[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips June 23-24, 2003



Clips June 23-24, 2003

ARTICLES

Congress Finds Rare Unity in Spam, to a Point
Law Gives Hacking Victims Right to Know
Iraq: The Computer Game
First Infragard Conference to Open 
Technology Helps Emergency 911 Call Center 
Man Accused of Hacking Into University 
CAPPS II privacy notice delayed
DOD chat use exploded in Iraq
OPM gives agencies direct-hire authority 
Survey shows common IT woes persist
Microsoft Forms Group to Fight Flood of Spam
House pushes spectrum sale
DOD official criticizes DARPA on privacy
Airports opt for iris, facial ID technology
Report finds IRS employees continue to abuse Internet privileges 
Online Piracy Frightens Movie Moguls 
RIAA's Rosen departs on an optimistic note
NY governor makes video voyeurism a crime

*******************************
New York Times
June 23, 2003
Congress Finds Rare Unity in Spam, to a Point
By JENNIFER 8. LEE

WASHINGTON, June 22  At a time when lawmakers are sharply divided on everything from Arctic oil drilling to Medicare drug benefits, spam has emerged as a powerful bipartisan issue.

Lately this has become abundantly clear as the first bill this year promising to control unwanted messages that clutter e-mail in-boxes flew through a Senate committee on Thursday by a unanimous vote. Meanwhile, the Christian Coalition, which rarely sees eye to eye with Senator Charles E. Schumer, Democrat of New York, has endorsed his separate proposal for a do-not-spam registry and labeling pornographic messages.

As with a variety of other technology debates about privacy and copyright, Congressional positions on spam have little to do with political ideology and turn more on interpreting the balance between the rights of consumers and the rights of the businesses that sell to them.

"This hasn't resonated with standard partisan positions," said Lawrence Lessig, a professor of law at Stanford University. "It's an advantage because I think something will happen. It's a disadvantage because just anything will happen."

In this case, spam frustrates everyone  Republicans and Democrats, urban and rural residents alike. Lawmakers themselves are consumers with overflowing in-boxes. Crises also cut across partisan politics. Spam, the consensus says, has reached a crisis point  consuming an estimated 40 percent of all e-mail traffic. Technology solutions have not been a panacea. As a result, various other business interest groups (with the exception of the spammers themselves) that might normally defend the free play of market forces have converged in support of some kind of federal regulation.

Technology companies, which traditionally eschew intervention from Washington, now fear the economic potential of the Internet will drown in the vast volumes of spam. Microsoft, America Online, Earthlink, eBay and Yahoo have rallied behind a fairly stringent Senate antispam bill sponsored by Conrad Burns, Republican of Montana, and Ron Wyden, Democrat of Oregon. And even the marketers have repositioned themselves.

"Legitimate industry has a benefit from cleaning up," said Louis Mastria, a spokesman for the Direct Marketing Association, which originally advocated industry self-regulation, but now endorses the Burns-Wyden bill.

The consumer-marketer dynamic spawns a spectrum of antispam proposals. One general approach centers on the collective consumer desire to protect in-boxes by requiring prior consent, creating do-not-spam databases and allowing individuals to take spammers to court.

Another approach emphasizes how marketing e-mail can be legitimate if it has options called opt-outs for consumers to remove themselves from mailing lists; postal or street addresses; and clear labeling. This approach also outlaws spamming techniques like using automated programs to harvest or generate e-mail addresses. The intent is to eliminate the bottom feeders (the generic Viagra and buy-a-diploma ads), while preserving the right for mainstream companies to market to consumers. 

But any regulation will be crude compared with the agility of elusive spammers. Even the bill's sponsors acknowledge that no matter what legislation passes, spammers will find loopholes, including moving more of their operations overseas. The hope is to at least slow the deluge.

A flurry of antispam bills has been introduced and reintroduced in Congress in the last several months. The bills rival one another as much for their attempt to create catchy acronyms as for legal content: the CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing), the SPAM Act (Stop Pornography and Abusive Marketing Act), REDUCE Spam Act (Restrict and Eliminate the Delivery of Unsolicited Commercial Electronic Mail or Spam Act), and the RID Spam Act (Reduction in Distribution of Spam).

But only bills with either a long history or the backing of key committee chairmen have credibility. This narrows the field to four: two rival bills in the House and two bills that are expected to be merged on the floor of the Senate.

In the Senate, the competition has become who can add another tough provision or close another loophole.

Senators Burns and Wyden updated their original bill to require opt-outs and advertising labeling for all commercial e-mail, solicited or unsolicited. They also clarified that a mere visit to a Web site does not create a prior business relationship.

Senator Schumer pushed for a provision calling on the Federal Trade Commission to explore creating a do-not-spam registry similar to the national do-not-call list it is about to begin compiling for telemarketers. John McCain, the Arizona Republican who is chairman of the influential Commerce Committee, which approved the bill, added his own amendment that would hold businesses accountable for hiring spamming services.

The two leading members of the Senate Judiciary Committee, Orrin G. Hatch, the Republican chairman, from Utah, and Patrick J. Leahy, the committee's senior Democrat, from Vermont, have introduced their own bill that would give spammers up to five years in prison. Those provisions would toughen the Burns-Wyden bill.

But the Burns-Wyden bill also makes a concession to marketers. It allows initial unsolicited e-mail messages, as long as there is a clear way for consumers to opt-out from receiving additional ones.

By contrast to the Senate, two bills have emerged in the House. One is sponsored by two longtime antispam advocates. The other, which is backed by two powerful committee chairmen, has been criticized for being too sympathetic to marketers.

On the surface, the two look remarkably similar  both create prison terms for spammers, forbid harvesting of random e-mail addresses from the Internet and demand opt-outs and street addresses in marketing e-mail. The differences, as with so much legislation, lie in the definitions and the enforcement provisions.

Billy Tauzin from Louisiana, chairman of the Energy and Commerce Committee, and F. James Sensenbrenner Jr., chairman of the Judiciary Committee, of Wisconsin, who are both Republicans, have overcome their traditional rivalries to introduce a spam bill with Richard M. Burr, Republican of North Carolina.

The bill started out as a collaborative effort, but ultimately a number of lawmakers defected because they were dismayed by the active role the financial services industry, among other industries, had in shaping the legislation.

"In the end I wasn't willing to sign on to that bill," said Heather A. Wilson, Republican of New Mexico, who has been pushing antispam legislation for the past four years. "The reason is that there were too many loopholes that would allow junk e-mail to continue."

Critics note that one loophole is that the Burr-Tauzin-Sensenbrenner bill defines marketing e-mail messages as those whose "primary purpose" is to promote a product, as opposed to a message which promotes a product in any capacity, primary or not.

State attorneys general are not given the authority to enforce the opt-out provision, though they are able to enforce other aspects, like fraudulent subject lines. "It's a fundamental consumer protection issue," Senator Wyden said. "If recipient asks to be taken off the list and there are no consequences, it's not on the level."

The omission is rooted in Representative Sensenbrenner's skepticism about overly aggressive state attorneys general, say people who worked on the bill. 

In response, Mr. Wilson and Gene Green, a Texas Democrat, revived an antispam bill they had introduced in two previous sessions of Congress. In 1999, the bill passed the House by a 427-to-1 vote. In 2001, the bill passed out of committee and never made it to a floor vote, in part because of resistance from Mr. Sensenbrenner.

The Wilson-Greene bill requires warning labels on pornography, has a tighter definition of prior commercial relationship and forbids the sharing or selling of e-mail addresses with third parties.

But in order to broaden its appeal, the Wilson-Green bill eliminated the right of individuals to sue spammers, leaving that right to the F.T.C., states and Internet service providers.

In the last few weeks, the Wilson-Green bill has gained considerable momentum in the House. It has gathered over three dozen co-sponsors, including the ranking Democrats on the Energy and Commerce Committee, Representative John D. Dingell of Michigan, and on the Judiciary Committee, John Conyers Jr. from Michigan. Both had been disappointed in the other proposal.

This attention has not gone unnoticed. "There is enough support behind the Wilson bill to stimulate a dialogue between our two committees," said Ken Johnson, a spokesman for Mr. Tauzin.

But outside of Washington there is still considerable skepticism as to the effectiveness of the emerging legislation.

"There just seems to be that there is a simpler cheaper way to enable enforcement," said Professor Lessig, who has proposed setting bounties on spammers, an idea introduced by Representative Zoe Lofgren, Democrat of California. "We are going to have another Homeland Department of E-Mail Security or something like that."
*******************************
Los Angeles Times
Law Gives Hacking Victims Right to Know
Starting July 1, Web sites must tell Californians when their information may have been stolen.
By Rachel Konrad
Associated Press
June 23, 2003

California consumers will learn next month whether their favorite shopping sites are steeled against computer fraud  or are haunted by hackers and identity thieves. 

Starting July 1, companies must warn California customers of security holes in their corporate computer networks. When a retailer discovers that credit card numbers in its files have been stolen, it must e-mail customers, essentially saying, "We've been hacked, and the hacker may have your credit card number." 

State politicians call the regulation the first of its kind in the nation. U.S. Sen. Dianne Feinstein plans to introduce a similar federal legislation within a month. 

"Corporate and government databases are increasingly becoming targets of identity thieves seeking Social Security numbers and other sensitive personal data," the California Democrat said in an e-mail. "Under current law, all too often people are unaware that an identity thief has gained this information and may be using it to run up credit card bills or use it to manufacture a new identity." 

California's new regulation contrasts with the Bush administration's hands-off treatment of the technology industry, particularly when it comes to controversial e-commerce issues such as privacy and fraud. 

Although the FBI and the Federal Trade Commission have hunted down Web site operators involved in fraudulent sales and auctions, laissez-faire proponents worry that regulations would hamper innovation. 

"You cannot legislate good behavior," said EBay Inc. security chief Howard Schmidt, who quit this spring as a Bush advisor on cybersecurity.

The Postal Service reports that 50,000 people a year have become victims of identity theft, and the Treasury Department says thieves ring up $2 billion to $3 billion a year on stolen credit cards alone. As victims expend hours or days canceling debit and credit cards, obtaining new ones and reestablishing accounts and passwords, corporate America loses billions of dollars more in productivity. 

Proponents say the California bill makes Web merchants more accountable for computer fraud. It doesn't impose monetary fines, but the regulation makes companies with questionable computer networks more vulnerable to lawsuits and public scorn. 

"It's a wake-up call for companies to make major, across-the-board changes in every part of the company," said Nick Akerman, an attorney specializing in computer fraud in the New York office of Dorsey & Whitney. "Companies are afraid to report breaches because they think it reflects badly on them, and they don't want the bad publicity of becoming known as a company that's been hacked into. This bill says, 'You can't continue business as usual.' " 

The regulation applies to any company that stores data electronically and does business in California. Companies must alert customers whenever "unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person." 

The bill defines "personal information" as an individual's first name or initial and last name, with one of the following: Social Security number; driver's license number; state identification number; or credit or debit card account number and security code. 

Except when disclosure would impede a criminal investigation, companies must notify consumers "in the most expedient time possible" by e-mail or physical letter. 

If a hacker gains access to data for 500,000 or more customers, the company might also have to notify people through a "conspicuous" posting on a Web site and disclosure to the media. 

Amazon.com Inc., Land's End, Recreational Equipment Inc. and numerous other companies with extensive databases would not comment on the bill. Dell Computer Corp., which sells 50% of its goods online, said it applauds the regulation. 

"This legislation codifies what we've had in place for a long time," spokeswoman Cathie Hargett said. 

Sending e-mails to customers is daunting, but sending alerts to newspapers and wire services truly panics e-commerce executives, said Peggy Weigle, chief executive of Santa Clara, Calif.-based security company Sanctum Inc. The regulation would treat computer vulnerabilities like automobile recalls  critical safety data that must not be kept from the public. 

"The public has been under the impression that the transactions they're doing online are really secure," Weigle said. 

Nearly half of the 530 companies and government agencies polled in January by the FBI and San Francisco-based Computer Security Institute acknowledged their networks had been the victim of an unauthorized, internal hacker in the last year. 

It's unclear whether the alarming level of computer fraud will result in so many warnings that consumers ignore them. 

Andy Carvin, an e-commerce enthusiast in Washington, D.C., would like a national version of the California bill. Carvin discovered his credit card information was stolen two years ago and suspects a hacker stole data during an online transaction. 

"It would have been great if [the online merchant] had sent a letter with some useful advice," Carvin said. "I'd feel they wanted to help me."
*******************************
Slate Online
Iraq: The Computer Game
What "virtual world" games can teach the real world about reconstructing Iraq.
By David Plotz
Posted Thursday, June 19, 2003, at 2:05 PM PT

The United States sent 250,000 soldiers across the world to rebuild a society. You can do the same thing from your living room. One peculiar development of the last decade has been the astonishing popularity of online "virtual world" role-playing games like EverQuest, Asheron's Call, Ultima Online, and Lineage. At every minute of the day, hundreds of thousands of people are gathering online to build digital civilizations. As this Slate piece described, players erect cities, open businesses, form governments, muster armies, commit crimes, take jobs, earn decent wages, make friends, marry, and die. The virtual money they earn has real value: They can trade it for U.S. dollars at online auction sites. Thousands of players consider themselves citizens of their virtual world, and some spend more time there than in ours. 

[For the complete story, see: http://slate.msn.com/id/2084604/]
*******************************
Associated Press
First Infragard Conference to Open 
Mon Jun 23, 8:27 AM ET
By WILLIAM McCALL, Associated Press Writer 

HILLSBORO, Ore. - Power plants, bridges and buildings aren't the only things vital to national security, computer networks also are crucial. And the FBI (news - web sites) can't keep an eye on everything.


So a unique partnership called the Infragard program has developed between the FBI and 8,300 companies to share information about both cyber and physical threats. 


On Monday, experts from around the country were expected to gather for the program's first national conference in Washington, D.C. Some 1,500 people were expected to attend the three-day meetings. 


"It's going to be a whole new business growth area," said Paul Bracken, an information technology and security expert at the Yale School of Management. 


The program, started in 1996, was growing slowly but steadily until the terrorist attacks of Sept. 11, 2001, made security the top priority for the FBI. 


"When Wall Street was shut down, banking was hit very hard, transportation was hit very hard  they're all part of the infrastructure we're trying to shore up and protect," said Brett Hovington, the FBI's national coordinator of the Infragard program. 


"Our economy is still feeling the impact of that," Hovington said. 


Unlike World War II, the FBI also must protect the computer networks and telecommunications systems that make up the nation's modern electronic infrastructure, in addition to bridges, roads, buildings and dams. 


"I've been preaching that message for a long time  you can't have one without the other," Hovington said. 


Banks and brokerages, in particular, are vulnerable and need to take new steps to protect the financial system from computer hackers, electronic thieves and terrorists, Bracken said. 


Dave Gulosh, a security manager in Oregon, said Infragard allows government agencies and private companies to share confidential information they would not have shared in the past. 


"A lot of companies and agencies are not going to get that information unless you have something like Infragard," Gulosh said. "I think with Infragard the walls are coming down." 


Hovington, the program's national coordinator, says the program allows the FBI to detect patterns that could alert the agency to a terrorist threat. 


For example, an e-mail to a power plant manager from a worker who notices something minor but unusual in Oregon may be significant when compared to a similar e-mail to another plant manager in Florida or another state  messages that would never have been shared or compared in the past, he said. 


"They're our eyes and ears," Hovington said. "Because once we start putting all the pieces together, we can see if this sort of activity is taking place across the country." 


Cetin Koc, an Oregon State University electrical and computer engineering professor, said major computer networks are relatively secure but are only as strong as their weakest link  some could possibly be controlled or disrupted with devices as simple as a personal digital assistant, the handheld minicomputers that are increasingly popular. 


"I don't really care who the attacker is  it could be a terrorist, it could be a 15-year-old kid," Koc said. 

   



The FBI and companies emphasize that the Infragard program is voluntary and they do not share information such as confidential personnel records protected by privacy laws. 

But the American Civil Liberties Union (news - web sites) is concerned the program could trample on constitutional rights to block a threat. 

"We haven't seen any evidence so far of any deprivation of civil liberties through this program," said Barry Steinhardt, the ACLU's technology director. "But there is the potential that this will allow companies to engage in a form of high-tech vigilantism." 
*******************************
Associated Press
Technology Helps Emergency 911 Call Center 
Sat Jun 21, 7:11 PM ET
By DAVID HO, Associated Press Writer 

ALEXANDRIA, Va. - Questions of life and death hang in the air at the Alexandria Emergency Communications Center. 


"Anybody hurt?" "Do you need police or fire?" "911  What is your emergency?" 


When 911 calls made by people using traditional phones stream into the center, operators can trace the street address and send help. 


To give cell phone users the same protection, the center recently began using one of the nation's most advanced systems for pinpointing wireless (news - web sites) callers in trouble. 


"We can drill down on the computer map almost to where they're standing," said David Baker, deputy chief with the Alexandria Police Department. He said cell phone users account for almost a third of 911 calls received. 


In a demonstration Friday for a top federal regulator, an incoming 911 call from a cell phone was shown on a flat-panel screen. The caller's location was represented by a red triangle on a city map. 


With a few computer mouse clicks, an operator zoomed in to show neighborhoods, then blocks and buildings, until the caller was pinpointed to within about 100 yards. 


The screen updated seconds later to show the caller in motion, moving through a parking lot outside. 


"This department and this center are really at the front edge of the new technology that we are rapidly trying to drive throughout the country," said Michael Powell, chairman of the Federal Communications Commission (news - web sites). 


"Hopefully, a year from now and as we continue to progress we'll be able to see more than just demonstrations but lives saved." 


Creating a system for locating cell phone users who call 911 has been a challenge for wireless companies, regulators and workers at the country's 7,000 emergency dispatch centers. 


The FCC (news - web sites) established a timetable in 1996 for cell phone companies to put in place the upgraded service known as E911  "enhanced 911." Beginning in October 2001, wireless companies were to start providing the service within 6 months of a 911 call center's request . 


The carriers could choose to modify cellular networks to pinpoint almost all callers to within 1,000 feet or offer phones that allow operators to track people even more precisely using global positioning satellite data. 


Even without call center requests, companies using the handset option must have 95 percent of their customers using the technology by the end of 2005. Industry officials say they are largely on schedule. 


The technology works, but so far only one in 10 emergency call centers has the equipment needed to precisely locate cellular callers, according to the National Emergency Number Association. 


Public safety officials and lawmakers say a lack of money from cash-strapped local governments is slowing the nationwide rollout. Some states have diverted millions of dollars in E911 funds collected from consumer phone bills to plug budget shortfalls elsewhere. 


Sens. Conrad Burns, R-Mont., and Hillary Rodham Clinton (news - web sites), D-N.Y., have proposed legislation to provide $500 million in annual grants for updating 911 services and training emergency workers. States that divert funds intended for E911 would be denied the grants. 

   



While consumers, particularly the elderly, want the protection of E911, the system raises questions about civil rights and privacy, said Chris Murray of Consumers Union, publisher of Consumer Reports magazine. "Any technology that is used to locate a caller with precision has a potential for misuse," he said. 

Deputy chief Baker said E911 is even more important because people increasingly are using cell phones as their only phone. He said the Alexandria call center has not yet used the new technology for an emergency. 

Until the most recent upgrade, the center used an older system that could locate the cell phone towers relaying a call, Baker said. That system, which went into effect in the FCC timetable's first phase, was limited because a tower can be more than a mile away from a caller. 

Officials from Nextel, Cingular Wireless and AT&T Wireless demonstrated their versions of E911 technology with test calls at the Alexandria center. 

Showing the technology's growing pains, a problem with a third-party database diverted the AT&T Wireless call to a 911 center in neighboring Arlington. A company spokeswoman said the problem was quickly fixed. 

"E911 is such a simple-sounding capability matched only by the complexity that it takes to actually put into place," the FCC's Powell said. "There are three things that make this difficult: complexity, coordination and bucks."
*******************************
Associated Press
Man Accused of Hacking Into University 
Sat Jun 21, 7:12 PM ET

RIVERSIDE, Calif. - A 21-year-old student was arrested for allegedly hacking into a university computer system during student elections to cast hundreds of votes for a made-up candidate he named American Ninja. 


Shawn Nematbakhsh, a computer science major at the University of California, Riverside, was arrested Friday for investigation of drug possession and altering computer data without permission. 


If convicted, he could face up to three years in prison and a $10,000 fine. He was being held Saturday on $10,000 bail. Arraignment was set for Tuesday. 


School officials said Nematbakhsh cast the 800 votes in April, forcing the university to scrap the election results and hold a new student government election the following month. 


Nematbakhsh told police he did it to show the university network was vulnerable, said university spokesman Ricardo Duran. 


"I think he made his point, but you might say he went about it in the wrong way," Duran said. "An e-mail to the webmaster might have sufficed." 


Nematbakhsh, who was expected to graduate this year, will be required to appear before a university judicial review board which could expel him, suspend him, require restitution or require him to repeat an academic quarter. 
*******************************
New York Times
June 24, 2003
Congress Online: Much Sizzle, Little Steak
By KATHARINE Q. SEELYE

WASHINGTON, June 23  By now, almost every representative and every senator in Congress has a Web site. The sites offer a cornucopia of personal and hometown lore, in most cases virtually everything except what becomes legends most: their voting records.

For example, Senator Ben Nighthorse Campbell, Republican of Colorado, bursts from his home page in a leather jacket, showing off his motorcycle, which is decorated with stars and stripes. Senators John B. Breaux and Mary L. Landrieu, Louisiana Democrats, give links to recipes for down-home Southern cooking. 

None of these sites disclose the lawmakers' votes. And these sites are the rule.

A New York Times analysis of the Web sites has found that only 11 percent of senators and 40 percent of representatives provided some kind of information about their voting records, either a partial list of their major votes or a link to a vote-listing service. Many list their opinions, the bills they have sponsored and press releases. Only one senator, Dianne Feinstein, Democrat of California, provides her complete voting record.

Surveys by other groups suggest a strong desire by citizens to see the voting records of their lawmakers. Extensive work has been done on this subject by the Congress Online Project, a program financed by the Pew Charitable Trusts to improve electronic communication between members of Congress and the public. In addition, Ralph Nader, the consumer advocate, has organized Congressional interns to prod their bosses to post their voting records on their Web sites. Focus groups told the Pew researchers that they were not interested in every vote but wanted know the important ones.

The Times analysis found that besides Senator Feinstein's, the model sites were those of two Republican representatives, Christopher Shays of Connecticut and Frank R. Wolf of Virginia. Links to their voting records are heralded prominently on their home pages.

Others offer links to services like the Library of Congress's Thomas service (http://thomas.loc.gov/), Project Vote Smart (www.vote-smart.org) or congress.org, which can direct viewers to individual votes.

Some legislators are overhauling their sites to provide such links. Senator Breaux, for example, is in the midst of a redesign. His spokesman, Brian Weiss, said it would include a link to the Thomas service. 

Some sites are so poorly designed that even when a link is available, it is not easy to find. Nothing on the site of Senator Daniel K. Akaka, Democrat of Hawaii, who appears on his home page with a green lei around his neck, refers to his voting record. Only by clicking on "links" and then stumbling into "federal government"  not the obvious repository for a voting record  can one then click on www.senate.gov and find a vote by navigating from there.

Paul Cardus, Senator Akaka's press secretary, said the site was being updated and would probably add a direct link and call it "voting record" to take the viewer to Thomas.

Some Web pages offer no links at all. Representative Richard A. Gephardt, the Missouri Democrat who is running for president, does not list his votes on his fairly limited House Web site or on his flashier campaign site. His spokesman, Erik Smith, said he knew of no demand for the votes but thought that listing them might be a good idea.

Critics like Mr. Nader say that while the links to services can help find a vote or two, trying to compile a voting record by year and by issue from these links is cumbersome, confusing and time-consuming.

Mr. Nader says some members are trying to obscure their votes. 

Others take a more benign view. Brad Fitch, deputy director of the Congressional Management Foundation, which helped with the Congress Online Project, said many members were just getting up to speed with online technology.

"There is a learning curve," Mr. Fitch said. 

He said some members had told him they did not provide quick access to their voting records because they did not want to do the research for their challengers back home.

Mr. Fitch says he responds like this: "I tell these members that I'm letting them in on a little secret  that the Democratic National Committee and the Republican National Committee have computers, and this information is available."

He added: "The only thing a member does by not providing this information is send the wrong message to constituents. You're inviting them to go someplace else, and that's a lost opportunity, from a political and a communication standpoint."

It is not clear, however, that all lawmakers are behind the technology curve. Representative Wolf said he started making his voting record available by newsletter as soon as he was elected to Congress in 1980; an opponent had told voters they could "look up" his record, so Mr. Wolf promised to send his record out.

He adapted to the Internet without difficulty and lends his assistant to help others set up sites.

"It's like opening up a book," Mr. Wolf said. "You want everything to be there. And of course your votes should be. Ye shall know them by their fruits, they say, and our votes are our fruits."
*******************************
Federal Computer Week
CAPPS II privacy notice delayed
BY Randall Edwards 
June 23, 2003

The Transportation Security Administration has delayed the release of the much-anticipated revised privacy policy for the Computer Assisted Passenger Prescreening System (CAPPS) II because it wants to ensure the policy's accuracy.

The Homeland Security Department was expected to release the notice last week. Carol DiBattiste, TSA's chief of staff, had said June 17 that the privacy notice would be published in the Federal Register by the end of the week.

Because the notice may shape policy, TSA has delayed its publication to ensure the accuracy of the document's wording and details, according to a senior official.

TSA officials now say they expect to release the privacy notice within two weeks.

CAPPS II is designed to identify potential terrorist threats by using passengers' names, addresses, phone numbers and dates of birth to confirm their identity. Privacy advocates have criticized the system for its use of personal information. Two of their concerns are the ramifications for individuals mislabeled as possible terrorists and the length of time personal information will be held in government databases.
*******************************
Federal Computer Week
DOD chat use exploded in Iraq
BY Dan Caterinicchia 
June 23, 2003

The U.S. military, especially the Navy, relied heavily on chat rooms as a means of communication during Operation Iraqi Freedom. Although the technology performed admirably, it poses new challenges.

A Navy commander who recently returned from the Middle East said today that chat and secure telephones were the primary communications circuits Navy ships used at sea during the war. 

However, chat quickly became overused in some situations, including one chat room at the Combined Air Operations Center that had 900 people participating at once, said Navy Cmdr. Tim Sorber, knowledge officer for Commander, Cruiser-Destroyer Group 8. He spoke today at the American Society of Naval Engineers' Human Systems Integration Symposium in Vienna, Va. 

Such a large number of people in a chat room "is a nightmare," Sorber said. This is because it takes valuable time to determine who should and shouldn't be there.

Sorber said coalition forces found that the simplest knowledge management tools, such as chat, worked best during the war, but they also have built-in limitations. These include:

* They are unable to effectively handle large amounts of information.

* They lack automation tools that can turn information into knowledge.

* The procedural controls delay the automation tools' capabilities.

For example, some users were communicating privately with one another, or "whispering," during chats so that they didn't clog the main conversation. This became problematic because the whisperers were brokering important deals that cut other decision-makers out of the loop. This caused the commander to quickly outlaw the practice, Sorber said.

"We need to close those seams...and that comes with understanding how the system works [in a wartime environment]," he said.

In addition to chat rooms, joint and coalition forces used numerous other means to communicate, including the Secret Internet Protocol Router Network (SIPRNET), the Non-Classified Internet Protocol Router Network and the Combined Operations Wide-Area Network. "The SIPRNET and IP connectivity allowed us to win this war as fast as we did," Sorber said.

The secret network not only enables chats, but is agile, flexible and has dynamic bandwidth capabilities that were not hindered, as most other systems were, by the saturated satellite pipes that were used extensively throughout southwest Asia, he said.

The keys to future success include using the lessons learned from recent conflicts and adapting DOD's tactics, techniques and procedures to best serve the warfighter. Information technology tools must be flexible and adaptable, easy to use for information production and consumption, and able to process multiple levels of classification from the same machine across networks, Sorber said. 

Army Col. William Johnson, Future Combat Systems program manager, agreed and added that the challenge in all of that is making sure warfighters, especially those in urban combat, are not overwhelmed by too much data.
*******************************
Government Computer News
06/23/03 
OPM gives agencies direct-hire authority 
By Jason Miller 

Agencies needing to fill IT security positions quickly now have the authority to directly hire these individuals. 

Kay Coles James, director of the Office of Personnel Management, today sent a memo to agency heads and Chief Human Capital Officers granting these and other initial authorities under regulations her agency published in the Federal Register June 13. 

Congress gave OPM direct-hire authority in the Homeland Security Act of 2002. 

Besides IT security employees, OPM?s regulations let agencies hire doctors, nurses and pharmacists. OPM also gave the Securities and Exchange Commission authority to hire accountants, economists and securities compliance examiners. 

?I am not waiting to be asked in those situations where the shortages and critical needs are well-known and a direct-hire authority can make a real difference,? James said. ?The new authority presents a real opportunity to address serious hiring problems.? 

Federal officials and observers have said there is a shortage of qualified IT security workers in agencies. And with the Office of Management and Budget?s goal to certify and accredit 80 percent of all IT systems by December, the need is ever growing. 

In the fiscal 2004 budget submission, OMB said improving security education and awareness is a common governmentwide IT security weakness. OMB is addressing this through online courses. 

?The government is taking the cybersecurity issue very seriously and doing its best to staff up to meet requirements,? said Lynn McNulty, director of governmental affairs for the International Information Systems Security Certification Consortium Inc. of Framingham, Mass., a not-for-profit that certifies security personnel. ?This is symbolic of the fact people are realizing IT security is not a technical problem. It requires skilled and trained managers and professionals to manage complex problems. I?m pleased OPM recognizes IT security has become a separate and distinct career field on par with doctors and others health care professionals.? 

McNulty, a former federal IT security manager at the National Institute of Standards and Technology, said the federal government had to find a way to compete with the hiring practices in the private sector for these kinds of scarce resources. 

Agencies also can request OPM grant other specific direct-hire authorities. OPM will provide additional guidance about the types of situations that this new ability could address.
*******************************
Computerworld
Survey shows common IT woes persist
By JULIA KING 
JUNE 23, 2003

It's deja vu all over again at most companies when it comes to their track records in using IT to help achieve business goals. 
Consider the following: 


At companies that aren't among the top 25% of technology users, three out of 10 IT projects fail on average. 

Less than 40% of IT managers say their staffs can react rapidly to changes in business goals or market conditions. 

Less than half of all companies bother to validate an IT project's business value after it has been completed.
Those are just a few of the findings from a survey of IT managers at about 2,000 companies, including more than 80% of the Fortune 1,000. The survey, which was conducted by The Hackett Group in Atlanta and is due to be released this week, rates the top 500 of those companies as "world-class" IT users. The rest of the pack is classified as "average." 

"None of these results surprise me," said Bill Finefield, CIO at the Navy Exchange Service Command in Virginia Beach, Va. "Companies tend to build a great case for an IT project, and then they tend not to follow up to see if they achieved what they expected." 

"There should be a very well-understood process around when and how IT is going to measure value," said Joyce Young, CIO at UOP LLC in Des Plaines, Ill. But equally important is how well IT communicates with business leaders, Young said. Many IT managers "don't have really strong relationships on the user side, and we have to say no a lot," she said. "Having a well-understood set of project priorities should help." 

UOP, which develops process manufacturing technology for petroleum refiners and petrochemical companies, is implementing a portfolio management approach to tracking IT projects. 

By far, the biggest factors separating world-class IT departments from the also-rans is their level of business alignment and the sophistication of their internal IT processes, according to Hackett analysts. 

"Most IT organizations still look like a Rube Goldberg [machine]," said Allan Frank, a senior fellow at Hackett. "There's no underlying process model to them." For example, only 37% of the "average" companies have a formal IT program management office in place, he said. 

Too many IT departments also lack a direct link to CEOs, Frank said. Hackett's survey found that less than one-third of CIOs report to their CEOs at businesses in the "average" category. At world-class companies, that figure is 42%.
*******************************
Reuters
Microsoft Forms Group to Fight Flood of Spam
Mon Jun 23, 8:02 PM ET
By Reed Stevenson 

SEATTLE (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) is assembling a team of experts charged with battling the accelerating spread of spam as unsolicited e-mail clogs in-boxes worldwide, including that of Bill Gates (news - web sites), founder and chairman of the world's largest software maker. 


At risk is the usefulness of e-mail itself, which has allowed people to communicate more quickly and efficiently, said Kevin Doerr, who has been named to direct Microsoft's spam-fighting strategy. 


"Where it hurts most is customer satisfaction. But when it starts to change behavior, we could have consumers turn away from email, and that has huge implications," Microsoft's Doerr told Reuters on Monday. 


Microsoft now blocks more than 2.4 billion spam messages daily. North American e-mail users are expected, on average, to see the number of spam e-mails that they receive daily more than triple over the next three years to 35 messages per day, according to Ferris Research. 


A team of about 20 people from across Microsoft is now working to come up with ways to fight spam. That team will grow by about another third in coming months, Doerr said. 


Redmond, Washington-based Microsoft, along with other major Internet businesses, has ramped up its spam-fighting efforts in recent months in response to an sharp increase in spam that has sparked a jump in consumer complaints. 


Microsoft said last week that it had filed 15 lawsuits against individuals and businesses that it said are responsible for flooding its Internet service arm with more than 2 billion spam messages daily. 


In April, Microsoft, AOL Time Warner's (NYSE:AOL - news) America Online unit and Yahoo! Inc. (Nasdaq:YHOO - news) -- which represent the world's largest block of e-mail users -- said they were working together to block unidentified messages and to stop spammers from creating fraudulent e-mail accounts. 


"One of the things that we're very clear about is that there is no one single solution to this problem," said Doerr, who outlined Microsoft's strategy of using legislation, technology and industry collaboration to fight spam. 


SPAMMING CHAIRMAN BILL 


Microsoft Chairman Bill Gates wrote an open letter on Monday explaining his dislike for spam, weighing in with an endorsement of legislation that would require unsolicited e-mail senders to identify their messages with "ADV:" in the subject line. 


His letter also called for establishing clear guidelines for legitimate commercial e-mail. Microsoft has long argued that overly restrictive regulation could hurt companies that want to communicate with their customers via e-mail. 


"Congress could help by providing a strong incentive for businesses to adopt best e-mail practices. Our proposal is to create a regulatory 'safe harbor' status for senders who comply with e-mail guidelines confirmed by an FTC (Federal Trade Commission)-approved self-regulatory body," said Gates. 


Gates also revealed that he, too, receives "a ton of spam every day." 


"Much of it offers to help me to get out of debt or get rich quick," wrote Gates, the world's richest man. 


"It would be funny if it weren't so irritating," Gates wrote in an opinion piece entitled "Why I Hate Spam" that was published in the Wall Street Journal.
*******************************
Federal Computer Week
Legislation spurs biometrics at the borders
June 23, 2003 

Recent bills passed by Congress include:

Enhanced Border Security and Visa Entry Reform Act: Requires that visas issued in the United States and at U.S. missions abroad be biometrics-enabled by 2004; will have international ramifications as the 210 consulates that issue visas work through cultural, policy and technical issues.

USA Patriot Act: Requires the National Institute of Standards and Technology to develop standards for biometric technologies for the purposes of conducting background checks, confirming identity and ensuring that a person has not received a visa under a different name.

Aviation and Transportation Security Act: Set in motion "passenger-expedited" or "trusted traveler" programs, which encourage airports and airlines to develop voluntary biometric-based programs for screening passengers.
*******************************
Federal Computer Week
House pushes spectrum sale
Bill would open more airwaves to industry
BY Dan Caterinicchia 
June 23, 2003

The House overwhelmingly passed a bill earlier this month that would accelerate the process of selling portions of the federal government's radio waves to the private sector. 

The bill would require some agencies, primarily the Defense Department, to change the wireless frequencies they use, and it simplifies the process for doing so. It also would simplify the process for reimbursing agencies for the airwaves they lose.

The Commercial Spectrum Enhancement Act (H.R. 1320) passed June 11 by a 408-10 vote. It was sponsored by Rep. Fred Upton (R-Mich.), chairman of the House Energy and Commerce Committee's Telecommunications and the Internet Subcommittee.

Upton said the legislation will allow federal agencies to relocate to comparable wavelengths while allowing private industry to further develop wireless technology.

The act creates a spectrum relocation fund that would be created by money generated when the Federal Communications Commission auctions off the spectrum. That fund would be used to reimburse federal agencies that are relocated along the radio spectrum as a result of the auction.

Currently, the winning bidder must negotiate with the incumbent to determine proper reimbursement costs, which the fund would help simplify and streamline, according to a spokesman for the Commerce Department's National Telecommunications and Information Administration (NTIA).

The FCC manages the nation's nonfederal telecommunications spectrum, including users in the commercial broadcast, public safety, and state and local government sectors. NTIA is responsible for the federal space  including DOD, which is the federal government's largest user of it. The majority of the telecommunications spectrum is shared between federal and nonfederal users, which requires the FCC and NTIA to coordinate spectrum policy.

The House bill guarantees that federal incumbents receive adequate compensation for expenditures related to relocating to other spectrum bands. Auction proceeds, which would be deposited in the spectrum relocation fund, must equal at least 110 percent of the total estimated relocation expenses.

Assistant Commerce Secretary Nancy Victory said she was pleased by the House legislation's progress and is looking forward to working with the Senate. Sen. John McCain (R-Ariz.), chairman of the Commerce, Science and Transportation Committee, introduced the Senate version of the bill, Commercial Spectrum Enhancement Act (S. 865), in April.

The government already has identified 1710-1755 MHz band for relocation from the government to the private sector. This spectrum, mostly encumbered by DOD, is considered valuable due to its suitability for commercial, mobile advanced wireless services. 

Upton called the act a "win-win-win" for government, industry and taxpayers. 

"That is good news for the private sector, which craves certainty in the process, and the consumer, who craves the benefits which new services enabled by additional spectrum will afford them," he said. "That is good news for government agencies, who know that they will be made whole when they relocate to comparable spectrum, and the taxpayer, who will not have to pay a dime to government agencies and will know that there is tight fiscal oversight in that regard." 

The Bush administration strongly supported the passage of H.R. 1320 because it believes the fund will serve as an important spectrum management tool to streamline the process for reimbursing government users, facilitate their relocation to comparable spectrum and provide greater certainty to auction bidders and incumbents. 

James Lewis, senior fellow at the Center for Strategic and International Studies, noted that the three advocates Upton touted would not need to be relocated and said the legislation's only potential weakness is "whether the fund will actually match the real [relocation] costs" for government agencies. 

Lewis said DOD is one of the primary agencies that will be relocated, and the legislation must answer two key questions to satisfy the department: Will there be enough money to physically relocate and buy new equipment, and if not, "do we keep it?" But as long as all "costs are covered, everyone's happy," he said.
*******************************
Federal Computer Week
DOD official criticizes DARPA on privacy
Privacy groups continue TIA opposition
BY Dan Caterinicchia 
June 23, 2003

The Defense Advanced Research Projects Agency has poorly planned how to protect privacy and civil liberties in the proposed Terrorism Information Awareness (TIA) system, but the agency is now better focused on including protections, a top Defense Department official said last week. 

During the first meeting of a committee formed to examine TIA privacy concerns, Michael Wynne, DOD's acting undersecretary for acquisition, technology and logistics, told the committee that DARPA officials are visionaries who must look beyond current weapons and technologies, but "in this particular case, the vision exceeded their grasp." 

TIA, originally known as Total Information Awareness, could access databases run by airlines, financial and educational institutions, and other groups to scour individuals' records for patterns that might indicate terrorist activity.

Wynne appeared June 19 before the Technology and Privacy Advisory Committee, an external oversight board DOD established in February in response to criticism that TIA failed to address constitutional rights, privacy protection laws and policies. A separate, internal DOD oversight committee has been formed to do the same. 

Wynne said that increased congressional, internal and external oversight has convinced DARPA officials to better protect privacy and civil liberties when developing the system. "The debate between security and privacy I think is robust," he said. "They're developing collaborative programs and were marketing them as broader than they were."

Wynne said a report to Congress last month that outlined how DARPA will include privacy safeguards in TIA was a step in the right direction, but more attention is needed.

In the report, DARPA officials said they would comply with laws governing intelligence activities and protecting constitutional rights. The system would use only foreign intelligence and counterintelligence information legally obtained and legally usable by the government.

The system also would use information from artificial data generated to model behavior patterns. As part of its TIA research, DARPA will develop technologies that ensure privacy.

Wynne said DARPA has created written procedures that an agency must follow to use data gathered through TIA.

"What [DARPA] was trying to do is really emphasize what they considered to be standard knowledge, and that's insufficient," he said in an interview with Federal Computer Week. "They needed procedures to directly address privacy and tell them to do things like protect information or sign a confidentiality agreement. DARPA is mostly engineers who are not versed in establishing those kinds of procedures...and they needed to get them down on paper."

Zoë Baird, a member of the DOD committee and director of the Markle Foundation, which promotes using information technology to help meet public needs, said TIA's fundamental mission should be changed to include the protection of civil liberties, in addition to identifying terrorists.

Representatives from a Markle Foundation task force, including people from the legal, education and public policy communities, said DARPA should continue to develop TIA if privacy and oversight stipulations are met.

Jerry Berman, executive director of the Center for Democracy and Technology, said DARPA needs to consult other government agencies that could be TIA customers, especially the Homeland Security Department.

"Unless DARPA feeds [TIA information] into the Department of Homeland Security and there is a coordination among all their customers, you could end up with stranded investment, duplicative work or privacy insensitivity," Berman said. "I think it will happen because Congress will not let it go forward unless these questions are answered."

Representatives from the American Civil Liberties Union and other privacy advocacy groups have opposed TIA. Jay Stanley, communications director for the technology and liberty program at the ACLU, urged the DOD committee to file a report recommending the program be closed. 

"Shutting it down is not only an option with wide public support, but in truth is the only wise course of action," Stanley said. "The simple fact is that the technology is developing at the speed of light, while the law crawls along at a tortoise's pace."
*******************************
Federal Computer Week
Airports opt for iris, facial ID technology
BY Jennifer Jones 
June 23, 2003

Although fingerprint biometrics are the clear front-runner in the government's race to secure the nation's borders, a quick scan of airports here and abroad offers ready evidence that applications based on iris scanning and facial recognition are also thriving.

For instance, Charlotte/Douglas International Airport in North Carolina is using a sizable iris-scanning application to secure the facilities of the nation's 20th largest airport in terms of passengers.

About 4,500 transportation workers and airport employees are now enrolled in the system, which was installed at minimal cost by EyeTicket Corp., a company eager to prove the merits of iris scanning.

"It is just a little box that you look in," said airport director Jerry Orr. "It is not intrusive, and almost immediately you are identified and your access is captured." 

About 1,500 employees per day perform this exercise at the airport's four checkpoints, which are outfitted with EyeTicket's EyePass system.

"There is a broad range of people in the system. We have all categories of employees, from vendors to contractors to airline employees" and Transportation Security Administration employees, said Stewart Mann, EyeTicket's chief executive officer. EyePass affords users the choice of storing data in central repositories or as part of staff IDs. The company claims that in Charlotte, more than 400,000 transactions have taken place without any false matches or security breaches.

Meanwhile, Germany's Berlin International Airports, the authority for Schoenefeld, Tegel and Tempelhof airports, chose Viisage Inc.'s facial recognition technology over fingerprint imaging and iris scanning, mostly because decision- makers considered it a small leap for employees to go from carrying IDs with photos to having their faces scanned.

"The process of facial recognition in its 'manual' form is already known to everybody, because of the everyday presentation of the staff card, which includes the photograph, so [the] usual work routine is not disturbed," said Rolf Castro-Vasquez, the airports' managing director of traffic.

Indeed, facial-recognition vendors promote user acceptance rates and often point to the law enforcement stigma associated with fingerprints. "Facial recognition has real value in that it is not intrusive, and having an image of their face taken is something that people are very comfortable doing," said Bernard Bailey, Viisage's president and chief executive officer.

The Berlin airports originally hired German facial-recognition company ZN Vision Technologies AG, which Viisage is in the process of acquiring. ZN Vision developed the Berlin system using its ZN-Face product, which uses graph-matching methodology to mimic the way humans process images of faces. ZN-Face examines 1,700 facial features and is designed to recognize individuals regardless of variable conditions such as environment or facial expression.
*******************************
Government Executive
June 23, 2003 
Report finds IRS employees continue to abuse Internet privileges 
By Amelia Gruber
agruber@xxxxxxxxxxx 

Internal Revenue Service workers are still visiting inappropriate Web sites during work hours and spending too much personal time online despite an agency effort to foster better online behavior, according to a new investigative report. 


In response to reports showing that a substantial number of IRS employees used the Web more for entertainment than for job-related activities, the agency implemented a new Internet use policy in May 2002. The policy allows workers to use the Internet for personal reasons, as long as they do not ?overburden? the agency?s information network, get distracted from their official duties, or violate the federal government?s ethical standards. 


There are no governmentwide rules governing civil servants? Internet use, according to Bob Huley, OPM?s assistant chief information officer. Agencies are left to establish and enforce their own policies if abuse of Web privileges becomes a problem, he said. 


?My guess is that depending on the level of checking they do, most agencies discover varying levels of problems,? Huley added. ?That?s just the nature of the beast.? OPM has a policy similar to the IRS, in that it allows employees to surf the net and send personal e-mails within reason. 


IRS distributed its May 2002 policy to all employees in a packet, which included a list of the types of sites employees were not permitted to visit and the possible penalties for breaking the rules. The agency also installed computer software that blocks employees? access to certain Web sites and monitors Internet use in general. 

But half a year after creating and publicizing the new policy, a number of IRS employees still surfed the Internet for personal purposes during work, downloading games or music, visiting pornographic sites, entering chat rooms, checking personal e-mail accounts, and instant messaging friends, a June 16 report by the Treasury Inspector General for Tax Administration found. 


?IRS rules on Internet usage are clear and comprehensive,? said Sen. Chuck Grassley, R-Iowa, chairman of the Senate Finance Committee, which oversees the IRS. ?They?ve been distributed to all employees. The fact that IRS employees persist in accessing inappropriate sites is stunning.? 


Investigators tracked the agency?s Internet use over a week in October, and found that as a group, IRS workers spent more than half their time online engaging in non-work-related activities. During the one-week period, IRS employees accessed more than 1 million ?questionable? Web pages from 19,000 computers. This does not necessarily translate into 19,000 IRS employees misusing the Internet, the inspectors cautioned, because some employees may have viewed questionable Web sites from more than one computer. But regardless of exact numbers, the investigators said they feel confident they uncovered ?substantial? misuse. 


In response to the report, David Mader, acting deputy commissioner for modernization and chief information officer at the agency, said investigators might have overestimated the number of inappropriate sites visited by defining ?questionable? too broadly. For example, a worker could visit a representative?s site to participate in a work-related chat, and that would count as a ?questionable? visit under the investigators? criteria. 


Mader told the inspectors he is concerned that their report might lead ?those who do not understand the mechanics of the Internet to question the ethics and integrity of the vast number of IRS employees who are complying with [the agency?s] Internet use policy.? 


The report does note that ?although a large number of employees accessed sites likely to be inappropriate, a relatively small number of employees appear to be chronic abusers.? Nearly 30 percent, or 300,000, of inappropriate site viewings over the one-week period in October can be traced to 122 computers, the inspectors said. 


?Nobody should collect a government salary to sit on their behinds and play around in chat rooms,? Grassley said. ?The IRS should weed out the bad apples who give [the agency] a bad name and the taxpayers lousy service.? 


In addition to making workers less productive, personal Web use creates security concerns, the report said. For instance, when employees download games or send messages through their private email accounts, they are often bypassing programs installed to detect computer viruses. Internet abuse could also lead to lawsuits claiming that the IRS has created a ?hostile work environment? by allowing workers to visit pornographic and other potentially offensive sites, according to the report. 


To fix the problem, the inspector general recommended that the IRS require employees to sign a document stating that they understand the May 2002 policy, enhance technology used to monitor Web usage and humiliate Internet abusers by publishing their names. The investigators also urged the agency to focus on punishing workers for misuse, and to make the consequences of violating the agency?s Web policy known and feared. 


In a June 4 memo, Mader pledged to act on the inspector general?s recommendations and noted that the IRS has already taken steps to address some of them. The agency has added a review of Internet usage policy to annual computer security training sessions, and has centralized responsibility for monitoring Web usage, putting the chief of security services in charge and assigning a program manager to assist the chief. 


?Using IRS systems to gain access to sexually explicit sites is offensive and wrong,? Mader wrote. ?Even one employee using the Internet for this purpose is one too many, and the IRS will not stand for it.?
*******************************
Washington Post
Online Piracy Frightens Movie Moguls 
David McGuire
Tuesday, June 24, 2003; 7:00 AM 

Slasher flicks may be good for a thrill, but when movie studio chiefs really want to scare themselves, they ask to see the latest financial statements from their comrades in the recording industry. Music remains a very profitable industry, but illegal music file downloads are cutting away at recording firms' bottom lines, prompting them to wage an aggressive fight against a host of villains guilty of perpetuating music piracy.

Movie studios aren't in any danger of going bankrupt in the short term either, but their executives say if they don't learn from the record industry's experience, they'll also wind up as victims in the piracy horror film. 

"In three to five years we could be in exactly the same place as the music industry," said MPAA Senior Vice President and Director of Worldwide Anti-Piracy Ken Jacobsen.

To date, the size (huge) and quality (poor) of most of the pirated movies and television shows available online have dampened their popularity among casual "peer-to-peer" file swappers. The same high-speed Internet customer who downloads dozens of digital-quality songs every hour may have to wait several hours to get one grainy, cheaply recorded copy of the latest Hollywood release.

The MPAA conservatively estimates that there are 400,000 illegal movie downloads occurring every day, a relatively small number compared to the countless millions of music downloads. But that will change, movie industry officials contend. Computers are getting faster, hard drives larger and broadband Internet connections more ubiquitous. At the same time, television and movie creators are experimenting with digital filmmaking technologies that could generate a slew of clean, digital copies early on in production cycles.

To prevent that from happening, movie studios have gone on the offensive, developing their own online distribution services, researching technological anti-piracy measures, attacking file-sharing networks in court, and pushing an aggressive legislative agenda aimed at limiting the availability of technology that can be used to steal movies.

It's those efforts that have civil liberties advocates questioning the studios' motives in raising the specter of peer-to-peer piracy.

"In the video world, nothing worth anything can be downloaded in any reasonable length of time," said Public Knowledge Senior Technology Counsel Mike Godwin. "What they're using is the hysteria over Napster as a way of pushing legislators' buttons over video piracy."

Free speech proponents say the movie industry's anti-piracy efforts disguise the more sinister goal of controlling computers so that consumers must watch movies when and how the movie studios choose.

A Growing Threat?
The MPAA acknowledges that their members have not felt the impact of peer-to-peer piracy the way record companies have. Movie studios posted record-shattering revenues of $9.5 billion in 2002, the MPAA said, while CD sales dropped from $13.2 billion in 2000 to $12 billion in 2002, according to the Recording Industry Association of America.

Music accounts for about two-thirds of free downloads of copyrighted material, according to a study released by Palisades Systems, an Internet security firm based in Ames, Iowa. Palisades found that movies made up 23 percent of copyrighted downloads, compared to 69 percent for music, in its study of 22 million file-sharing requests.

Even for users who have the patience and technological wherewithal to download feature films, the resulting viewing experience often provides a poor substitute for the real thing.

Within hours of a new hit song being released on compact disc, file sharers can download a clean digital copy of the song, almost identical to what they'd get had they purchased it. Movie files, by contrast, are typically analog, often recorded on camcorders smuggled into theaters. There is no evidence that film buffs are abandoning movie theaters in favor of watching grainy pirated films on their personal computers.

"Bandwidth continues to be the great wall that protects Hollywood from meaningful competition from file sharing and that wall continues to get thicker and higher," said Fred von Lohmann, a staff attorney with the Electronic Frontier Foundation.

High-resolution digital movies and television shows may be more attractive to pirates than the cheap analog copies that are so prevalent on peer-to-peer services, but those files are even larger than their analog cousins. Despite the popular assertion that Internet connection speeds are ramping up, belt-tightening efforts by telecom companies have left little money available for next-generation broadband rollout, von Lohmann said.

Like Godwin, von Lohmann believes that the movie industry's ostensible efforts to stamp out peer-to-peer file-sharing stem from a deeper desire not to repeat its experiences 25 years ago with the videocassette rentals, which created a substantial new revenue stream over which Hollywood initially had little control.

Movie industry officials also have taken their case to Capitol Hill, supporting the Security Systems Standards and Certification Act, sponsored by Sen. Ernest "Fritz" Hollings (D-S.C.). The bill would have forced computer and electronics makers to install anti-copying technology on electronics devices like DVD players. The MPAA also supported the Digital Millennium Copyright Act, a 1998 law that set out criminal penalties for anyone who disarms technology intended to prevent digital content from being copied by unauthorized users. It has backed similar legislation in several states.

"The common feature in all of these schemes is that in order to make the system work, the government has to ban any noncompliant device from the market," von Lohmann said.

The legislative push rankled computer manufacturers, consumer electronics companies and other technology companies, which claimed that the movie studios were trying to dictate the makeup of their products.

"We believe in intellectual property. We absolutely believe in the rights of intellectual rights holders, but broad technology mandates are simply not the answer," said Intel Corp. spokesman Bill Calder.

Intel, IBM, Hewlett Packard and other major technology companies felt so strongly about the MPAA's legislative proposals that they formed a new lobbying group -- the Alliance for Digital Progress -- to counter them.

Calder said the movie studios have made good progress in promoting their own legal download services and should focus on that rather than foisting requirements on other industries.

The MPAA's Taylor said that the music industry's experience points to the need for more protection for copyrighted works, and that is the only reason the studios are pressing for change.

"You don't sit idly by while your things are stolen from you," he said. "This is not the case of an industry that's making up a problem to get to some cabal-like endgame where we're controlling everyone's home computer."
*******************************
USA Today
RIAA's Rosen departs on an optimistic note
By Jefferson Graham, USA TODAY
BEVERLY HILLS  The self-described "lightning rod" of the music industry wants to have a life again.

For five years, Hilary Rosen, 44, has been the public face and voice in the industry's battle against digital piracy. CEO of the Recording Industry Association of America, which represents the major record companies, Rosen leaves her $1 million-a-year in-the-hot-seat post today to spend more time with the two children she shares with her partner.

"It's been an extremely rigorous job, as it needed to be, because of what the industry is going through," Rosen says over coffee on a recent Southern California visit. "But I really feel we're poised for a recovery in the next 18 months. I'm optimistic."

In August she'll begin working for CNBC as an on-air commentator, and also will consult for the RIAA.

Rosen's tenure at the association has been rocky, to say the least. It has been marked by the growth of trading free music online, the ease of CD burning, declining sales and shutdowns of major record stores. All the while, she has been the industry's often angry voice, calling for change, enforcement and reason.

"She did everything humanly possible to get the important messages across, that certain behavior is not legal and fair. And she has been relentless in her advocacy at a time when the message was not popular," says Zach Horowitz, president of Universal Music and an RIAA board member. "At the beginning, it looked like we were campaigning against progress, but there's been a sea change in that perspective, thanks to her."

In the pre-digital era, the top RIAA job was mostly about issuing gold and platinum albums for best sellers, and tending to legislative minutiae in D.C. "It was always a big job," Rosen says. "Napster turned it into a public job."

The first major file-sharing program, created in a dorm room in 1999 to make it easier to find music files on the Web, Napster appealed to music fans on their most basic level: free music, freely traded.

The RIAA sued, enlisting acts such as Metallica along the way to speak out for artists' rights. The labels won the legal battles  in court, Napster was shut down  but lost the PR war. 

Rosen "received death threats. She had stalkers," Horowitz says. "The attacks were so personal, unfair and inexcusable."

Rosen insists she wasn't troubled. "They were attacking me for something I was proud of doing: enforcing the rights of copyright owners. I never felt victimized." 

The music fans, who often hacked the RIAA's site and made it inaccessible, "were just being silly," she says. "People took their free music way too seriously."

And as Napster's successors have flourished  Kazaa now has more than 230 million users  the RIAA recently has trained its legal guns on users themselves. Four college students accused of online trading settled suits for thousands of dollars. The RIAA began sending 500,000 to 1 million threatening messages a week to users of Kazaa and battled Internet provider Verizon to obtain the names of several music-sharing subscribers. 

The point of the ramped-up efforts is to "unveil the cloud of anonymity infringers think they have," Rosen says.

Phil Leigh, an analyst for Raymond James and a longtime critic of the record labels, says he wishes Rosen had embraced digital distribution with the passion of her attacks on digital piracy. "She always seemed one-sided," he says. "Instead of suing companies and your users, why not also try to take advantage of digital, instead of trying to hold it back?"

The upside of digital distribution is huge, he says: "No manufacturing, shipping or stocking costs or returns. From the supplier's point of view, it makes all the sense in the world."

The industry's first answers to Napster  legitimate services such as Pressplay and MusicNet  were for the most part ignored by consumers and dismissed by critics for poor selection and onerous restrictions. 

Then, in April, Apple introduced the iTunes Music Store, offering downloads for 99 cents a song, with few restrictions. Critics loved it, and Apple has sold 5 million downloads since. Rosen, an avid Apple user who regularly dons an iPod portable music player, says the industry's challenge is "to create as good an experience with the Windows audience."

Apple says it will do just that by year's end. AOL Music, MusicMatch, Amazon, MTV and Roxio also are working on download stores. 

As for Rosen's replacement, the RIAA is currently searching for candidates. Several congressmen have been cited in speculation, as has former New York mayor Rudy Giuliani. 

The next phase in the music industry's growth won't necessarily be as combative, Rosen says. "A lot of important precedents have been set."

But anyone who thinks piracy will magically go away "is dreaming," she adds. "Right now, piracy has a 98% share. We need a better balance. And we're getting there."
*******************************
USA Today
NY governor makes video voyeurism a crime
June 23, 2003

NEW YORK (AP)  Gov. George Pataki on Monday signed into law a measure that makes video voyeurism  secretly capturing images of another person in a private place like a bathroom or bedroom  a felony that carries a maximum penalty of seven years in prison. 
Pataki called this behavior "heinous" and said a perpetrator "is not just a creep and a weird individual, as of today that person will be a felon and a criminal in New York state." 

The law is called Stephanie's Law, named after a 29-year-old Long Island woman, Stephanie Fuller, whose landlord pleaded guilty to a charge of trespassing after he spied on her for months by hiding a tiny video camera in a smoke detector above her bed. The landlord was sentenced to three years probation and 280 hours of community service, along with fines. 

Fuller was at the Republican governor's news conference Monday, as were a number of legislators and other women who had been victimized by unauthorized video and had fought to see the law passed. 

"I would love to say that video voyeurism will never happen again; unfortunately we live in a society that cannot guarantee this," Fuller said. "What can now be guaranteed is that this heinous, disgusting act will now be illegal." 

Until this measure, there was no specific law against this type of electronic, digital or mechanical image-taking. The people accused in the cases highlighted by Fuller and others served only days in jail or community service or paid small fines. There is a law to punish those convicted of secretly using listening devices on other people. 

Stephanie's Law also punishes those who would sell images of people that were unlawfully obtained. It goes into effect in mid-August. 
*******************************