[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips August 6, 2003
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx;
- Subject: Clips August 6, 2003
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Wed, 06 Aug 2003 15:35:51 -0400
Clips August 6, 2003
U.S. Backs Florida's New Counterterrorism Database
[AL] State loses eBay auction, seizes books anyway
[Australia] Hack attacks at record levels
Study: Software piracy on the wane
FDA seeks food illness model
N.J. gets Army help
Forman?s legacy is one of better IT management
OMB issues guide on E-Government Act
Encryption mandate puts strain on financial IT
SBC plans 6,000 Wi-Fi sites by '06
EFF urges RIAA to change legal tune
*******************************
Washington Post
U.S. Backs Florida's New Counterterrorism Database
'Matrix' Offers Law Agencies Faster Access to Americans' Personal Records
By Robert O'Harrow Jr.
Wednesday, August 6, 2003; Page A01
Police in Florida are creating a counterterrorism database designed to give law enforcement agencies around the country a powerful new tool to analyze billions of records about both criminals and ordinary Americans.
Organizers said the system, dubbed Matrix, enables investigators to find patterns and links among people and events faster than ever before, combining police records with commercially available collections of personal information about most American adults. It would let authorities, for instance, instantly find the name and address of every brown-haired owner of a red Ford pickup truck in a 20-mile radius of a suspicious event.
The state-level program, aided by federal funding, is poised to expand across the nation at a time when Congress has been sharply critical of similar data-driven systems on the federal level, such as a Pentagon plan for global surveillance and an air-passenger-screening system.
The Florida system is another example of the ongoing post-Sept. 11 debate about the proper balance between national security and individual privacy. Yesterday the District and the Department of Homeland Security announced plans to launch a pilot law enforcement data-sharing network that will include Virginia, Maryland, Pennsylvania and New York.
Paul S. Cameron, president of Seisint Inc., the Boca Raton, Fla., company that developed the Matrix system and donated it to the state, said: "It is exactly how law enforcement worked yesterday, except it's extraordinarily faster. In this age of risks that appear immediately, you have to be able to respond immediately."
Some civil liberties groups fear Matrix will dramatically lower the threshold for government snooping because other systems don't allow searches of criminal and commercial records with such ease or speed.
"It's going to make fishing expeditions so much more convenient," said Ari Schwartz, associate director of the Center for Democracy and Technology, a nonprofit that monitors privacy issues. "There's going to be a push to use it for many different kinds of purposes."
The Justice Department has provided $4 million to expand the Matrix program nationally and will provide the computer network for information sharing among the states, according to documents and interviews. The Department of Homeland Security has pledged $8 million, state officials said.
At least 135 police agencies in the state have signed up for the Florida Department of Law Enforcement database service, which began operation more than a year ago. At least a dozen states -- including Pennsylvania, New York and Michigan -- said they want to add their records.
In some ways, Matrix resembles other data-driven counterterrorism initiatives started since the 2001 attacks. The Pentagon's controversial Terrorism Information Awareness program also sought to use personal data in new ways, but on a far larger scale. The idea, started by retired admiral John Poindexter, was to create a global data-surveillance system that might find subtle signs of imminent threats. Lawmakers sharply limited the program's funding several months ago, and now some intend to shut it down.
A Justice Department document from early this year describes Matrix as an effort "to increase and enhance the exchange of sensitive terrorism and other criminal activity information between local, state and federal law enforcement agencies." Matrix organizers met several times with Sen. Bob Graham (D-Fla.), while he was head of the Senate Intelligence Committee, to discuss the system's development.
Matrix is short for Multistate Anti-Terrorism Information Exchange. The name was chosen somewhat whimsically by a Florida law enforcement officer, an agency official said. Florida officials say the system will be used only by authorized investigators under tight supervision. They said it includes information that has always been available to investigators but brings it together and enables police to access it with extraordinary speed.
Technical challenges include ensuring that data are accurate and that the system can be updated frequently.
"The power of this technology -- to take seemingly isolated bits of data and tie them together to get a clear picture in seconds -- is vital to strengthening our domestic security," said James "Tim" Moore, who was commissioner of the Florida Department of Law Enforcement until last month.
A senior official overseeing the project acknowledged it could be intrusive and pledged to use it with restraint. "It's scary. It could be abused. I mean, I can call up everything about you, your pictures and pictures of your neighbors," said Phil Ramer, special agent in charge of statewide intelligence. "Our biggest problem now is everybody who hears about it wants it."
The Matrix project began soon after the 2001 attacks. Seisint founder Hank Asher, a wealthy data entrepreneur, called Florida police and claimed he could pinpoint the hijackers and others who might pose a risk of terrorist activity. "Asher says, 'I'll develop this for free,' " Ramer said.
Working without a contract or pay, Asher set about creating the system in Florida, Ramer said. "We showed it to the other states, and the other states went nuts." They came up with an idea of a search engine called "Who" that would be at the core of the "concept as a national intelligence project," he said.
Ramer added that he's never seen so powerful a system in his many years in law enforcement. To replicate it "we'd have to go to 10,000 systems," he said. "It would just take you forever."
In 1999, the Drug Enforcement Administration and the FBI suspended information service contracts with an earlier Asher-run company because of concerns about his past, according to law enforcement sources. The Chicago Tribune reported in 1987 that court documents in a federal drug case said defense lawyer F. Lee Bailey, who identified Asher as a pilot and onetime smuggler, offered him as an informant.
Jennie Khoen, a spokeswoman for the Florida department, said yesterday that the agency knew about Asher's "history with drug smuggling," including his work as an informant. Moore said his department "knew about Mr. Asher's past."
"We were aware of his informant activity," Moore said. "But we were also aware he had never been arrested or charged."
Because of the renewed questions about his past and because the state is entering into a contract for the Matrix services, Khoen said "it is prudent and responsible for us to do a comprehensive review of his background."
The Florida legislature just allocated $1.6 million to begin paying Seisint for its work.
Asher didn't respond to several requests for interviews.
Seisint's Cameron said people should focus on the value of the technology for fighting terrorism and crime. He said privacy fears are overblown because Matrix relies on the same records that police have always had access to.
Asher has also donated services to the FBI, the Secret Service and other agencies. And authorities credit Seisint with helping to turn up links among the hijackers who slammed planes into the Pentagon and the World Trade Center, and to some of their associates.
The Secret Service, the FBI, and the Immigration and Naturalization Service gave Asher letters of commendation last year. They are prominently displayed as awards on Seisint's Web site. Spokesmen at the FBI and the Secret Service said the letters are routinely given as thank-you notes to hotels and other companies that help their agencies.
Former Secret Service head Brian Stafford recently went to work as a senior executive at Seisint.
*******************************
USA Today
State loses eBay auction, seizes books anyway
BIRMINGHAM, Ala. (AP) When two state trooper investigative dossiers of civil rights-era protest figures were auctioned on eBay, an Alabama state archives official placed bids to reclaim them for the state. She lost and got the attorney general's office to demand the seller turn them over to the state anyway.
The seller complied, but a Birmingham book dealer who made the winning bid of $177.50 felt the state used strong-arm tactics to take material that tells an important part of Alabama history and should be in the public domain.
"Either scenario is not pretty," said Patrick Cather, a rare books dealer. "They intimidated me by threatening legal action. I'm just concerned. State and local governments have a long history of preferring to hide skeletons in the closet rather than to address them."
The Birmingham News reported Monday that the booklets auctioned on eBay in mid-July were put together in the 1960s by the Alabama Department of Public Safety. Described as volumes one and two of "Individuals Active in Civil Disturbances," they feature mugshots, profiles and arrest records of people involved in the civil rights movement.
The person auctioning the booklets, identified only as being from Woodville, promoted them on eBay by saying: "If you were involved in the Civil Rights Movement then there's a chance Montgomery had your picture and information about you in these books. Both blacks and whites, from Dr. Martin Luther King on down."
Tracey Berezansky, assistant director of government records of the Alabama Department of Archives and History, bid on the material but lost at the very end to Cather. Berezansky then turned to the attorney general's office, and two days later a letter was sent to the seller and to Cather demanding the booklets be handed over to the state.
"This file should not have been removed from the custody of the State of Alabama," the letter from assistant attorney general Alyce S. Robertson said. "Moreover, this file is part of the civil rights history of the state and should properly be transferred to the Sate Department of Archives and History for the department to make an appropriate determination as to where and how the records should be maintained for public access."
Berezansky said the material would be made public after she can "review them to make sure there is not anything libelous or slanderous that may harm the individuals" named in the books.
Cather said a lawyer advised him that he could probably get the books legally, but the seller backed out of the sale after getting the letter.
Cather said the books apparently were distributed to political appointees of former governor George Wallace and law enforcement officials. During that period, Wallace and other segregationists viewed civil rights protesters as lawbreakers, with the State Sovereignty Commission formed to keep tabs on them.
Jack Drake, a Birmingham attorney who successfully sued in federal court to gain access to Sovereignty Commission files in the late 1970s, said Monday the booklets probably were materials the commission would have maintained.
Drake said the federal court order for the state to produce the files did place some restrictions on their public release to protect people who might be wrongly described or defamed in the documents. But, Drake said, "I think the state is wrong if it is arguing that it's state property."
The auction can still be viewed online at eBay (http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=3538448153&category=41894).
*******************************
Australian IT
Hack attacks at record levels
Mark Hollands
AUGUST 05, 2003
ATTACKS on Australian computer systems are at record levels. More than 1000 incidents a week are being reported, internal figures from the security organisation, AusCERT, reveal.
The rate of attack has doubled every year since 2001 with 12,457 incidents reported to AusCERT (Australian Computer Emergency Response Team) from last April to the end of June.
This is a dramatic jump compared with the corresponding period last year, when 6415 attacks were reported.
AusCERT general manager Graham Ingram said 25,197 "incidents" had been reported in the first six months of this year, compared with 40,369 for all 2002 - a year in which figures jumped because of malicious worms, such as Code Red, which scanned systems for vulnerabilities.
Some 347 attacks had been successful so far this year, meaning a hacker had gained some form of privileged access to a network.
Only 233 intrusions were reported for all 2002. These figures do not include Trojan horse penetrations, worms or denial of service attacks.
"So long as the industry keeps going at the same rate and the profile of the internet grows, the rate of vulnerabilities will keep pace," Mr Ingram said.
AusCERT's Kathryn Kerr said the figures were "only the tip of the iceberg, as these are just the reports people make to us".
"This sort of thing happens every day against everyone's systems," she said.
Some 67 per cent of Australian companies said they had been attacked, according to a separate AusCERT study, 2003 Australian Computer Crime and Security Survey, released earlier this year.
Nearly a quarter of respondents said they had been the victim of more than 10 "security incidents" and 11 per cent confessed they were not dealing with security problems adequately.
Mr Ingram said the increasing size of software programs was partly responsible for the increase.
"Hackers are constantly scanning for flaws in software that give them a way into a network," he said.
"A good programmer will make a mistake in one line per 1000. As the applications get fatter, the mistakes increase."
The figures come in the wake of rare security warnings issued in the past month by Cisco Systems and Oracle, as well as the normal stream of reports from Microsoft.
Mr Ingram said the figures could show AusCERT was "getting better at detecting and reporting incidents, so we have to be careful".
However, the Australian results are in line with global figures released by the US CERT Co-ordination Centre, a government-funded research and development group operated by Carnegie Mellon University in Pittsburgh.
It has received 76,404 "incident" reports in the first six months of this year, compared with 82,094 for all 2002. Ten years ago, there were just 1334 such reports.
At the weekend, The Washington Post reported US security experts had noted "widespread scanning and exploitation" of the internet.
The US Homeland Security Department warned a "significant impact" on the internet was coming. An FBI spokesman "implored" IT security staff to go to the Microsoft website and install patches to fix code flaws.
Mr Ingram said he could not predict whether the rapid increase in attacks in Australia would continue.
"It is a bit like putting your finger in the air. If reliance on the internet stopped growing, it might slow," he said.
"But as we see online banking take off, there may be more vulnerabilities. It's a reflection of the environment."
The AusCERT figures come as the newly launched Australian High Tech Crime Centre (AHTCC) completed its first month of operation in Canberra.
*******************************
CNET News.com
Study: Software piracy on the wane
By Matt Hines
August 5, 2003, 2:41 PM PT
The latest report from the Business Software Alliance concludes that software piracy declined in the United States during 2002.
The special interest group, an antipiracy organization that's comprised of members such as Apple Computer, Cisco Systems and Microsoft, released results of its state-by-state analysis of software piracy across the United States on Tuesday. According to BSA's report (http://global.bsa.org/statestudy/), the nation's piracy rate dropped 2 percentage points in 2002 compared with 2001, to 23 percent. The International Planning and Research (IPR) conducted the study for BSA.
BSA also reported that some 37 organizations handed down more than $3.1 million in piracy-related settlements as a result of its annual campaign to raise awareness among business users regarding illegal use of copyrighted software.
Among the U.S. states that saw the most significant reduction in piracy percentage rates were Louisiana, Maine, Oregon, West Virginia, Idaho, Hawaii, Alaska, South Carolina, Washington and Oklahoma, according to BSA.
The group listed the top nine states (in addition to the nation's capital) that had the lowest piracy rates in 2002 as: Illinois; Michigan; Ohio; Indiana; New York; Connecticut; New Jersey; Washington, D.C.; Washington; and Virginia.
Bob Kruger, BSA's vice president of enforcement, said the increased amount of revenue loss is a good sign that piracy continues to be a major problem despite state-by-state improvement.
"The piracy rate in the U.S. is as low as it has ever been, but the losses continue to be staggering," Kruger said. "While we've certainly made inroads with corporate users, the issue of individuals downloading illegal software over the Internet is a growing problem."
Kruger said software companies need to follow the lead of the music industry, which has been working hard to keep copyrighted materials from being illegally transferred online.
BSA representatives were quick to point out that, despite the states' lowered piracy rates, the practice of using unlicensed or stolen products continues to have a negative effect on the software industry and the larger U.S. economy.
The group estimates that piracy cost the nation $1.9 billion in 2002, up from $1.8 billion in 2001. As a result, BSA contends that piracy was related to the loss of 105,000 jobs over the course of last year.
*******************************
Federal Computer Week
FDA seeks food illness model
BY Sara Michael
Aug. 5, 2003
The Food and Drug Administration plans to create a modeling tool for food threats.
FDA officials want a simulation that can predict the outcome and determine possible causes of food contamination outbreaks, based on variables such as illness symptoms and characteristics of a public health response. Officials could then simulate responses. "This system should be able to model the flow of food but also let us manipulate variables to create what-if scenarios," said Morris Potter, the FDA's project officer and lead scientist for epidemiology in the Center for Food Safety and Applied Nutrition.
The tool would outline where to find and how to extract data, such as food production and distribution, human consumption patterns and illness symptoms and outcomes.
"It helps us predict what happens when certain things go wrong so we can be better prepared, and it helps us prioritize," Potter said.
Officials also expect to be able to run the system in reverse, entering outcomes to predict the origin.
The FDA released a request for proposals in late June. Once agency officials award a contract, they expect to have a basic model within a year. "The model should, at the end of one year, be a fine model, but it might not have all the bells and whistles," Potter said.
*******************************
Federal Computer Week
N.J. gets Army help
BY Dan Caterinicchia
Aug. 4, 2003
The U.S. Army will help develop protection for New Jersey's government networks against digital terrorism.
State officials signed an agreement July 17 to have the Army Communications-Electronics Command Research, Development and Engineering Center develop an intrusion-detection system for state agencies. It's the first research collaboration between the center and a state government, said James Soos, the center's deputy director for homeland security.
A system for detecting electronic attackers is a main part of the state's homeland security plans, said its chief technology officer, Charles Dawson. The agreement will help state officials determine what is needed for an intrusion-detection and response program to cover the executive branch's 16 departments. The system will need to be able to detect attacks on individual computers and entire networks.
"Faced with a difficult budget situation, we are very fortunate to have built this relationship with [the center] to gain such a great deal of knowledge and resources," Dawson said in a release. The state will also receive guidance in developing program management.
An Army homeland security team at Fort Monmouth, N.J., will survey each department, analyze networks and critical assets, evaluate products, make recommendations, and develop an overall plan for the new system, Soos said. New Jersey gets to tap a pool of almost 1,600 scientists and engineers working in communications-related fields for the Army, Dawson said.
*******************************
Federal Computer Week
Forman?s legacy is one of better IT management
By Jason Miller
As the news spread that Mark Forman will leave the Office of Management and Budget for a job in the private sector, the reaction in the federal IT community was not of surprise, but of understanding and consideration.
Forman, whose last day as the administrator for e-government and IT is Aug. 15, will leave a sure legacy of better IT management, a passion for his job and an understanding of how the federal game is played, federal observers and agency IT managers said.
?Mark played senior manager, analyst and mentor to many people at OMB and in government,? said Stephen Galvan, CIO of the Small Business Administration and a former Quicksilver portfolio manager at OMB. ?Mark brought an unique combination of knowledge of the government, IT management practices and e-business approaches that drive change.?
Galvan, who was a part of Forman?s inner circle for much of the last 18 months, said the transformation OMB sought came from Forman?s ability to establish a vision and change governmentwide practices.
?He really established the groundwork for how the government manages IT,? Galvan said. ?He had to deal with a lot of strong factions within government, in Congress and in the vendor community. We knew we were accomplishing things when vendors would object to what we were doing.?
David McClure, vice president for e-government for the Council for Excellence in Government, a Washington nonprofit, echoed many of Galvan?s opinions.
McClure said one of Forman?s biggest accomplishments was defining his position.
?When Mark first interviewed for the position, it was not well-defined and there was a lot of questions surrounding it,? he said. ?Now it is a pretty prestigious position because it has been created in law and also in terms of the legacy Mark is leaving behind.?
McClure said Forman achieved more than anyone before him in getting the government to manage IT more effectively and efficiently.
While both Galvan and McClure said e-government is far from complete, both said Forman?s impact is unmistakable, and his successor will have a big role to fill.
?The person will need to offer direction, guidance, make e-government a priority, and have the ability to solve problems and communicate,? McClure said. ?The course is pretty well set, but the need for a strong governmentwide leader remains.?
McClure said the next administrator should have a similar background to Forman?sindustry and government experience as well as a complete understanding of the Hill.
Galvan said the person should come from government because they need to have bought in to the administration?s vision and complete what Forman started.
Neither McClure nor Galvan would offer names of potential successors.
*******************************
Government Computer News
August 5, 2003
OMB issues guide on E-Government Act
By Jason Miller
The Office of Management and Budget has issued new guidance on how to achieve the administration?s e-government vision.
In a memo to agency heads, OMB director Joshua Bolten outlined how IT managers must implement provisions under the E-Government Act of 2002, which became law in December.
?The administration sees this act as a significant step forward in the way that federal agencies should consider using IT to transform agency business into a more citizen oriented and user friendly process,? Bolten said.
Under the guidance, agencies must develop performance measures for e-government projects that are citizen- and product-related.
OMB also is setting a timetable for agencies to migrate to an online rule-making site, www.regulations.gov. Administration officials said by March they will set the schedule for migration to the site.
The guidance further requires agencies to conduct privacy impact assessments for planned IT investments and online information collection. They also must establish IT training programs.
Meanwhile, the Office of Personnel Management will develop an IT exchange program between the public and private sectors. And the National Science Foundation, OMB and the White House?s Office of Science and Technology Policy will create a database and Web site to track federally funded R&D.
OMB Memo on E-Gov Act Guidelines
http://www.whitehouse.gov/omb/memoranda/m03-18.pdf
*******************************
Computerworld
Encryption mandate puts strain on financial IT
Upgrading ATMs and servers will cost the retail and banking industries billions
By Lucas Mearian and Patrick Thibodeau
AUGUST 04, 2003
A mandate by credit card companies and related funds-transfer networks to upgrade the security of electronic transactions will cost the banking and retail industries billions of dollars in hardware and software and require several years of intensive work to complete.
MasterCard International Inc., Visa U.S.A. Inc. and associated network providers have established deadlines starting in 2004 for converting electronic funds networks to the Triple Data Encryption Standard. The DES cryptology algorithm currently in use has become vulnerable to attacks as a result of increases in computing power, those organizations say.
Beth Lynn, senior vice president of network administration at San Diego-based Star Systems Inc., the nation's largest debit network, said it won't be long before "it will become easy to buy a DES cracker and break those [encryption] keys."
There have been no reports to date of DES-related break-ins. Instead, hackers have attempted to exploit other network weaknesses. "It's a whole lot easier to find a Windows [or] Unix vulnerability," said Ryan Kalember, a security expert at Guardent Inc. in Waltham, Mass.
In much the same way that Y2k upgrades helped push companies to take advantage of new Web-based technologies, the upgrade to Triple DES may help lay the foundation for new point-of-sale and ATM services, such as bill paying.
Bank One Corp. in Chicago, for instance, has decided to replace all 4,000 of its ATMs with Triple DES-compliant models over the next three years. That effort began in March and will cost at least $150 million, according to a Bank One spokeswoman. In addition to being more secure, the new machines will be Web-enabled and ready to support a host of new features such as online bill payment, account aggregation and brokerage services.
DES is designed to protect personal identification numbers (PIN) entered at ATMs and point-of-sale devices, but using brute-force computing power in a process called an "exhaustion attack," it's possible to unscramble DES-protected information.
Industry Conversion
Led by Purchase, N.Y.-based MasterCard, the major electronic funds companies began seeking an industry conversion to Triple DES several years ago. But with the deadlines looming, banks and retailers are only beginning to deal with the costly conversion, and they're now calling for deadline extensions. Many of the nation's 360,000 ATMs will have to be replaced to comply, as will some back-end systems. Many applications will have to be rewritten to handle Triple DES.
The total cost will be staggering. A new ATM can cost as much as $50,000; costs will range from $1,000 to $5,000 for ATMs that can be upgraded, according to financial industry analysts. Hardware security modules, which sit on transaction servers and process DES keys, can cost up to $50,000 each.
Kurt Helwig, executive director of the Electronic Funds Transfer Association in Washington, said the effort to replace or upgrade old systems will be huge, and financial firms are fuming.
"[Banks] feel they're being asked to bear this burden on behalf of the industry, when it's a problem that's not such a grave threat," said Helwig, whose organization has 600 members, including banks, ATM networks and technology vendors.
"Everyone is convinced that Triple DES is a good idea," said Andi Coleman, Tandem security team leader at Charlotte, N.C.-based Bank of America Corp., who heads a special interest group on security for the ITUG HP NonStop user group. Coleman said she has no doubt that financial services companies will meet the requirements, but she's concerned about whether ATMs widely deployed at retail establishments, which are operated by independent networks, will also comply. "If ever there is a weak link ... it's going to be there," she said.
Star Systems, which is owned by Memphis-based Concord EFS Inc., completed a two-month Triple DES upgrade on its network switches about six months ago. Lynn said the effort was relatively simple and involved updating software on 30 host security modules -- appliances that contain the keycodes for encrypting and decrypting PINs.
For banks and transaction processors, the Triple DES upgrades involve replacing ATM keyboards with keyboards that house an integrated circuit board that encrypts PINs before they're sent to the machine's internal processor. Currently, the PINs are transferred over a 2-foot cable in the clear before being encrypted, said Jerry Silva, an analyst at TowerGroup in Needham, Mass. ATM processing software will also have to be upgraded.
Charles Kennedy, a partner at the law office of Morrison & Foerster LLP in Washington, said industry mandates create a "standard of care" that give state and federal regulators the legal foothold to step in with enforcement proceedings. Those regulators can impose fines on institutions that suffer security breaches because they lack Triple DES, Kennedy said.
The U.S. Department of the Treasury and the U.S. Federal Reserve Bank currently use Triple DES, a standard that has been adopted by the American National Standards Institute and the International Standards Organization as well.
*******************************
USA Today
SBC plans 6,000 Wi-Fi sites by '06
By Michelle Kessler, USA TODAY
August 6, 2003
Wireless Internet, or Wi-Fi, is expected to land another big backer Wednesday as SBC Communications announces hundreds of locations by year's end and 6,000 by 2006.
SBC's plan is yet another sign that big telecom companies aim to take control of the emerging technology, which has largely been dominated by small companies, universities and public networks.
Most of SBC's Wi-Fi "hot spots" will be in hotels, convention centers, airports and pay phones locations where Internet users cannot easily find regular phone lines.
Wi-Fi lets users go online wirelessly. Data are transmitted via radio waves. Laptops or handhelds equipped with antennas can tap into networks within range, usually 100 yards or so.
By 2008, the number of Wi-Fi users in North America is expected to jump to 22.6 million from 4.8 million this year, says researcher Gartner.
As such, phone giants T-Mobile, Verizon, AT&T and Sprint are jumping on board. Their clout might help alleviate some of Wi-Fi's problems, including:
?Billing. On Wednesday, most Wi-Fi customers pay via credit card to connect to Wi-Fi networks by the hour or day. Monthly subscriptions haven't taken off because customers resist new bills, says Meta Group analyst Chris Kozup. If carriers such as SBC make Wi-Fi an add-on to phone or Internet bills, it might be easier to sell, he says.
At first, SBC plans to charge by the session. Anyone can use SBC's Wi-Fi networks, even if they don't have SBC as their regular phone company. The company plans to introduce monthly add-on plans later.
?Cost. Wi-Fi costs about $7 a day, or $40 a month. If it's bundled with other services, costs might fall, says Gartner analyst Bill Clark.
?Roaming. Each Wi-Fi network stands alone. Someone who's paid to use a T-Mobile network at a Starbucks would have to pay again for time on an SBC network. If Wi-Fi providers agreed to share networks and let customers "roam" between them for a fee, Wi-Fi would be less cumbersome, says IDC analyst Shiv Bakhshi. Big carriers might be the only companies with the might to move the industry in that direction, Bakhshi says.
T-Mobile has already signed up with an international consortium to promote roaming.
Big carriers won't solve all Wi-Fi's problems, analysts say, security being No. 1, because Wi-Fi signals can be easily intercepted. Computer programs can help hide information as it moves, but they can be hard to use.
While the growing number of Wi-Fi players will lead to better Wi-Fi coverage, it can be tough to pick the best one. Gartner, which estimates that there will be almost 30,000 hot spots in North America by year's end, is advising some clients to wait until late 2004 before signing up and to give carriers time to work out the kinks.
Panera Bread said Tuesday that it plans to equip 130 of its restaurants with free Wi-Fi by year's end.
*******************************
USA Today
EFF urges RIAA to change legal tune
By Jefferson Graham USA TODAY
August 4, 2003
The Recording Industry Association of America just hired a new CEO, at a salary of $1 million a year.
Meanwhile, the Electronic Frontier Foundation, its legal nemesis, exists on a total annual budget of $2 million, doled out in small checks to fight government and industry opponents in battles over online song swapping, privacy, computer hacking and other Internet related issues.
"We are defending the constitution," says John Perry Barlow, 55, a former Grateful Dead lyricist, cattle rancher and writer, who co-founded the EFF in 1990. "The desire to share information is second only to sex and basic survival in terms of human motivation. The record labels and movie studios are convinced they have the means to control this, and we can't allow that to happen."
EFF, located on a rundown street in San Francisco's Mission district, is the leading advocate for consumer rights in the RIAA's plans to sue hundreds of song swappers. The non-profit EFF, which has 23 staffers, recently put up a database on its eff.org Web site to let worried users of pirate file-sharing services check to see if their screen names are listed on the over 1,000 subpoenas that have been filed by the RIAA for possible lawsuits. EFF has also launched a "Let the Music Play" ad campaign promoting alternatives to litigation.
Even while sounding the alarm, executive director Shari Steele admits the RIAA's stance towards music fans is the best thing that ever happened to the EFF.
"In the past, we were getting five to 10 new members per day," she says. "Now we're up to 60 to 70. Our site almost went down the other day due to its popularity. This is the busiest we've ever been, by far."
Sarah Deutsch, associate general counsel for Internet provider Verizon, assumed at first that the EFF was some scrappy, "radical," San Francisco fringe group. But as she got to know them, she saw that "they know the law inside and out. They make very compelling arguments."
EFF filed a brief in support of Verizon in its battle with the RIAA over the Internet provider's refusal to reveal names of subscribers accused of swapping music, a case Verizon lost but is appealing.
Unlike Verizon, which makes its money from subscriber fees, or the RIAA, whose dues are paid by the five major record labels, EFF's annual budget comes mostly from computer users, in membership fees averaging $65. Corporate money is rare. None of EFF's well-financed neighbors Apple, Intel, Palm, Google, Hewlett-Packard has pitched in a cent. Neither have friends such as Verizon.
"Corporations don't like us, because we can't guarantee that we'll be on their side," says Steele. "We take positions early, and that makes people uncomfortable."
The "Let the Music Play" ad campaign, kicked off this month in Rolling Stone, "was a huge gamble," says legal director Cindy Cohn. "For the money we spent in Rolling Stone alone, that was the yearly salary of two employees." Ads also are planned in Spin and other music magazines.
EFF chose to do it because "we can either save this thing or it will drown," says Cohn. "Congress needs to hear from the people, not the corporations and their big campaign contributions. Look at what happened with the FCC," she says. New regulations easing radio and TV station ownership touched off a public backlash so intense the House voted 400 to 21 to overturn the rules, despite the threat of a presidential veto.
"It proved that when people make their voice heard, lawmakers listen," Cohn says.
The RIAA declined comment for this story, but James DeLong, a senior fellow with D.C. advocacy group the Freedom and Progress Foundation, says, "The EFF's basic stance on most issues is plain wrong."
Unlike the EFF, the FPF, which supports the RIAA and the new FCC rules, lists corporate sponsors such as Microsoft, AOL Time Warner and Amazon. DeLong says the RIAA has no other choice but to sue song swappers. "They have to enforce their copyrights. I don't see how you can compensate the artist any other way."
For now, with the RIAA readying hundreds of lawsuits against swappers, "we're trying to gear up," says Steele. "We can't take them all on. We'll pick and choose, and try and support the ones who are the worst victims of the RIAA's greed."
The EFF is online at http://www.eff.org.
*******************************
MSNBC
Spam War
Bob Sullivan
Aug. 6, 2003 About 14 billion spam are sent each day now two for every person on the planet, according to one study. Actually, two a day wouldn?t be so bad. In reality, many Net users say they are drowning in the stuff. The unrelenting deluge of unsolicited e-mail makes finding real e-mail from mom or the boss harder every day. So some are throwing up their virtual hands, and dropping old, beloved e-mail addresses in a vain attempt to run away from the bursting dam that is their Internet service provider. Spam, some say, has gotten so bad that it?s on the verge of killing e-mail. But if the Internet sky really is falling, why doesn?t someone do something?
EARLIER THIS YEAR, a line was crossed. In May, there was more spam than real e-mail flying around the Internet, according to spam-fighting firm MessageLabs Inc. And at just about that point, Uncle Sam specifically, the Federal Trade Commission decided to call an old-fashioned town meeting.
Just how emotional has the spam issue become? At Uncle Sam?s meeting, a fistfight almost broke out. And that was before a marketing company used the everyone-invited-to-the-table forum as an opportunity to serve spam fighter Allan Murphy with a subpoena. As anyone in the room would say, the issue of spam had reached the flash point.
Whatever measures the e-mail providers have been attempting to plug the dam, they just aren?t working. Despite all manner of new technology, legislative action, lawsuits, and outright bodily threats, the spam dam keeps springing leaks. And many fear the worst is still yet to come.
Pick your favorite staggering statistic to make the point both consumers and corporations are crying out for help. Radicati Group says spam will cost companies $20.5 billion in 2003 and that by 2007 businesses will be forking over nearly 10 times that amount of money, or $198 billion, to battle spam. Jupiter Research says U.S. e-mail users received more than 140 billion pieces of spam in 2001 and an estimated 261 billion pieces in 2002 an 86 percent increase. AOL says it blocks 2.3 billion spam e-mails every day. BellSouth says spam will soon add $3 to $5 to each customer?s monthly bill.
?E-mail is on the tipping point of becoming more trouble than it?s worth,? says Ray Everett-Church, chief privacy officer at ePrivacy Group.
Or is it?
Only a few months earlier than the FTC forum, the Pew Internet and American Life Project released its own e-mail and spam study, and it included this startling pronouncement: Spam isn?t that big a problem. A noisy, wired minority, the report said, has overexaggerated the spam jam-up. In fact, only 15 percent of workers surveyed say they have to deal with more than 50 e-mails a day. And nearly three-quarters said ?only a little? of their work e-mail is spam.
NO BIG DEAL?
Peter S. Fader, a marketing professor and spam expert at the Wharton School, thinks that far too much has been made of the spam issue it?s only a minor annoyance to most Internet users, he said.
?People notice spam because of the negative novelty, but it?s not really that big a part of their life. But if you give people a choice and say, ?We?ll take the spam away but your e-mail will come in more slowly,? people would say, ?Give me the spam,? in a heartbeat,? he said. ?It is just a phase we?re going through. Two years from now, we?ll look back on the spam thing and laugh.?
Anti-spam advocates, however, are hardly laughing. But the disconnect over how bad the problem is might partially explain why spam remains so bad for that noisy minority perhaps the sky, and the Internet, really aren?t falling. Clearly, Everett-Church says, while nearly everyone with a stake in the issue claims the problem is dire and dramatic, corporate and legislative actions to resolve it have been slow and considered.
Among large Internet companies, who regularly cry the loudest about spam costs, action against spammers has been only incremental.
?The talk is at variance with the walk,? he said.
WHY CAN?T WE FIX THE DAM?
The chief obstacle to solving the spam problem is that there isn?t even yet consensus on what spam is. Many Net users would simply say it?s any e-mail they didn?t expect. But plenty of companies feel they can rightly contact customers with relevant information, and that consumers often want such a targeted service. To them, only misleading unsolicited e-mail is spam that is, e-mail where the true sender is intentionally obscured, or an e-mail message that makes fraudulent offers.
Legitimate companies, this world view holds, should get at least one chance to e-mail people with an ad, the so-called ?one bite? approach. And consumers who opt in for e-mail offers, well, they are fair game.
But while the debate takes place, the gray area becomes wider, and e-mail marketing companies with questionable practices have an easy time finding cover.
?The line between legitimate direct-mail marketing companies and spammers is very fine,? said Brian Zinner of Message Labs. ?The spammers are good at presenting themselves as direct-marketing companies.?
The truth is, while spammers are on the run, they are still winning the race against corporations and government officials trying to shut them down. For every spammer put out of business by a lawsuit, probably hundreds of newbies are being trained in secretive ?spam clubs? around the Internet. For every account shut down for illegal activity, thousands more open up. Technology such as spam filters or blacklisting techniques can only accomplish so much. In the end, the Internet still makes things much too easy for the bad guys to hide, too easy for them to pretend to be an old girlfriend or a co-worker and get you to click on their e-mail.
PEOPLE DO BUY, DON?T COMPLAIN
And people do click. Few will admit it, but several interviews with spammers have revealed some products really do sell via unsolicited e-mail marketing. On a good day, a sophisticated spammer might have to send out 10 million e-mails to get 40 or 50 positive responses but if they are requests for more information on a new mortgage, the spammers just made $10 for each response, or $400 to $500. Not a bad day?s work.
In fact, according to some abuse desk workers, about as many people buy from spam e-mails as complain about spam e-mails. A 2 million message mailing will generate 40 or 50 complaints, according to Jim Gregory, a former spam fighter at now-defunct ISP Slingshot.com. And without complaints, no spammer is ever shut down.
So for now, the fight about spam is limited to a relatively narrow cast of characters:
The anti-spam radicals, who chase after spammers with a quiver full of high-tech tools.
The king spammers, the 200 or so bulk e-mailers responsible for perhaps 90 percent of the worlds? spam.
The small-time spammers, disciples of the king spammers, who are trying to get rich quick via a modem.
Legitimate marketing companies that really do believe in the power of e-mail advertising, and are willing to play by the rules as soon as someone establishes some.
Big corporations and e-mail providers like Microsoft and America Online, which can?t help but suffer from schizophrenia on the spam issue. On the one hand, spammers annoy their customers and cost them money in bandwidth. On the other hand, none of them are willing to support legislative action that might someday limit their ability to make money by e-mailing their customers
Legislators, who see in spam a grass-roots issue that is starting to resonate with voters, and yet can?t quite figure out how U.S. laws can effectively regulate an international Internet issue.
In this special report, MSNBC.com will chronicle some of the bitter electronic warfare that?s currently taking place in cyberspace among this cast of characters. The package will also examine the economics that prime the spam economy, revealing some beneficiaries of spam that might surprise you. It will introduce readers to the most important cast of characters in the spam world, a Top 10 list of sorts, who are ultimately behind most of the unsolicited e-mail that currently clogs in-boxes. It will uncover some of the games spammers play and the technology tricks they use to continually punch new holes in the dam. Finally, it will examine the legislation that?s been designed to plug the holes in that dam.
*******************************