Clips October 6, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips October 6, 
2003

ARTICLES

Recall Voters Face an Intricate Ballot, and, Indeed, Chads
VeriSign Agrees To Shut Down Search Service 
EU directive could spark patent war
SF library wants to track books with computer chips
Pair Mapped Out Their Travels on a Laptop Computer 
Students Fill Grade Book On Teachers at Web Site 
Federal Reserve checks out new servers 
Study: More Privacy Protections Needed as Location-Based Services Emerge

*******************************
New York Times
October 6, 2003
Recall Voters Face an Intricate Ballot, and, Indeed, Chads
By SARAH KERSHAW

LOS ANGELES, Oct. 5  When voters in Los Angeles go to the polls in
California's recall election Tuesday they will have to flip through an
eight-page paper ballot to search for their candidate, listed in
semi-random, not alphabetical order.

It is just one of the complications of an election in which voters must
decide whether to recall Gov. Gray Davis, then choose from 135 possible
replacements. Once Los Angeles voters find their candidate's number, they
will use a stylus to punch out a chad  yes, those chads of Florida
fame  on a card studded with 312 numbers.

In Plumas County, near the Sierra Nevada, voters will face a 13-page
ballot on a computer screen and use touch-screen voting. 

In Yolo County, near Sacramento, the ballot consists of five cards: two
pink cards for the recall question and the two other measures on the
ballot and three white cards listing the names of the 135
candidates.

Each voter is given three white cards, but is asked to return only the
one listing the favored candidate. The two other cards must be placed in
an orange envelope and put in orange boxes at the polling place. The two
pink cards and the one white card go in a gray envelope that the voter
must hand to the poll worker, after punching the cards with a stylus.

These are among the dizzying array of voting methods and situations
facing the 15.4 million voters who registered in California for the
recall election, a record number for a California election for governor,
state officials said. 

No one, it seems, has ventured a guess on just how long it might take
voters, whatever system they are using, to wade through the
ballot.

But over the weekend, election officials across the state, nearing the
end of their sprint and trying to anticipate every glitch, prepared
furiously for Tuesday. 

In Norwalk, a suburb of Los Angeles where the Los Angeles County
registrar's office has its headquarters, Kristin F. Heffron, chief deputy
of the office, described the scene as "organized
chaos."

On Saturday, in one room, 100 election workers sorted through absentee
ballots, placing thousands of punch card ballots  those of hanging,
dimpled and pregnant chad fame  into one of two small cardboard
boxes labeled "good" and "damaged," or tossing them
into a metal basket labeled "snags."

Across the hall, several dozen of the 1,800 election workers who will be
on duty by dawn Tuesday made a dry run with the punch card reading
machines.

They fed thick stacks of orange demonstration ballots, which like the
real pink ballots are studded with 312 chads, through loudly clacking
card reading machines counting 1,000 ballots a minute. 

"Everybody is saying things are as smooth as silk," Ms. Heffron
said somewhat tentatively, a sentiment that was not shared by some other
nervous county election officials in a state where the mechanics and
methods of voting vary greatly among the 58 counties. 

Voters first decide on the recall of Mr. Davis. Regardless of how they
vote on that issue, they select one candidate to replace him should he be
recalled. The polls close at 8 p.m. Pacific time. 

Each of the counties will have 28 days after Tuesday's election to
certify their results, and the California secretary of state has 11
additional days to certify the counties' results. That could mean that
the state will not officially declare the result until weeks after the
election.

Still some county officials, including those in Los Angeles, the state's
largest county and the nation's largest electoral district with four
million registered voters, said that unless the recall question and the
governor's race were too close to call, they should have a strong sense
of what most voters had decided by midnight Tuesday in California.

Others, however, including officials in Orange County, where the 1.34
million registered voters will be using an optical scan system for the
first time, said it would probably take them until Wednesday morning to
get an accurate read on the vote. 

Despite criticism of the punch card system that was at the center of the
electoral fiasco in Florida in the 2000 presidential race, election
officials in Los Angeles said they were glad they were using the same
method they had used for 35 years, which had never caused problems here.

Some other California counties are using hastily introduced new systems,
which they had not expected to use until next year's March presidential
primary. 

Still, even in Los Angeles County, it was a mad dash to the recall. In 77
days, from the day the election was called on July 24, the county
registrar's office, which expects at least half of the 4 million voters
to turn out for the election, zoomed toward the election at break-neck
speed.

"It was a pressure cooker," Ms. Heffron said. 

In just a few weeks, the registrar's office produced its eight-page
ballot, after calling its ballot manufacturer in July and requesting an
emergency delivery of ballot stock. Sample ballots were then mailed to
more than four million people and there was a frantic rush to line up
polling places. (Officials reduced the usual number of polling places,
4,900, to 1,786 because there was not enough time to set up all of
them.)

They also scurried to recruit the most experienced poll workers, and by
Sunday had 14,000 signed up.

For any election, officials scrounge for polling places, setting them up
in flower shops, mortuaries and, of course, schools. 

But schools were not available for Tuesday's recall, so officials instead
went after churches like crazy and hoped there would be enough parking.
They are now posting notices at the old polling places where voters might
turn up, with maps telling voters where to go instead. 

The officials also quickly reserved the sheriff's helicopters they
regularly use to fly ballots into the registrar's office on election
night from far-flung polling places across the 400-square-mile Los
Angeles County.

And with the four helicopter routes settled, 50 pounds of election
materials and supplies delivered to each precinct and Saturday's dry run
revealing no glitches, election officials here said they felt most
everything was in place.

"We're very ready for the election," Conny B. McCormack, the
county registrar-recorder, said on Saturday, surrounded by a throng of
reporters and cameramen, including a photojournalist who is also a
candidate for governor and was shooting footage of the dry run.
"We're in really good shape."

But election officials were concerned, in places like Orange and Shasta
Counties, where punch card machines were hastily replaced with new voting
technology they had not expected to use until next March. They were also
a bit weary, as they processed the large number of absentee ballots that
have been sent in. 

Unlike the places with lengthy ballots, San Francisco and other counties
managed to produce a single page: a 10-inch by 17-inch cardboard sheet
filled from top to bottom, front to back with recall candidate names and
the two propositions; voters will mark them with felt-tip pens. Election
clerks, who are required to review the crammed ballot with each voter to
ensure they understand their voting options, said after helping some
voters over the weekend, that they were already tired. 

The Yolo County clerk-recorder, Freddie Oakley, said the long list of
candidates, the fact that they were not listed in alphabetical order and
the county's five-card ballot setup, might present problems for voters.

"My No. 1 concern is that voters are going to have difficulty
finding their candidates on the ballot," Ms. Oakley said. "I
don't think the average American, with any level of education, would
discern any order in these."

In Los Angeles, though, officials seemed confident that Election Day
would go relatively smoothly.

"I always like to equate it to the Rose Bowl," Ms. McCormack
said. "Everybody can picture it  that's 100,000 people. Well,
picture in a 13-hour time frame, the Rose Bowl filling up or emptying 20
or 25 times. Don't you think there might be a few fender benders in the
parking lot and a few people who can't find their seats?" 
*******************************
Washington Post
VeriSign Agrees To Shut Down Search Service 
By David McGuire
Saturday, October 4, 2003; Page E01 

VeriSign Inc., the firm that oversees Internet addresses ending in
".com" and ".net," yielded to pressure yesterday and
said it will temporarily shut down a new service that steers Web surfers
to its own online search directory when they mistype the name of a
destination into their browser.

The company's action came after the Internet's main oversight
organization, the Internet Corporation for Assigned Names and Numbers
(ICANN), demanded that the company take down the service or face legal
action. ICANN awarded the contract to VeriSign that gives the Mountain
View, Calif-based company exclusive rights to manage the .com and .net
registries. 

If VeriSign's service were found to be harming the Internet, ICANN said,
its contract gives ICANN the power to impose fines of up to $100,000 or
strip the company of its authority over the addressing system.

"Without so much as a hearing, ICANN today formally asked us to shut
down the Site Finder service," said VeriSign spokesman Tom Galvin.
"We will accede to their request while we explore all of our
options."

The dispute over VeriSign's new service prompted a debate over who
controls the Internet. By virtue of its contract with ICANN, VeriSign
enjoys a monopoly over the .com and .net registries. The company, though,
initially rejected ICANN's request last week to take down the service
long enough for technical experts to determine whether it was damaging
the Internet.

"War is breaking out between the regulators and the people they
regulate. This is a real power struggle [over] who controls the rules on
the Internet," said Mark Lewyn, chairman of Reston-based Paxfire
Inc., which develops systems to redirect Internet traffic.

About 1.5 million Web users a day were sent to the Site Finder site when
they mistyped the name of common online destinations into their browser.
Site Finder offered links to sites with names similar to the user's
original query, along with a search box and Web directory full of
advertising. The directory competed with similar search services offered
by America Online Inc., Microsoft Corp. and others. Its ads are provided
by Overture Services Inc., a company being bought by Yahoo Inc.

VeriSign could easily generate $100 million in revenue annually from Site
Finder by selling "sponsored" results to search terms, Lewyn
said.

The move irked companies such as AOL and Microsoft, which lost traffic to
their own search sites. Two other companies have filed lawsuits against
VeriSign, contending that its service represents unfair competition:
Orlando-based Popular Enterprises LLC, owner of the Netster search
engine, and Scottsdale, Ariz.-based Go Daddy Software Inc., which sells
Internet addresses.

VeriSign also angered the close-knit group of engineers and scientists
who are familiar with the technology underpinning the Internet. They say
that Site Finder undermines the worldwide Domain Name System, causing
e-mail systems, spam-blocking technology and other applications to
malfunction.

VeriSign said the claims are overblown. Before agreeing to take down Site
Finder, VeriSign had promised to work with the Internet community to
eliminate any glitches caused by Site Finder.

"There is no data to indicate the core operation of the Domain Name
System or the stability of the Internet has been adversely
affected," Galvin said. "ICANN is using anecdotal and isolated
issues in an attempt to assert a dubious right to regulate non-registry
services."
*******************************
CNET News.com
EU directive could spark patent war
Last modified: October 3, 2003, 8:00 AM PDT
By Matthew Broersma 
Special to CNET News.com

The European Parliament's decision to limit patents, as they apply to
software and business methods, risks creating a "patent war"
with a fallout that could make it illegal to access some European
e-commerce sites from the United States, analyst firm Gartner has warned.

The parliament recently voted to approve the Directive on the
Patentability of Computer-Implemented Inventions--but with a series of
amendments that are designed to limit the ways in which software can be
patented.

Pure software should not be patentable, the parliament argued, and
software makers should not be required to license patented technology for
the purposes of interoperability--for example, creating a device that can
play a patented media format, or allowing a computer program to read and
write a competitor's patented file formats. 

The amendments also sought to ban the patenting of business methods such
as Amazon.com's patent on one-click purchasing. In the United States,
business methods and pure software are routinely patented, a situation
that has been harshly criticized by information technology executives,
software developers, economists and others as being harmful to
competition and innovation. 

Though the European Union's patenting system might more effective,
Gartner has highlighted problems that could arise from its being out of
sync with the system in United States. For example, if a patented
e-commerce technology is enforceable in the United States but not the
European Union, users of the technology in the United States could be
breaking the law by accessing an EU Web site that employed the
technology, according to Gartner. 

"If the amended directive becomes law, the significant differences
between the U.S. and European approaches to software patenting raise the
prospect of a patent war," the firm said in a statement. 

Any practical effects will take until at least the end of 2005 to appear,
Gartner estimated, the earliest date the EU governments could introduce
the directive's provisions into national law. 

U.S. concerns
The U.S. government has also expressed concern about the directive's
amendments, according to documents seen by ZDNet UK. In a letter to the
European Parliament that comments on the amendments, sent before the
vote, a U.S. official said three articles of the directive are
particularly "problematic." The most troubling: Article 6(a),
which states that patents cannot be used to restrict interoperability,
said the official, who recommended that the article be deleted. 

The Foundation for a Free Information Infrastructure (FFII), which
lobbied in favor of the amendments, responded that it would be absurd to
rely on antitrust law to protect the software industry from companies'
attempts to control data-exchange standards. 

"The U.S. DoJ v. Microsoft case shows how insecure and inefficient
competition law is in this area," the organization said in a
statement. "Competition considerations need to be built into a
patent directive which deals with software-related problems."

The patents directive will next return to the European Commission for
review, followed by votes in parliament and the Council of Ministers,
after which, if approved, it will be implemented in the national laws of
EU member states. 

However, the commission has indicated that the amendments may be
"unacceptable" to it and is considering withdrawing the
directive.
*******************************
USA Today
SF library wants to track books with computer chips
By Ron Harris, Associated Press
Posted 10/3/2003 7:30 PM

SAN FRANCISCO  A civil liberties watchdog group is expressing
concern over the San Francisco Public Library's plans to track books by
inserting computer chips into each tome. 
Library officials approved a plan Thursday to install tiny radio
frequency identification chips, known as RFIDs, into the roughly 2
million books, CDs and audiovisual materials patrons can borrow. The
system still needs funding and wouldn't be ready until at least 2005.

The microchips send out electromagnetic wave to a device that converts
them to digital data containing a host of information. In libraries, the
system is primarily designed to locate books in branches and speed up the
checkout process. 

Library officials say the "passive" chips would be deactivated
as materials are taken from the library, thus preventing any stealth
tracking of books  and by extension, people  off premises.

But Lee Tien, a staff lawyer for the Electronic Frontier Foundation, is
concerned that the chips may have information that would remain
accessible and trackable, whether by ingenious hackers or law enforcement
subpoena. That, he says, would be a threat to privacy rights. 

"If there's a technology for temporary deactivation, then presumably
there's a system for reactivating it," Tien said. "Does the
person have the ability to know if the RFID is on or off?" 

Some of the foundation's concerns are rooted in the provisions of the USA
Patriot Act, which critics have assailed as giving government the
authority to obtain the records and threatening the privacy and First
Amendment rights of library and bookstore patrons. 

San Francisco's city librarian, Susan Hildreth, says the devices will
help streamline inventory and prevent loss. Tracking people is not the
goal, she insisted. 

"It will not allow us to track people to their home or any
location," Hildreth said. 

She pointed out that several other major libraries, including the Seattle
public library system, are moving to the chips instead of bar codes.

"Industry trends show that it's going to replace the bar code very
shortly," Hildreth said. "We're trying to prepare for the
future." 

Seattle's 24 libraries are installing RFID tracking systems, with the
first to be ready next spring. 

The city of Santa Clara is installing RFID tracking at its main library
and the county is considering a similar move. 

Still, it's the opportunity for unauthorized tracking that concerns Tien.

"The issue is other people, other institutions. What will they do if
the RFID is insecure?" Tien said. "We're talking about the
imbedding of location trafficking devices into the social fabric."

Hildreth said San Francisco library officials may hold a public forum to
discuss the chips further. 
*******************************
Washington Post
Pair Mapped Out Their Travels on a Laptop Computer 
Monday, October 6, 2003; Page A11 

Malvo and Muhammad had it down to a system. Using the laptop stolen from
Paul La Ruffa and a global positioning navigation device they had in the
Caprice, Malvo navigated them easily around the area. Maps printed out
from their software appeared to indicate some of their travels. "You
have the computer," Malvo would tell the authorities later.
"It's all on there."

One map highlighted a Virginia route that went from Manassas to Haymarket
to Centreville, with a detour within sight of where Dean Harold Meyers
was killed. Another map showed a route right past the Tasker school in
Bowie, where Iran Brown was shot. Several spots were designated with
small skull-and-crossbones icons. One marked a spot across the street
from where Premkumar A. Walekar was killed in Aspen Hill. Another marked
White Flint Mall, near where James L. "Sonny" Buchanan was
killed. Another marked a place a few blocks from the Wheaton shopping
center where James D. Martin was killed.

Other skull icons marked spots where there had been no reported
shootings: the Howard University campus in Washington; a spot near Quincy
Street off Brookville Road in Chevy Chase; the busy intersection of
Connecticut Avenue and Veirs Mill Road, not far from the area of the Oct.
3 shootings; Indian Spring Drive near a YMCA in Silver Spring; and
Martinsburg Mall in West Virginia, about 90 miles northwest of
Washington.

Some maps featured places marked with smiling or frowning face icons.
National Naval Medical Center in Bethesda got a frowning face in the
middle of the hospital grounds. But a spot near rural Fairplay, Md.,
south of Hagerstown, earned a smiling face and a box that read
"potential area." Some of the maps also contained spots denoted
with exact addresses. Two were for YMCAs in Maryland and North Carolina.
Three others were for schools just outside Washington: Rosaryville
Elementary School in Upper Marlboro; Mary Harris "Mother" Jones
Elementary School in Adelphi; and Berwyn Heights Elementary School near
College Park. All were brand new, in recently built or refurbished
buildings, and had just opened a few weeks before.

Other maps traced routes between Washington and Fredericksburg and south
into North Carolina. Several map locations in southern Virginia and North
Carolina had small computer screen boxes that read "good spot,"
"good spot off I-95," "good spot, drag effect" and
"eastern move, many ways out."

Malvo would later laugh describing to investigators a shot he said had
missed a boy, who then swatted the air as if at a bee. He wasn't specific
about where that was. Some investigators concluded it could have been the
first Michaels shooting. But the maps hint that it could have been any of
the other locations the pair seem to have cased.

Malvo said they watched the media and the police response carefully.
"You said this so we did this or that. . . . The media would say
this so we would do another thing. We had something for
everything."

Malvo indicated that he and Muhammad took turns with the Bushmaster,
deciding who would do what before they went out for the day. One would
set up to shoot, while the other spotted, not to aid the shooter but to
look for trouble. Police would later find, in a sock left in the Caprice,
a second rifle scope besides the one Malvo called the
"battlescope" on the gun.

Sometimes the shooter would be in the car, sometimes out of it. Often,
shooter and spotter would not be together. Malvo told investigators they
used walkie-talkies to communicate. They selected a location and a time
window. It was the call of the "sniper" whether to take the
shot. Escape was made cautiously, so as not to arouse suspicion. But
knowing they were still invisible, they sometimes came back, as in
Manassas, and hung around to watch the expressions on the faces of the
bystanders. Malvo even asked police officers what had happened and would
be asked, in turn, if he had seen anything suspicious. He and Muhammad
also would test the roadblocks to see if the car caught police attention.
It never did.
*******************************
Washington Post
Students Fill Grade Book On Teachers at Web Site 
Critics Call Effort Hurtful, Unscientific 
By Rosalind S. Helderman
Monday, October 6, 2003; Page B01 

Students have always talked about teachers behind their backs, warning
peers about the hard ones, giggling at others. 

Mix in the teenage obsession with the Internet, and what results is
ratemyteachers.com, a two-year-old Web site that allows students -- or
anyone else with Internet access -- to post comments about middle and
high school teachers for all to see. 

Across the nation, more than 400,000 teachers at more than 23,000 schools
have received ratings. The site, based in California, includes commentary
on teachers at most high schools and many middle schools in the
Washington area.

A group of adults established the site, saying it is especially important
at a time when good teaching is being touted as the key to student
achievement. The federal No Child Left Behind law requires that every
public school class be taught by a "highly qualified teacher"
by 2005.

Great teaching is all about the ability to make connections with pupils,
and the students themselves know when a teacher does that, said Michael
Hussey, a public relations consultant and co-founder of the site. He said
ratemyteachers.com gives students a voice in their own
education.

"The most important thing is that no matter how smart or intelligent
the teacher is, there really needs to be an atmosphere of mutual
trust," Hussey said. "In general, if you go through a school
where ratemyteachers has really taken hold, you can really determine if
that atmosphere is in the classroom."

He said the site, which includes advertising, is breaking even, but he
hopes it will soon make a profit.

Critics, including many teachers and principals, said the site's ratings
are unscientific, not to mention hurtful. Many school districts across
the country, including Montgomery County and Loudoun County, have blocked
access to ratemyteachers.com from school computers.

They fear that, instead of improving teaching, the ratings could push
already stressed teachers out of the profession by subjecting them to
public, although anonymous, barbs.

Linda Bigler, a teacher for 30 years, said she looked at the site just
once before deciding she didn't plan to look at it again. Most of the
more than 60 comments posted on the site about Bigler, a Spanish teacher
at Fairfax County's Thomas Jefferson High School for Science and
Technology -- where the site has been especially popular -- are positive,
but she said the first negative comment she read stung.

"One negative comment, one negative interaction, is the thing that
you go home with," she said. "If you have something
constructive, you say it in a polite and well-mannered way. The [Web
site] encourages the contrary. I think a site like this encourages
venting and unloading a frustration for whatever reason."

The site lets students rank teachers on a scale of 1 to 5 -- with 5 being
the top grade -- for their easiness, helpfulness and clarity and then
fill out a comment section. Comments on the site range broadly, often
bashing and praising the same teacher. Teachers get criticized for
telling bad jokes, assigning too much reading and having poor hearing.

Hussey said 1,600 student volunteers work with the site, reading every
posting before it goes public. They are supposed to exclude comments that
are potentially libelous, sexually explicit, profane or unrelated to
teaching. A function lets visitors to the site red-flag any comment they
feel is out of bounds. Hussey said every flagged comment is reviewed by
an adult. Scathingly negative comments stay, he said, as long as they
relate to classroom atmosphere. Although teachers have threatened to sue
the site, none has done so, he said.

Alek Montgomery, 17, a senior at Park View High School in Sterling, said
the site can reveal things about teachers that they should know but that
students may be too frightened to tell them face to face. 

"Teachers are there to teach us," she said. "If they're
not making something clear or they need to slow down, they need to
know."

Hussey said the site gets more positive than negative comments.

"She made reading a 'want' instead of a 'need,' " wrote one
student about an English teacher in Virginia.

"This is a man unequaled by his peers, except possibly in the case
of God, who very well might be one of his peers," a student wrote
about a Maryland teacher.

Another dismissed the same teacher as boring.

"Bring two pillows. One for you, and one for your pillow," a
student wrote.

Students are not the only ones interested in candid talk about teachers.
Some parents said the site, if taken with a grain of salt, could be a
good way to learn about teachers their children might 
encounter.

"I'm curious what they're writing. I think young people would be
more curious, and incoming freshmen parents would find it even more
curious," said June Cofield, mother of two Howard County
students.

But principals and teachers dismiss the idea that the site could be used
to improve instruction. The same students can post again and again, or
teachers can go online and critique themselves or colleagues -- something
Hussey acknowledged has happened. Marshall Peterson, principal of Oakland
Mills High School in Columbia, noted that teachers at his school who have
been rated often have no more than 12 or 13 comments posted.

"Over the course of two years, that teacher very easily has taught
200-plus kids," he said. "Would you take anything that was a
sample of 13 of 200? No."

Hussey said his mother is an art teacher in Maine but has not yet been
rated. And if she got poor marks? "I'm not too worried," he
said. "I think she's pretty well respected by students."
*******************************
Washington Post
October 6, 2003
Spam Fighters Turn to Identifying Legitimate E-Mail
By SAUL HANSELL

The software engineers helped create the spam problem. Can they solve
it?

As politicians have been racing to find ways to ban the junk e-mail known
as spam, Internet providers have been boasting about filtering
technologies capable of identifying the sort of messages typically sent
by spammers and disposing of them.

But the spammers have been keeping ahead of the law and the filters. The
open nature of e-mail technology  designed decades ago by computer
scientists who had little reason to anticipate spam  lets spammers
hide their tracks and transform many of their messages to avoid
detection.

As a result, many e-mail software experts now contend that the most
powerful way to clean people's mailboxes is to focus not on catching the
spam, but on identifying the legitimate mail. 

"People have been spending all their time creating filters to find
the bad guys," said Nico Popp, vice president for research and
advanced products of VeriSign, the largest registrar of Internet sites
and a seller of online identification systems. "We want to turn that
on its head and find ways to identify the good guys and let them
in."

Put simply, these efforts are trying to develop the Internet equivalent
of caller ID, a technology that will let the receiver of an e-mail
message verify the identity of the sender. As with caller ID for
telephones, senders will be able to choose whether to remain anonymous.
But also like caller ID, recipients may presume that those who do not
identify themselves are sending junk.

The loudest calls for such a system are coming from the banks, travel
companies and online stores that are finding that much of their e-mail is
getting caught in spam filters. The advertisers gave the big Internet
providers an earful recently at a forum sponsored by Doubleclick, an
advertising technology company. The Internet providers responded that
they were working on standards for a new system, and that their
much-delayed proposal would be published this fall.

The technical challenges to creating such an identification system are
daunting. The millions of computers that process e-mail for half a
billion users may need to be retrofitted. Moreover, the Internet is not
governed in any organized way. Rather, it is influenced by impromptu
committees that nudge practices in certain directions.

These plans must compensate for e-mail technology designed two decades
ago by a happy-go-lucky confederation of computer scientists. They
created the protocols  the technical communication rules for
e-mail  in such a trusting and open way that now anyone can send
e-mail impersonating someone else with little prospect that the messages
can ever be traced to the original sender. Little did these pioneers
suspect that the systems, meant to exchange research papers, would lead
to a global system that provides nearly instant communication for
hundreds of millions of people, yet now is in danger of being overrun by
anonymous purveyors of pills and pornography.

A lot of money is riding on how these problems are solved. And under the
technical discussion of spam fighting systems is a power struggle between
the companies that send a lot of e-mail and the large Internet service
providers. The e-mailers are exasperated with the filters and want a
system that defines their e-mail as legitimate and guarantees its
delivery.

The Internet providers are concerned more about customer complaints and
do not want to promise to deliver any particular mail. Some are also wary
about creating an industry standard for spam fighting, because the big
providers are finding that their proprietary spam filters attract new
customers.

Circling all of these discussions are a group of e-mail handling
companies and other organizations that expect to profit if their
identification ideas are accepted as the standard. (Even the Postal
Service wants to get into the act, with an electronic 
postmark.)

The upper hand is probably held by the four largest service
providers  Microsoft, America Online, Earthlink and Yahoo 
which have been meeting since April to try to define spam fighting
standards. They say they must go slowly out of respect for the
decentralized nature of the Internet (and on the advice of their
lawyers).

"We're very self-conscious about being a big player in the e-mail
business, and we don't want to be seen as laying out the law for
everyone," said Brian Sullivan, senior director for mail operations
at America Online. "We need to build a consensus around a
framework."

There already does appear to be agreement that any system would be
optional for senders. Most likely big commercial e-mailers would use it
at first. Mail from others that did not adopt these new
technologies  individuals, small business, those in foreign
countries  might still be delivered but it would be subject to
greater scrutiny.

The clearly identified mail "will be like the express line at the
airport," said Kevin Doerr, a business manager for antispam products
at Microsoft. "You will only be frisked once and not thrown in with
the unwashed masses."

Eventually, however, Internet Service providers expect to develop easy
ways to help individuals and small businesses identify their e-mail so
it, too, would have the benefit of the express line through the spam
filters.

Most likely, individual users would not have to do anything differently
as they read their mail. But some of the more elaborate proposals
envision requiring users to get updated software that they could set to
determine the sort of e-mail they want to read or delete.

There is also a growing agreement that it is not enough for an e-mail
sender to identify itself. The sender must also earn the trust of e-mail
recipients, by promising to follow certain standards and having
violations tallied and published. That would let people choose to discard
mail from senders with high complaint rates.

"Just because we can verify your identity doesn't mean you send good
email," said Miles Libbey, the manager for antispam products at
Yahoo. "You absolutely need identity and you also need
reputation."

Deciding whose mail will be delivered and whose will be bounced is a
thankless task, and most proposals envision that several independent
groups would publish e-mail standards. A sender would choose one of these
to follow, and that group, in turn, would monitor its compliance. Truste,
a group that monitors Web site privacy policies, wants to get into that
business.

The biggest unanswered question is how to identify each sender in a way
that cannot be counterfeited. As with so many other issues, there is a
choice between simple and quick solutions that are limited and
technically flawed and more comprehensive approaches that will take years
to fully adopt.

The most robust, but most complicated approach would have every sender
attach to each message a unique code, called a digital certificate, which
the recipient's Internet provider or e-mail software could authenticate.

Others argue that a far simpler approach would be good enough: they
propose the creation of a registry of e-mail servers  the computers
that process the mail for big companies and internet providers 
whose owners have been verified. Any mail sent from an unregistered
server would be automatically suspect.

The Internet service provider group appears to prefer this approach, at
least as a first step.

But the big e-mail senders, and some security experts, say that it would
be flawed. They note that spammers appear to be skilled and shameless
hackers. Many have found ways to secretly take over the computers of
unsuspecting people to relay their messages and to attack computers used
by groups that fight spam.

Only digital certificates, they say, can clearly distinguish legitimate
e-mail senders from counterfeit ones.

"It's not easy to change something as successful and widely used as
e-mail," said Richard Reichgut, a vice president at AuthentiDate, a
company that has a contract to develop electronic postmarks based on
digital certificates for the Postal Service. "But the only way to
fix e-mail is to have a strong way to know who is sending you
mail."

Moreover, using digital certificates can allow finer distinctions among
mail from one sender. A bank's credit card statements might get one
identifier and its offers of new services another.

"My concern is that the solution not be penny-wise and
pound-foolish," said Hans Peter Brondmo, a senior vice president of
Digital Impact, a company that sends mail on behalf of big companies.
"We could take six more months and have something that is far more
comprehensive."

Mr. Brondmo is one of the main developers of Project Lumos, a sender
identification proposal by the E-mail Service Provider Coalition, a group
of big e-mail senders.

Some Internet service providers acknowledge that ultimately some form of
digital certificate may be useful. But they disagree that the simpler
approach, based on an existing identification number assigned to each
server called Internet Protocol address, is too vulnerable to
attacks.

Internet Protocol "spoofing is hard to do and easy to detect,"
Mr. Doerr of Microsoft said. 

And that position is endorsed by Paul Q. Judge, the chairman of the
Anti-Spam Research Group of the Internet Emerging Issues Task Force, one
of the main groups that publishes standards for the Internet. 

"There is a huge gain that can happen today with I.P.-based systems
that use existing technology," Mr. Judge said. "The benefit of
having a certificate for each individual e-mail is not worth the hassle
and the cost."
*******************************
Government Computer News
10/03/03 
Federal Reserve checks out new servers 
By Patricia Daukantas 

The Federal Reserve System needed more computing power for its
check-clearing operations, and the most cost-effective upgrade proposal
came from its in-house IT staff. 

Dennis Heidlebaugh, a capacity planner with the Federal Reserve IT group
in Richmond, Va., used a modeling tool to estimate how much to boost the
server capacity at one of the Fed?s processing centers. Heidlebaugh spoke
yesterday at a Washington conference sponsored by BMC Software Inc. of
Houston. 

His group was asked to take over systems management for the Fed?s
check-processing business, which has private-sector competitors. The
check application, running on IBM SP servers under AIX, was poised for
significant growth and experiencing some performance problems, he said.

In the short term, the IT group used the Predict function of BMC?s Patrol
for Unix-Perform & Predict to try out combinations of existing
equipment and transfer some of the workload to a standby server node. For
the long term, however, hardware would have to be upgraded or acquired.

Working with projected check growth, Heidlebaugh?s team drew up scenarios
for two-hour peak processing periods and modeled them with Perform &
Predict. The first set of models predicted that several CPU nodes would
become overloaded. Based on the models, Heidlebaugh recommended that the
processing center upgrade its hardware to IBM p670 eServers. 

That configuration turned out to be less expensive and more expandable
than proposals from four outside vendors, he said, partly because fewer
IBM DB2 licenses would be needed on the more powerful servers.
*******************************
Government Executive
October 6, 2003 
Homeland security, crime are focus of tech-related bills 
By Chloe Albanesius, National Journal's Technology Daily 

The outcry over the 2001 antiterrorism law known as the USA PATRIOT Act
manifested itself in new Senate legislation last week.

Patrick Leahy, D-Vt., and Larry Craig, R-Idaho, authored the measure, S.
1695, which would expand the "sunset" provision in the PATRIOT
Act so that additional government surveillance powers granted in the
statute would expire after five years. The bill's backers said the
measure would let Congress review whether the goals of the law are being
met.

Craig, meanwhile, introduced an additional bill that would amend the
PATRIOT Act. The measure, S. 1709, would limit the use of surveillance
and the issuance of search warrants. 

Sen. Carl Levin, D-Mich., addressed another homeland security issue in
new legislation: background checks. His bill, S. 1665, would allow
employers looking to hire private security officers to submit
fingerprints or other means of identification to state identification
bureaus in order to check the applicants' records for crimes. 

Two other security measures also were filed this week: H.R. 3227, which
would require the Homeland Security Department to establish guidelines
for "first responders" to emergencies; and H.R. 3235, which
would revoke federal highway funds to states that issue driver's licenses
to illegal aliens. 

On the crime front, two House and Senate companion bills, H.R. 3237 and
S. 1706, seek to improve the FBI's National Instant Criminal Background
Check System (NICS) by imposing new requirements on the Justice and
Homeland Security departments. NICS was established as part of the law
requiring background checks for people wanting to buy handguns as a way
to determine if applicants can have firearms under federal or state
law.

Two other companion bills, S. 1700 and H.R. 3214, seek to improve the
current system for DNA testing. Specifically, the measures would work to
improve the technology used to compile DNA samples, reduce DNA backlogs,
improve training for the handling of DNA, strengthen the quality of legal
representation in death-penalty cases and facilitate access to DNA
testing for inmates. 

Other technology-related bills introduced this week included: 

H.R. 3233, which would require financial institutions to notify
consumers, credit-reporting agencies and law enforcement when security
information is compromised. 

H.R. 3220, which would set standards for state taxes on "business
activity," with the goal of ensuring that businesses are not taxed
merely because their Web sites can be viewed by someone in a given state.

S. 1688, which would provide tax breaks to companies that do not transfer
their business operations overseas. 

H.R. 3228, which would stop normal trade relations with China.
*******************************
Washington Post
Study: More Privacy Protections Needed as Location-Based Services Emerge
By ELSA WENZEL
Monday, October 6, 2003; 1:55 PM 

BRUSSELS, Belgium - Terrorism-fighting tools and the rise of "little
brother" digital devices threaten to erode Europeans' right to be
left alone, according to a study released Monday by the European
Commission.

Policy makers need to work now to properly balance security and privacy
before emerging technologies - such as mobile phones that pinpoint
drivers' locations - become a part of daily life, the study
says.

The study does not attempt to define the proper balance. The objective,
rather, was "to underline the fact that the balance established over
years of democratic process has been upset."

After the Sept. 11, 2001, terrorist attacks in the United States,
"many governments enhanced their surveillance powers, but at the
risk of affecting privacy," the report states.

The findings come as the European Union and the United States struggle
over a U.S. law that requires airlines to provide data on passengers,
including credit card information, travel agencies used, seating and
dietary preferences.

"I would hope that the EU would use this report as an opportunity to
re-establish its pre-eminence in the field of protection of
privacy," said Simon Davies, director of the London-based watchdog
group Privacy International.

"There's been a need for caution for many years but now the
sensitivity should be much higher."

The EU report addresses emerging technologies that will reveal a lot
about consumers in the not-so-distant future.

For instance, tiny, inventory-control radio tags hidden in anything from
chocolate bars to blue jeans may be able to identify shoppers' likings,
perhaps even direct them to specific departments when they enter a store.
Computers can also analyze data gathered to predict someone's mood or
purchases of food, drink or vacations.

Later this month, the EU head office will propose electronic privacy
legislation that officials said will address some of the concerns
enumerated in the study.

For instance, it will require that location information generated by
mobile phones can only be used or passed on by network operators with the
consent of the user, unless it is an emergency call.

"Citizens are not prepared to let privacy be one of the casualties
in the war on terrorism," Philippe Busquin, the European Union's
commissioner for research, said in a statement.
*******************************