFID) technology uses microchips to wirelessly transmit product serial numbers to a scanner without the need for human intervention. The technology is seen as an eventual successor to bar-code inventory tracking systems, promising to cut distribution costs for manufacturers and improve retailing margins. 

But the technology has drawn barbs from consumer privacy groups that worry about potential abuses if product-tracking tags are allowed to follow people from stores into their homes. 

Wal-Mart's proposed smart-shelf system was designed to pick up data transmitted from microchips embedded in Gillette product packaging, alerting store managers via computer when stock is running low on the shelf or when items may have been stolen--two informative and powerful measurements in the retail business. 

The benched trial was widely seen as the most aggressive step yet by a retailer to push RFID from warehouses into U.S. stores. Backers of the technology eventually see billions of packaged goods tracked remotely using RFID sensors through in-store systems that might one day help prevent shoplifting and speed shoppers through automated checkout lines. 

Those ambitious plans now are likely to take a backseat to proposals to upgrade warehouse operations with RFID technology, which will require fewer chips and less computational power. 

Williams said Wal-Mart ceased in-store RFID testing because executives wanted to focus on installing RFID systems in warehouses and distribution centers instead. Wal-Mart, the world's largest retail chain with 4,700 stores around the globe, said in early June that it's urging its top 100 suppliers to attach RFID chips to cases and pallets of products that they ship to Wal-Mart warehouses.
A Gillette representative declined to comment on Wal-Mart's decision to pull the plug on the wired shelf but said the Boston-based company remains focused on helping U.K.-based supermarket chain Tesco and German retail conglomerate Metro with similar trials in Europe. 

Instant eye on inventory
Retailers are ever watchful for ways of improving the balance between inventory supply and consumer demand. They want to make sure there are enough products on the shelves to meet demand but not so much that they are sitting in a warehouse taking up costly inventory space. The use of RFID technology is viewed as one of the more promising tools to improve visibility of inventory almost instantly. But companies have only dipped their toes into the water, examining installation behind the scenes in warehouse settings.

The smart-shelf trial by blue-chip company Wal-Mart was viewed as a potentially aggressive endorsement of an in-store application because of the company's ability to influence its suppliers and push the adoption of new technologies--something it helped to do with bar-code scanning technology in the 1980s. The unexpected cancellation of the test is letting some of the steam out of the market, but that may be a good thing, according to one analyst. 

"The RFID industry has been floundering in a sea of science projects, which is what these trials have been to date," said Jeff Woods, an analyst with research firm Gartner. "This is one of the most overhyped technologies out there, and this can be viewed as a precursor to the bubble bursting for RFID." 

Now companies can focus on one mission--and that's being more realistic about the potential of this technology, given its relative youth, Woods added. 

Gillette and Wal-Mart had lauded the use of RFID systems to track merchandise in stores. Both said they were eager to explore the technology's potential to boost the profits of retailers and manufacturers by ensuring that products are always available to consumers and by deterring theft. 

But soon after Wal-Mart first discussed its smart-shelf trial, privacy advocates began to raise concerns about the technology. The main questions: Would retailers and manufacturers be able to monitor products after consumers purchased them? Could the technology be misused by hackers and criminals or exploited for government surveillance? 

Such questions caused big headaches for Italian clothier Benetton when technology maker Philips Semiconductor announced in March that it planned to ship millions of RFID chips for use in Benetton's Sisley line of clothes. Soon after the announcement, U.S.-based privacy group Consumers Against Supermarket Privacy Invasion and Numbering, lashed out at the international clothing chain and called for a worldwide boycott. 

Benetton said later, in a clarification, that it had purchased only 200 tags and was still studying the economic practicality of installing the RFID technology. The company also said it would consider the "potential implications relating to individual privacy" before firming up its RFID plans, which it plans to do before the end of the year. 

Then, in May, several RFID chip manufacturers pledged to incorporate a "kill switch" into their chips in a move to relieve consumer fears of the technology. The kill switch would let retailers and consumers disable the chips at the checkout counter. 

Despite the privacy concerns, Wal-Mart says it has backed away from in-store use of RFID as a matter of priorities, not over concerns of a consumer backlash. "Technology like RFID is so wide, we've chosen to put limits on ourselves to help focus and drive it forward," Williams said. 

Not-so-cheap chips
Economics may have played a role in Wal-Mart's decision to shelve its in-store RFID test. RFID chips are still too expensive for wide-scale use with consumer merchandise, said Gillette spokesman Paul Fox. While today's price of around 10 cents a chip is cheap enough to fuel initial trials, Fox said, the cost of the chips have to fall to a fraction of a penny if they are to become ubiquitous in stores. And that will take about 10 to 15 years, he added. 

"That's so far in the future," Williams said of the widespread use of RFID on store shelves. 

Yet the economics haven't changed significantly since Wal-Mart and Gillette first embarked on the smart-shelf project in January. So why the abrupt change in plans? 

One analyst said privacy concerns, though they've been overblown, have become significant enough to be a factor in the development of the technology and market. 

"Consumers that are aware of RFID and privacy feel it is very significant, and they are probably more concerned than they should be," said Ian McPherson, an analyst with research firm Wireless Data Research Group. "The likelihood that people can be tracked beyond the check stand is very low." 

According to a survey it conducted in May, Research firm Gartner said that 55 percent of the consumers it polled would shop in stores where RFID technology is being used if it meant faster checkouts. About 16 percent said they would probably or definitely stop shopping in a store using RFID, and 28 percent were undecided. However, when their payment information was electronically stored, almost half, about 45 percent, said they would be unwilling to shop in those stores.

Another issue for companies looking to test RFID technology is the strain on their inventory networks. For a company Wal-Mart's size, it could have more than a billion products worth of data being collected, stored and sent through its inventory network, which means an extremely sophisticated system would have to be in place to properly process the data, McPherson said.
*******************************
BBC Online
Eye scan to order school dinners
July 8, 2003

Pupils at a school in Sunderland will be using an eye scanning security system, when their new £14m building opens in September. 
The retinal scanners will be used at the new Venerable Bede Church of England Aided School. 

The technology will be used on pupils buying meals in the school canteen, and also in the library when children want to take out books. 

It will secretly pick out poorer pupils who are entitled to free meals from those who have to pay, who will be charged in a separate account. 

Ed Yates, head teacher of the 900-pupil school, said trained technicians will be able to scan up to 12 students per minute during lunchtime. 

He said the technology was cost effective, safe, and backed by pupils. 

Mr Yates said: "When we were doing the research to build the school of the future we looked at swipe cards or fingerprinting, but there are many civil liberties with the latter issue. 

"This is the safest, most cost-effective system available. It has full safety approval from the US, and meets UK safety regulations." 

He said he expected the system to be paying for itself in seven years' time. 
*******************************
Federal Computer Week
Report: Feds lack bioterror training
BY Judi Hasson 
July 9, 2003

The government's ability to deal with a bioterrorism attack is insufficient because the federal workforce does not include enough trained experts to handle the threats of chemical, biological or germ warfare, a report issued July 7 says.

The report, "Homeland Insecurity: Building the Expertise to Defend America from Bioterrorism" by the Partnership for Public Service, warned that the government must work harder to attract a talented workforce that can deal with natural outbreaks and terrorist acts.

"We are steadily losing the experts we have -- one in every two will be eligible to retire over the next five years," the report said. "Limitations on pay, poor hiring procedures and unattractive work settings limit our ability to hire replacements."

Since the Sept. 11, 2001, terrorist attacks, federal officials have had to deal with a panacea of threatening incidents -- from the natural outbreak of the severe acute respiratory syndrome to the anthrax-laced letters that killed five people.

"Our national security requires a better effort to strengthen this aspect of our federal service," said the report, led by former Navy Secretary Richard Danzig.

Among its recommendations:

n Identify the size of a biodefense corps needed to deal with bioterrorist threats.

n Recruit experts in biodefense.

n Invest in biodefense education.

"In response to the nuclear threats of World War II and the Cold War, we hired and cultivated the best minds in physics for the Manhattan Project," the report said. "So too policymakers must commit to developing and attracting the best minds in medicine and biology to ensure our nation's defense against bio terrorism."

The Partnership for Public Service is a nonprofit organization dedicated to revitalizing public service and recruiting talented people into the federal workforce.
*******************************
Government Computer News
07/10/03 
Army automates paper records system 
By Vandana Sinha 

The Army is developing an online system for filing personnel documents that will collect hundreds of thousands of records in four nationwide centers into a single database that soldiers can check from their homes. 

The initiative, called the Official Military Personnel File Online, will be a component of the Army?s Personnel Electronic Record Management System (PERMS). Army officials also are working toward making the system accessible through the Army Knowledge Online portal. 

A system uses servers, desktop PCs and application software from vendors such as Hewlett-Packard Co., IBM Corp., Microsoft Corp. and Sun Microsystems Inc. to store the electronic documents that users can access, retrieve and display. 

In the last six months, 800,000 soldiers have gained access to the system. In the next year and a half, the Army expects to increase that total to 1.2 million. 

The system replaces the microfiche method of storage that the Army has used for the last decade. With that system, soldiers had to submit written requests for copies of their personnel files and wait weeks to receive them in the mail. The process took even longer if they had to send back the documents with changes. Now, users can view their files at personnel offices on base, which can fax or e-mail changes that will appear on-screen within 24 hours. 

?This is making sure the soldier?s record accurately represents where that soldier is,? said James P. Riggs, PERMS program manager for the Army. 

Among the uses for the online files is tracking candidates for promotion. 
*******************************
Computerworld
Cyberscam strikes Massachusetts state lottery
The agency is working with the FBI to track down the scammers 
By LINDA ROSENCRANCE 
JULY 09, 2003

Scam artists have spoofed the Web site of the Massachusetts State Lottery Commission in an attempt to steal personal and financial information from lottery players across the country. 
The fake lottery Web site, www.mass-lottery.org, which was hosted by Clifton, N.Y.-based HostRocket.com Inc., had been taken down by this afternoon. But the site, which was registered on June 13, was nearly identical to the Massachusetts Lottery Commission's official site, www.masslottery.com, according to lottery spokeswoman Amy Morris. 

Morris said the spoofed site operators, believed to be in Nigeria, sent e-mails, as well as text messages via cell phones, telling people that they had won $30,000 in the Massachusetts State Lottery. 

Once consumers clicked on a link contained in the e-mail or text messages, they were taken to an official-looking Web site, asked to key in user names and passwords provided to them in the e-mail, and then asked to supply personal information, including a credit card number and a Social Security number, Morris said. 

They were also asked to pay a $100 processing fee, she said. 

According to Morris, about 200 people have notified the Lottery Commission about these e-mails since May, and some had given out their personal data. She said the Lottery Commission has no way of knowing how many other people may have fallen victim to the scam. 

"In May, there was another [spoof] Web site set up at www.mass-lotto.org, which has since been taken down," Morris said. "But we don't know how many others there might be." 

Troy Irick, director of community relations at Huntington College in Huntington, Ind., contacted lottery officials a couple of weeks ago to alert them to the scam. Irick said he received an e-mail that read "from administrator," and when he opened it he was told he had won $30,000. 

"I don't live anywhere near Massachusetts, and I don't play the lottery," Irick said. "But I was intrigued because when I clicked on the link, I was taken to a Web site that looked almost identical to the Massachusetts State Lottery Web site." 

Irick said red flags went up when he was asked for his personal information and asked to pay a processing fee in order to collect his winnings. 

"They led you to believe you were selected in a charity-type game, and 10% of your winnings would go to charity," Irick said. "It smelled bad, so I did a Google search for the Massachusetts Web site and saw that they had a warning about these [scams] on their site, so I forwarded them the e-mail." 

Morris said the Lottery Commission is working with the FBI to track down the perpetrators. 
*******************************
Washington Post
EU Takes Nations to Court on Patent Laws 
By PAUL GEITNER
The Associated Press
Thursday, July 10, 2003; 10:49 AM 

BRUSSELS, Belgium - The EU's head office is taking eight countries to court over their failure to adapt their national patent laws, saying Thursday that their lack of cooperation has put the European biotechnology sector at a "serious disadvantage."

"Adequate patent protection is essential to encourage the investment required to create jobs and maintain the European Union's competitiveness in this crucial field," the European Commission said.

After a 10-year debate, the EU adopted what it called "strict ethical rules" for patenting biotech inventions in 1998 and gave member states until July 30, 2000, to transpose them into national law.

Germany, Austria, Belgium, France, Italy, Luxembourg, the Netherlands and Sweden still have not done so, prompting the commission to refer them to the European Court of Justice.

Their failure to implement the EU directive "has created trade barriers and hampered the internal market," it said. "Non-implementation ... is putting the European biotechnology sector at a serious disadvantage."

Seeking to allay public concerns about patenting processes using human genes or DNA molecules, the rules ban patents for cloning human beings or modifying their genetic identity, as well as the use of human embryos for industrial purposes.

The commission said last year that it expects that the global biotechnology market, not counting agriculture, could amount to more than euro2 trillion ($2.26 trillion) by 2010.

Yet while Europe has more dedicated biotech companies (1,570) than the United States (1,273), those in Europe are relatively small, newer and undercapitalized. The U.S. biotech sector employs 162,000 people, compared to 61,000 in Europe, and has far more products in the pipeline, according to EU figures.

Philippe Jacobs of the Flanders Interuniversity Institute for Biotechnology said uncertainty over patents was "definitely" discouraging investment in Europe. "For the industry it's really crucial to have patent protection on their product to have legal certainty," he said.
*******************************
USA Today
FTC official calls do-not-spam list unrealistic
By Paul Davidson, USA TODAY
July 9, 2003

A top Federal Trade Commission official told Congress on Wednesday that the agency supports far-reaching anti-spam legislation  but said a proposed do-not-spam registry is not feasible. 
The testimony of Howard Beales, director of the FTC's consumer protection bureau, could be vital as Congress weighs at least eight bills to cut junk e-mail. With spam making up more than 40% of e-mail and costing U.S. companies more than $10 billion, most observers believe passage of an anti-spam law this year is all but certain. 

"Spam is threatening to destroy the benefits of e-mail," Beales told the House Committee on Energy and Commerce. 

Beales voiced support for major provisions of the two bills the panel now is considering. Both would force marketers to let consumers easily remove themselves from e-mail lists. They also would ban the use of false return addresses and software that collects e-mail addresses from Web sites. 

One of the bills, sponsored by Rep. Billy Tauzin, R-La., and Richard Burr, R-N.C., is a front-runner because Tauzin chairs the committee. But consumer advocates back a tougher bill by Reps. Heather Wilson, R-N.M., and Gene Green, D-Texas. That measure would ban programs that randomly guess at e-mail addresses in hopes of finding consumers, and it does not let spammers escape liability by claiming they were not aware someone asked to be removed from an e-mail list. 

The Tauzin bill, meanwhile, contains loopholes that force a consumer to separately ask each of a company's affiliates to stop future e-mail and let a spammer send e-mail as long as the pitch is not the main purpose of the message.

While not endorsing the Wilson bill, Beales appeared to give it a boost by saying, "There are a number of things in the bill that (the FTC) thinks are improvements over" the Tauzin bill.

Committee members said later that they hope to reconcile the differences in the two bills into one proposal.

Beales also took some of the steam from a bill by Sen. Charles Schumer, D-N.Y., that would create a do-not-spam list. Consumers could sign up to reject all spam  as they do with the FTC's recently launched do-not-call list. 

Beales said the idea is "very intriguing" but impractical. He said it's tough to identify valid e-mail addresses. Plus, unscrupulous spammers could simply use the registry as valid addresses for marketing purposes. Beales also opposed another proposal in the Schumer bill  that spam be labeled "ADV." Renegade spammers won't comply, he said.
*******************************
USA Today
Congressional subcommittee vets anti-spam bill
July 8, 2003

WASHINGTON (AP)  In addition to being annoying, e-mailed spam costs American businesses billions of dollars in lost time, productivity and e-business as it reduces consumer confidence in the Internet, officials told lawmakers Tuesday. 
"Consumers are getting inundated with pornographic or false and misleading e-mails that diminishes their faith in e-commerce, undermining many of the benefits," said Joseph Rubin of the U.S. Chamber of Commerce. 

One estimate shows that businesses lose about $10 billion a year because of lost productivity, bandwidth costs and money spent on anti-spam tools. In addition, consumers are likely to delete legitimate business e-mails as they delete spam, Rubin said. 

A House Judiciary subcommittee, led by Rep. Howard Coble, R-N.C., plans to vote on an anti-spam bill soon, which would let consumers opt-out of receiving spam and provide criminal and civil penalties to fight fraudulent spam. 

"Spam is undermining consumer confidence in the utility of e-mail and harming the ability of consumers and businesses to do legitimate e-commerce," Coble said. 

However, while spam is a legitimate target for legislation, business e-mail is not, said Rep. Bobby Scott, D-Va. "Even commercially-sponsored e-mail has some First Amendment rights," Scott said. 

A consumers group said Americans should have the right to block all advertising e-mail, including legitimate business e-mail. 

"Consumers should have the ability to say no to all spam, even when that spam comes from companies that are not engaged in fraud," said Chris Murray of Consumer Union. 
*******************************
San Francisco Gate
Software prison term
July 9, 2003

A Fremont man has been sentenced to more than two years in prison for selling illegally reproduced Microsoft software. 

Lawrence Jou, 53, was sentenced Monday to two years and nine months in prison by U.S. District Judge Claudia Wilken in Oakland. 

A co-defendant in the case, Eric Pang, 38, of Fremont was sentenced by Wilken in August to three years' probation and ordered to pay more than $328, 000 in restitution for conspiring to infringe on Microsoft copyrights. 

According to federal prosecutors, Jou and Pang provided Microsoft software at prices below retail market prices while doing business through their companies, Ampower Technology and Easteam International in Fremont. 

The men obtained thousands of CD-ROMs and disks containing illegally copied Microsoft software as well as labels, certificates of authenticity, manuals and licensing agreements that were counterfeited or stolen, authorities said. 

In an indictment handed down in August 2001 by a federal grand jury in Oakland, the men were each charged with one count of conspiracy to infringe on copyrights and four counts of copyright infringement. 

The indictment accused the men of packaging the materials with the illegally reproduced software for distribution, making it appear as if the illegally copied software was legitimate Microsoft software when it was not. 

In a separate but similar case, Lisa Chan, 36, of Fremont was sentenced by Wilken in November to 18 months in prison and ordered to pay $4.5 million in restitution for selling thousands of pieces of illegally reproduced Microsoft software. 

E-mail Henry K. Lee at hlee@xxxxxxxxxxxxxxxx 
*******************************
Wired News
Euro Scheme Makes Money Talk
02:00 AM Jul. 09, 2003 PT

Euro cash could be embedded with radio frequency identification tags if a reported deal between the European Central Bank and Hitachi becomes reality. 

The bank is working on a hush-hush project to embed RFIDs, wireless transponders the size of a grain of sand, into the fibers of euro bank notes to foil would-be counterfeiters. The bills currently have a number of security marks, including threads that glow under ultraviolet light, but as the euros wear thin, these are less perceptible. 

If the deal goes through, it will be a boon to the nascent RFID industry, which has long been in search of a market. However, consumer privacy advocates have questions about other possible uses of the tags. 

A spokesman for the ECB in Frankfurt confirmed on July 4 that the bank intends to add further protection to the euro and that the next series will incorporate updated features, "because technology is advancing rapidly and you have to keep pace with that." 

The spokesman, Jean Rodriguez, stopped short of identifying the new features or their makers, saying all contracts with third parties are subject to strict confidentiality agreements. 

A Hitachi spokesman acknowledged awareness of the ECB project, but said his company was under a nondisclosure agreement and could not confirm whether Hitachi would provide RFID chips for the bank, which released 8 billion euros in January 2002. The deadline for the project has been reported as 2005. 

Privacy groups have expressed concerns about the use of RFIDs, both in bank notes and other areas. Earlier this year, an announcement that Italian clothing manufacturer Benetton Group would use the chips to track its garments set off a firestorm of media coverage and a threatened boycott due to concerns about consumers' privacy. Benetton retracted its plans. 

If embedded in the euro, the chips could make it possible to track information such as when and where transactions take place, according to Paul Lee of Deloitte Research in London. 

RFID technology involves a minuscule chip and antenna, which would be implanted in the bank notes, and a reader similar to those used with bar codes, only much smaller, Lee said. Though it might be used simply to identify the note's serial number, it would also be possible to add more data. 

"There is a worry in our field as to how these things will be used, given the lack of coherent privacy regulations," said Dan Moniz, staff technologist for San Francisco's Electronic Frontier Foundation, a digital watchdog organization. 

"It would be easy to establish a system where intelligence agencies track how money is spent. What if I'm an ethnic Turk in Germany, where there is a long-standing conflict between the Turkish and German populations, and I buy books on establishing a Turkish state?" Moniz asked. 

"The German police could start tracking me. If I go to France or another country that is part of the 12 member nations using the euro, the German police could notify the French police, and they could keep track of me," Moniz said. The 12 nations that use the euro are Italy, Luxembourg, the Netherlands, Spain, Portugal, Ireland, Greece, Germany, France, Finland, Belgium and Austria. 

Until now, Moniz pointed out, the only truly anonymous form of payment has been cash. "If you write a check, the instrument itself bears your name and other data. Credit cards have an obvious audit trail; traveler's checks have one as well. But always, until now, cash payments have been mostly untraceable." 

Another leading privacy advocate is also concerned about the information being collected in databases and used for marketing purposes -- or even lawsuits, health insurance applications and law enforcement. 

"This private data can be used against you," said Katherine Albrecht, founder and director of Consumers Against Supermarket Privacy Invasion and Numbering. Albrecht said she shares EFF's concerns. "It will essentially eliminate the anonymity of cash." She outlined a nightmare scenario in which "it would be possible to track all the cash issued to an individual and invalidate it with a couple of keystrokes" -- a literal case of "your cash is trash." 

Despite the reputed deal between the ECB and Hitachi initially reported by Japanese news agency Kyodo, technical difficulties may forestall the use of the tags in the euro. 

"A bank note is very thin," said Bodo Ischebeck, senior director of Ident-Systems at Infineon Technologies in Munich. "Bank notes have a thickness of only about 80 microns, and the technology is only capable, if you are connected to an antenna and have a chip on the bottom, at 100 microns." The paper would have to be 100 microns thick, Ischebeck said, to support the technology. 

Also, Ischebeck said, the wear and tear bank notes undergo, such as accidentally being put through the washing machine or sitting for hours in the sun, is "not semiconductor-friendly." 

Infineon conducted several research projects about a year ago on the feasibility of including semiconductors in bank notes, Ischebeck said, though he would not confirm whether the ECB project was one of them. 

The Auto-ID Center at the Massachusetts Institute of Technology estimated that RFID tags cost from 20 cents to $1. This would make the tags impractical for use in denominations lower than 200 and 500 euros, worth roughly $200 and $500, respectively. 

Though the EFF's Moniz said he has no doubt the ECB is implanting RFIDs in euros simply to thwart counterfeiting and money laundering, "it's not a one-use technology. It opens the door to other things. We need to examine the possible scenarios and what we can do about them. Society needs to have a debate about this."
*******************************
CNN Online
Cam phones spread new brands of mischief

TOKYO, Japan (AP) -- It may have been inevitable. Now that cell phones with little digital cameras have spread throughout Asia, so have new brands of misbehavior. 

Some people are secretly taking photos up women's skirts and down into bathroom stalls. Others are avoiding buying books and magazines by snapping free shots of desired pages. 

"The problem with a new technology is that society has yet to come up with a common understanding about appropriate behavior," said Mizuko Ito, an expert on mobile phone culture at Keio University in Tokyo. 

Concern in Japan, Korea
In South Korea, where more than 3 million cell phones equipped with cameras are believed to be in circulation, Samsung Electronics is banning their use in its semiconductor and research facilities, hoping to stave off industrial espionage. 

Samsung, a leading maker of cell phones, is taking a low-tech approach -- requiring employees and visitors to stick tape over the handset's camera lens. 

"Digital shoplifting" is another concern. 

Japan's magazine publishers association is mailing out 34,000 posters to bookstores asking patrons not to use camera phone to shoot pages from periodicals in lieu of buying them. 

Simply taking pictures of magazines on store shelves generally does not constitute copyright violation under Japanese law if it's only for individual consumption and not distributed to others. 

But bookstores say it is devastating sales. 

"Times are tough already. And this kind of problem has to come falling from the sky," says Makoto Niikura, owner of the Yakumodo book store in Tokyo, which has put up a poster that says: "Magazine lovers watch their manners." 

Tempted to snap
Minako Yamashita, a 32-year-old housewife who uses her cell phone to take pictures of her children, said she has witnessed people sneaking photos in bookstores and acknowledged a temptation to do it herself. 

"I can understand," she said. "But I'd never do it." 

A camera phone starts from virtually free for those rendering blurry photos to $300 models that offer digital-camera-quality images, albeit at tiny sizes. 

It's still impossible to read an entire magazine page in a picture shot from a phone, even if the image is relayed to a personal computer. But photographing a restaurant address, information about job openings, a recipe or pop star's photo are well within the technology's range. 

No regulation... yet
No government in Asia has yet tried to regulate camera phones. And South Korean manufacturers have already written the government opposing any possible regulation as a blow to sales, according to LG Electronics, a member of the industry group that wrote the letter. 

Most people use the camera-phones for harmless things like jazzing up e-mail with snapshots. But perverse uses are cropping up. 

Around Asia, fears are rising about photos being surreptitiously taken in swimming pools and locker rooms. Cell phones have already been declared off-limits by Japanese public bath houses. 

Japanese police say they have apprehended people using camera phones to take photos up the skirts of unsuspecting women in crowded trains and stores. One culprit was fined $4,200. 

In China, a teenager was raped by a man who photographed her nude with a camera-phone and threatened to disseminate the pictures, police said. One woman was sued for allegedly taking camera-phone pictures of another woman while she was in the bathroom and transmitting them to acquaintances. 

Ring can be muffled
Japan's camera phones are designed to set off an electronic ring when the shutter is pressed, warning everyone nearby that a photograph is being taken. But the alarm can be muffled by placing a hand or piece of cloth over the speakers, police say. 

Then again, camera phones can enhance the safety of people in trouble. In Yokohama, Japan, an 18-year-old female store clerk used her camera phone to take a photo of a 38-year-old man who was fondling her on a commuter train. She called police during the train ride and presented her phone shots as evidence. The man was arrested at the next stop. 

Daisuke Okabe, professor of education and human sciences at Yokohama National University, says rules about mobile phones ideally should be created by the users themselves, rather than forced upon them. 

"Mobile technology can change social behavior, and social behavior leads to new mobile technology," he said. "It's a two-way street." 
*******************************