Clips September 10, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips September 10,
2003

New Parent-to-Child Chat: Do You Download Music?
Deadline for Scannable Passports to Be Delayed 
'Homeless hacker' surrenders 
Offensive sites banned under FOI
Study: Cigarettes in Reach of Children on Web
Experts say culture hinders single smart card
Oceanic air tech gets go-ahead
Air Force wants to build a universal translator 

*******************************
New York Times
September 10, 2003
New Parent-to-Child Chat: Do You Download Music?
By AMY HARMON

Tamara Amey has tried to instill solid values in her daughter on
everything from schoolwork to sex, but what Kyla Amey, 16, did on her
computer was up to her. Or at least until Ms. Amey heard that the record
industry was planning to sue Internet file swappers.

Last month, Ms. Amey ordered Kyla to delete the software she used to
download popular songs without paying for them. But in their debate about
online sharing and stealing, Ms. Amey sometimes feels more confused than
confident.

"The Internet is so gray when you come to these kind of areas,"
Ms. Amey of Shelby Township, Mich., said after the lawsuits were filed.
"When I was a kid, we used to tape music off the radio. You never
heard of record companies suing people for that."

As the record industry filed a barrage of lawsuits on Monday against
people who copy music over the Internet, many parents across the country
were caught unaware, accused of condoning an illegal activity they do not
know much about  and do not necessarily want to.

With the threat of hundreds more lawsuits, parents across the country say
they are having to wrestle with unfamiliar digital-age ethics. Even for
the rare parents whose computer skills match those of their children, the
prospect can be daunting.

"This practice is illegal, but it's something that we all sort of
turn our heads from," wrote one parent on a discussion board devoted
to teenagers on the iVillage Web site. "As a parent, what exactly do
you say to your kid?"

Yet it is just such discussions, not legal action against ordinary
Internet users, that many Internet and family experts argue will be
crucial to stamping out online piracy. 

"The solution is in parents talking to their kids, not
lawsuits," said Parry Aftab, executive director of Wiredsafety.org,
a nonprofit group that seeks, among other things, to educate the public
about problems that can arise for children who go online.

Ms. Aftab said her group had been flooded in recent weeks with questions
from parents and teenagers about the legality and ethics of music file
swapping. A particularly hard challenge for parents, she said, is how to
explain to children that copying music online can be illegal when so many
people  including plenty of parents  are doing it.

"A lot of parents are totally clueless about this," Ms. Aftab
said. "They don't understand the laws and they don't understand the
technology."

The Recording Industry Association of America, which filed 261 copyright
infringement lawsuits Monday on behalf of the major record labels, hopes
its sweeping legal action will provoke many such discussions. The
industry holds file sharing largely responsible for a 25 percent decline
in sales of CD's since 1999, when Napster, the first popular
file-swapping software, was released.

Today's file-swapping services like KaZaA and Grokster have survived
legal attack because they, unlike Napster, do not provide a central
directory of computers on the network and what files they have. Like
Napster, however, they resemble a pirate cooperative allowing individual
users to make music files available on their own personal computers for
others to copy.

Without those ready targets, the record industry is aiming its lawsuits
directly at individuals, starting at those who "share" at least
1,000 files.

By discouraging people from allowing files to be copied, the record
industry hopes to destabilize the whole ecology of file-sharing networks.
Typing in a search term like "White Stripes," the name of an
indie rock band, typically yields a list of hundreds of files on other
computers that users can click to copy almost instantly. Once copied,
that file typically adds to the total available copies.

The industry's tactic may be working. Sylvia Torres, the mother of
Brianna LaHara, a 12-year-old from the Upper West Side of Manhattan who
was named in one of the lawsuits, said yesterday that she had settled for
$2,000. "We understand now that file sharing the music was
illegal," Ms. Torres said in a statement. "You can be sure
Brianna won't be doing it anymore."

But critics argued that the record industry was eager to settle with Ms.
Torres because the spectacle of suing a 12-year-old honors student who
received front-page treatment only added to the impression that the
industry's legal actions were heavy-handed.

Ms. Torres, who did not respond to messages yesterday, told The
Associated Press that she believed that her family was entitled to
download music because it had paid $29.99 for software that provides
access to online file-sharing services.

But in an online discussion, several parents voiced impatience with those
who claimed ignorance.

"Parents are always responsible for their kid's actions," wrote
one participant, identified as "peppergarden84." "Wake up
America!! Teach your kids what's right and good and love them, then they
will be responsible citizens."

Explaining the boundaries of copyright law may prove more difficult for
some parents than explaining where babies come from. One woman who
received a subpoena from the record industry association said she had
struggled to explain to her 13-year-old son, who likes to write songs,
why file sharing was wrong. 

"I said, `Suppose you wrote a song and a famous rock group sang it
and you didn't get paid,' " said the mother. "He said `I
wouldn't care, that would be awesome.' They're just still in that young
age where money doesn't matter."

The mother said she had better results when she compared taking someone's
song to plagiarizing a school paper, something else she wants to teach
him not to do as he enters high school this month.

Linda Hodge, president of the National PTA, said that parents were still
learning to add Internet behavior to the list of issues that families
need to talk about. "It goes along the lines of talking with them
about drugs, talking with them about sex, and talking about how to keep
yourself safe," she said.

Still, Stephany Hitchcock, 46, a jewelry designer in Manhattan, who was
taking her 11-year-old son, Nick, home from school on the Upper West Side
yesterday echoed the frustration of many parents confronting an Internet
that never sleeps.

"You can't stand over these kids 24 hours a day," Ms. Hitchcock
said. "Even if parents and kids are educated, it's like a candy
store," that their children will take from if they can.

Sometimes it is parents who lead their children astray. When Lon Rogers,
50, of Lakewood, Colo., found out Monday that he was being sued by the
record labels, a local newspaper reporter suggested that perhaps his son,
Erick, had been responsible for the file-sharing activity. But Mr. Rogers
said he originally told his son Erick about KaZaA  and warned him to
stop using it shortly before he received a subpoena in the mail in July.

"He has nothing to do with any of this, this is all me," said
Mr. Rogers, a restaurant owner. "I have my tail between my legs. I
am his father. I should be his mentor, not the one who is getting in
trouble."
*******************************
CNET News.com
Foes of site-blocking law win a round 


By Declan McCullagh 
Staff Writer, CNET News.com
September 9, 2003, 5:35 PM PT


A legal challenge to a controversial Pennsylvania law that forces network
providers to block possibly illegal Web sites won an unexpected early
victory Tuesday. 
Hours after filing a federal lawsuit against the law's "secret
censorship orders," aimed at Internet and backbone providers, two
civil liberties groups won a dramatic concession from the Pennsylvania
attorney general, who agreed to cease using the orders until the case is
heard in November. The lawsuit claims the orders--more than 300 have been
sent out so far--violate the First Amendment, which broadly protects
freedom of _expression_. 

Although the law is only a Pennsylvania state statute, it has had the
unusual result of cordoning off Web sites for the entire continent. When
the law was used to force WorldCom (now known as MCI) to ban access to
some sites with suspected child pornography, the company said it had to
block the sites for all of its North American subscribers. 


The Center for Democracy and Technology (CDT) spent a year in a stiff
exchange of letters with Mike Fisher, the Pennsylvania attorney general,
in an attempt to learn the contents of the secret list of off-limits
sites. The CDT, along with American Civil Liberties Union, filed the
lawsuit at 9:15 a.m. local time Tuesday. By 1:30 p.m., Fisher had
volunteered to halt the practice. 

"We're very pleased with the results," said John Morris, an
attorney at CDT. "We believe the attorney general's secret system of
censorship orders is completely unsupportable. Frankly, we're surprised
that the attorney general persisted until today in defending that
system." 

Fisher's office could not be immediately reached for comment. Sean
Connolly, a spokesman for Fisher, said in an earlier interview with CNET
News.com that the law "has been very successful" and has led to
few complaints. "We've worked with Web hosting companies and
(Internet service providers) to ensure that the illegal and offensive
material is taken down--and not any legal sites that may share that
space," Connolly said. 

A preliminary injunction hearing before U.S. District Judge Jan DuBois
has been scheduled for Nov. 21. DuBois held a brief hearing Tuesday,
during which the state made the concession, which he is expected to
formalize in a written order. 

The ACLU and CDT lawsuit acknowledges that police action against child
pornography is necessary, but it says the Pennsylvania state law goes too
far in establishing an Internet censorship scheme and is therefore
unconstitutional. In addition, the suit claims, Fisher has gone beyond
what the statute allows by sending confidential orders to Internet
companies that require them to ban access to certain sites--or else.

"Defendant Fisher has maintained his system of secret prior
restraint orders through intimidation of ISPs," the complaint reads.
"After one ISP, WorldCom, wrote to Defendant Fisher to suggest that
Fisher should use the statutory procedures instead of the secret prior
restraint orders, Defendant Fisher issued a press release accusing the
ISP of refusing to block child pornography. Since the issuance of the
press release attacking WorldCom, no ISP has refused to follow any of the
secret prior restraint orders." 

The Pennsylvania state law in question, which took effect last year,
permits the attorney general to order ISPs to block access to the
Internet Protocol address of sites that are suspected of featuring child
pornography. No other state appears to have enacted such a sweeping law,
and this is the first time it is being tested in court. The list of ISPs
Pennsylvania targets includes EarthLink, Microsoft's MSN, Terra Lycos,
Verizon Communications and Comcast. 

A study, released in February by Harvard University's Berkman Center,
concluded that because modern Web standards permit thousands of domain
names to share one Internet address, Pennsylvania's practice of blocking
illegal sites tends to lead to innocuous ones that are being outlawed as
well. It said the practice of Web sites sharing IP addresses is so
commonplace that Yahoo hosts 74,000 Web sites at one address and Tucows,
a Toronto-based registrar of Web domain names, uses one address for
68,000 domains. *******************************
Washington Post
Deadline for Scannable Passports to Be Delayed 
Foreigners Won't Need Special Document Until 2004 
By John Mintz
Wednesday, September 10, 2003; Page A17 

The Bush administration is delaying enforcement of impending rules that
could have prevented citizens of 27 countries in Europe and Asia from
traveling to the United States unless they carried new computer-readable
passports, officials said yesterday.

Enforcement of the rules, imposed by Congress in the USA Patriot Act as a
way to keep track of visitors to the United States more efficiently, will
be delayed by a year to avoid problems at U.S. airports weeks from now,
officials said.

Instead of taking effect Oct. 1, the restrictions will be implemented on
Oct. 26, 2004, said Asa Hutchinson, undersecretary for border and
transportation security at the Department of Homeland Security.

Representatives from a number of foreign governments that are close U.S.
allies and trading partners had told the State Department that they could
not meet the October deadline for providing citizens with the scannable
passports.

The looming deadline, Hutchinson told reporters yesterday, "caught a
lot of our foreign partners off guard." 

Under the Patriot Act, the State Department has final say over whether
the original deadline should be extended. Yesterday, State Department
officials said Secretary of State Colin L. Powell still had not made a
final decision, but other government officials backed Hutchinson in
saying the deadline would be put off.

U.S. officials are requiring foreign governments applying for the
postponement to promise that they are working aggressively to develop
machine-readable passports, which also will be used at U.S. border
crossings, officials said.

The Patriot Act requires that citizens of 27 nations who usually do not
need visas to visit the United States must have passports that can be
scanned by computers. The nations are mostly in Western Europe but also
include Japan, New Zealand and Australia. Many of the countries use
various types of passports, some machine-readable.

Among the nations that were not prepared to meet the deadline are France,
Italy, Spain and Switzerland, officials said. The United States and
Britain have had machine-readable passports for more than a
decade.

Executives of the U.S. travel industry, who had predicted pandemonium at
foreign and U.S. airports on Oct. 1 unless the deadline was extended,
welcomed yesterday's news. Many foreign travelers probably would not have
learned that they could not make their trips until they arrived at the
airport, they said.

International travel to this country has declined by 20 percent in the
past two years and cost the U.S. economy $15 billion, travel executives
said.
*******************************
CNET News.com
'Homeless hacker' surrenders 
By Declan McCullagh 
September 9, 2003, 4:35 PM PT

update Adrian Lamo, the so-called homeless hacker, surrendered Tuesday to
face two federal criminal charges of electronic breaking and entering.
Lamo, 22, turned himself in at the U.S. courthouse in Sacramento, Calif.,
ending a five-day manhunt during which FBI agents staked out his family's
home in the Sacramento suburbs and his defense attorney painstakingly
negotiated terms of the surrender with federal prosecutors. 

A spokeswoman for U.S. Attorney McGregor Scott said Lamo appeared at 2
p.m. PT before U.S. Magistrate Judge Gregory Hollows and was released to
his parents after they posted a $250,000 bond. Lamo is not allowed to use
a computer and must "report to the FBI in New York City" on
Thursday morning to face a formal arraignment in court there, the
spokeswoman said. 

 

Since last week, Lamo and his defense attorney have stressed that he was
willing to cooperate with federal police if they revealed the contents of
a sealed complaint that described the charges. "The only reason that
I hadn't come in before now was lack of communication," Lamo said in
a telephone interview late Monday evening. "Communication has been
good today, and as such, there's no compelling reason not to go in...I
want to come in as a show of good faith." 

Lamo, something of a legend among hackers for his brazen exploits, media
savvy and rootless lifestyle, is facing two criminal charges. One is
related to his admitted intrusions into The New York Times' network, and
the other deals with his alleged misuse of a Lexis-Nexis account, said
Mary French, a deputy public defender in Sacramento who is representing
Lamo. 

In the New York Times incident in February 2002, Lamo was able to view
employee records--including Social Security numbers--and access the
contact information for the paper's sources and columnists, including
well-known contributors such as former U.S. President Jimmy Carter,
former Marine Officer Oliver North and hip-hop artist Queen Latifah. He
also has claimed break-ins at technology companies including, Microsoft,
Yahoo and WorldCom (now known as MCI). 

Besides his radically mobile lifestyle that often found him logged in
through a Starbucks wireless connection, Lamo is known for his singularly
altruistic style of hacking. He stressed that he's never deleted any data
or asked for money in exchange for identifying security vulnerabilities.
Some companies, in fact, have thanked him for telling them about holes in
their network that a malicious intruder could use to wreak havoc.

Lamo's earlier exploits, which he typically disclosed, include breaking
into WorldCom in December 2001, Microsoft in October 2001, Yahoo in
September 2001 and Excite@Home in May 2001. When he reportedly entered
Yahoo's system, Lamo found he was able to alter news articles on the
company's site and tampered with one describing accused copyright felon
Dmitry Skylyarov's court travails. The New York Times did not respond to
a request for comment last week except to say it was cooperating with the
FBI. 

Many of the exploits, if proven, that Lamo claimed to have accomplished
could run afoul of the federal Computer Fraud and Abuse Act, which he is
charged with violating. It punishes anyone who "intentionally
accesses a computer without authorization or exceeds authorized
access" with fines and--depending on the charges--between one and
five years in prison. 

Lamo has earned the "homeless hacker" moniker for his decision
not to hold down a permanent job and instead wander the United States on
Greyhound buses, sleeping on friends' couches and, when necessary,
camping in vacant or derelict buildings. He boasted that he can live on a
minimum number of calories per day--but added that he also needs dental
work and has been growing hungry enough to consider applying for food
stamps. 

In one sign that he expected this week's confrontation with law
enforcement long ago, Lamo registered FreeAdrian.com, which currently
points to an old version of his adrian.adrian.org Web site, a month after
the New York Times intrusion. In the last few days, however, FreeLamo.com
has popped up, along with AdrianLamo.com. 

"This has been a very unpleasant and traumatic experience for me,
but being surrounded by supportive people has helped," Lamo said.
"Faith manages." 
*******************************
Australian IT
Offensive sites banned under FOI
Sharon Mathieson
SEPTEMBER 10, 2003  
 
CHILD pornography, bestiality and violent websites banned by the
Australian Broadcasting Authority cannot be accessed under freedom of
information laws passed by the Senate.

Amendments to the Communications Legislation Bill ensure highly offensive
online content and website addresses containing illegal material can no
longer be reached through the use of the Freedom of Information (FOI)
Act. 
But Labor claimed the laws gave some government agencies the power to
censor material without challenge. 

Opposition information technology spokeswoman Kate Lundy said Labor's key
concern was that the bill exempted four agencies from freedom of
information requests in relation to documents containing offensive
internet content. 

The four agencies were Australian Broadcasting Authority (ABA), the
Office of Film and Literature Classification, the Classification Board
and the Classification Review Board. 

Senator Lundy said the bill was an attempt by the government to remove
freedom of information scrutiny from government agencies involved in
regulating offensive websites. 

"If this schedule were enacted there would be no way to access the
material on which an agency based a censorship decision in order to
challenge the lawfulness or reasonableness of that decision," she
said. 

The Australian Democrats also opposed the bill's restriction on freedom
of information requests and wanted the Australian Communications
Authority to reject mobile phone towers constructed near community
sensitive sites such as schools. 

Communications Minister Richard Alston condemned Labor, the Democrats and
the Australian Greens for their opposition to the bill but praised
independent senators for voting with the government to pass the law.

He said the potential release of offensive material under the FOI Act
would have hampered the ABA's ability to contribute to international
efforts to close down child pornography on the internet. 

"I am deeply disappointed that Labor, the Democrats and the Greens
do not appear to understand that Australian families have an expectation
that the government will shield their children from this sort of
depravity," Senator Alston said. 

More than 284 Australian-hosted internet sites have been banned by the
ABA under the Online Content Co-Regulatory Scheme. 

Senator Alston said Labor had an ideological opposition to a sensible
community proposal. 

"The bill itself ... is only designed to deal with offensive
internet content which means the subject matter of these highly offensive
websites and the URL which are the addresses that get you to those
sites," he said. 

"It doesn't stop you exploring the merits of the regime or finding
out a whole bunch of other things under FOI that relate to the
administration of regime." 

The legislation now returns to the House of Representatives for final
approval.
*******************************
Associated Press
Study: Cigarettes in Reach of Children on Web
Tue Sep 9, 6:32 PM ET

CHICAGO (Reuters) - Cigarettes sold on the Internet are easily available
to children with a credit card or money order because vendors do not or
cannot check the age of buyers, researchers said on Tuesday. 


University of North Carolina researchers supervised four children, aged
11 through 15, who successfully bought cigarettes from 50 of 55 Internet
vendors in 12 U.S. states over a four-month period in 2001. 


The illegal sales were made 76 times out of 83 attempts, or 92 percent of
the time. 


The children used money orders and a type of pre-paid credit card
marketed to teen-agers to buy the cigarettes. If a Web site asked for a
date of birth, the children entered false information, making it appear
they were 18 or older. 


In the United States, children under 18 are prohibited from purchasing
cigarettes. 


"Altogether, the Internet vendors sold a total of 1,650 packs of
cigarettes to the four minors" without once verifying the age of the
buyers, study author Kurt Ribisl wrote in the Journal of the American
Medical Association (news - web sites). 


"New methods of verifying the age of consumers need to be identified
and tested for effective prevention of online tobacco sales to
minors," he wrote. 


"Programs will be needed to educate Internet cigarette vendors about
state laws related to sales to minors. Finally, federal legislation
banning Internet and mail order tobacco sales to minors may be the most
effective policy strategy." 


In the United States, children under 18 are prohibited from purchasing
cigarettes, according to a spokesman for the anti-smoking group Action on
Smoking and Health (news - web sites). 
*******************************
Federal Computer Week
Experts say culture hinders single smart card
BY Sara Michael 
Sep. 9, 2003

The technology exists to create a governmentwide smart card program, but
cultural issues and a lack of top-level management support stand in the
way of implementation, experts testified today.

A single government smart card is possible, but managerial and policy
differences create difficulties, said Joel Willemssen, managing director
of information technology issues at the General Accounting
Office.

"It would probably be very difficult to standardize it from a
management and policy perspective," Willemssen testified today at a
hearing of the House Government Reform subcommittee on technology,
information policy, intergovernmental relations and the census.

Agencies have different security clearances and access controls. GAO
identified 62 smart card initiatives in varying stages at 18 agencies,
Willemssen said. One of the next steps, he said, is establishing a
governmentwide employee credentialing policy to streamline employee
clearances.

"Once you set that policy, then the technology can follow," he
said.

Introducing smart cards for physical access or systems access is often
met with hesitation, said Sandra Bates, commissioner of the General
Services Administration's Federal Technology Services. 

"We've identified that the technology's there," Bates told
subcommittee chairman Rep. Adam Putnam (R-Fla.). "We're also talking
now about a cultural change, and there are barriers. It's gaining
acceptance and top management support."

Obtaining the resources for infrastructure and software is also a major
challenge, Willemssen said. The costs can be high, particularly if
biometrics and public key infrastructure technologies are included, he
said.

Ken Scheflen, director of the Defense Department's Defense Manpower Data
Center, agreed. "The infrastructure costs and enabling technologies
are the hard part because you really have to change the way people do
business," he said.

The Defense Department completed the roll out of the infrastructure for
its smart card program in July. The program, Common Access Card, is the
most advanced smart card program in the world and can serve as a model
for other agencies, Scheflen said.

The government needs smart card standards for interagency
interoperability, experts said. The standards would outline the common
features of each card, then agencies could add capabilities, Bates said.
"Some agencies will always have unique requirements and traits, and
that's OK, but you have to have a baseline," she said.

GSA and the National Institute of Standards and Technology have taken
steps to create those standards. NIST officials have published two
versions of their smart card specifications and are working with agencies
and industry partners on program requirements. Similarly, GSA established
an Interagency Advisory Board, including NIST and other agencies, to
refine the specifications. They also awarded a smart card contract in May
2000 to five vendors to provide smart card services across the government
based on these standards.
*******************************
Federal Computer Week
Oceanic air tech gets go-ahead
BY Randall Edwards 
Sept. 9, 2003

The government approved a Lockheed Martin Corp. system that will control
U.S. air traffic over the ocean.

Advanced Technologies and Oceanic Procedures (ATOP) will replace existing
Federal Aviation Administration systems that are responsible for the
separation of aircraft over the oceans. Lockheed's technology will allow
controllers to reduce space between aircraft, which is seen as an
improvement in air traffic efficiency.

The company is currently installing hardware for the system in Anchorage,
Alaska; Oakland, Calif.; and New York City, with site testing scheduled
to start by 2005. The program will be integrated with the
radar-processing functions of the Microprocessor En Route Automated Radar
Tracking System.

"The ATOP system will provide much needed increased efficiency and
oceanic airspace capacity to meet growing international air
traffic," said Don Antonucci, president of Lockheed Martin
Transportation and Security Solutions.

When functional, the new system will manage approximately 80 percent of
the world's controlled oceanic airspace, including approximately 24
million square miles over the Atlantic, Pacific and Arctic oceans. Much
of the airspace over the oceans is not controlled by anyone. 

Supporting Lockheed on the program are Adacel Inc., supplier of the
oceanic automation software; Airways New Zealand and Sunhillo Corp.,
provider of the External Communications Server to allow access to
external data interfaces.
*******************************
Government Computer News
09/09/03 
Air Force wants to build a universal translator 
By William Jackson 

The Air Force Research Laboratory Information Directorate has awarded a
$1 million, two-year contract to two Washington companies to develop
language translation technology. 

StreamSage Inc., the prime contractor, creates tools to manage digital
audio and video content and will handle technology development. Global
Management Systems Inc. will handle implementation. 

A universal translator is the Holy Grail of machine translation, but
current state-of-the-art in translating the spoken word is limited to
small collections of words and phrasesa sort of automated phrase
dictionary. The Air Force wants to expand that capability to ease the
burden on human translators in the military and intelligence communities.

Rather than a rules-based approach, which uses a dictionary and grammar
to translate between two languages, StreamSage is opting for an
Interlingua approach, which uses statistical comparisons of parallel
documents in different languages, much like the Rosetta stone. 

?To do efficient statistical translation you have to have millions of
parallel documents,? said StreamSage president Seth Murray. 

?There are not any good metrics now? for gauging the accuracy of speech
translation, Murray said. Developing benchmarks will be one of the goals
of the program. 

At the end of two years, the Air Force hopes to have a system that would
not put any translators out of work, but could help in monitoring
conversations. The system would be able to flag certain words or topics
to indicate that a particular conversation should be given more
attention.
*******************************