[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Clips September 25-October 1, 2003

To: "Lillie Coney":;, Gene Spafford <spaf@xxxxxxxxxxxxxxxxx>;, John White <white@xxxxxxxxxx>;, Jeff Grove <jeff_grove@xxxxxxx>;, goodman@xxxxxxxxxxxxx;, David Farber <dave@xxxxxxxxxx>;, glee@xxxxxxxxxxxxx;, Andrew Grosso<Agrosso@xxxxxxxxxxxxxxxx>;, ver@xxxxxxxxx;, lillie.coney@xxxxxxx;, v_gold@xxxxxxx;, harsha@xxxxxxx;, KathrynKL@xxxxxxx;, computer_security_day@xxxxxxx;, waspray@xxxxxxxxxxx;, BDean@xxxxxxx;, mguitonxlt@xxxxxxxxxxx;
Subject: Clips September 25-October 1, 2003
From: Lillie Coney <lillie.coney@xxxxxxx>
Date: Wed, 01 Oct 2003 14:40:13 -0400

ARTICLES

Librarians to P2P critics: Shhh
Senate approves bill designed to curb junk e-mail
Anti-Spam Web Pages Shut Down by Attacks
Judge challenges IBM in case filed by ill workers
Microsoft Critic Forced Out
War declared on ID theft
With Site Finder, VeriSign Sparks Internet-wide Criticism
U.S. Readies Program to Track Visas
At Central Command, Death Gets an Online Demotion
Juvenile Arrested in Blaster Case
Diploma mills insert degree of fraud into job market
Hacker Arrested in San Diego
India Bans Web Group, Blocks Yahoo Forums
Hacker Arrested in San Diego
Women's Pay Tied To Fewer Work Hours

*******************************
CNET News.com
Librarians to P2P critics: Shhh!
Last modified: September 25, 2003, 5:40 PM PDT
By Declan McCullagh
Staff Writer, CNET News.com

In a hotly contested lawsuit before a federal appeals court, two peer-to-peer companies are about to gain a vast army of allies: America's librarians.

The five major U.S. library associations are planning to file a legal brief Friday siding with Streamcast Networks and Grokster in the California suit, brought by the major record labels and Hollywood studios. The development could complicate the Recording Industry Association of America's efforts to portray file-swapping services as rife with spam and illegal pornography.

According to an attorney who has seen the document, the brief argues that Streamcast--distributor of the Morpheus software--and Grokster should not be shut down. It asks the 9th Circuit Court of Appeals to uphold the April decision by a Los Angeles judge that dismissed much of the entertainment industry's suit against the two peer-to-peer companies.

Among the groups signing the brief are the American Library Association (ALA), the Association of Research Libraries, the American Association of Law Libraries, the Medical Library Association and the Special Libraries Association. The American Civil Liberties Union, in one of the group's first forays into copyright law, has drafted the brief opposing the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA).

A central argument of the brief is that the district court got it right when applying a 1984 Supreme Court decision to the Internet. That decision, Sony v. Universal City, said Sony could continue to manufacture its Betamax VCR because a company "cannot be a contributory (copyright) infringer if, as is true in this case, it has had no direct involvement with any infringing activity."

"The amicus brief will make the point that we are not supporting the wrongful sharing of copyrighted materials," ALA Executive Director Keith Michael Fiels wrote in an internal e-mail seen by CNET News.com. An amicus brief is one filed by a third, uninvolved party that comments on a particular matter of law. "Instead, we believe the Supreme Court ruled correctly in the Sony/Betamax case. The court in that case created fair and practical rules which, if overturned, would as a practical matter give the entertainment industry a veto power over the development of innovative products and services."

The librarians' entry into the political fray over whether file-swapping networks should be shut down or not may complicate the RIAA's public relations strategy. The music industry group has been taking increasingly aggressive legal action against alleged infringers and has told Congress that "a significant percentage of the files available to these 13 million new users per month are pornography, including child pornography." The RIAA could not immediately be reached for comment Thursday.

The ACLU said Thursday that the brief argues that peer-to-peer networks are speech-promoting technologies that have many noninfringing uses. If the MPAA and the RIAA succeed in shutting down peer-to-peer networks or making them more centralized, the precedent could create undesirable choke points that could be used to monitor Internet users, the ACLU said.

The RIAA and MPAA jointly filed the lawsuit in October 2001, launching what has become the most widely watched Internet copyright case since Napster. Their original complaint accuses Streamcast and Grokster of earning "advertising revenue by attracting millions of users to their systems by offering them a treasure trove of pirated music, movies and other copyrighted media."

The original compliant: http://www.eff.org/IP/P2P/MGM_v_Grokster/20020913_mgm_summary_judgement.pdf
*******************************
Boston Globe
Senate approves bill designed to curb junk e-mail
By Steve Leblanc, Associated Press, 9/25/2003 18:39

BOSTON (AP) Massachusetts Internet users may get a chance to fight back against unwanted e-mail, better known as ''spam.''

The state Senate overwhelming approved a bill Thursday to require businesses that send out commercial e-mail to put the letters ''ADV,'' for advertisement, in the e-mail's subject line.

Anyone sending out sexually explicit or adult-oriented e-mail would be required to put the letters ''ADV:ADLT'' in the subject line.

Supporters say the move will give Internet users a chance to block e-mail advertisements or only those of a sexually explicit nature.

Skeptics say the bill will only help users block out legitimate businesses and do little to prevent those intent on sending pornography or perpetrating a fraud.

The bill also makes an exception for e-mail from nonprofit groups or political organizations and candidates.

Sen. Jarrett Barrios, the bill's sponsor, said the measure is an improvement over a new California law that bans all unsolicited commercial e-mail sent or received in California and imposes fines of up to $1 million per incident.

''We choose not to go down that path but instead allow consumers to use their technology so they can make up their own minds,'' said Barrios, D-Cambridge. ''This legislation will allow consumers to fight back by rejecting spam at their computers.''

The bill would also: prohibit the use of misleading information in e-mails such as false sender addresses or misleading subject lines; require all commercial e-mail messages to have a ''clear and conspicuous notice'' about how recipients can delete their names from the list; and make it illegal to use a third party's Internet address without their consent.

The bill would allow individuals to sue anyone who violates the law and would impose a fine of $500 per message sent or $750 if the recipient is 65 or older.

The legislation covers e-mails sent on computers in Massachusetts, e-mails sent using service provider equipment located in Massachusetts and e-mail messages where the sender knows or should know that the recipient lives in Massachusetts.

Attorney General Thomas Reilly, who also sponsored the bill, said the measure won't completely solve the problem of spam but will curb the amount of unwanted e-mail.

''This legislation will provide Massachusetts consumers with the basic tools to fight against deceptive and misleading commercial e-mails,'' Reilly said.

Gov. Mitt Romney said he hasn't seen the legislation, but supports the idea of giving Internet users more control over what e-mail messages they receive.

''I am a big believer in people having the right to their personal privacy and also to being able to block messages they don't want to receive, whether that's for unsolicited phone calls or unsolicited spam,'' he said. ''We as users should have the ability to manage what comes into our homes and our businesses.''

Gail Goodman, head of Roving Software, a Waltham-based firm that helps other small businesses communicate with customers through e-mail, said she is concerned that individual states may create a patchwork of anti-spam legislation that would be difficult to follow.

The federal government should create a level-playing field for all companies doing business using e-mail, according to Goodman, who said she supports anti-spam efforts.

''It's difficult for everyone, but even more so for small business owners, to know where their customers are located and which spam regulations they need to follow,'' she said.

The bill now heads to the House.
*******************************
Reuters
Anti-Spam Web Pages Shut Down by Attacks
Thu Sep 25, 8:44 PM ET
By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - Three Web sites that provide spam blocking lists have shut down as a result of crippling Internet attacks in what experts on Thursday said is an escalation in the war between spammers and opponents of unsolicited e-mails.

Anti-spam experts said that they think spammers are behind the attacks, although they have no way of proving it.

The technological war comes as Congress considers a federal anti-spam law and California adopts what is widely considered to be the toughest law in the country.

The California law, signed on Tuesday, allows people to sue spammers for $1,000 per unsolicited e-mail and up to $1 million for a spam campaign.

"This definitely marks an escalation in the spam wars," Andrew Barrett, executive director of The Spamcon Foundation, a spam watchdog group, said of the recent Internet attacks on lists used to block spam.

"Before, it was a guerrilla war ... This is the first time we've seen (spammers) employ such brazen tactics," he said.

Anti-spam advocates maintain hundreds of spam block or "black hole" lists, which are Web sites with lists of the numerical Internet protocol addresses of specific computers or e-mail servers that are unsecure or are known sources of spam.

Network administrators and Internet service providers consult the lists and block e-mails coming from those computers as part of their spam filtering techniques.

Two of those spam block lists have shut down after being attacked by denial-of-service (news - web sites) attacks, in which compromised computers are used to send so much traffic to a Web site that it is temporarily taken down. The operator of another list shut down fearing a pending attack.

"There seems to be a methodical well-planned attempt to use pre-assembled networks of zombie machines to create sustained denial of service attacks (news - web sites) on servers where these block lists run," said Barrett.

'HANDWRITING ON THE WALL'

Monkeys.com shut down on Monday following a three-day denial of service attack over the weekend and an attack last month that lasted 10 days, list operator Ronald Guilmette said in a posting to an anti-spam news group.

"The handwriting is now on the wall," he wrote. "I will simply not be allowed to continue fighting spam."

Spam block list operator Osiriusoft.com also recently shut down its list after a denial of service attack, and on Tuesday the list maintained at Tennessee Internet service provider Compu-Net Enterprises was taken down.

Bill Larson, network administrator at Compu-Net, said in an interview on Thursday that he shut the list down because he was afraid it would be targeted with a denial of service attack.

The company was already being harassed, receiving complaints after attackers sent spam that looked like it was coming from the company's network and legitimate e-mails were getting bounced, he said.

Experts have speculated that spammers are behind a computer worm, Sobig, that surfaced earlier this year that can turn infected computers into spam relay machines.



"The black hole lists were incredibly effective until the Sobig worm started going out," Larson said.

While Guilmette complained that ISPs could do more to stop the attacks by taking the attacking computers offline, Larson said anti-spam advocates were considering other options to keep the lists going.

They are talking about having lists that are distributed across numerous computers like in a peer-to-peer network, he said. "That will make it hard, if not impossible, to take them down," he added.

However, the best solution to the problem is for people to just "not buy the products mentioned in spam" advertisements, Larson added.
*******************************
USA Today
Posted 9/26/2003 3:31 AM     Updated 9/26/2003 3:18 PM
Judge challenges IBM in case filed by ill workers
From staff and wire reports

SAN FRANCISCO IBM on Friday asked a California judge to dismiss a lawsuit brought by three former employees and the survivors of one who say IBM did not protect them from exposure to benzene and other cancer-causing chemicals at a disk-drive factory.
But the judge, who will issue a ruling next week on the motion, challenged IBM's argument that the case was too weak to go to trial.

About 250 former IBM employees in three states have filed health-related suits against the company, but the cases of the four San Jose-based workers is the first to near trial.

Santa Clara County Superior Court Judge Robert Baines said he would decide next week whether to allow the case to proceed to an October trial. But during Friday morning's hearing, he pressed lawyers for IBM on their contention that the case should be dismissed.

"It seems that there is a trialable issue created," Baines said.

Lawyers for IBM argued that there was no evidence that the computer giant knew that the workers' health was being endangered by chemical exposure.

"In this case there's lots of evidence, none of that goes to the issue of whether IBM had actual knowledge of systemic chemical poisoning," said David DiMeglio, a lawyer for IBM.

Lawyers for chemical suppliers to IBM, including Shell Oil, Dow Chemical's Union Carbine and Fisher Scientific, have also asked the court to dismiss the lawsuits.

Richard Alexander, an attorney for the plaintiffs, said a jury should be allowed to weigh the evidence.

"The key point is that this is a horrendously intense factual discussion," he said. "Just by the volume of factual assertions, there are overwhelming facts to be analyzed by a jury and they have to be heard by a jury."

The stakes are high for IBM and the tech industry, which is facing growing numbers of lawsuits over chemical use going back decades. A loss for IBM could spur lawsuits against others, legal experts say.

IBM sold the disk-drive factory involved in the case last year.

The workers say IBM knew employees were at risk. Among the evidence they point to: a database kept by IBM tracking the deaths of more than 30,000 workers and retirees from 1969-2000 across IBM's many workplaces. The database includes the cause of death and workplace location.

A Boston University epidemiologist, Richard Clapp, hired by the workers, analyzed the data and found workers died of cancers at higher rates and at younger ages than the general population. "By 1975, IBM must have known their manufacturing employees had significantly increased death rates due to cancer and must have known that through the next two decades," he says in court papers.

IBM says the data were kept solely to pay survivors' death benefits.

The first of the lawsuits against IBM was brought in 1996 on behalf of employees at a New York chipmaking factory. Many such cases don't advance far because of:

?Scientific hurdles. Proving that exposure to workplace chemicals sickened a worker is not easy, says Nicholas Ashford, a law professor at Massachusetts Institute of Technology. Courts look for evidence the chemicals have been conclusively linked to illness and that the chemicals weren't present outside the workplace. They also look for evidence that other behaviors might be factors.

?Settlements. Cases often settle before a lawsuit is filed to avoid the expense and negative publicity of a trial, says Sandra McCandless of law firm Sonnenschein Nath & Rosenthal. IBM says there have been no settlement talks. Amanda Hawes, an attorney for the IBM workers, declined to comment.
*******************************
Washington Post
Microsoft Critic Forced Out
Firm Does Business With Software Giant
By Jonathan Krim
Friday, September 26, 2003; Page E01

A technology executive whose company does business with Microsoft Corp. has been forced out of his job after he helped write a cybersecurity report critical of the software giant, according to sources with knowledge of the situation.

Massachusetts-based AtStakeInc., a computer security firm, said yesterday that chief technology officer Daniel R. Geer Jr. is "no longer associated" with the firm. A company statement added that Geer's participation in preparation of the report was not sanctioned by the firm, and that "the values and opinions of the report are not in line with [AtStake's] views."

Reached at home, Geer said he could not comment on his departure.

Geer was one of several corporate and academic security experts who wrote the report, which argues that Microsoft's dominance over personal-computer operating systems and other software programs makes it easier for malicious hackers to attack millions of machines and networks at once.

The authors made it clear when the report was released Wednesday that they were speaking for themselves, not the companies or organizations they are affiliated with. They challenged policymakers to evaluate Microsoft's monopoly, and its efforts to "lock in" users to its programs by bundling them together, as the world grapples with an alarming rise of crippling computer worms and viruses.

The report also suggests that governments and companies diversify their software and use their purchasing power to force Microsoft to makes its programs work better with competing products.

Some of the report's authors are longtime Microsoft critics, as is the Computer and Communications Industry Association (CCIA), a trade group that has been arranging publicity for the study but did not commission it.

But those efforts were somewhat thwarted yesterday when a national technology magazine rejected the group's request to distribute copies of the report to its subscribers.

The magazine, CIO (short for chief information officers), routinely "rents" its subscriber lists -- for a fee -- to firms wanting to distribute targeted advertising and marketing messages to its audience of executives responsible for running corporate and government computer systems.

After receiving the report so that it could be e-mailed to the subscriber list, the magazine informed CCIA representatives that the paper was "too sensitive" and turned away the business.

Karen Fogarty, a CIO spokeswoman, said the magazine always reviews material that clients want distributed, and reserves the right to reject it. She said the report "seemed to be too one-sided" for a publication that prides itself on balanced reporting.

At the same time, the editor for the magazine's Web site posted a poll asking readers what they thought of the report, which he linked to through the CCIA Web site.

Microsoft advertises extensively in CIO, although Fogarty said she could not specify how much the company spends with the magazine. She said the decision not to distribute the report had nothing to do with advertising concerns.

Microsoft spokesman Sean Sundwall said he could not comment on whether the company had discussed the issue with CIO until he received further information.

Microsoft has paid AtStake for software evaluation research, but Sundwall said that "to the best of our knowledge, no one from Microsoft contacted [AtStake] or Dan Geer regarding this report."

Lona Therrien, an AtStake spokeswoman, declined to discuss Geer's sudden departure. She said the company had no conversations with Microsoft about Geer or the report.

But Sundwall said that on Tuesday night, when notice of the report's pending release was circulated, "Microsoft was contacted by [AtStake] officials . . . expressing their disappointment in the report and saying that Dan Geer's opinion did not reflect the position of [AtStake] and its commitment to an ongoing relationship with Microsoft."

Another AtStake official did television interviews yesterday to express disagreement with the report.

Microsoft has said it disagrees with the substance of the report, noting that the CCIA supports antitrust actions against the company in the United States and Europe. And trade groups funded by Microsoft swung quickly into action to denounce it.

In a statement, the Computing Technology Industry Association said the report is flawed by "myopically looking to technology (i.e., 'bad' software OS) instead of addressing the underlying cause -- human behavior -- for cyber breaches."

Edward J. Black, president of CCIA, responded that Microsoft's reaction "if anything, underlines the importance and credibility of the report and its authors."

One of the report's authors, John S. Quarterman, founder of Matrix NetSystems Inc., called Geer's departure unfortunate, but said it does not alter the substance or impact of the report.

"On the Internet, worms and viruses can do more harm in a monoculture," he said. "This is not theoretical."
*******************************
Australian IT
War declared on ID theft
SEPTEMBER 26, 2003

THE Australian Crime Commission (ACC) is to target identity crime, Justice Minister Chris Ellison announced today.

Senator Ellison said a special intelligence operation into identity crime would become an ACC priority.
He said the decision to focus on identity crime followed a new ACC Board determination this week to allow the ACC to use its coercive powers to gather further intelligence on the serious organised crime issue.

"The ACC will work in collaboration with all the States and Territories on the special intelligence operation into identity crime to ensure intelligence on this nationally significant crime is gathered from all available sources," he said in a statement.

Identity crime involves the theft or illegal use of other people's identity information including driver's licences, Medicare and credit cards.

The operation will also include intelligence gathering on card skimming which is regarded as a form of identity crime.

Card skimming involves copying of data off legitimate credit cards onto counterfeit cards which can be used to purchase goods which are charged back to the original card holder.

Senator Ellison said the challenges of identity crime and card skimming could only be overcome through close collaboration between government, industry and law enforcement.

He said the ACC would continue to refine its National Identity Fraud Register, the first of its type in the world.

"It is a national intelligence facility that captures and monitors the use of fraudulent identities," he said.

"Australia has made great progress in the fight against credit card fraud and identity crime. Projects such as the ACC's Identity Fraud Register are leading the world in understanding more about the impact of identity crime and the use of new technology to facilitate this crime."

Senator Ellison said the commonwealth government had introduced a variety of initiatives to combat identity fraud.

That includes Customs' introduction of photo-matching technology, SmartGate, in a trial at Sydney International Airport designed to combat passport fraud.

The Australian Federal Police are also heading a taskforce to investigate identity related crime.

AAP
*******************************
Washington Post
With Site Finder, VeriSign Sparks Internet-wide Criticism
Online Rivals, Technologists Oppose Service That Takes Advantage of Users' Typographical Errors
By David McGuire
Thursday, September 25, 2003; 1:47 PM

VeriSign Inc.'s move last week to steer misdirected Internet queries to its new search system was a technological success, lassoing millions of Web users who otherwise would have landed on search pages operated by other major online players.

Unfortunately for VeriSign, the launch of its Site Finder service also placed the company at the center of a mounting debate over who really controls one of the Internet's most vital resources.

On one side, VeriSign is taking heat from industry heavyweights like America Online and Microsoft that stand to lose substantial Web traffic -- and money -- to the VeriSign service. On the other stands a coalition of engineers, Internet pioneers and regulators who say VeriSign's surprise move threatens to "break" the Internet.

"This issue has become a sort of flashpoint for the industry. This is all about who controls traffic on the Internet," said Mark Lewyn, the chairman of Reston, Va.-based Paxfire Inc., which develops systems to redirect Internet traffic.

"Traffic on the Internet means customers coming to your Web site and customers equal money. It's as simple as that," he added.

With one flip of the switch last week, VeriSign's Site Finder service isolated search pages operated by other companies, redirecting users who enter incorrect dot-com or dot-net addresses (about 20 million of them every day, by the company's estimates) to a search page that generates revenue for the Mountain View, Calif.-based company.

VeriSign was able to grab all that so-called junk traffic because it operates the dot-com and dot-net portions of the Internet. Prior to the launch of Site Finder, users who mistyped Web addresses would either get an error message or, depending on what browser software they used or how they accessed the Internet, they would be sent to a search page operated by companies like Microsoft.

Site Finder has been a big win for VeriSign. Before last week, VeriSign.com wasn't among the top 1,000 most visited sites in the world, according to Alexa, a subsidiary of Amazon.com that tracks Internet traffic. As of Wednesday, VeriSign was ranked 23rd in Alexa's traffic rankings.

The potential payoff is significant, and VeriSign has partnered with one of the leading names in Internet advertising to profit from the new search page. Pasadena, Calif.-based Overture, which is in the process of being acquired by Yahoo Inc., is providing technology and advertising support for Site Finder. The company was the first to develop technology that allows advertisers to place their links alongside search results.

Paid placements have become one of the Internet economy's most reliable sources of revenue, said Mark Zadell an analyst with New York-based Blaylock & Partners. "It's easy to do from both a consumer's and advertiser's standpoint; it's measurable [and] it's accountable," Zadell said. "It's the digital version of the yellow pages."

Businesses buy about $14.5 billion a year in yellow pages advertising -- fertile poaching ground for paid placement companies like Overture, Zadell said. "It's not only a new market, but it's potentially cannibalizing an existing market." Yahoo will rake in nearly $300 million from the paid placements on its search engine this year, he added.

Paxfire's Lewyn said VeriSign could easily generate $100 million in revenue annually from Site Finder by selling "sponsored" results to search terms, something VeriSign is already doing.

What's good for VeriSign isn't good for other online players. Orlando-based Popular Enterprises LLC sued VeriSign for $100 million last week, claiming that Site Finder will drive it out of business. The company operates the "Netster" search engine.

Meanwhile, Scottsdale, Ariz.-based Go Daddy Software Inc., a company that sells dot-com and dot-net Internet addresses, this week asked a federal court in Arizona to put a temporary restraining order on Site Finder, claiming that the service hurts competition in the domain name sale business.

George Kirikos, an Internet entrepreneur in Toronto, Canada, said he gathered more than 10,000 signatures for a petition objecting to Site Finder.

Breaking the Rules

For technologists, the VeriSign action amounted to fundamental break with an unofficial rulebook that has governed the Internet's operations for decades. In the past, if a company or individual wanted to make a major change to the way the Internet worked, they'd float the idea in the "community" of Internet architects and eventually seek the blessing of one or more global standards-setting bodies.

VeriSign's preemptive move to send all mistyped dot-com and dot-net requests to its own site rankled a group of technologists who see the company as having a solemn responsibility to protect the resource it oversees.

"Clearly we have to be able to innovate on the Internet, but there's got to be limits to that," said Karl Auerbach, a software engineer who formerly served on the board of the Internet Corporation for Assigned Names and Numbers (ICANN) . "What VeriSign has done is has taken advantage of its position and has just offloaded the cost of dealing with it on everyone else."

Technologists blame Site Finder for problems experienced by some systems designed to turn back the tide of unsolicited "spam" e-mail, according to Paul Vixie, president of the Redwood City, Calif.-based Internet Software Consortium, which provides the software used by most of the world's Internet servers.

As part of their anti-spam arsenal, network administrators will block incoming mail from Internet addresses that don't exist and were obviously faked. The problem is that the Site Finder service makes it look like all Internet addresses are real, rendering a key spam countermeasure useless.

Reacting in part to such concerns, ICANN on Monday called on VeriSign to shut down Site Finder, at least until a panel of experts can examine the system and its effect on the Internet.

ICANN runs the global domain name system under an agreement with the U.S. government. The nonprofit organization hands out contracts to VeriSign and other companies to operate portions of the Internet.

While ICANN officials bristled at VeriSign's surprise launch of the Site Finder service, VeriSign contended that the decision was well within its power as the contractual steward of dot-com.

ICANN spokeswoman Mary Hewitt said the group is still mulling its options to respond to VeriSign's refusal.

VeriSign said it would cooperate with the Internet community to fix the glitches Site Finder was causing, but refused to disconnect the service, setting the stage for a clash with ICANN, the closest thing the Internet has to a regulatory body.

"Here comes the issue that [ICANN] was designed to solve and we find that they are potentially toothless," said Auerbach. "It's very unclear that ICANN has any authority to deal with this."

Vixie said Site Finder has kicked off a long-overdue debate over who really owns dot-com -- the Internet's most populous neighborhood. "If [VeriSign] needed permission then they should be in very deep trouble right now and if they're the owners then we should all stop whining and go home. There's going to be a policy debate from this that I don't know if VeriSign anticipated," he said. "VeriSign kicked the sleeping dog."

VeriSign spokesman Tom Galvin said he welcomes the policy debate Site Finder has spurred.

"It's a debate that should take place, because ultimately it will be a debate on how, or if, the Internet is innovated," Galvin said. "While the Internet has been used for innovative purposes over the past decade, the Internet itself hasn't been innovated. Beyond Site Finder there's a real question about whether we're going to continue innovating the Internet."

That decision may ultimately end up in the lap of the U.S. Commerce Department, which recently extended ICANN's contract to oversee the Internet's addressing system.

"The Department of Commerce still retains power to turn off the power and transfer the [dot-com] franchise to someone else," Auerbach said.

ICANN has scheduled an open meeting in Washington, D.C., next month to discuss Site Finder. VeriSign, Internet engineers and all other concerned parties will be invited to attend.

Turning Off Site Finder

Some technology experts aren't waiting for the outcome of the ICANN-VeriSign dispute.

Soon after Site Finder was launched, Vixie's Internet Software Consortium released a software patch that network administrators can use to prevent traffic from being redirected to the VeriSign search page.

"My phone started ringing at home, at night, after VeriSign put out this [system] and it continued ringing until I put out a patch," Vixie said. "I've heard people shrieking in desperation for patches. Everybody is up in arms about this."

Vixie won't say how many people have downloaded the patch, but a host of Internet service providers and corporate network administrators have taken steps to short-circuit Site Finder.

America Online, one of the most vociferous opponents of Site Finder, has installed a version of the patch to prevent its users from being diverted to VeriSign. AOL sends users who type incorrect addresses to its own search page. VeriSign's move temporarily diverted AOL users to Site Finder.

America Online spokesman Andrew Weinstein said the company still opposes Site Finder on technological grounds.
*******************************
Washington Post
U.S. Readies Program to Track Visas
By Anitha Reddy
Monday, September 29, 2003; Page E01

The federal government is about to unveil a blueprint for one of its largest information technology projects ever, a vast automated system that will track every foreigner entering the United States with a visa.

The program, which is designed to prevent terrorists and criminals from obtaining visas, is likely to cost $3 billion to $10 billion, analysts said.

Under the system, U.S. consular officials will fingerprint and photograph visa applicants in their home countries and check their profiles against terrorist watch lists and criminal databases. Border agents will electronically scan travelers' index fingers to make sure their prints match those on their visa documents. And a massive computer system storing travel and visa data will automatically alert the government to individuals whose visas have expired.

The Homeland Security Department plans to release details of the project in November. Companies will then submit bids to design and build the system. The department plans to award the contract in May and to begin using the system to screen foreign visitors at the 50 largest land crossings by 2005, though experts warn such ambitious projects often take more time than expected.

The project, called U.S. Visitor and Status Indication Technology, or U.S. VISIT, has a budget of $380 million this year, and the Homeland Security Department has asked for $380 million next year for the contract. Lockheed Martin Corp., Computer Sciences Corp. and Accenture Ltd. each plan to lead a team of companies bidding on the project.

"I think it's safe to say for non-[Defense Department] programs this is one of the largest efforts to integrate databases together," said Dick Fogel, director of strategic initiatives for Bethesda-based Lockheed Martin's transportation and security solutions unit.

Civil rights advocates warn that a fingerprint system that can access so much personal data could easily be expanded to target other groups. "This will inevitably abridge the privacy of Americans, not just foreigners," said Timothy H. Edgar, an attorney for the American Civil Liberties Union.

Homeland Security officials counter that the government needs a broad new system to identify dangerous visitors, and they stressed that there are no plans to screen American citizens.

Because immigration officials do not now record departures, they have no way of knowing how many people have overstayed their visas. In the past year alone, the State Department issued 5 million visas to foreigners for short visits. The program would plug that information gap by monitoring for the first time when people leave the country, said Robert A. Mocny, deputy director of the program.

Skeptics say that collecting information about so many visitors is pointless unless the government dedicates more money and agents to finding and deporting foreigners who are a threat to national security. In the past four years, 400,000 people ordered to leave the country have fled before they could be deported.

"We have a very small number of people who want to kill us in large numbers and close to half a billion that walk across our shores in any given year," said Stephen E. Flynn, a former Coast Guard commander and expert on border security. With so many resources focused on the border, he said he fears the rest of transportation security could get lost.

Asa Hutchinson, Homeland Security's undersecretary for border and transportation security, acknowledged those concerns but said that intelligence analysts and investigators will review the data generated by the systems. The department has requested $100 million to hire more analysts and investigators next year.

"We need to handle the information that is created so we can follow up leads," Hutchinson said in a phone interview from Brussels, where he was meeting with European officials on sharing air-passenger information.

Congress first ordered the Immigration and Naturalization Service to develop an "entry-exit system" to check in and check out hundreds of millions of noncitizens in 1996, after learning that terrorists implicated in several plots, including the World Trade Center bombing in 1993, went undetected after their visas expired. The program's timeline was postponed in 1998 and again in 2000, as security fears waned and concerns about reduced tourism and trade snarled its progress.

The project regained urgency after the Sept. 11, 2001, attacks, when investigators discovered that at least two of the hijackers were in the country on expired visas. Congress moved up deadlines for including biometric equipment, such as fingerprint scanners. By law, the Homeland Security Department is required to fingerprint and photograph all visaholders passing through airports and seaports by Jan. 1.

Because U.S. VISIT focuses on visaholders, it will screen only one in five foreign travelers to the United States. Most visitors do not need visas because they come from 27 countries, mostly in Europe, judged to be a lower security risk.

The system also cannot spot people who sneak across the border. "The problem we're fixing may not be the al Qaeda problem," said James A. Lewis, director of technology policy at the Center for Strategic and International Studies. Groups like al Qaeda could circumvent the system by avoiding legitimate border crossings or sending in people with clean records.

The system is also complicated by the same obstacles to sharing information that have hampered other national security efforts. In this case, the program will have to be able to access information from 19 separate networks designed to improve border security, such as existing fingerprint databases and fast passes for workers who commute to the United States from Canada.

The Homeland Security Department is also trying to persuade other governments to open up their files to make the system more effective. For example, if Germany does not share its files, American officials may unknowingly wave through a man Germany considers a security risk. But any discussions could get tied up in a knot of European privacy concerns, experts said.

"Information management will be critical to the success of the program," said Ben Gianni, vice president of homeland security for Computer Sciences. He said his company has a lot of experience uniting incompatible systems for the government.

Industry experts, however, warn that glitches and budget overruns are inevitable in an undertaking of this scope.

"Expect delays," said Jim Kane, a consultant to federal contractors. He compares the U.S. VISIT contract to the multibillion-dollar projects that brought the Internal Revenue Service into the digital age and connected the Navy and Marine Corps.

The latter project, known as the Navy-Marine Corps intranet, cost $7 billion. Begun in late 2000, the military initially thought the electronic network would be finished by the end of this year. But it has hit snag after snag as engineers have discovered that linking and replacing thousands of older systems was much harder than they thought. The Bush administration has pointed to the intranet as a model for the technological challenges faced by the Department of Homeland Security, a hodgepodge of agencies and responsibilities.

The company building the intranet, Electronic Data Systems Corp., has yet to make a profit on the network.
*******************************
New York Times
At Central Command, Death Gets an Online Demotion
By ALEX BERENSON
September 28, 2003

BAGHDAD, Iraq More than 300 American troops have been killed since the war in Iraq began. According to Pentagon records, more than 160 have been killed since President Bush declared on May 1 that major combat operations had ended. At least 70 of those deaths have been the result of hostile fire.

Every week seems to bring more deaths. When the guns are silent, there are fatal traffic accidents, fires, even electrocutions.

But as the death toll rises, it is growing less visible, at least to those who visit the Web site operated by the United States Central Command, which controls American troops in Iraq.

Until early September, the Central Command official site, www.centcom.mil, posted press releases of American military deaths at the top of its home page, along with other releases. The result was a mélange of good news and bad that reflected the gap between intention and outcome plaguing the United States-led occupation here.

Earlier this month, for example, a visitor to the Web site would have seen "Coalition Offers Help With Water, Jobs, Public Safety," topped by a reference to deaths in the First Armored Division: "Two Soldiers Killed, One Wounded in Attack and 1AD Soldier Killed in Helicopter Accident."

But about two weeks ago, the site began offering a different picture of the occupation in which death assumed a far less prominent role.

In fact, the deaths of American soldiers were now nowhere to be seen on the home page. To find them, visitors had to scroll to the bottom of the page and click on a small link called "Casualty Reports."

Central Command was not trying to hide the deaths of American soldiers, said Maj. Michel Escudie, a military spokesman.

It was done for clarity, he said. The change was made to help reporters more easily distinguish between casualty-related releases and other releases.
*******************************
Washington Post
Juvenile Arrested in Blaster Case
By Mike Musgrove
Saturday, September 27, 2003; Page E01

Federal authorities announced yesterday that they have arrested a juvenile on charges of sending out a variant of the "Blaster" worm that hit hundreds of thousands of computers in August.

Because the suspect is a juvenile, few details were released by authorities, but the arrest was the second in the United States that targeted authors of altered versions of the Blaster worm, which led infected computers on an e-mail attack against Microsoft Web sites.

The author of the Blaster worm itself has not been identified.

"It's an ongoing investigation. I can't give you anything else," said John Hartingh, spokesman for the U.S. attorney's office in Seattle, referring to the statement his office released yesterday announcing the arrest.

Hartingh's office said it has caught the person responsible for a Blaster variation that experts had labeled "RPCSDBOT." Though there is no international standard for naming computer worms and viruses, said Ken Dunham, malicious code intelligence manager for iDefense, based in Reston, the name is a compound of "RPC" -- shorthand for the weakness that Blaster attacks -- and "SDBOT" a common family of computer virus.

The West Coast arrest may send a warning to other authors of SDBOT viruses, Dunham said. It "might help to curb the activity of some of the most prolific virus writers in the world," he said.

Dunham said there were several variants of the Blaster virus that circulated on the Web after the appearance of the original worm. "There were two or three after the first 24 hours alone," he said.

In the statement announcing the arrest, John McKay, U.S. attorney for the Western District of Washington, said that "computer hackers need to understand that they will be pursued and held accountable for malicious activity, whether they be adults or juveniles."

McKay also said his team is continuing its hunt for others involved with Blaster and its variants, which hit as many as 500,000 computers, according to computer security experts.

Two other arrests have been made in connection with the Blaster worm. Jeffrey Lee Parson, a high school senior, was arrested earlier this month in a suburb of Minneapolis on charges of having released a version of Blaster. Parson, who pled not guilty to federal charges earlier this month, faces a maximum 10 years and $250,000 in fines if convicted. Parson, who is 18, was charged as an adult.

Earlier this month, a 24-year-old Romanian man named Dan Dumitru Ciobanu was arrested for releasing a lower-powered version of Blaster that appeared to be aimed at a university he had attended. Though Ciobanu has admitted to releasing the worm, he told authorities it was an accident. Under Romanian law, he faces up to 15 years in prison.

Microsoft did not return a call seeking comment.
*******************************
USA Today
Diploma mills insert degree of fraud into job market
By Stephanie Armour, USA TODAY
September 28, 2003

After Marion Kolitwenzew learned her daughter was diabetic, she took her in 1999 to a specialist for care. He seemed impressive, with an office full of medical supplies and a slew of medical degrees from universities.

It turns out those diplomas came from degree mills, which are bogus universities that confer degrees for little or no study. When the mother followed his advice and took her daughter off insulin, the 8-year-old girl began vomiting and died.

The North Carolina man who treated her, Laurence Perry, is serving up to 15 months in jail for manslaughter and practicing medicine without a license. But questionable degrees aren't just being used by bogus doctors.

Employees armed with academic credentials from diploma mills have held jobs as sex-abuse counselors, college vice presidents, child psychologists, athletic coaches and engineers. While some employees simply falsify their résumés and make up degrees, others turn to diploma mills. These bogus colleges and universities make it easier to pull off the résumé charade because they provide fake diplomas and transcripts that often seem legitimate.

The use of diploma mills is exploding as the Internet makes bogus degrees easier to get than ever before. More workers are buying these degrees because they're looking for an edge in the competitive job market. And with more legitimate colleges offering online degrees, the environment is ripe for diploma mills to flourish, because it's harder to determine whether a degree earned long distance is really legitimate. In addition, many diploma mills adopt names that are similar to bona fide universities or colleges.

A federal investigation is underway to determine how many employees list diploma-mill degrees on their résumés and whether tax dollars are funding sham credentials. The investigation is only into diploma mills, not outright résumé falsification. A 2002 probe by the federal General Accounting Office found more than 1,200 résumés on a government Internet site listed degrees that actually came from diploma mills. Some states also are passing laws making it a crime punishable by jail time to use fake degrees for landing a job or raise.

Concerns about phony credentials have been mounting since June, when questions were first raised about the academic record of the Homeland Security Department's deputy chief information officer, Laura Callahan. She's on paid leave while the department investigates whether her degrees, including a Ph.D. from Hamilton University of Wyoming (which is not affiliated with Hamilton College in New York or similarly named colleges and universities), came from diploma mills.

Diploma mills thriving

There are more than 400 diploma mills and 300 counterfeit diploma Web sites, and business is thriving amid a lackluster economy doubling in the past five years to more than $500 million annually, according to estimates kept by John Bear, author of Bears' Guide to Earning Degrees By Distance Learning. He studies degree mills and gives tips to the FBI and other federal agencies on detecting degree fraud.

Some fake schools in Europe have made as much as $50 million a year and have as many as 15,000 "graduates" a year. The number of fake accrediting organizations set up by con artists to provide diploma mills an air of legitimacy has swelled from half a dozen 10 years ago to 260 in 2003.

"(Diploma mills) used to be mom-and-pop outfits. It's now a professional criminal operation," says Allen Ezell, a retired FBI agent who investigated diploma mills in the 1980s. "It's gone high-tech and global in nature. That's something we've never had to deal with before."

Cases abound in almost every industry:

? Patients trusted Gregory Caplinger, who told them he was going to market a drug to treat AIDS and cancer. Investors trusted him, too, and gave him money for his venture. But while Caplinger claimed he had a medical degree from Metropolitan Collegiate Institute in Great Britain, an expert witness for the government testified that a medical degree from MCI could be bought for $100 with no study required, according to court documents. He said he was nominated for a Nobel Prize in medicine by a British hospital, which court documents say was merely a mail drop. The North Carolina man was convicted of six counts of wire fraud and two counts of money laundering, and was ordered to pay more than $1 million in restitution as part of his 2001 sentencing.

One couple gave him $30,000 and sought his advice about cancer treatments for family members. An actress who was HIV positive was treated at his clinic.

? And there have been some near misses. This year, the Broward County School District in Florida offered a candidate a job as the head of school construction. Then, school board members say, they learned the applicant's undergraduate degree came from a diploma mill in Africa. He resigned before he started the job.

"It was unfortunate it wasn't caught at the appropriate time," says Benjamin Williams, a school board member.

Class rings included

Almost every degree, from aviation to zoology, can be purchased. All it takes is a credit card number and computer access.

There are several types of scams:

? Many diploma mills charge a fee ranging from $50 to $5,000 for a bachelor's, master's, Ph.D. or other such degree. Often, buyers only have to provide money to get a professional-looking sheepskin and transcript they can show potential employers. Other diploma mills require buyers to complete cursory work, such as writing a short essay, before sending out the degree.

The state of Oregon keeps a list of some of the institutions whose degrees cannot legally be used in the state because they're not accredited by an agency recognized by the U.S. Department of Education or the state (www.osac.state.or.us/oda).

The list includes Columbia State University in Louisiana, which was closed by court order (not affiliated with Columbia University in New York or any other accredited colleges and universities that use the Columbia name), Hamilton University in Wyoming, Great Britain's Hartley University, Stanton University in Hawaii, Vancouver University Worldwide and University of Wexford in Great Britain.

To help maintain the smoke-and-mirrors image of legitimacy, some diploma mills have phone operators who verify graduations to employers who call. They will also send the transcripts directly to employers who request them. A few even offer class rings and laminated student ID cards, even though they have no physical buildings or campus.

Other diploma providers offer fake degrees that look like the real thing from such established universities as Harvard, Arizona State University or the University of Minnesota. Using high-tech equipment, the diplomas include watermarks, encrypting and holographs. Some also provide transcripts and toll-free numbers where employers can call and verify graduation.

Some online operations offer a degree based on "life experience." While there are universities and colleges with recognized accreditation that might grant credit based on life experience, the online scams that do typically charge hefty sums and reward entire degrees. Buyers can get degrees in criminal justice, divinity, education, psychology, nursing even ethics.

Operators of such scams who've been convicted or charged include a disbarred lawyer, a professional stage hypnotist and professional criminals operating in such places as Romania, Israel and Africa. One scam was run out of a federal prison cell. The schemes are lucrative.

This year, Ronald Pellar, 73, was indicted on mail fraud charges. Prosecutors say he ran a diploma mill, Columbia State University, from a business office in San Clemente, Calif., that netted more than $10 million from 1996 to 1998. His trial date is set for Jan. 27.

Many buyers who pay for fake degrees want the pseudo-credentials so they can trick an employer, but others are scammed. Diploma mill operators often portray themselves as legitimate institutions and claim they're accredited. The problem: The organizations they say have accredited them are often bogus themselves. In the case of Columbia, prosecutors say students were sent promotional materials, including a university catalog with pictures of a fictitious building and were told the administration was made up of Ph.D.'s and medical doctors.

"There are people who are snookered," says Ezell, the retired FBI agent. "I may want to believe it's real and that I earned it."

That's what Stephen Corbin, 49, says happened to him. The Bakersfield, Calif., architect has an associate's degree but wanted a bachelor's.

"It was always a hole in my life," he says.

When Corbin saw an e-mail offering degrees based on life experience, he sent in about $500 and got a diploma and transcript. He didn't realize it was a sham, he says, until a couple of months later, when he saw a television program about diploma mills.

"It wasn't worth anything," says Corbin, adding that he doesn't use the bogus degree on his résumé or in his professional life. "I learned it can't be worth having if you didn't earn it. I'd like to retire and teach someday, and not having the degree would keep me from that."

Using fake degrees

Others are putting their worthless degrees to work, and many employers never realize they're being duped: Only 40% of companies regularly verify degrees earned, according to a study by the Society for Human Resource Management, and even then they might miss diploma mills.

Since so many diploma mill operators change school names, there is no complete list of all bogus schools. It's a gap job seekers and employees are taking advantage of.

"It could ultimately lead to a dangerous situation where someone is hired for a sensitive position," says Sen. Susan Collins, R-Maine, who has been leading the federal charge to crack down on federal workers with phony degrees. "It could result in a completely unqualified person being hired."

One concern is that foreign terrorists posing as students could get visas by getting into a legitimate school based on a diploma mill undergraduate degree.

The use of such diploma mills is expected to spread as more legitimate universities and colleges turn to distance learning, which lets students take classes and earn degrees remotely.

As online learning becomes more accepted, it becomes harder to identify which institutions really require students to finish legitimate coursework and which are diploma mills.

That's why officials are fighting back. Some states, such as Oregon and New Jersey, have made it a crime to use degrees from diploma mills, and others are considering such laws. Typically, it's a misdemeanor punishable by a fine and up to a year in jail.

At the federal level, the General Accounting Office, the investigative branch of the government, is probing the use of bogus degrees by federal employees to land jobs or promotions, and their query could be done in early 2004. Last month, the Office of Personnel Management, the human resources agency of the government, held seminars on how to spot diploma mill fraud. Hundreds attended.

Some experts fear employees with counterfeit credentials could get security clearances. Others worry that a loophole now lets federal workers use tax dollars to take degree-mill courses that are inadvertently reimbursed by the government.

"It's very serious," says OPM Director Kay Coles James. "Individuals guilty of fudging academic achievements ... are a security risk."
*******************************
Los Angeles Times
Hacker Arrested in San Diego
The security specialist could face 30 years for downloading from the military and others.
By Tony Perry
September 30, 2003

SAN DIEGO A computer security specialist who claimed he hacked into top-secret military computers to show how vulnerable they were to snooping by terrorists was arrested and charged Monday with six felony counts that could bring a 30-year prison sentence.

Brett Edward O'Keefe, 36, president of ForensicTec Solutions, a start-up company here, is accused of hacking into computers of the Navy, the Army, the Department of Energy, the National Aeronautics and Space Administration and several private companies.

Before his arrest, O'Keefe told reporters that he had hacked into the computers to drum up business for his fledgling company and to show that the nation's top military secrets are not safe, despite pronouncements that security has been tightened since the terrorist attacks of Sept. 11, 2001.

"All I wanted to do was to show America how weak our computer defenses are," O'Keefe said. "My hope was that, if I embarrassed the government, they would tighten up their precautions."

But Assistant U.S. Atty. John Parmley said O'Keefe could have indicated that the computers were vulnerable to hacking without going in and downloading information.

"It's like going down the street and jiggling doors to see if they're open," Parmley said. "That's one thing. But if you go and start taking things, that's different."

O'Keefe is charged with conspiring with two employees to gain unauthorized access to the computers of government agencies, the military and private companies and to obtaining information from those computers for financial gain. The two employees of his company pleaded guilty in federal court last week and agreed to assist the prosecutors.

Bruce Schneier, chief technical officer of Counterpane Internet Security Inc., based in Cupertino in Northern California, said the ease with which military computers can be hacked into is not a secret.

"The military uses the technology that everybody else does," said Schneier, author of the book "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." Schneier called O'Keefe's explanation "the classic defense" of the hacker: that he was hacking into computers only to show how easy it is.

"While it's a kind of a defense, it doesn't make a lot of sense," Schneier said. "Nobody asked these guys to do this."

O'Keefe said he and his employees had stumbled across the easy entry into military computers while working for a private client. Among other things, the three allegedly downloaded encryption information used by the military to keep its computer transmissions from being intercepted by hostile forces.

Parmley noted that the ForensicTec case is different from other hacker cases because commonly the government has to investigate to find the identity and location of the hacker. In this case, O'Keefe made his exploits known through media interviews.

After being arrested, O'Keefe was taken to the Metropolitan Correctional Center to await arraignment today in U.S. District Court.

O'Keefe's two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer, pleaded guilty to a single count each of unauthorized access to governmental and military computers. A single count carries a possible maximum sentence of five years; O'Keefe faces six counts.

Schneier noted that the San Diego case comes amid a crackdown on hackers by federal authorities.

"The federal government is not amused by these cases and they shouldn't be," Schneier said. "It's like coming home and finding that a burglar has left a note on your refrigerator. You feel violated."
*******************************
Associated Press
India Bans Web Group, Blocks Yahoo Forums
Mon Sep 29, 4:25 PM ET
By S. SRINIVASAN, Associated Press Writer

BANGALORE, India - A government ban on an Internet discussion group run by an obscure separatist movement has ended up blocking access to popular, unrelated Yahoo forums in nearly all of India.

Over the past two weeks, India's dozens of Internet service providers have been told by the government to block access to a Yahoo! Inc (NasdaqNM:YHOO - news). discussion group called "Kynhun - Bri U Hynniewtrep."

The forum, which has about two dozen members, is run by a separatist group called Hynniewtrep International Liberation Council. The little-known organization says it represents the ethnic Khasi people and wants their home region, a small slice of the country's northeast, to secede from India.

India's Computer Emergency Response Team, a section of the Information Ministry that normally deals with hackers and virus attacks, ordered the discussion group blocked in mid-September for "promoting anti-national news and containing material against the government."

But for technical reasons, Indian Internet service providers were unable to block just the Kynhun site and had to shut down every Yahoo discussion group. Other sections of the Yahoo Web site, such as its Internet portal and news areas, were unaffected.

"This is more like a dictatorship and goes against the concept of freedom of speech," said Sushil Devaraj, a businessman who regularly uses Yahoo discussion groups to discuss programming issues for a low-cost computer called the Simputer.

Efforts to contact the separatist group were unsuccessful. However, Reporters Without Borders, an advocacy group for press freedom, criticized the ban and called for it to be rescinded.

"Blocking a few Web pages can result in the blocking of hundreds of other Web pages that have nothing to do with the banned content," said Robert Menard, the group's secretary general.

Web sites like Yahoo let users create and subscribe to electronic discussion forums where members can exchange views. The groups are used for everything from keeping in touch with friends to discussing politics and home repair.

The Indian government occasionally blocks Web sites it finds objectionable, including one for a Pakistani newspaper during India-Pakistan fighting in 1999.

The newest ban has annoyed Indian users, who have found their favorite groups suddenly inaccessible.

"My students have a problem. I discuss my subject with them on Yahoo groups. We have not been able to do it," said Rajeev Gowda, an economics professor at the Indian Institute of Management in Bangalore. "This heavy-handed action has affected a variety of users who have nothing to do with that group."

The latest issue hinges on where Hynniewtrep International Liberation Council's postings live in cyberspace.

The group's discussion forum does not appear on the Web site of Bombay-based Yahoo India, http://in.groups.yahoo.com. Instead, the forum resides on U.S. servers maintained by Sunnyvale, Calif.-based Yahoo at http://groups.yahoo.com which can be visited by anyone with Internet access in India.

The distinction is legally significant, said Mary Catherine Wirth, Yahoo's senior corporate counsel for international issues. The content may violate Indian laws if it were posted in an Indian Web site, but the group's discussion forum is published on an American site and does not violate American laws, she said.

"If the block were directed at Yahoo India, we would certainly remove it," Wirth said Monday. "But they're not complaining about a local site violating a local law. They're complaining about a U.S. site violating India's law."

Wirth noted that Indian officials have not asked Yahoo executives in the United States to restrict access to the U.S. Web site.



Yahoo's U.S.-based lawyers have asked India's Department of Telecommunications to direct its Internet service providers to narrow the scope of their blocks to Hynniewtrep International Liberation Council's site only.

Internet service providers in India said they were indeed trying to fine-tune their blocking mechanisms to allow access to other Yahoo discussion groups, though none appeared to be successful late Monday
*******************************
USA Today
Record industry fires warning shot
By Mike Snider, USA TODAY
WASHINGTON Faced with congressional scrutiny, the record industry said Tuesday that it won't back off its plan to sue thousands of people swapping pirated music on the Internet but that it will start sending out letters to warn them legal action is on the way.
"That gives them an opportunity to settle" early or provide information that might shed light on their cases, Recording Industry Association of America Chairman Mitch Bainwol told a Senate hearing.

Three weeks ago, the RIAA filed its first 261 lawsuits against people accused of swapping copyrighted songs over peer-to-peer networks such as Kazaa.

Many first learned of the lawsuits when they were called by reporters. Among those targeted were a 12-year-old honor student in New York City and a retired teacher in Boston whose computer was incompatible with the swap service she was said to be using.

The RIAA announced Monday that settlements have already been reached in 64 cases, 12 of them involving people who had not yet been sued but who had been warned by their Internet providers that their identities had been subpoenaed. Though the RIAA didn't release the amount of the settlements, news reports range from $2,000 to $7,500.

"I am troubled by a strategy that uses the law to threaten people into submission," said Sen. Norm Coleman, R-Minn., who chaired the hearing.

More than 2.6 billion music files are downloaded every month, as the record industry waned from a $40 billion market in 2000 to $32 billion last year, Bainwol said. Suing file sharers "was the last (weapon) we had in our quiver."

Rap artists LL Cool J and Chuck D took opposing sides of the issue. An actor and musician, LL Cool J said he felt cheated when an album or film he makes is "shooting around the world for free."

But Chuck D, founder of music site Rapstation.com, considers peer-to-peer sharing "a new accessible radio" that is not beholden to the music industry: "I trust the consumer more than I trust those at the helm of (music) companies."

Coleman said he remained worried about the "heavy-handedness" of the lawsuits, which carried fines of up to $150,000 for each song shared from their hard drives. When asked whether the fines were excessive, Bainwol said they got consumers' attention and established a deterrent. "Public floggings would get attention, too, but we don't do that," Coleman responded.

University of Virginia ethicist Jonathan Moreno testified the fines "are way out of proportion," and laws need to be updated.

Despite the lawsuits, attitudes may be tough to change. In a Gallup Poll out Tuesday, 83% of teens said it's morally acceptable to download music from the Net for free.
*******************************
New York Times
October 1, 2003
Cap on U.S. Work Visas Puts Companies in India in a Bind
By SARITHA RAI

BANGALORE, India, Sept. 30 - Prasad Tadiparti, global general manager of human resources at MindTree Consulting, is working his way around what he calls "a logistical nightmare."

He is trying to anticipate what skills his clients in the United States may need in the next few years and match them with the profiles of his approximately 1,000 software engineers and others. All this while factoring in how many are willing to travel, how many hold valid visas to work in the United States, and for how long.

The "nightmare" is a sharp drop - to 65,000 from 195,000 - in the number of H-1B visas granted for skilled foreign professionals. The change, effective Wednesday, is making the business environment tougher for Indian software services companies like MindTree.

MindTree, which counts Franklin Templeton and Avis among its clients, will be competing with others in the industry for the tighter number of visas. If the visas are exhausted in the next few months, as some expect, services companies say that their clients' delivery schedules and new projects will be delayed.

H-1B visas are given each year to foreign workers whose specialized skills are sought by American companies. During the technology boom, the H-1B visa program, which allows foreigners to work in the United States for up to six years, provided a gateway for thousands of Indians who came to work in the United States, especially in Silicon Valley.

More recently, the number of visa applications has dropped. Last year, petitions for H-1B visas dropped by 75 percent, to 26,659, according to the American Electronics Association, a trade group that represents technology companies. The lighter use of the visas reflected the downturn in the dot-com sector and the elimination of technology jobs.

But critics now point to another visa, the L-1, that is used to bring in cheaper foreign workers who may be replaced once they are trained. Congress is also looking at the L-1, which has no quotas. The L-1 visa has grown in use, rising nearly 40 percent, to 57,700, last year from 1999, and some say technology employers are switching to this type of visa.

According to an estimate by the American Immigration Lawyers' Association, there are some 900,000 H-1B employees in the United States, 35 percent to 45 percent of them from India.

The H-1B program became an issue as the United States economy softened and employment slumped. Critics of the program argue that American corporations are replacing employees with less-expensive foreign workers from places like India and the Philippines.

Some have even called for scrapping the H-1B visa program altogether, a move seen as part of a reaction against the increasing trend of sending technology and back-office jobs abroad.

Despite this antipathy and public outcry, American companies argue that the program is essential to help maintain competitiveness in the global economy.

In recent Congressional testimony, the chairwoman of the immigration subcommittee of the United States Chamber of Commerce, Elizabeth Dickson of Ingersoll-Rand, said the visa limit delayed the hiring of needed professionals. ''We cannot afford to let arbitrary caps dictate U.S. business immigration policy," Ms. Dickson said.

But with Congress keeping the cap at 65,000, Indian services companies are scrambling to build teams of visa-ready people, said Laxman Badiga, chief staffing officer at India's third-largest software exporter, Wipro. Over 3,000 Wipro employees hold H-1B visas.

As Indian software services companies grapple with the vastly reduced quota of visas, American companies will have to figure out ways to collaborate with them to help manage a supply imbalance that is expected to emerge as the economy improves, said Atul Vashistha, chief executive of neoIT, an outsourcing advisory company based in Santa Clara, Calif. ''We are already advising our clients on how to manage this risk scenario," he said.

For the Indian subsidiaries of multinationals like Intel, however, the impact of the reduced limit is expected to be minimal. "We see this as a bump in the road rather than something which will have a huge impact in the long term," said Ketan Sampat, president of Intel India.

But Mr. Vashistha's firm is urging clients like Cardinal Health and Exult to look at increasing the number of expatriates to help bridge the gap. ''If foreign resources cannot be brought here, then take resources from here to the offshore location," he said.

The reduced visa limit may gradually diminish the United States' ability to attract the most talented workers, industry leaders contend. "With U.S. baby boomers retiring, and the number of tech grads declining, there will be an acute shortage of skilled talent in the coming years," said Kumar Mahadeva, the chief executive of Cognizant Technology Solutions, a software services company based in Teaneck, N.J.

As the economy recovers, industry executives envision an even more acute shortage of skilled workers. "If there are no visas to bring talent to the U.S.," Mr. Badiga of Wipro said, "American companies will eventually say, 'Let's go to India where the resources are.' "
*******************************
Washington Post
Women's Pay Tied To Fewer Work Hours
Study Says Men Also Travel More
By Kirstin Downey
Wednesday, October 1, 2003; Page E03

Women in the workforce are more educated than working men and more likely to hold professional or managerial positions, but they are paid less because they spend less time at the workplace and travel less frequently, according to a new national study on the changing workforce.

It also found both men and women working longer hours than they did in the 1970s.

About 31 percent of working women have a four-year college degree, compared with 27 percent of men, the study found. About 38 percent of women are managers or professionals, compared with 28 percent of men. But women are paid less as a whole because they work fewer hours -- 39.8 hours a week, compared with 46.1 for men -- and are more likely to work in lower-paid administrative support jobs.

They are also less likely to make overnight business trips than men, which the report's authors note is "extremely important to employers" and something they are likely to reward more than staying around the office.

The study, which included interviews with 3,504 adult workers, showed the differing expectations of men and women in how they work and what they do at home, said Ellen Galinsky, president of the Families and Work Institute, which conducted the study. Women in dual-earner households continue to carry greater responsibility for cleaning and child care in 70 percent of households, according to the study, with working women spending about three hours a day on household tasks, or 15 additional hours per workweek.

"That was a big 'Wow!' " Galinsky said.

But men are doing a lot more around the house than they did 25 years ago, according to the study, which was conducted by Harris Interactive Inc. between October 2002 and June 2003. Men spent 1.3 hours a day on household chores in 1977 but now spend two hours a day, the study found.

Yesterday's report is the latest installment in a landmark survey conducted at various intervals since 1977, making it a good snapshot of changes that have occurred in the workplace in the past 25 years.

Barbara Gault, director of research for the Institute for Women's Policy Research, said the study widens the understanding of work and family pressures because it includes home life. She said that "unspoken, long-standing gender-role stereotypes" affect men and women both at work and at home.

Among dual earners, the workload at work and at home over 25 years has grown to 42.8 hours a week for women and 51.3 hours a week for men, from 37.8 and 46.7, respectively.

Technology has been a mixed blessing, the study indicates. About 71 percent of workers reported they were able to use computers to attend to personal issues at work and about 35 percent said they used computers at home for job-related work. New technologies, including cell phones and e-mail, allowed them to balance work and family better, according to about 55 percent of respondents.

But 61 percent of people who use such devices frequently to contact friends and family said they were experiencing what the survey's authors called "negative job-to-home spillover" -- lacking the time or energy to do things with family and friends, feeling they were handling things at home poorly and being unable to concentrate on family affairs as they would like.

"The findings suggests that employees with more work-family/personal tensions may rely more upon new communications technologies simply to 'keep their heads above water,' " the authors said.
*******************************

Prev by Date: ACM TechNews - Monday, September 29, 2003
Next by Date: ACM TechNews - Wednesday, October 1, 2003
Previous by thread: ACM TechNews - Monday, September 29, 2003
Next by thread: ACM TechNews - Wednesday, October 1, 2003
Index(es):
- Date
- Thread