[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips July 31-August 1



Clips July 31-August 1

ARTICLES

Surveillance Proposal Expanded 
Pac Bell Internet Arm Sues Music Industry 
Panel defends flaw disclosure guidelines 
Privacy bid ready, waiting
FTC warns about file trading, spyware 
Panel defends flaw disclosure guidelines 
Downloaders Don't Think of Copyright Laws 
Latinos Are Fastest Growing Internet Users-Study

*******************************
Washington Post
Surveillance Proposal Expanded 
CAPPS II Would Look At More Air Passengers 
By Robert O'Harrow Jr.
Thursday, July 31, 2003; Page E01 


A passenger-screening system designed to help capture terrorists could also be used to target people suspected of violent crimes, under a proposal approved by Department of Homeland Security officials.

Previously, government officials said the surveillance system known as CAPPS II would be used only to target potential terrorists and their allies -- limits intended to assuage concerns about the program's impact on privacy and civil liberties.

Plans called for using commercial information services to sort through demographic and marketing data to establish whether passengers are "rooted in the community." Classified government computers would then review passengers with questionable reports for signs of terrorist intent.

The new proposal shows that officials intend to use the system -- potentially the largest surveillance network created by the government -- more broadly to keep dangerous people off planes. That could include people wanted for domestic terrorism or violent crimes.

Anyone flagged by the system would receive extra screening or, in some circumstances, be detained.

A draft of a notice to be published in the Federal Register says "such information may be shared between law enforcement agencies and the Department of Homeland Security and appropriate action may be taken." The document was reviewed by White House officials and signed by Homeland Security Secretary Tom Ridge several days ago.

The document is the latest turn in the belabored creation of CAPPS II, a system that Transportation Secretary Norman Y. Mineta described a year ago as the "the foundation" on which all other, more public security measures depend.

Officials envision deploying CAPPS II -- short for the second-generation computer-assisted passenger pre-screening system -- to screen truckers, railroad conductors and other transportation workers.

Although officials had said CAPPS II would be operational by now, it has been delayed by questions about the proper technology and its potential intrusiveness.

Civil libertarians complained earlier this year when Transportation Department lawyers issued a proposal that left open the possibility that the government could collect and keep a wide variety of records for decades.

While critics conceded that the new proposal narrows the use and collection of personal information, they contended that it appears to expand the potential applications of CAPPS II.

David L. Sobel, general counsel at the Electronic Privacy Information Center, said he worries that CAPPS II will become a "massive enforcement mechanism."

"It opens the door for invasive background checks on all citizens," Sobel said.

James X. Dempsey, executive director of the Center for Democracy and Technology, said the change shows that officials will be always be tempted to expand the program's reach. "The system hasn't even been launched yet, and they're already thinking up other uses for it," he said.

Transportation Security Administration officials declined to comment on the proposal.

Homeland Security officials believe they have struck a balance between the protection of airplanes and the privacy rights of individuals. The system will be tested this summer and could be phased in beginning in the fall.

Nuala O'Connor Kelly, the agency's privacy officer, said the proposal is a significant improvement over previous plans because it limits the amount of information the government collects. The proposal would also give people a way to access records when questions arise about them.

"We have demonstrated we can both zealously defend the country and at the same time respect the liberties of the individual," Kelly said.
*******************************
Associated Press
Pac Bell Internet Arm Sues Music Industry 
Thu Jul 31,12:07 AM ET  

SAN FRANCISCO - A California-based Internet service provider jumped into the contentious music-downloading fray late Wednesday, filing a lawsuit against the recording industry and questioning the constitutionality of the industry's effort to track down online music sharers. 

   

Pacific Bell Internet Services, based in San Francisco, is seeking a declaration that the subpoenas served against it by the Recording Industry Association of America (news - web sites) are overly broad in scope and should have been issued from a California district court, not the District of Columbia. The complaint also seeks a jury trial to have the constitutional issues addressed. 


In the complaint, PBIS maintains it only acts as a "passive conduit" for the activity of its subscribers and "does not initiate or direct the transmission of those files and has no control over their content or destination." 


A RIAA spokesman called the lawsuit an attempt at "procedural gamesmanship" and insisted that Internet service providers must reveal the identities of online copyright infringers.
*******************************
USA Today
Hollywood hunts for pirates
By Michael McCarthy, USA TODAY

If you're thinking about downloading a bootlegged copy of X2: X-Men United or The Matrix Reloaded, you might want to look over your shoulder for the feds.

After watching the music industry be financially hammered by piracy, Hollywood moguls want to follow its recent lead and go after individual consumers who illegally download or file share copyrighted films. 

"We can't allow what happened to the music industry to happen to the movie industry," says Jack Valenti, president and chief executive of the Motion Picture Association of America (MPAA). He says the group will "seek enforcement of the breaking of copyright law" by the authorities against offending consumers. The MPAA also is launching public service ads urging consumers to just say no to piracy. (See the first ad at: www.respectcopyrights.org)

The reason for the new stance is that movie executives are having nightmares that file-sharing consumers who've swapped music for years are developing a growing appetite for free movies. And they've been watching the Recording Industry Association of America's increasingly aggressive response to the piracy that is feeding a decline in sales. Four college students were sued in April for online swapping and settled for up to $17,500 each. In June, subpoenas went out to universities and Internet providers to identify more swappers, and the RIAA plans "hundreds" more lawsuits against individuals in September.

To send a strong message that movie piracy is a crime, "There will probably have to be some people charged with the criminal downloading of movies," says Bo Andersen, president of the Video Software Dealers Association, which gathers in Las Vegas for its annual meeting this week. "It has to be made clear this is criminal behavior, and not just something fun to do on your computer." 

Worldwide piracy now costs the studios an estimated $3 billion to $4 billion a year. Much of that still is lost the old-fashioned way  sales of bootleg DVDs and videos.

But as the music business has shown, potential losses from online digital piracy are much higher. And more and more consumers have access to high-speed Internet connections, which make it feasible to transmit movie files. They now are downloading 400,000 to 600,00 movie files a day, according to industry estimates.

Digital piracy directly threatens the most lucrative sector of the movie industry: home video. Consumers spent $20.3 billion to rent and buy movies in 2002, according to Scott Hettrick, editor-in-chief of trade magazine Video Business. That's more than twice the record $9.3 billion fans spent on movie theater tickets last year. 

In a recent America Online poll, nearly 70% of respondents did not believe or weren't sure that "swapping" movies online was illegal. But studio executives don't buy that.

"They know what they're doing. People are just ripping this stuff off," says Danny Kaye, senior vice president of business development for 20th Century Fox Home Entertainment. "They're more than aware of the economic value. They're just shifting the dollars from the studios and the artists  to themselves."

David Bishop, president of MGM Home Entertainment Group, says his studio has an internal team constantly checking "how much piracy is going on around our titles," including the upcoming home video release of Legally Blonde 2.

The studios also are working on the next phase of DVD technology, with tougher encryption codes that might solve the problem, but that technology is still three to four years from market. "We're confident the next wave of DVD products will be much more difficult to file share with," he says.

How Hollywood is fighting back for now:

?Jail time. The recent federal prosecution of 25-year-old Kerry Gonzalez of New Jersey for stealing a preview copy of The Hulk and posting it online before the film's release was a warning shot. Gonzalez pleaded guilty to one count of copyright infringement and faces up to three years in prison and a $250,000 fine.

Coming is a likely series of lawsuits and prosecutions against individual consumers who are heavy file swappers. 

?Winning hearts and minds. "Consumer awareness" ads will try to educate consumers who think piracy is "no harm, no foul." In the five commercials, workers from the 580,000 in the movie industry  such as a stunt man and a makeup artist  describe how piracy costs jobs. The spots started airing today on 35 network and cable outlets and will show in 5,000 theaters across the country. 

?Closing the windows. Studios are moving to open major movies and release anticipated home videos in all major markets worldwide in the same month, rather than spreading rollouts up to a year. The goal is to close the window of opportunity for pirates to step in to sell ripped-off copies awaiting official release. Warner Bros. used this strategy this summer with The Matrix Reloaded and will again with The Matrix Revolutions this fall, spokeswoman Barbara Brogliatti says.
*******************************
Mercury News
Privacy bid ready, waiting
CONSUMER GROUPS GIVING LAWMAKERS TIME TO PASS BILL
By Michael Bazeley
Mercury News
July 31, 2003

Backers of a financial privacy initiative said Wednesday that they've collected enough signatures to qualify it for the ballot. But in a surprise move, they promised to hold the signatures for three weeks to give state lawmakers a final chance to hammer out a bill instead.

``There's one last window of opportunity here, and it's in everybody's interest to come to a compromise,'' said Dan Schnur, political consultant to the coalition of consumer groups that has backed the initiative.

The coalition, led by Consumers Union and the AARP, said it had collected 550,000 signatures from registered voters, more than enough to place the measure on the ballot in March 2004. But the group said it would not turn in the signatures until Aug. 20 to give lawmakers another stab at resolving an issue they have unsuccessfully debated for four years.

Citing privacy concerns, the groups have been pushing for a bill that would give consumers the right to ask not to have their financial information passed around within large corporations and to outside companies.

But state lawmakers have repeatedly shot down financial privacy legislation, citing concerns raised by business groups that the bills were unworkable and would harm businesses.

Earlier this month, the Assembly Banking and Finance Committee killed SB 1, a bill by Sen. Jackie Speier, D-San Mateo, that would have required financial businesses to get permission before sharing customer information with third parties.

For 11 weeks, the coalition of consumer groups has been collecting signatures for a stronger ballot measure that would force financial institutions to get customer approval before sharing information with any affiliate or outside company.

A deal can be made

But the coalition said Wednesday that it still prefers a legislative solution, and it believes a deal is still possible.

``We have had some inquiries over the last couple of months, and we welcome those,'' said Shelley Curran, lobbyist for Consumers Union. ``We've been saying for months and months that, in an ideal world, the legislature would do its job.''

The odds of the legislature approving a financial privacy bill before the coalition's deadline appeared slim, though, on Wednesday. To date, the legislature has been unable to break through logjams on the privacy issue, despite intense back-and-forth negotiations.

Complicating matters further is that the coalition's deadline for getting an acceptable bill falls just one day after lawmakers return from their summer recess.

``Frankly, with the budget behind us, I think we can and should give it another shot,'' said Assemblyman John Dutra, D-Fremont, who has been involved in past financial privacy negotiations. ``But I don't know how in the world you get it done. Mechanically, it's impossible.''

But legislative aides said that discussions would likely restart next week and that it is technically possible to get a bill passed by both legislative houses before the coalition's deadline. Staff members and lobbyists could debate language over the summer break, with vacationing lawmakers being consulted along the way.

``Can we do it? Yeah, I think we can do it,'' said Mike Mattoch, a consultant to Assemblyman Juan Vargas, D-Chula Vista.

Adding a new wrinkle to the debate is a ruling that a federal district court judge handed down Tuesday.

In a closely watched financial privacy case, Judge Claudia Wilken said federal law limits the restrictions that state and local governments can place on information-sharing by banks.

Wilken said local governments can restrict what personal information banks share with other companies. But they have no say over how financial institutions share that information among their affiliates, or companies that are part of the same corporate family.

Banks and financial institutions largely cheered the ruling because using customer information to market products among affiliates is a big part of their business.

State business leaders will now likely use that ruling to help frame the debate over any state legislation.

The strategy now will be to craft legislation that matches federal law, said Fred Main, lobbyist with the state Chamber of Commerce.

Fear of overturn

Business leaders questioned the legality of the ballot measure Wednesday in the wake of the court ruling. And there was speculation that initiative supporters were now worried it would be struck down by the courts if it passed.

But Curran said the coalition was still studying the Wilken ruling and was not yet convinced it would affect the ballot measure. If the ruling did invalidate parts of the ballot measure, Curran said, the initiative could at least be used to pressure Congress to enact stronger privacy protections.

``We're dealing from a position of strength here,'' Schnur said. ``We're happy to move forward with the negotiation process, but we're just as happy to go to the ballot.''
*******************************
CNET News.com
FTC warns about file trading, spyware 
By John Borland 
Staff Writer, CNET News.com
July 30, 2003, 12:23 PM PT


The Federal Trade Commission issued a brief consumer warning Wednesday about potential privacy concerns surrounding file-swapping software and spyware. 
In the latest of a series of consumer privacy alerts, the agency stopped short of warning consumers not to use free file-trading software, but it said computer users should take care to understand and prevent a range of potentially unpleasant consequences for doing so. 

"Make sure that you consider the trade-offs," the agency wrote. "File sharing can have a number of risks." 


The alert cited the possibility that consumers might download viruses, share private or copyrighted files that could land them in legal trouble, or accidentally download mislabeled pornography.

The warning intensifies the drumbeat of concern over file-sharing software, as courts, legislators and copyright holders put more pressure on peer-to-peer networks and individual file-traders. 

After years of warning of legal ramifications, the Recording Industry Association of America (RIAA) is now issuing close to 300 subpoenas a week for file swappers' names and addresses, a prelude to filing what will likely be thousands of copyright infringement lawsuits against individuals starting next month. 

One group of federal legislators has proposed criminal penalties for people offering copyrighted files through peer-to-peer networks without authorization. Another group introduced a bill that would require peer-to-peer software companies to make sure minors have parental permission to use their networks. 

Finally, Rep. Mary Bono, R-Calif, introduced legislation earlier this week that would for the first time regulate spyware, requiring clear consent from computer users before software that monitors their surfing habits was installed on their computers. 

In its consumer alert, the FTC suggested that computer users: 

? Set up file-sharing software carefully, making sure that no private files or folders are being shared.

? Be aware of potential spyware, and think about using software that can prevent downloading or delete intrusive programs.

? Close connections when finished using file-sharing software, to avoid accidentally sharing files.

? Use and update antivirus software.

FTC Article http://www.ftc.gov/bcp/conline/pubs/alerts/sharealrt.htm
Software Article http://news.com.com/2009-1023-937861.html?tag=nl
*******************************
CNET News.com
Panel defends flaw disclosure guidelines 
By Robert Lemos 
Staff Writer, CNET News.com
July 30, 2003, 2:43 PM PT


LAS VEGAS--A group formed to set rules for disclosing information about security flaws on Wednesday defended its latest revision and called for researchers to adopt its guidelines. 
The Organization for Internet Safety (OIS) held a panel discussion at the Black Hat Briefings security conference here to field questions regarding its latest attempt to create a standard way for security researchers to report flaws to software vendors. Currently, researchers handle flaw information in widely different ways. Some immediately publish the information on the Internet, while others work with software makers to fix the issues. 

The group hopes that researchers will give software companies at least 30 days to come up with a patch for a problem before going public with a flaw. Scott Culp, security program manager for Microsoft and an OIS member, stressed that more time does not mean the companies won't take security seriously. 


"These guidelines don't let us off the hook--they increase the pressure on us," he said. 

The group's guidelines, released Tuesday, also call for security researchers to give the public 30 days to apply a patch before they release details of a vulnerability that could be used to attack a system. 

Such grace periods are a contentious concession for the security community, which has had to deal with reticent software makers for the past decade. Companies' slowness to acknowledge and solve security flaws resulted in the so-called open-disclosure movement, a philosophy to which many researchers subscribe. Under open disclosure, the public is notified of any flaw as soon as possible 

Chris Wysopal, research director for the digital security firm @Stake, released information about a fair number of such vulnerabilities when he was part of the Boston hacker group The L0pht. Wysopal, now part of the OIS and author of the original guidelines, said software makers handle security much better today, so immediate disclosure is no longer needed. 

"The environment has changed in the last seven years," he said. "At some point, we started to see that releasing (details and) code was doing more harm than good." 

Security researchers attending the event questioned whether software makers would resort to their old ways if given the chance. Wysopal stressed that if that were to happen, it would be time to re-evaluate the guidelines. 

"If companies delay (fixing flaws), then the environment has changed from what it is today. Then we need to change the document" guidelines, he said. 

Other members of the audience worried that stopping the immediate public release of information about vulnerabilities would be a boon to some security firms, such as Internet Security Systems, that sell early information on flaws to customers who subscribe to a closed security list. That tactic also is being used by the Computer Emergency Response Team Coordination Center, a security clearinghouse that gives sponsors early access to information. 

OIS hasn't created a policy for that sort of disclosure because a consensus on the matter could not be reached. However, Wysopal said the benefits to the guidelines should outweigh any abuses of the system. "We want to see if this type of process works," he said. "We shouldn't just say we aren't going to try it, because there are still issues." 

The group said that information on more than 70 vulnerabilities has been released under the guidelines. 

Other members of OIS include anti-virus software maker Symantec, Unix seller SCO, database maker Oracle, security software maker Network Associates, digital security firm @Stake, and network protection firm BindView.
*******************************
Associated Press
Downloaders Don't Think of Copyright Laws 
Thu Jul 31, 6:30 PM ET  
By TED BRIDIS, AP Technology Writer 

WASHINGTON - Two-thirds of Internet users who download music don't care whether they're violating copyright laws, according to a new survey that highlights the uphill enforcement battle facing the recording industry. 

   

The survey published Thursday by the nonprofit Pew Internet and American Life Project estimated that roughly 35 million American adults use file-sharing software, about 29 percent of Internet users. Those figures were generally consistent with other estimates of 60 million American users across all age groups. 


The Pew survey was completed before the Recording Industry Association of America (news - web sites) announced its aggressive campaign to sue individual computer users who illegally share "substantial" collections of music, so it was unclear from the survey whether the campaign was discouraging online piracy. 


"Our data shows significant numbers didn't care about copyrights," said Lee Rainie, the director for the Washington-based Pew project. "The (threatened) lawsuits maybe have gotten their attention." 


The survey said younger Americans, ages 18 to 29, were least worried about copyrights, with 72 percent saying they weren't concerned. It said 61 percent of Americans who were 30 to 49 years old were similarly unconcerned. Full-time students were the least concerned with violating copyright, with 82 percent saying they were not worried. 


Pew researchers said differences between men and women, blacks, whites and Hispanics and between income groups were not statistically significant when measuring copyright concerns. 


The RIAA, the trade group for the major recording labels, said the Pew study was outdated, adding that it believes its enforcement efforts have affected attitudes toward downloading music. 


"We believe that the most powerful deterrent is the message that uploading or downloading copyrighted works without permission is against the law," the RIAA said in a statement. "We have worked hard to educate the public about what the law says and potential consequences, and other studies have shown that that message is beginning to take hold and will serve as an effective deterrent." 


The chairman of the Senate's permanent subcommittee on investigations began an inquiry Thursday into the industry's crackdown against music swappers, calling the campaign "excessive." 


"Theft is theft, but in this country we don't cut off your arm or fingers for stealing," said Sen. Norm Coleman, R-Minn., who was a rock roadie during the 1960s. 


In a letter to RIAA President Cary Sherman, Coleman criticized the group for issuing subpoenas to "unsuspecting grandparents whose grandchildren have used their personal computers" and others who may not know their computer is being used to download music. 


He asked the RIAA to furnish him with a list of its subpoenas; its safeguards against invading privacy and making erroneous subpoenas; its standards for issuing subpoenas; and a description of how it collects evidence of illegal file sharing. 


The RIAA said it would be "pleased" to provide Coleman the information he requested. 


"It will confirm that our actions are entirely consistent with the law as enacted by the U.S. Congress and interpreted by the courts," the RIAA said in a statement. 


When computer users download a copyrighted song, file-sharing software automatically makes it available for other Internet users to download, too. It is possible  and increasingly popular  to reconfigure the software to allow downloads but prevent sharing files, although this undermines the concept of public file-sharing networks. 


The Pew survey said about 26 million American adults allow others to download music and other data files from their computers. These computer users were equally as likely to be men or women, and equally as likely to be white, black or Hispanic. But they tended to be younger, most often between 18 and 29. 


The survey was based on interviews conducted during random telephone calls by Princeton Survey Research Associates during March, April and May among a sample of 2,515 adults in the continental United States. The margin for error was plus or minus 3 percent.
*******************************
CNET News.com
Government preps Net security system 


By Declan McCullagh 
Staff Writer, CNET News.com
July 31, 2003, 4:03 PM PT


LAS VEGAS--A centralized early warning system for Internet security alerts should be working by this fall, an official from the U.S. Department of Homeland Security said Thursday afternoon. 
Marcus Sachs, the department's cyber program director, said the system will provide an Internet counterpart to the Terrorist Threat Integration Center (TTIC) that President Bush announced in his State of the Union address in January. The TTIC, a mammoth data-collection project intended to fuse information collected domestically by police and internationally by spy agencies, has a broad mandate but has focused on physical threats to national security. 

"We don't have today a way to do early warning detection broadly," Sachs said in an interview after a speech at the Black Hat Briefings security conference here. Defense contractor SRI International is expected to deliver a preliminary version of a working system--called the Global Early Warning Information System (GEWIS)--by October 2003 and a final version by March 2004, Sachs said. 

 GEWIS is intended to act as a kind of central hub that monitors sensitive areas of the Internet and alerts Department of Homeland Security officials to suspicious activity. Sachs offered the example of the department monitoring unusual numbers of domain name lookups and requests to authenticate VeriSign certificates as possible precursors to an electronic attack. 

"That'll fall under us," Sachs said. "We recognize there's a lot of good information out there that's not connected." 

In 1999, the FBI proposed a related plan, called the Federal Intrusion Detection Network, or FIDNet, but was forced to dramatically limit its scope in response to public outcry and pressure from libertarian-leaning members of Congress. Texas Rep. Dick Armey, who was House Majority Leader at the time, wrote a letter to then-Attorney General Janet Reno saying: "This new bureaucracy would look for suspicious activity on both government and private computer networks, and the information collected would be gathered at the FBI's National Infrastructure Protection Center, under your jurisdiction. News reports about this system have understandably caused a great deal of concern." 

David Sobel, general counsel of the Electronic Privacy Information Center, said GEWIS raises similar legal and constitutional concerns if it includes monitoring Internet resources operated by the private sector. 

?It warrants closer examination, and more details need to be disclosed so a full assessment of the legal and privacy issues that may be raised can be made," Sobel said. 

The FBI's National Infrastructure Protection Center is now part of the Department of Homeland Security. When Congress created the department in November 2002, it mashed together five agencies that previously had divvied up responsibility for "critical infrastructure protection." The other four were the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis center and the Federal Computer Incident Response Center. 

Sachs said the government already has "a prototype that's been under development in the last year." GEWIS will take over where the efforts of the five individual agencies had ended, Sachs said. 

He said GEWIS is not intended to focus on content and should not raise the same concerns that plagued FIDNet. GEWIS is based in part on work conducted by the National Communications System, a Defense Department agency that became part of the Homeland Security Department. 
*******************************
Internet Report
Latinos Are Fastest Growing Internet Users-Study
Thu Jul 31, 3:10 PM ET
 
SAN FRANCISCO (Reuters) - Latinos are getting on the Internet faster than other groups in the United States, but the disparity between the number of men versus women online is much greater than for other groups, according to a study released on Thursday. 

   

The percentage of Latinos using the Internet at least once per month has risen 25 percent since 2000, while the percentage of overall Internet users has inched up only 7.6 percent, the study from the University of California, Los Angeles found. 


"Latinos are the fastest growing group" among Internet users, as well as the fastest growing ethnic group in the country, said Jeffrey Cole, director of the UCLA Center for Communication Policy. 


The study found that 59 percent of Latinos polled said they used the Internet from office, home, school or elsewhere, compared with 47 percent in 2000, Cole said. By contrast, 71 percent of all respondents use the Internet, compared with 66 percent three years ago. 


African Americans are the second fastest growing group getting online, with a 22 percent jump since 2000, the study found. 


"One thing that hasn't changed is the gender gap" between Latino men and Latina women online, Cole said. 


Of the Latinos who said they use the Internet, 51 percent were women compared with 68 percent men, difference of 17 percentage points. 


For Internet users overall, and Asians and African Americans, the difference between men and women using the Internet was four percentage points or less. 


"A lot of it is cultural," Cole speculated. "It is possible that there are not as many Latinas in the workplace as (Latino) men." 


For overall Internet users, 69 percent were women and 73 percent were men, a narrower margin. 


For the annual study, the third the UCLA center has conducted, 2,000 people, including 240 Latinos, were questioned over the telephone. There is a 3-percent margin of error.
*******************************