[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clips July 30, 2002
- To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, CSSP <cssp@xxxxxxx>;, glee@xxxxxxxxxxxxx;, John White <white@xxxxxxxxxx>;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, computer_security_day@xxxxxxx;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, akuadc@xxxxxxxxxxx;
- Subject: Clips July 30, 2002
- From: Lillie Coney <lillie.coney@xxxxxxx>
- Date: Tue, 30 Jul 2002 16:43:26 -0400
Clips July 30, 2002
ARTICLES
Senate to Delay Voting On Homeland Department
ICANN ordered to open records
The legal crackdown hasn't squelched MP3 trading
Workers' downloading puts employers at risk
Attack disables music industry Web site
Chinese dissidents publish 'declaration of Internet users' rights'
Microsoft to disclose secret code
Lawmakers, staffers seek perfect PDA
Princeton Apologizes for Web Breach
Retailers test paying by fingerprint
You, too, can rock on the Web
States spar over UCITA act
Companies Must Protect Their Employees' Info, Too
Internet-Scam Sweep Targets 19 Online Fraudsters
**************************
Washington Post
Senate to Delay Voting On Homeland Department
Goal of Passing Bill by Sept. 11 Unlikely to Be Met
By Bill Miller and Helen Dewar
The Senate will not vote on its bill to create a Department of Homeland
Security until it returns from a summer recess after Labor Day, all but
dashing the hopes of congressional leaders who had hoped to establish the
new counterterrorism agency by the one-year anniversary of the Sept. 11
attacks.
The measure will be the first order of business when the Senate returns,
according to Ranit Schmelzer, spokeswoman for Majority Leader Thomas A.
Daschle (D-S.D.).
House Minority Leader Richard A. Gephardt (D-Mo.) first advanced the idea
to create the new department in time to commemorate the attacks on the
World Trade Center and Pentagon. The plan quickly won bipartisan support
and encouragement from the White House.
But the Senate, which wraps up deliberations for the summer Friday, still
must vote on its bill and then begin negotiations with the House to develop
legislation for votes in both chambers.
The House raced to pass its version of the bill late Friday, just before
its own recess began. Many lawmakers had hoped the Senate would follow suit
this week.
"If they don't get it done, that's disappointing," said Richard Diamond, a
spokesman for House Majority Leader Richard K. Armey (R-Tex.). "We did our
part."
Even with the revised timetable, President Bush's plan, announced June 6,
to merge all or parts of 22 federal agencies into a single department
remains on an accelerated schedule.
Daschle had said repeatedly that he hoped to bring up the legislation
before the recess, which begins this weekend. But he ran into several
obstacles, including a backlog of other legislation and efforts by Sen.
Robert C. Byrd (D-W.Va.) and others to delay action for further study.
Lined up ahead of the legislation to create the department are bills to add
a prescription drug benefit to Medicare, defense and other appropriations
measures, and a House-Senate compromise on legislation to expand the
president's trade negotiating authority.
Even if the Senate began debating the homeland security bill by Thursday,
Byrd's objections could delay action for two days, meaning that the Senate
would have to postpone the start of its recess, which members of both
parties are reluctant to do.
As a result, Schmelzer said, Daschle will take the first procedural step by
the end of the week: filing a motion for a vote to end any delaying
tactics. There may be a vote on this "cloture" motion before the weekend,
but no further action on the bill is planned until Congress returns,
Schmelzer said.
Senate Minority Leader Trent Lott (R-Miss.) and House Majority Whip Tom
DeLay (R-Tex.) yesterday criticized Daschle's decision to put off action
until September.
The Senate Governmental Affairs Committee, led by Sen. Joseph I. Lieberman
(D-Conn.), last week put together the bill awaiting Senate consideration.
It differs sharply in some key areas from the legislation that passed the
House, and it was opposed by most Republicans on the committee because it
includes a provision protecting the civil service and union rights of the
170,000 employees who would staff the new department. The White House has
threatened to veto the bill over those provisions.
Lieberman said yesterday that the prospects of getting a bill to Bush by
Sept. 11 are "dimming, but it's not impossible." He noted that the Sept. 11
target was always a goal, not a deadline.
In the House, Republicans prevailed in giving the White House new
management flexibility. They also inserted language that gives the nation's
airports an additional year, to Dec. 31, 2003, to install devices that can
detect explosives in baggage. Largely over those issues, many Democrats,
including Gephardt, voted against the bill, which passed 295 to 132.
***********************
MSNBC
ICANN ordered to open records
Board member's access had been blocked by ICANN officials
By Brock N. Meeks
WASHINGTON, July 29 A board member and frequent critic of the secretive
practices of the Internet Corporation for Assigned Names and Numbers,
ICANN, the governing body overseeing domain names and policies, won the
right Monday to inspect the group's confidential records and internal
financial statements without first having to agree to nondisclosure rules
that ICANN officials had previously demanded be met.
A CALIFORNIA SUPERIOR court judge ordered California-based ICANN to
open its books to Karl Auerbach, an outspoken critic of the group to which
he was elected to the board of directors via the first ever Internet-wide
election process. One of Auerbach's first moves after being installed as a
board member was ask to see ICANN's financial records and internal policy
making directives.
But ICANN officials stonewalled Auerbach's request for 18 months,
insisting he first agree to not publicly disclose any information he had
access to. Auerbach refused to sign. The ensuing stalemate resulted in
Auerbach filing suit seeking to force ICANN to open the books.
Judge Dzintra Janavs ruled from the bench Monday that ICANN must
deliver all non-confidential, electronic-formatted records delivered to
Auerbach by Aug. 2. That all paper-based, non-confidential documents be
made available to Auerbach for inspection by Aug. 9 at the group's Marina
del Rey, Calif. offices and that all confidential documents, in any format,
be available to Auerbach for inspection at the group's office.
Judge Janavs held Auerbach to one caveat: he cannot disclose any
"confidential" information without first giving ICANN at least ten days
notice during which ICANN can ask the court to stop any such disclosure.
The judge also ruled that Auerbach doesn't have to sign any
nondisclosure document.
TIMELY DECISION
The decision Monday comes amid a flurry of activity that always
seems to be swirling around the controversial ICANN. First, Auerbach's term
as a board member ends Oct. 31. And although Auerbach was the first of five
outside board members chosen by the Internet users in the first ever global
election, ICANN officials have since decided that such an election process
is unworkable and nixed future elections for board members.
Second, ICANN, which is an independent non-profit organization,
carries out its mandate under contract to the Department of Commerce and
that contract also is rapidly coming to an end. Some members of Congress
and Internet advocates are pressing Commerce to dump ICANN and take bids
from other groups.
Judge Janavs was "quite concerned about the passage of time since
Mr. Auerbach first made his request [to see the books] and the fact that he
would be 'legislated out of office' in October," Bret Fausett, a California
lawyer attending the hearing Monday, wrote in his ICANN related blog.
Fausett said the judge appeared particularly disturbed that it took
ICANN ten months to simply come up with procedures for viewing the
documents. When the judge found that no other directors had looked at the
records before Auerbach's request, Fausett records Judge Janavs as saying:
"That's a sad statement."
When ICANN's lawyer responded that outside directors are "entitled
to rely on the work of outside consultants," Fausett noted the judge's
incredulity at that remark, especially in wake of recent corporate scandals
surrounding Enron and WorldCom.
"Yeah, we know how far that goes," Fausett quotes the judge saying.
"Taking one's duties seriously means taking, from time to time, the
initiative to look at things" and that the reason businesses have outside
directors is to allow "independent inspections."
EVERYTHING AND NOTHING CHANGED
But ICANN sees the judge's ruling differently.
"The procedures we had in place are really no different now" from
the judge's ruling today, said Mary Hewitt, ICANN's director of
Communication, "it's just that the court's are involved."
However, the judge Monday ruled that those procedures "unreasonably
restrict directors' access to corporate records and deprive directors of
inspection rights afforded them by law."
Hewitt insists that ICANN offered Auerbach full access any time he
wanted it, "with the caveat that he just not run amuck with everything that
might be confidential."
Now if Auerbach decides to make any confidential information public
"it's going to be up to a judge actually to decide if we have a problem,"
Hewitt said.
That statement infuriates Auerbach.
"I am not making any confidential information public, four
exclamation points! I am not making any confidential information public,
four exclamation points," Auerbach repeated, nearly yelling into his cell
phone as he spoke to MSNBC.com from a noisy restaurant. "I'll keep saying
it," Auerbach insisted, "because ICANN keeps saying I'm going to and ICANN
keeps lying."
The trial record shows that Auerbach was the one who first proposed
a notification period, said his lawyer James Tyre. The only difference is
Auerbach initially proposed a seven-day notification period instead of the
10 days the judge ordered Monday, Tyre said.
Auerbach told ICANN that during the notification time "you're more
than welcome to talk to me and it's very likely that I'll listen to your
advise and if for any reason we can't come to an agreement you'll have time
to go to court and get an order to prevent me from releasing the
information," Tyre said of Auerbach's early attempts to "break the logjam."
For his part, Auerbach says he never had any intention of making
confidential information public.
"I am getting this information for my own purposes, for my own use,
to make better decisions and they've known that from day one," Auerbach
said. "This whole 18-month delay, this whole sham they've put me through,
has been nothing but them causing delay," he said. And as a result,
"they've destroyed the public representation of ICANN by their 18 month delay.
"There should be crow eaten at ICANN," said James Love, director of
the Consumer Project on Technology, a Washington-based Ralph Nader group.
"One has to wonder, why has [the Department of Commerce] sat by and watched
ICANN act like Enron or WorldCom?" Love said. "Why can't we insist that the
word accountability be spoken in the same sentence" as control over the
Internet's core computer systems, Love said.
************************
Government Computer News
Justice plans new network, PKI
By Wilson P. Dizard III
GCN Staff
The Justice Department intends to consolidate its data networks and
implement a public-key infrastructure, according to a plan it issued Friday.
Attorney general John Ashcroft has approved the plan and the department
will begin implementing it immediately, said Andy Anderson, special
assistant to Justice CIO Vance Hitch.
The department's IT Strategic Plan points out that Justice runs more than
250 systems, most of them legacy applications developed by component
organizations to meet specific needs.
"This approach has introduced an unnecessary level of cost, complexity and
risk, and inadvertently created technical barriers to sharing information,"
the plan said. To impose order on the department's IT, the plan proposes
adopting an infrastructure architecture to assure interoperability and
create technical standards for Justice systems.
The proposed single, national data network would replace existing systems
such as the Justice Consolidated Network, which relies on Sprint Corp.'s
public-switched backbone. According to the plan, the department operates a
potpourri of networks to serve its components around the nation and the
headquarters in Washington region.
The new network would use TCP/IP. "It will emphasize promoting information
sharing, providing enhanced security across the board and ensuring
continuity of network operations," the plan said. An appendix to the plan
recommended that Justice outsource the operation of the new network.
To improve systems security, the department has developed a database that
tracks the remediation of security weaknesses, the plan said. "This
database is a single repository of findings and corrective actions
identified through the component certification and accreditation
activities, [inspector general] audits, penetration testing and other
reviews (including the self-assessments required under the Government
Information Security Reform Act)."
The plan for a PKI calls for Justice to implement the technology to
strengthen security and promote information sharing across organizational
boundaries. The PKI initiative also would promote the department's
e-government plans by establishing a framework for communicating with law
enforcement agencies across federal, state and local governments.
"A departmentwide PKI effort will ensure consistency in approach, minimize
duplication of effort, and reduce requirements for cross component
verification and validation," the plan said.
The plan also endorses common systems for use departmentwide where
duplicate systems serve similar needs, a strategy for business process
re-engineering, an e-government plan, a strengthened role for the
department's CIO and a IT work force plan.
*************************
News.com
Independent label waives Web radio fees
By Reuters
July 29, 2002, 3:35 PM PT
Artemis Records, home to such artists as country-rock singer Steve Earle
and heavy metal group Kittie, said on Monday it would waive fees charged to
Internet radio stations that play music from the independent label's
catalog for one year.
Artemis' decision, which Webcasters say is the first of its kind from a
record label, comes against the backdrop of a struggle over royalty rates
with the record industry that Internet radio stations say threatens their
livelihood.
"We're a small company with a lot of music that doesn't get played on
commercial radio," Artemis Chief Executive Danny Goldberg said. "I
appreciate the Webcaster. In terms of the future, the diversity they offer
is valuable to a label like ours. I wanted to make a gesture of support."
Conventional radio stations have long been exempt from paying royalties to
recording artists and anyone else who owns the rights to the "sound
recording" of a song, but Congress said sound-recording owners should get
paid for Internet transmissions when it updated copyright laws for the
digital era.
The Library of Congress established a rate of 0.07 cent per listener per
song in June, which means that Webcasters ranging from the small
independents to giants like Clear Channel Communications that broadcast
music over the Internet would be charged 70 cents for each song played to
an audience of 1,000 listeners.
Internet radio stations have argued that the royalty rate would require
them to pay far more in royalties than they could take in from advertising.
The record industry argues that artists and labels should be compensated
for their intellectual property.
"I don't pretend to have a crystal ball to see how the economics are going
to play out in many years to come, but it seemed to me that there was an
asymmetry between the record companies' need for exposure and the tone of
the negotiations," said Goldberg, who ran three major record labels and
managed a number of acts like Nirvana, Bonnie Raitt and Beastie Boys before
starting Artemis.
Jonathan Potter, executive director of Digital Media Association, which
represents Internet radio stations, lauded Artemis' move.
"Danny Goldberg is ahead of his time in every way," Potter said. "He
recognizes that Internet radio listeners are more intense music fans and
they buy more music than traditional music fans. I hope this is the first
of many such announcements."
The Recording Industry Association of America, which represents the major
labels, had no objection to Artemis' move. "From the beginning, we have
always argued that the copyright holder should have control over how their
music is used," a representative said. "That's what's happening here."
*************************
Salon.com
The legal crackdown hasn't squelched MP3 trading -- it's just made it more
of a pain.
By Farhad Manjoo
But the music industry would still rather fight than give its online
customers what they want.
The fight against online music piracy entered the realm of the bizarre last
Thursday, when Rep. Howard Berman, D-Calif., proposed giving the recording
industry sweeping new powers to do what, for the rest of us, would be
illegal: hacking computer networks. For the complete story, see:
http://www.salon.com/tech/feature/2002/07/30/file_trading/print.html
**************************
USA Today
Workers' downloading puts employers at risk
By Stephanie Armour
Workers using company computers to download music and movies are exposing
employers to lawsuits and computer viruses.
Worried employers are disciplining workers and barring them from
downloading copyrighted entertainment. Experts say bootlegged music and
movies are also a drain on corporate tech resources.
Some workers download songs at the office because of the high-speed Net
connections there. Downloading a song at the office can take 20 seconds,
compared with 20 minutes at home.
Tempe, Ariz.-based technology and business consulting firm Integrated
Information Systems paid $1 million to settle a lawsuit with the Recording
Industry Association of America over downloaded music files. The
association said the company allowed workers to access and share thousands
of copyrighted MP3 music files over its network. Works included songs by
Ricky Martin, Aerosmith and The Police.
"It's a huge risk," says Jim Garvey, CEO of Integrated Information Systems.
"One employee can rack up millions and millions of dollars in liability on
your network."
More companies are buying Internet filtering software to restrict
downloads. San Diego-based Websense reports that 30% of 250 companies
polled are blocking access to music download sites. Nearly 15% had resorted
to disciplining or reprimanding workers.
The risk grows as Web sites that allow entertainment to be downloaded
proliferate. Sites allowing file sharing and transfer grew more than 535%
in the last 12 months, according to Websense, to nearly 38,000 Web pages.
"This is going to become an ever increasing problem," says Harold Kester,
chief technology officer at Websense.
He's seen it firsthand. At a previous company, Kester said employees
downloaded an episode of Star Wars and watched it at work even serving
popcorn.
Besides legal concerns, downloaded files gobble up bandwidth, draining
reserves. And they may contain viruses or create an opening into company
networks.
Lawyers say companies that don't take action could find themselves facing
more lawsuits from groups such as the RIAA.
Louisville-based Thornton Oil blocks sites where music and movies can be
downloaded. "If the radio and music industry can prove a Thornton employee
is downloading material, that's a risk," spokesman Matthew Embury says.
*************************
News.com
Attack disables music industry Web site
By Declan McCullagh
WASHINGTON--The Recording Industry Association of America's Web site was
unreachable over the weekend due to a denial-of-service attack.
The apparently deliberate overload rendered the RIAA.org site unavailable
for portions of four days and came after the group endorsed legislation to
allow copyright holders to disrupt peer-to-peer networks.
The malicious flood started on Friday and did not involve any intrusion
into the RIAA's internal network, a representative for the trade
association said on Monday afternoon. Nobody has claimed credit for the
denial-of-service attack, which ended at 2 a.m. PDT on Monday.
"Don't they have something better to do during the summer than hack our
site?" asked the RIAA representative, who asked not to be identified.
"Perhaps it at least took 10 minutes away from stealing music."
Denial-of-service attacks overwhelm an Internet site by enlisting hundreds
or thousands of other machines that attempt to make simultaneous
connections. The resulting overload resembles a physical traffic jam: Few
people can get through.
On Thursday, the RIAA endorsed a bill written by Rep. Howard Berman,
D-Calif., that would authorize copyright holders to begin "blocking,
diverting or otherwise impairing" peer-to-peer networks.
RIAA CEO Hilary Rosen said in a statement that Berman's bill was "an
innovative approach," adding that "it makes sense to clarify existing laws
to ensure that copyright owners--those who actually take the time and
effort to create an artistic work--are at least able to defend their works
from mass piracy."
Berman's bill, co-authored with Rep. Howard Coble, R-N.C., would allow the
RIAA to engage in precisely this kind of denial-of-service attack against
peer-to-peer networks where illicit copies of music are traded.
The RIAA, which receives connectivity through WorldCom's UUNet subsidiary,
said it would not speculate about the reason for the attack. A
representative said it appears to have been the first time the group's site
had been knocked offline.
************************
Nando Times
Chinese dissidents publish 'declaration of Internet users' rights'
BEIJING (July 29, 2002 4:44 p.m. EDT) - A group of 18 Chinese dissidents
and intellectuals published on Monday a "declaration of Internet users'
rights" in protest at new website self-censorship rules.
The declaration demands the freedom to put together Internet pages, with
the only restrictions placed on "evident and real" slander, pornography or
certain "violent attacks or behaviour".
The document also calls for complete freedom for Chinese people to surf the
Internet.
"The government is threatening freedom of expression on the Internet, which
was already more restricted than necessary," Liu Xiaobo, a dissident living
in Beijing but whose writings are not allowed to be published in China,
told AFP.
Among the other signatories are independent economist Mao Yushi, who is
permitted to write for the official press, and young writer Yu Jie.
According to a list compiled by the Internet Society of China, a
self-regulatory body for mainland web firms, more than 300 companies have
signed up for the Public Pledge on Self-Discipline for the China Internet
Industry.
It compels signatories - which include the Chinese arm of US Internet giant
Yahoo - to remove "harmful information" from their pages, "so as to ensure
that the content of the network information is lawful and healthy".
"If the main websites submit to the will of the Chinese government, that
will considerably weaken the capabilities of non-governmental organizations
which have found space for expression on the Internet," Liu said.
Previous measures to control Internet content had been undertaken quietly,
but the latest initiative was widely publicized, Liu said.
This was because Beijing "is seeking to reinforce its control on public
opinion ahead of the 16th Congress" of the ruling Communist Party.
The Congress this autumn could well see power handed to a new generation of
younger leaders, who could govern the world's most populous nation for the
next decade.
**********************
Seattle Times
Microsoft to disclose secret code
By Brier Dudley
In a striking departure from its secretive approach to software
development, Microsoft is making some of its prized, secret compiler code
available to university researchers as part of an effort to improve its
relationship with academia.
Compilers are the equivalent of the transmission in a car. They translate
software languages into the digital ones and zeroes understood by computer
processors.
Developing compilers is complex and time-consuming so it's unheard of for
large private software companies to share the code underlying their
compilers, said Craig Chambers, an associate professor of computer science
at the University of Washington.
But Microsoft is on a campaign to improve its reputation at universities
and in corporate computing centers, where competition from products based
on Linux and other collaboratively developed software is growing.
Under pressure from antitrust regulators and foreign governments, Microsoft
is also allowing more governments, academic researchers and major customers
to view its crown jewels, the Windows source code.
The compiler project, known internally as Phoenix, will be announced this
week at Microsoft's third annual "research summit," a gathering of computer
scientists from universities around the world that started today.
Some 325 academics are learning about research taking place at the
company's 680-employee advanced-research division, which operates like a
laboratory and mini-university on the Redmond campus and at facilities in
Silicon Valley, Beijing and Cambridge, England. The company plans to
increase the division by 10 percent this fiscal year, adding most of the
new jobs abroad.
They are also learning how to apply for grants from the company, which
spent $4.5 million last year sponsoring university projects.
Chairman Bill Gates said the company's relationship with universities is
crucial and that more collaborative projects are planned.
"There's no doubt that the strength of the commercial software industry
really comes because of the great work that goes on in the universities,"
Gates said. "And so we're getting smarter about how we can work together
all the time."
Gates announced a new academic advisory board to provide input into the
company's security, privacy and reliability efforts, but the Phoenix
project was to be announced separately.
"We have an active project we're working on with universities to improve
our compilers, compiler technology, working with them to make our code
available to them for their work, their experimentation as well," said Rick
Rashid, director of Microsoft's research division.
Chambers, the UW professor, would not discuss Phoenix until it is formally
announced, but he said such a project could partly replace an effort to
collaboratively develop a compiler in the 1990s that dwindled when the
federal government cut off its funding.
Among the goals in building better compilers is to improve computing
performance and build better programming tools, he said.
Rashid said Microsoft Research already works on numerous collaborative
projects with universities, but the company is going further with Phoenix
and the advisory board that Gates announced.
"We're trying to make sure we get a lot of perspective from all sides if
they're key issues, that at least those issues have been heard through,
talked through," he said.
Rashid said Microsoft has always had to come from behind in academia, where
people are more familiar with the Unix operating system created by AT&T's
Bell Labs than with Microsoft's technology. Microsoft is working to make
sure universities "have the tools they need to teach Windows and Visual
Studio and our other tools, in addition to using Unix and Java and whatever
else they're doing," Rashid said.
The company also wants to broaden the use of its .NET software platform.
Gates told academics yesterday that Microsoft is "feeling very good about
the direction but it's another four or five years before all the promise of
.NET really gets pulled together."
But competition is intense. Computer-science students in general are
graduating with more expertise in Sun Microsystem's Java language,
Microsoft Chief Executive Steve Ballmer told financial analysts last week,
"and we need to get after that in the academic arena."
Brier Dudley: 206-515-5687 or bdudley@xxxxxxxxxxxxxxxxx
*************************
Federal Computer Week
Lawmakers, staffers seek perfect PDA
House needs wireless devices for keeping in touch on the road
The House of Representatives is seeking the next generation of wireless
personal digital assistants that would combine wireless phones, pagers and
e-mail. The problem, it seems, is that lawmakers may have to wait for
vendors to develop their dream machine.
Since Sept. 11, the House has ordered 1,900 BlackBerry handheld devices,
made by Research in Motion Ltd. (RIM), to help members communicate with one
another and their staffs. But many members carry equipment besides the
BlackBerry on a "flak belt," including two wireless phones (one for
official business and one for campaigning), a pager and a Palm Inc. handheld.
"We're still waiting for the Holy Grail of devices," said Reynold
Schweickhardt, director of technology for the House Administration Committee.
In the meantime, committee members are working with Microsoft Corp. and
Cisco Systems Inc. to come up with a solution. They also have issued a
request for information about off-the-shelf products that could provide
secure wireless access to the House intranet, and they are evaluating
various handheld devices already on the market.
But conducting congressional business on Capitol Hill or in the home
district without high-tech handheld devices is a growing problem,
Schweickhardt said.
Lawmakers want a device they can use in between meetings as well as in
their home offices. But one-third of the ZIP codes in the United States
currently have no access to BlackBerry coverage, according to
Schweickhardt. However, RIM is working to expand BlackBerry coverage
nationwide.
"We have members who take their BlackBerries home and go through
withdrawal," Schweickhardt said. "We would like a member to use it when
they go home."
Vendors say it is possible to connect every member of Congress with
wireless technology. "The bottom line is, wireless connectivity is doable,"
said Jay Vollmer, a major account manager with Cisco Systems federal
operations. "It is available, stable, standard out there today."
And encrypted wireless technology is available that can turn an e-mail into
a voice message or vice versa. "If the [House] speaker wanted to broadcast
to every member, we know how to do that securely," said Bob Cook, chief
executive officer of Sigaba Corp., which provides secure Internet
communications.
"We are working to help them evaluate mobile technologies," said Keith
Hodson, a spokesman for Microsoft, which is coming out with a "smart phone"
that will be able to perform some of the actions that lawmakers seek.
RIM also is working with the House to fulfill the requirements.
"We have a very compelling architecture for providing additional
application requirements as they evolve over time," said Mark Guibert,
RIM's vice president of brand management.
" The thing to take note of is that wireless solutions are not just about
the device and not just about the network, but also about the back-end
server software," Guibert said. "When you start thinking about wireless
applications, and you start talking about PDAs, the audience has to update
its thinking about what a PDA is."
The House Administration Committee is trying to come up with an
architecture they can put in place by the end of 2003 or early 2004. And it
won't be a moment too soon.
Shortly after the Sept. 11 terrorist attacks, lawmakers experienced
firsthand being denied access to their offices when a round of
anthrax-tainted mail forced some congressional office buildings to close
for months, in some cases. And even today, congressional offices are still
on alert for tainted mail (see box, Page 22).
"There is a need for this type of technology," said Kathy Goldschmidt,
director of technology services for the Congressional Management
Foundation, a Washington, D.C.-based think tank. "People are thinking more
about continuity of operations. If there is another disaster, having access
to office files, Web sites, e-mail and other communications methods will be
very important."
Even the management of their daily work cycle is a problem without
technology, Goldschmidt said. Members are rarely in their own offices, and
it is sometimes hard to track them down as they race from hearing to
hearing and to the House floor for votes.
"Here in Washington, staff can be much more productive if they are able to
be mobile," she said. "Even on the House campus, staff can keep in touch
with members no matter where they are."
Congress may be seeking technology already used by the Defense Department
to provide highly secure communications among various types of portable
devices in a tactical environment.
"The technology is certainly feasible," said Warren Suss, president of Suss
Consulting Inc. "The challenge is to find a true commercial off-the-shelf
version of the technology. If you get something that is too
government-specific, it becomes obsolete."
Suss said vendors are working to improve technology in consideration of the
glaring problems that first responders faced Sept. 11 when firefighters and
police in New York City and the Washington, D.C., area could not
communicate with one another. Rescue workers everywhere found that wireless
phones jammed and landlines didn't work.
"The demand isn't going to go away the demand is going to increase," Suss
said. "If the government can leverage forces of the commercial marketplace,
they can influence the folks who are putting out the next generation of
PDAs to include the capacity of more robust communications."
***
Wiring congress
The wireless handheld device is just one high-tech solution under
consideration by lawmakers. Here are other programs the House
Administration Committee is developing:
Mail scanning The committee is developing a pilot project to scan mail
into computers and electronically deliver it to members. Independent
contractors would open the mail. About 50 House members and two committees
will participate.
Web content management The committee is seeking ways to manage the content
of Web sites using software that would not require every office to dedicate
one employee to the job. A site could be managed through a central location
or using content management tools that require less technical training.
Alternate computing system The committee is studying to develop an
infrastructure capable of operating without the systems on Capitol Hill.
**********************
Washington Post
Princeton Apologizes for Web Breach
By Michael Barbaro
Princeton University President Shirley Tilghman apologized yesterday for
snooping by at least one Princeton admissions officer into online files of
high school seniors who had applied to Ivy League rival Yale University.
"Basic principles of privacy and confidentiality are at stake here,"
Tilghman wrote in an e-mail to Princeton students and faculty. "Violations
of these principles therefore must not, and will not, be tolerated."
A preliminary Yale investigation has concluded that computers at Princeton
were used in April to access the admissions accounts of 11 high school
seniors who applied to Yale. Yale has asked the FBI to determine whether
any federal laws were broken and Princeton has hired a former federal
prosecutor to investigate the incident.
The university placed its director of admissions, Stephen LeMenager, on
administrative leave last week after he admitted to peeking into the Yale
admissions Web site, which was set up to allow Yale applicants to learn
whether they had been admitted.
However, a Princeton spokeswoman said yesterday that the university
believes that it was not responsible for security breaches in three of the
cases.
Two of those cases involve siblings of Yale applicants who checked the
files from a computer outside the Princeton admissions office, said
spokeswoman Marilyn Marks. In the third case, a Yale applicant who was
visiting Princeton in early April used a school computer to check his
admissions status at Yale, she said.
The Yale report found that 14 breaches of the admissions site, involving
eight students, occurred inside Princeton's admission office, a number
Princeton officials have not disputed.
Princeton's Web site shows that seven of the students whose names are
contained in Yale's confidential report have been admitted to Princeton as
members of the class of 2006. They include fashion model Lauren Bush,
president Bush's niece, whose online account was visited four times in a
single afternoon from a computer at the Princeton admissions office.
Princeton began to notify the students named in the report over the weekend.
Tilghman, who just completed her first year as president of the
256-year-old school, told students and faculty in her e-mail that "students
who apply to Princeton, or any other university, have every right to expect
that information they provide in good faith will be used only for the
purposes for which they provided it, and that their privacy and
confidentiality will be respected."
*************************
USA Today
Retailers test paying by fingerprint
By Lorrie Grant, USA TODAY
Major retailers are putting in payment systems that let your finger do the
paying. Paying for products with a fingerprint, rather than checks, cards
or electronic devices, is among the newest cashless options at checkout.
Biometric access, as the process is called, might have a Big Brother
feeling, but it is expected to speed customer checkout and cut identity fraud.
In some ways, biometric access tests consumers' willingness to give up some
privacy to gain convenience.
A customer signs up by having a finger scanned into a database by special
machines and designating a credit or debit card to which purchases will be
charged.
To make a purchase, consumers have their finger read at checkout, often on
a pad incorporated into a console that also reads swipe cards and provides
for personal identification number (PIN) entry.
Food retailers are leading the way in trying out the devices. Among them:
West Seattle Thriftway. The gourmet grocery store's cashiers scan the
goods, then customers scan their right index finger to activate the payment
process.
A code selected by the customer, usually a telephone number, is keyed and
the transaction charged to the credit, debit or state-benefits card that
has been registered with the store.
"This looked like the way of the future, positively identifying people with
their accounts and making the transaction for customers that much easier,"
says owner Paul Kapioski.
Kroger. The No. 1 supermarket chain has tested the technology for the past
month in three stores in Houston.
"Any time we can speed up the front-end operation, we save money, and it
will reduce the number of fraudulent checks," says Gary Huddleston of Kroger.
Customers' fingerprints are linked with their driver's license, the store's
loyalty card and a method of payment. The customer touches the finger-image
pad, loyalty discounts are automatically deducted, and the account charged.
McDonald's. A location in Fresno, Calif., took fingerprints for payment
from January through March. Other methods are now being tested.
"If we're able to handle people speedier, then they're likely to come to
our restaurants," says Lisa Howard of McDonald's.
The Oak Brook, Ill.-based chain is also joining forces with companies using
other cashless payment methods.
For example, about 400 restaurants accept Speedpass. The device is a tiny
key ring wand issued by oil giant ExxonMobil, originally just for its gas
pumps.
When waved over a sensor, at the pump or elsewhere, it bills the consumer's
credit or debit card.
And two restaurants on Long Island, N.Y., allow paying at the drive-through
with E-Zpass, the car device that lets motorists to pass through tollbooths
without stopping and bills a prepaid account.
"When it comes to drive-through, speed is of the essence," Howard says.
In each case, McDonald's pays the issuer a transaction fee for using their
technology. The amount was not disclosed.
Wal-Mart. The discount giant, and leading food seller, is studying
biometric technology.
Though once only commonplace in legal situations, fingerprinting is being
used more in commerce. Institutions from banks to pawnshops are
fingerprinting to authenticate transactions. Some gas station convenience
stores only cash checks for those who ante up a fingerprint.
"We wanted to eliminate the hassle of writing down all of the information:
driver's license number, telephone number, Social Security number," says
Ritesh Shah, owner of a Citgo station in Hapeville, Ga., that cashes up to
900 checks a week.
Transaction processing time is less than 30 seconds, compared with three
minutes before using the technology, he says.
The increase in interest in biometric access stems from an increase in
fraud involving more money, as well as a decline in the cost of the
technology. The system costs about $10,000, experts say.
"The whole key to biometrics is selling it to the public, convincing them
to give up some privacy for greater security," says William Rogers,
publisher of the Biometrics Digest, a newsletter devoted to the technology
of "human recognition."
But critics deride it as the "technology of surveillance and control." They
fear companies that collect the fingerprint data, such as BioPay in
Herndon, Va., or Indivos in Oakland, will be pressured to divulge data to
law enforcement.
"It's like E-ZPass, which tracks you but is pitched as more convenient,"
says Philip Bereano, chairman of the national committee on databases and
civil liberties for the ACLU.
"The protection of civil liberties means less efficient convenience is the
way to go."
*************************
Nando Times
You, too, can rock on the Web
By MICHAEL OSEGUEDA, Fresno Bee
(July 30, 2002 12:30 p.m. EDT) - Perhaps 17-year-old Mike Garcia is the
future.
He's a rapper who records in his own studio. He mixes his own songs and
makes his own CDs. He sells the CDs on his own or uploads the songs to his
own Web site.
And he does all this at a low cost from his bedroom, with his computer and
the Internet.
Not bad for a kid who still goes to high school.
The Fresno, Calif., youth, who emcees under the name Mic The Mos Confident,
is an example of what the Internet age has done for music.
It has given anyone the chance to be an artist. Anyone can sign up for a
free spot on a site such as MP3.com or Soundclick.com and put a song on the
Internet. Anyone in the world can then log on and listen to that song.
It offers instant distribution, free promotion and, sometimes, even cash
compensation.
"I built a huge fan base just from the Internet in the span of a year,"
Garcia says. "There's still a long way to go. I (have) lots more songs to
make, battles to enter and lyrics to write. But the Internet gives people
the chance to go their own route."
While record labels are scurrying, trying to find ways to deal with the
technology and protect their products, artists who just are trying to make
it are using the Internet and MP3s to their advantage.
Look at Garcia. He has a bedroom cluttered with equipment. He has a small
microphone that came from a karaoke machine. He has software on his
computer to record and mix; it's worth $500, but he got it free from a friend.
He carries a book of rhymes with him everywhere he goes, where he jots down
a witty line if it pops into his head. Then he'll get a beat from a
producer through e-mail - like Nonsence, a New York-based beatmaker he met
on the Internet, but never has seen face-to-face - and download it to his
computer.
After he has his rhymes in order, he hangs his microphone from his ceiling
fan, connects it to the computer, stands in the front of the dangling
microphone and records his vocals.
He mixes the song next and if he's satisfied, he can upload it to his Web
site.
Once he has the beat and the rhymes written, the whole process takes about
an hour and a half.
Garcia's route never was available to John Clifton. When he was 17, you
could have told him about the Internet and it would have been as
far-fetched as flying automobiles.
Clifton, now 38 and a member of the Mofo Party Band, remembers back when it
took at least $5,000 just to get in the studio; then you had to get a
record or cassette pressed.
He and his friends didn't have that kind of money, so they put a microphone
in a room, started playing and recorded it to cassette or eight-track. It
was far from professional, but Clifton made do with what he could.
Today he doesn't use the Internet too much for music. He's more
old-fashioned, he says. Plus, he never has been able to get an MP3 on the
Internet. He registered at MP3.com and had a song ready on his computer,
but never could figure out how to upload it.
It doesn't bother him much. He's of the belief that the Internet world of
music has become oversaturated.
"It doesn't necessarily have to be good because it's so easy to do,"
Clifton says. "Anytime there's an abundance, there's always waste. You can
make music without even being musical."
That doesn't mean Clifton is against the technology. He just finds that
with a group like his, that likes to get together and play a lot, putting
on a memorable stage show is the best means of promotion. That's how he
wants to sell his CDs.
But what if he had grown up with the Internet at his disposal and he was an
expert on the technology?
"If I had the stuff they have now," Clifton says, "I'd be doing it. Sure."
Jamie Nelson has been rapping since 1995. Two years ago, he started using
the Internet to promote his music. On the microphone, he's Nomadic of the
group Soul Components. On the Internet, the 25-year-old adopts various
handles on different message boards, where he puts up his MP3 links and
tries to stir interest.
"A lot of it was to expose the music to people who otherwise wouldn't get
it," Nelson says. "I knew we'd done things in Fresno, but I wanted to see
how it would appeal to people in other states."
The response from listeners mostly has been positive, but the response that
means more to Nelson comes from other artists.
He has a list of five artists with whom he's really wanted to work. Through
the Internet, he has connected with four, and three will be on his next album.
Felix finds the biggest asset is the ability to do shows in other areas.
"We play in Bakersfield and L.A., and it helps us get connections with
other bands," he says. "Other bands e-mail us all the time, 'Wanna do a
show with us?'
"Everything we've got out of town has been connections through the
Internet. We'd probably be going in a different direction if we didn't have
the Internet."
************************
News.com
States spar over UCITA act
By Paul Festa
A controversial initiative to standardize U.S. state laws on software
licensing faces a crucial vote this week, as battle-weary consumer
advocates and tech companies pin their hopes on a legal gathering in Arizona.
The National Conference of Commissioners of Uniform State Laws (NCCUSL) is
devoting part of its current annual meeting in Tucson to debating
amendments to its Uniform Computer Information Transactions Act (UCITA), a
proposed code to govern software licenses and other digital information
transactions.
The amendments come as momentum leeches from the beleaguered initiative,
which is meant to bring the 50 states' various and conflicting software
licensing laws into alignment. Should they be approved, the amendments may
further diminish UCITA's chances for widespread adoption as both the
software publishers and the consumer advocates balk at the proposed
compromises.
UCITA has met with fierce criticism since its introduction three years ago.
Consumer groups, legal associations and library organizations have
excoriated the proposed act for the freedom it would grant software makers
to restrict the use of software and dictate the terms of settling conflicts.
About half of the U.S. state attorneys general have come out in opposition
to the law, joining the Consumer Project on Technology, the Consumers
Union, the Electronic Frontier Foundation and the Free Software Foundation.
Supporters include Microsoft, America Online and the Business Software
Alliance.
Under the lash of vocal opposition, early versions of the act have
languished in state legislatures. Virginia and Maryland approved versions
shortly after it was first proposed, but elsewhere it has died in committee.
"I think that everyone's growing weary," said Carol Ashworth, the UCITA
grassroots coordinator for the American Library Association (ALA), which
has called the amendments insufficient and loophole-ridden. "There's still
a tremendous difference of opinion about the amendments among the
commissioners themselves. They spent the first two hours (on Monday)
talking about just the first three amendments."
The approximately 350 commissioners resume debate on the amendments Tuesday
afternoon and expect to vote on them Thursday. States get one vote each,
regardless of how many commissioners they send to the meeting. Once
measures and amendments make it to the final vote, it is extremely rare for
them not to be approved.
Even if the amendments sail through a Thursday vote, it would not spell the
end of UCITA's challenges. At that point, the amended act would still face
the state-by-state battle where it has languished until now.
Amid Monday's debate, NCCUSL representatives reached by phone sounded less
than optimistic about the act's progress.
"We're all in a kind of wait-and-see mode," said John McCabe, NCCUSL's
chief counsel. "We have hopes, but that's it. Even if your own conference
accepts the amendments, that's not a slam dunk. We'll see where they go
from here."
Among the amendments being debated in Tucson:
? Self-Help: As UCITA now stands, software licenses can thwart lawsuits
against vendors by outlining binding alternatives to litigation. These
so-called self-help measures have let software companies shut down a piece
of software if they have not been paid for or if they claim a breach of
contract. According to NCCUSL, a proposed change to UCITA would abolish
provisions for self-help. The ALA claims it would still permit loopholes
for self-help.
? Opting In, Opting Out: A proposed change removes a section of UCITA that
limited licensees' ability to opt in or out of UCITA.
? Known Defects: Critics lambasted UCITA for relieving software vendors of
liability for selling software with known defects. A new section "expressly
clarifies the applicability of other law to provide appropriate remedies
for cases where known material defects are undisclosed," according to NCCUSL.
? Consumer Protection: Consumer advocates charged that UCITA would strip
people of legal protections they enjoy under current state law. A new
section would spell out that existing consumer protection law trumps UCITA
when the two come into conflict.
? Public Criticism: Free-speech advocates complained that UCITA let
software makers prohibit public criticism of their products. A new section
says that any provision limiting criticism rights is not enforceable,
according to NCCUSL.
? Reverse Engineering: A new section spells out that reverse engineering is
permissible for the purpose of making products interoperable with each
other. The amendment was a sine qua non for Sun Microsystems, NCCUSL said.
On Thursday, the NCCUSL concludes its meeting and will make a final
determination on the amendments. But there was some question of how closely
the industry will be watching the outcome of the amended act.
"The software industry quite strongly supported this because in the
beginning it had all the things they wanted," NCCUSL's McCabe said. "When
you lose the self-help remedy, there's a loss they don't feel is in their
interest. If the proponents lose something like that, they become less
excited about it."
******************
InformationWeek
Companies Must Protect Their Employees' Info, Too
Hackers don't just want to steal business data; they may want to nab your
workers' identities
By David Post and Bradford C. Brown
Gov. Gray Davis of California has had a few tough years. First it was the
state energy crisis. Now hackers have evidently stolen the Social Security
numbers of almost all employees on the state government's payroll --
265,000 people had their personal and financial information nabbed. It was
widely reported that state IT workers took more than a month to detect the
problem. Worse yet, officials allegedly didn't tell employees what had
happened for another three weeks. Reports indicate that Davis, too, had his
personal information stolen.
For the whole story see: http://www.informationweek.com/story/IWK20020725S0004
********************
Reuters Internet Report
Internet-Scam Sweep Targets 19 Online Fraudsters
WASHINGTON (Reuters) - Federal and state law enforcement authorities said
Tuesday they had taken action against 19 Internet-based scams that they say
collectively bilked consumers out of millions of dollars.
Work-at home schemes, auction fraud, deceptive use of junk e-mail,
securities fraud and other schemes were targeted by a broad Internet
law-enforcement effort including state attorneys general, local law
enforcement authorities and a passel of federal agencies.
Several cases have been settled already, with punishments ranging from
seven-year jail sentences to agreements by defendants to stop their schemes.
While many of the perpetrators live in the Midwest, the crimes targeted
consumers nationwide through junk e-mail solicitations or fraud on eBay,
Yahoo and other popular Internet auction sites, according to a spokeswoman
for the Federal Trade Commission.
In one case, a Florida company named Stuffingforcash.com told consumers
they could earn up to $2,000 per week stuffing envelopes at home after
paying an initial $45 deposit, but then failed to send the promised
envelope-stuffing materials.
The scheme likely cheated tens of thousands of customers out of more than
$2 million over the past year, the FTC said in court filings.
Auction fraud was a common charge. In a typical case, the Illinois attorney
general charged Chicago resident Tim Engle with advertising merchandise for
sale on eBay but failing to provide the goods after payment was received.
The head of the FTC's consumer-protection division said the Internet
enabled scam artists to reach a wider audience than before.
"Scams on the Internet spread very quickly," said the FTC's Howard Beales.
"That's why the FTC and our partners are moving aggressively to shut these
schemes down."
***********************
Lillie Coney
Public Policy Coordinator
U.S. Association for Computing Machinery
Suite 510
2120 L Street, NW
Washington, D.C. 20037
202-478-6124
lillie.coney@xxxxxxx